1. What is the Shared Responsibility Framework?

The Monetary Authority of Singapore (MAS) and Infocomm Media Development Authority (IMDA) introduced the Shared Responsibility Framework (SRF) which took effect on 16 December 2024. The SRF outlines the roles and responsibilities of consumers, financial institutions (FIs) and telecommunications companies (Telcos) in managing losses arising from a defined scope of phishing scams. 

2. Scams covered under the Shared Responsibility Framework

The SRF applies to any payment transaction that meets the following criteria (“seemingly authorised transaction”):

1. Impersonation of a legitimate business or government entity. A legitimate business or government entity means Singapore Government agencies and entities incorporated in Singapore or entities incorporated outside of Singapore that offer services to Singapore residents;  


2. The scammer, pretending to be the impersonated entity, uses a digital messaging platform (e.g. SMS, email, WhatsApp, social media platforms), to obtain the customer’s account credentials;  


3. The customer enters his or her account credentials on a fabricated digital platform (e.g. website, application); and  


4. The credentials which were obtained fraudulently are used by the scammer to take over the customer’s account and perform unauthorised transaction(s).

3. Accounts covered under the Shared Responsibility Framework

The SRF applies to protected accounts which are payment accounts that are

1. are held in the name of one or more individuals;  


2. capable of holding a balance of more than S$1,000, or are credit facilities; and  


3. can be used for electronic payment transactions.

Please note that credit cards, charge cards and debit cards accounts are excluded from the scope of the SRF. Additionally, the SRF does not cover accounts used for transactions in the course of business.

4. Duties of the Bank under the Shared Responsibility Framework

The Bank is committed to safeguarding our customers from phishing scams covered under the SRF by implementation of the following measures:

1. Impose a cooling off period of at least 12 hours during which high-risk activities cannot be performed, when a digital token is activated on a device, or when there is a login to a protected account on a new device. For more information on what is considered high-risk activities, you may refer to the MAS website here.  


2. Provide notification alerts on a real-time basis  when (i) any high risk activities are performed on a protected account, (ii) the digital token is activated , or (iii) when there is a login on a new device.   


3. Provide notifications for outgoing payment transactions made from your protected account on a real-time basis.   


4. Provide a  reporting channel (via MariBank 24/7 Customer Service team at +65 6995 8688) and a self service feature (i.e. Kill-Switch) allowing you to promptly report fraud and block further seemingly authorised transaction(s). 


5. Implement real-time fraud surveillance measures directed at detecting seemingly authorised transactions (effective 16 June 2025).

5. Duties of your Telco under the Shared Responsibility Framework

If a seemingly authorised transaction is perpetrated through SMS, your Telco has the following duties under the SRF:

1. Deliver Sender ID SMS only if it is received from authorised aggregators found on SGNIC’s website here.  


2. Block Sender ID SMS from unauthorised aggregators.  


3. Implement an anti-scam filter over SMS to block SMS containing malicious URLs.  

6. Report of seemingly authorised transaction under the Shared Responsibility Framework

You should report any unauthorised activity to the Bank as soon as practicable, and no later than 30 calendar days from when the Bank sends the notification alerts. The Bank will assess if the reported unauthorised activity falls within the defined scope of phishing scams under the SRF and if so, whether the Bank has fulfilled its duties under the SRF. Where the phishing scam was perpetuated through SMS, the Bank will inform the responsible Telco for it to commence its investigation whether it has fulfilled its duties under the SRF. Upon the conclusion of the investigation, the Bank will inform you of the investigation outcome, including an assessment of your responsibility under the SRF.

7. Responsibility for losses arising from seemingly authorised transactions under the Shared Responsibility Framework

In cases of losses arising from seemingly authorised transaction(s) that fall within the defined scope of phishing scams under the SRF, the Bank will bear the losses if the investigation outcome shows that they arose from the Bank’s non-compliance with its duties under the SRF. Otherwise, the responsibility for the losses shall be assessed in accordance with the SRF.

8. Increased Scam Protection (from June 16, 2025)

MariBank will implement additional security measures for customer accounts. For large transfers, additional verifications may be required to safeguard funds and ensure transaction security prior to completion.

9. Further details of the Shared Responsibility Framework

For more information on the SRF, you may visit the MAS website on the Shared Responsibility Framework

Given that the SRF and the E-Payments User Protection Guidelines are meant to be complementary, you may visit the Bank’s notice here and/or MAS website here.

Last updated: 11 January 2025