Recognising that tackling scams requires cooperation across all stakeholders, such as telecommunications companies, financial institutions (FIs) and consumers, Singapore has adopted a multi-pronged approach to minimise scams.
The E-Payment User Protection Guidelines (EUPG) issued by the Monetary Authority of Singapore (MAS) outlines the responsibilities FIs and consumers have in the fight against scams. Among others, FIs must:
In addition, from 16 June 2025, FIs must have systems that continuously detect and block suspected unauthorised transactions and have the ability to verify the authenticity of dubious transactions before they can be executed.
On the other hand, consumers are required to enable FI notification alerts for certain transactions and high-risk activities, protect their account access code, refer to official FI sources (e.g., to download apps or contact the FI) and immediately report unauthorised transactions, among others.
To complement the EUPG, MAS also issued a circular setting out additional anti-scam guidelines for Major Payment Institutions (MPI) licensed under the Payment Services Act 2019 that provide personal payment accounts containing e-money (MPI E-wallet Providers). Apart from implementing the anti-scam measures under the EUPG, MPI E-wallet Providers must obtain additional user confirmation before permitting high-risk activities or fund transfers exceeding S$1,000. Moreover, the default transaction limit for outgoing payment transactions should be set at S$1,000, unless changed by a user.
MAS and the Info-communications Media Development Authority (IMDA) issued the Shared Responsibility Framework (SRF), which took effect on 16 December 2024, imposing obligations on certain FIs and cellular mobile network operators (Responsible Telcos) to mitigate the risk of fraudulent transactions.
In addition to implementing the anti-scam measures under the EUPG, from 16 June 2025, FIs are required to either (a) block online banking payment transactions that would result in a loss of over 50% within a 24-hour period from an account holding at least S$50,000, until the account holder verifies the transaction or (b) notify the account holder of (and block) such transaction.
Responsible Telcos are then required to connect only to authorised aggregators for delivering SMS messages with alphanumeric Sender IDs from verified senders registered in the SMS Sender ID registry and block Sender ID SMSes which are not from authorised aggregators.
The SRF adopts a waterfall approach in allocating liability where the FI is fully liable if it breaches any of its SRF duties. If the FI’s SRF duties are fulfilled, the Responsible Telco will be fully liable if it breaches any of its SRF duties. Where both the FI and Responsible Telco have complied with their SRF duties, the consumer bears the full losses, but may opt to take action through other avenues of recourse.
To further complement the approaches in combating scams, the Singapore Parliament passed the Protection of Scams Act on 7 January 2025. Under the Act, a police officer may issue a restriction order to direct one or more banks to (a) freeze any transfer or withdrawal of money from a scam victim’s bank account or (b) not grant or allow a drawdown of any credit facility to the scam victim. The restriction order will be in force for 30 days or any shorter period specified in the order.
The Act is expected to come into force in the later part of 2025.
The fight against scams requires the cooperation and collaboration of FIs, telcos and consumers, with each of them having their respective responsibilities to ensure that scams are effectively minimised. FIs and telcos should review their current systems and processes to ensure they comply with the required anti-scam measures, including those which are still to take effect in the coming months. Consumers should also remain vigilant and informed, to significantly reduce their risk of becoming a scam victim.
OrionW regularly advises clients on payment services and FinTech matters. For more information about FinTech regulatory compliance, or if you have questions about this article, please contact us at fintech@orionw.com.
Disclaimer: This article is for general information only and does not constitute legal advice.
