Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Exploring MAS’ framework for equitable sharing of scam losses

equitable sharing of scam losses
MAS will be establishing a framework for equitable sharing of scam losses

The Monetary Authority of Singapore (MAS) is establishing a framework for equitable sharing of scam losses or for the distribution of damages from scams among consumers and financial institutions. The regulator also stated on February 4, 2022, that it is working with the banking industry on “longer-term measures” to improve digital banking security.

Legal experts applauded the action, promoting transparency and boosting customer confidence, especially as more financial services are digitalized. Financial institutions will be held accountable for protecting their clients under the framework through robust controls to safeguard customer accounts and effective methods to detect and respond to suspicious transactions.

Meanwhile, users must take the required safeguards, such as not disclosing personal or financial credentials to outsiders, refraining from clicking on links in SMSs or emails purportedly sent by a bank, and transacting only through the bank’s official website or mobile application.

Also Read: Understanding the mandatory data breach notification of Singapore

Legal experts applauded the upcoming framework as it’s for promoting transparency and boosting customer confidence

MAS’ framework for equitable sharing of scam losses

The proportion of losses that each party bears will be determined by whether and how the party failed to meet its obligations.

“MAS expects financial institutions to treat their customers fairly and bear an appropriate proportion of losses arising from scams. At the same time, care must be taken to ensure that compensation paid to customers does not weaken their incentive for all to be vigilant,”


According to the Payments Council, chaired by MAS, it has been working on the framework since July 2021. It intends to publish the framework for public comment within the next three months. Aside from loss sharing, the consultation will also address the duties of other major players in the system.

The MAS statements come after almost 800 OCBC customers lost a total of S$13.7 million. This was after scammers impersonated the bank and duped victims into handing over their online banking log-in data using antiquated short message service (SMS) technology.

On February 4, the regulator also stated that OCBC’s recent goodwill payouts to fully cover customer losses were a “one-time gesture” and did not set a general precedent for future cases. The circumstances surrounding these reimbursements include the bank’s analysis of how it had not met its own customer service goals and thus do not create a general precedent for future situations.

According to the Payments Council, MAS has been working on the framework since July 2021

Associate Professor Christian Hofmann, head of financial regulation and central banking at the National University of Singapore’s (NUS) Centre for Banking & Finance Law, praised the initiative for filling a “problematic regulatory vacuum” in the area of fraudulent payment transactions in Singapore and bringing the city-state up to par with other jurisdictions such as the European Union, which has had rules in place for over a decade.

According to Hofmann, MAS should distinguish between different sorts of fraudulent attacks when developing the framework. For example, recent phishing attacks elicited client responses that facilitated fraudulent transactions. In these cases, depending on their behavior, the question of whether customers were negligent can be answered. He says that reasons to hold customers accountable will be even less likely in virus cases because these transactions are not influenced by human behavior.

Wilson Ang, partner and head of regulatory compliance and investigations at Norton Rose Fulbright (Asia), stated that a party that was “obviously or persistently negligent, or suffered an obvious error in judgment or procedure” should be prepared to accept further responsibility. Other factors the framework should assess are whether preventive actions were taken, post-incident mitigating efforts, and the party’s financial ability to bear the responsibility.

According to MAS, OCBC’s recent goodwill payouts were a “one-time gesture” and did not set a general precedent for future cases

According to him, MAS will have to decide whether such a framework should be mandatory or voluntary, as is the case with the UK’s Contingent Reimbursement Model. However, having a framework “improves customer confidence and avoids the erroneous idea that banks will always offer 100% compensation to victims,” Ang noted.

However, as significant commercial entities, banks may be held to “greater and tougher standards” in terms of installing and updating security measures, as well as reaction to breaches, according to lawyer Amolat Singh. Customers considered to have acted in ways that no average, rational person would have, such as out of sheer avarice, resulting in a successful fraud, however, would bear a greater part of the culpability, he said.

According to NUS law professor Kelvin FK Low, the framework should incentivize parties to limit the occurrence of fraud in the first place. “It is not rational to expect all clients never to fall victim to frauds,” he says, “yet it would be appropriate to allocate losses to them if they had proven extreme negligence.

Also Read: What you need to know about appointing a Data Protection Officer in Singapore



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us