Banks, telcos, scam victims to share loss liability from Dec 16; financial institutions to roll out real-time surveillance
Rules set expectations of payouts for affected victims; require FIs and telcos to mitigate phishing scams
https://www.businesstimes.com.sg/companies-markets/banks-telcos-scam-victims-share-loss-liability-dec-16-financial-institutions-roll-out-real-time
FINANCIAL institutions (FIs) will now be required to implement real-time fraud surveillance on unauthorised transactions from phishing scams, under the shared responsibility framework (SRF).
This in response to feedback received on a consultation paper on the framework, said the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority of Singapore (IMDA) on Thursday (Oct 24).
The framework – which assigns duties to FIs and telecommunication companies to mitigate phishing scams, and sets expectations of payouts to affected scam victims – will be implemented on Dec 16, 2024.
MAS and IMDA said they will adopt a key area of feedback, and introduce an additional duty on FIs that requires real-time fraud surveillance directed at detecting unauthorised transactions in a phishing scam that result in account draining.
This means that if a customer’s account is being rapidly drained of a material sum to scammers, FIs must either block the transaction until it is able to reach the customer for positive confirmation, or send a notification to the customer and block or hold the transaction for 24 hours. An account is considered to be rapidly drained if more than half of a balance of at least $50,000 is transferred out cumulatively over a day.
Originally under the SRF, FIs were required to impose a 12-hour cooling-off period upon activating a digital security token, and provide real-time notification alerts when activating digital security tokens and conducting high-risk activities.
.....