E-Payments User Protection Guidelines

Share This Post

MAS sets out duties for FIs in “E-Payments User Protection Guidelines”

On 28 September 2018, the Monetary Authority of Singapore (the “MAS”) released the E-Payments User Protection Guidelines (the “Guidelines”). The Guidelines will take effect on 31 January 2019.

The Guidelines aim to establish a common baseline of protection offered by responsible financial institutions (“FI”) to individuals or sole proprietors from losses arising from isolated unauthorised

transactions or erroneous transactions from the account holders’ protected accounts. It also sets out the expectations of the MAS of any FI that issues or operates a protected account, including the duties of users of protected accounts.

“responsible FI” in relation to any protected account, means any bank, non-bank credit card issuer, finance company or approved holder that issued the protected account.

“protected account” means any payment account that is held in the name of one or more persons, all of whom are either individuals or sole proprietors; is capable of having a balance of more than S$500 (or equivalent amount expressed in any other currency) at any one time, or is a credit facility; and is capable of being used for electronic payment transactions.

An FI must, from 31 January 2019:

  • Inform every account holder of a protected account of the protection duties set down for account holders pursuant to the Guidelines
  • Provide an account user with the opportunity to confirm payment transactions, including recipient credentials, on-screen where the transaction is being authorised via internet banking, mobile phone application or other such device, prior to the FI executing the payment transaction
  • Provide account holders of protected accounts with a reporting channel for the purposes of reporting unauthorised or erroneous transactions
1. The Guidelines also set out the duties of account holders and account users
  • Provide contact information and monitor notifications
  • Protect access codes and access to protected account
  • Report unauthorised transactions, the account holder must also make a police report if so requested by the FI.
2. Sets out the duties of the FI
  • Inform account holder of protection duties, provide transaction notifications
  • Provide recipient credential information
  • Provide reporting channel
3. Liability for losses arising from unauthorised transactions. The account holder of a protected account is not liable for any loss arising from an unauthorised transaction if the loss arises from any action or omission by the FI and does not arise from any failure by any account user to comply with their duties set out in the Guidelines. Action or omission by the FI includes:
  • Fraud or negligence by the FI, its employee, agent or outsourcing service provider;
  • Non-compliance by the FI or its employee with any requirement imposed by the MAS in respect of its provision of any financial services; and
  • Non-compliance by the FI with any duty prescribed in the
4. FIs to make reasonable efforts to recover sums sent in error by account user.

The Guidelines are available on the MAS website mas.gov.sg.

About the Author

Holland & Marie is a compliance, C-Suite and legal solutions firm based in Singapore. We have extensive experience resolving typical compliance issues including regulatory inspections, satisfying regulatory requirements and maintaining best practices in corporate governance to navigate the rapidly changing regulatory landscape.

For further information, contact:

Chris Holland: Partner | Holland & Marie | 201802481R 7 Straits View, Marina One East Tower, #05-01 Singapore 018936

Disclaimer: The material in this post represents general information only and should not be relied upon as legal advice. Holland & Marie Pte. Ltd. is not a law firm and may not act as an advocate or solicitor for purposes of the Singapore Legal Profession Act.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Reporting Lines for Internal Audit

Introduction Who decides the scope of an internal audit, and to whom should the auditor communicate its findings? In our earlier article Even the Devil