E-Payment Transactions – Duties for Financial Institutions

The Monetary Authority of Singapore (MAS) recently released guidelines, effective 31 January 2019, on what steps consumers and financial institutions (FIs) should take to protect themselves for e-payment transactions, and how liability for fraudulent transactions should be apportioned.

In the wake of the ever-growing number of online fraudulent transactions, MAS has released a much-needed set of guidelines to provide a common baseline of the respective duties of consumers and FIs in e-payment transactions.

The duties of consumers include the following:

• Providing FIs with their contact details so that timely notifications on their accounts can be sent to the consumers
• Keeping their passwords/access codes in a secure location
• Maintaining adequate antivirus software and regular security updates on their devices
• Reporting unauthorized transactions as soon as practicable with the relevant information on the unauthorized transaction, and providing reasons for any delays in reporting
• Making a police report if the FIs request it

On the other hand, FIs are responsible for the following:

• Providing transactions notifications on a real-time basis or at least a consolidated update of all the transactions made in the past 24 hours
• Providing an onscreen opportunity for the consumers to confirm the transaction details before the transaction is carried out
• Providing a reporting channel for consumers to report unauthorized transactions
• Completing the investigation into the unauthorized transactions within 21 business days for straightforward cases or 45 business days for complex cases (e.g., where overseas parties are involved or where consumers have not provided sufficient information)
• Refunding the consumer’s account with the total loss from the unauthorized transaction if the investigation shows that the consumer is not liable

Importantly, the guidelines have set out the instances where the consumer or FI would be deemed liable to bear the losses from the unauthorized transaction:

Consumer is liable when

• it was reckless or deliberately did not comply with its duties set out above;
• it knew of and consented to a particular transaction.

FI is liable when

• it fails to comply with its duties set out above or with MAS’s requirements;
• the FI, its employees, its agents, or outsourcing service provider are negligent or guilty of committing a fraudulent act;
• the loss is less than S$1,000 ($725) and is due to the acts of a third party, and not because the consumer failed to carry out its duties.

Finally, the guidelines also provide that if a consumer mistakenly transfers monies to the wrong recipient, the FI of transferor and the recipient must make reasonable efforts to assist the transferor in recovering the monies. These include informing the recipient of the wrongful transfer and asking the recipient for instructions to return the monies.

On the whole, these guidelines are a step in the right direction in terms of clarifying the duties and obligations for both consumers and FIs. Previously, FIs may have had similar standards in place, but these standards would have varied from organization to organization, and may not have been publicly made known to the consumer. With the publication of these guidelines, consumers have a clearer idea of what to expect when dealing with FIs when they are victims of a fraudulent transaction. For FIs, these guidelines provide a useful reference point that they can direct consumers to in order to show that the FI is not handling the consumer’s situation in an arbitrary manner.

*A solicitor of Morgan Lewis Stamford LLC, a Singapore law corporation affiliated ‎with Morgan, Lewis & Bockius LLP