.svg)
Banks in Singapore have implemented substantial measures to bolster the security of digital banking that was announced in January, the Monetary Authority of Singapore (MAS) has confirmed.
In light of a recent spate of SMS-phishing scams that are targeting Singaporean bank customers, the MAS and the country’s banking association committed two weeks ago to creating and implementing new standards to deal with the issue.
Now, a framework for deciding an equitable share of the losses in payment fraud cases has been created. The measures, taken together, provide a significant added layer of security to protect customers’ funds, according to the regulator.
The MAS is working with the industry to evaluate longer-term measures to be implemented in the coming months, as well as to develop a framework for equitable sharing of losses arising from scams.
The Payments Council, which comprises leaders from banks, payment service providers, businesses and trade associations, and is chaired by MAS’ managing director Ravi Menon, has been working since July on developing a framework that aims to provide clarity on how losses arising from scams need to be shared among consumers and financial institutions.
Under the framework, all parties have responsibilities to be vigilant and to take precautions against scams by complying with the following principles:
- Financial institutions have the responsibility to protect their customers, such as through robust controls to safeguard customer accounts, and effective measures to detect and respond to suspicious transactions.
- Customers have the responsibility to take necessary precautions, especially by never giving away personal or banking credentials to anyone, never clicking on SMS or email links claiming to be sent by a bank, and transacting only through the bank’s official website or mobile application.
The proportion of losses each party bears will depend on whether and how the party has fallen short of its responsibilities. Financial institutions are expected to treat their customers fairly and bear an appropriate proportion of losses arising from scams, according to the MAS.
At the same time, the banking regulator has said that care must be taken to ensure that compensation paid to customers does not weaken their incentive to be vigilant.
For example, OCBC Bank’s recent goodwill payouts to fully cover customer losses were a one-off gesture by the bank in the circumstances, which included the bank’s consideration of how it had not met its own expectations of customer service and response.
In turn, customers should not be under the impression that this sets a general precedent for future cases.
The MAS aims to publish the framework for public consultation within the next three months.
Other than the sharing of losses, the consultation will also cover the responsibilities of other key parties in the ecosystem.
MAS comes down hard on DBS Bank
In other news, the MAS has increased capital requirements for DBS Bank, following widespread outages of its digital banking services, the regulator announced on Monday (February 7).
Banking regulation in the city-state requires financial institutions to ensure that the total unscheduled downtime for critical systems affecting services for customers does not exceed four hours within any 12-month period.
The MAS will require DBS Bank to apply a multiplier of 1.5 times to its risk-weighted assets to bolster its operational risk. This translates to an additional amount of approximately S$930m in regulatory capital.
“MAS requires financial institutions to have robust controls and processes to ensure the reliability and resilience of their IT systems and the continuous delivery of essential financial services to their customers,” said Marcus Lim, assistant managing director of banking and insurance at the regulator. “MAS will take appropriate supervisory action against any financial institution that falls short of our regulatory expectations.”
The MAS has directed DBS Bank to appoint an independent expert to conduct a comprehensive review of the incident, including the bank’s recovery actions.
This review is also required to assess how a similar incident can be prevented in the future. DBS Bank must rectify all shortcomings identified from the review and implement measures to ensure that any future disruption to its digital banking services is resolved quickly and adequately.
The additional capital requirement will be reviewed when the MAS is satisfied that DBS Bank has addressed the identified shortcomings.
