INTRODUCTION
“Scamming is most successful when markets are up, exuberance is high, and people feel like they are missing out on an opportunity to get rich quickly.”1
On 24 March 2024, there were various articles published about an investigation of a Singapore-registered firm, InvesableAI, for allegedly failing to pay investors who participated in cryptocurrency investment schemes. According to reports, more than 4,000 people invested with InvesableAI. When reporters went to the address where this “innovative investment management firm powered by artificial intelligence” was supposed to have an office, the reporters found a water treatment and engineering design firm instead.2
In the current bull market for cryptocurrencies, we believe there is significant risk of scams involving cryptocurrencies to increase. We have written this article with a view that time is of the essence and to share a regulatory perspective on the need to combat cryptocurrency scams, as well as our thoughts on critical next steps.
STATISTICAL BACKGROUND
The number of investment scam and cybercrime cases in Singapore increased by more than 60% from 3,108 in 20223 to 4,030 in 20234. While this statistic includes scams that are not “cryptocurrency scams” (which we have not endeavored to define in this article), we believe the risk of cryptocurrency scams is increasing as a result of, among other factors, (1) increasing cryptocurrency adoption, (2) a widening gap in the sophistication of scams as compared to the knowledge of new cryptocurrency investors and (3) increasing prices of cryptocurrencies drawing bad actors to the industry. While there are conflicting reports about historical trends in cryptocurrency scams,5 historical reports inherently cannot reflect the current environment.
CURRENT INITIATIVES TO COMBAT SCAMS IN SINGAPORE
The Singapore Police Force (the “SPF”)
The SPF has numerous initiatives focused on aiming to protect the public against scams. For example, it publishes its “Weekly Scams Bulletin” in multiple languages to warn the public about trends in scams and suggest precautionary measures. The SPF also publishes an annual scams and cybercrime brief (the “SCAM Brief”) that includes case studies based on real-life reports cases. The 2023 Scam Brief included a case where a Singapore resident lost S$14,000 as a result of how she set up her MetaMask wallet which was linked to a fraudulent website.6
In addition, the SPF has established:
- the Anti-Scam Command Office in 2022. The purpose of this office is to to achieve greater synergy between various scam-fighting units within the Singapore Police Force; and
- the Scam Public Education Office in 2023. The mission of this office is to drive anti-scam public education and awareness efforts.
Other Government Initiatives
There are numerous Singapore government initiatives aimed at combating scams of all types. For example, in January 2024, the Cyber Security Agency of Singapore published the Safe App Standard to help local app developers and providers enhance mobile app security.7 The Monetary Authority of Singapore (the “MAS” has worked closely with The Association of Banks in Singapore’s Standing Committee on Fraud to combat digital banking scams.8 In addition, the Infocomm Media Development Authority (the “IMDA”) works with telecommunications companies (“Telcos”) to implement anti-scam measures to strengthen safeguards for SMSes and calls to Singapore users from international numbers.9
Private Sector Initiatives
Coinhako, a licensed crypto exchange in Singapore, has been awarded the Outstanding Community Partnership Award from the Anti-Scam Centre, an initiative of the SPF, four times for Coinhako’s anti-scam efforts. According to Glen Chee, Head of Compliance and Money Laundering Reporting Officer for Coinhako, Coinhako has “identified a set of customer behavior patterns based on profiles and we use these to create behavior risk alerts, implemented into internal monitoring systems as pre-emptive measures. For example, if a customer performs a withdrawal and transfer transaction, if the transaction behavior is not commensurate with the profile it will trigger a behavior risk rule which will be reviewed. Coinhako has two teams on shift working continuously to protect customer assets by handling risk alerts and communications with the ASC”.
For another perspective, Ian Lee, Director at Merkle Science (a predictive Web3 Risk & Intelligence Platform) shared:
“In the last couple of years, we’ve definitely seen a massive increase in the number of crypto-related scams. Many criminals are attracted to cryptocurrency as a means of payment given its perceived anonymity and the fact that it can be accessed from anywhere globally. To tackle this growing threat, Merkle Science has partnered with Global Anti Scam Organisation to help fight back against the cybercrime and human trafficking companies. Additionally, we’ve also launched a number of free training and educational seminars designed to educate law enforcement agencies on how these threat actors are using cryptocurrency and what actions can be taken to identify them. Yet despite our best efforts, the scale of this issue isn’t something that can be tackled by one or two players but requires a consolidated effort by both the public and private sector to come together. To that end, I want to give a shout out to Project Shamrock which is an amazing initiative led by Erin West in the US that brought together over 800 members of active law enforcement from local, state, federal and international partners sharing cryptocurrency crime-fighting techniques to tackle scams.”
INNOVATIONS IN LEGAL INITIATIVES TO COMBAT SCAMS
Karyn Kenny, of counsel with DeMarco Law, PLLC, a New York City-based law firm, and former U.S. federal prosecutor specializing in emerging technologies, noted that efforts to combat crypto scams should include utilizing existing legal tools in novel ways.
Ms. Kenny noted the recent civil lawsuit filed by Google, alleging a group of scammers defrauded over 100,000 people across the world by uploading to Google Play fake investment and crypto exchange apps.10 Ms. Kenny shared: “It’s a novel approach in that it represents a Silicon Valley tech giant alleging a violation of the U.S. federal Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. §§1961-1968, known as RICO.”
The RICO statute allows enhanced criminal penalties, in addition to a civil cause of action, for acts performed as part of an ongoing criminal organization. “Initially designed to combat traditional organized crime families, including being charged in the successful prosecution of New York based Gambino crime family boss John Gotti,” Ms. Kenny said, “it’s proven to be adaptable to the ever-changing nature of organized crime activity. If successful, it may not only set a legal precedent, but also provide a powerful counterpunch to the crypto scam artist ripping off people across the globe.”
A SINGAPORE REGULATORY PERSPECTIVE
The MAS monitors and assesses financial institutions’ (“FIs”) culture and conduct as part of its pre-emptive ongoing supervision.11 We also note the statement of the MAS and IMDA in the Consultation Paper on Proposed Shared Responsibility Framework, applicable to full banks and major payment institutions providing account issuance services, that “responsibility for preventing scams should not lie solely with consumers but also with industry stakeholders such as FIs and Telcos.”12 Assuming the MAS holds this view with respect to cryptocurrency scams, we believe FIs providing digital payment token services in Singapore pursuant to the Payment Services Act (“Digital Asset Firms”) are expected to make reasonable efforts to combat cryptocurrency scams pursuant to the Guidelines on Fit and Proper Criteria (the “Fit and Proper Guidelines”).
The Fit and Proper Guidelines apply to, among others, all FIs in relation to the carrying out of any regulated activity.13 The criteria for determining whether a FI is fit and proper includes consideration of the financial institution’s honesty, integrity and reputation.14 As a result, we emphatically believe that a Digital Asset Firm has a regulatory responsibility to make reasonable efforts to combat cryptocurrency scams.
We believe most FI already have anti-scam initiatives that are not driven by compliance with the Fit and Proper Guidelines. Nevertheless, we think it is important for FIs and their compliance officers to understand the nexus between the Fit and Proper Guidelines and those anti-scam efforts.
SPECIFIC CRYPTOCURRENCY CHALLENGES
According to Andrew Chow, Co-Chair, Fraud & Scams Work Group APAC at the Global Coalition to Fight Financial Crime, and Senior Advisor Digital Scams at the United Nations Development Programme:
“Licensed or exempt digital payment token service providers in Singapore are subject to MAS regulation, specifically in relation to anti-money laundering requirements. However, regulations relating to suitability and investor protection for retail investors are selective in nature , and will probably continue in that vein, given that the MAS actively discourages retail crypto trading. This drives the crypto and digital asset trading offshore (i.e. Hong Kong’s Securities & Futures Commission has developed regulations around the retail trading of cryptocurrencies) and the fundamental problem relates to cross-border recoveries.
For example, in the recent MAS Guideline on Consumer Protection Measures by Digital Payment Token Service Providers (“DPTSP”) issued on 2nd April 2024, the MAS imposes new risk management requirements on DPTSPs in relation to institutional, accredited and retail investors. What is clear within this regulatory framework is that retail investors may trade in digital payment tokens (i.e. Bitcoin, which falls within the definition of digital payment token in the Payment Services Act) via DPTSPs, but the licensed entity in Singapore may not provide lending and staking activities for such retail investors. However, this does not capture such offshore activities, nor does it capture digital assets such as non-fungible tokens (“NFTs”), which do not fall under the definition (Speech by Minister Tharman in Parliament on 15th February 2022: “MAS does not currently regulate NFTs given the nature of their underlying assets, such as the few examples earlier. This is also the stance taken by most other leading jurisdictions.”)15
There has to be a collective regional or global fight to combat crimes relating to all cypto and digital assets, especially on a cross-border basis. For example, Singapore banks could be a conduit for off or on-ramp crypto/fiat activities, without actually being involved directly with digital payment token trading. Much thought needs to go into investor protection in this respect.”
CONCLUSIONS AND NEXT STEPS
We believe that the language of “zero tolerance” that is used in the context of combatting money laundering, terrorist financing and corruption reflects the approach Digital Asset Firms should take to fighting cryptocurrency scams. In practical terms, we expect Digital Asset Firms will prioritize:
- maintaining rigorous account security for their customers;
- educating their clients and the public about common scam typologies; and
- providing sufficient and timely support for clients who are scam victims.
In terms of HM doing its part, we are in active discussions to facilitate Singapore industry initiatives to combat scams and support the serious and inspiring work already being done by many in the public and private sectors. We hope to have more to share soon. Regardless, we hope this article has raised awareness about the risks and prevalence of cryptocurrency scams. We encourage readers to visit the following resources for additional information.
HELPFUL RESOURCES
Basics
If you believe you’ve fallen victim to a scam, file an official police report at https://go.gov.sg/police-report. To conveniently report scams within WhatsApp, add the official ScamShield Bot on WhatsApp at https://go.gov.sg/scamshield-bot.
NCPC Anti-Scam Helpline: 1800-722-6688
Links
MCI – Measures to protect Singaporeans against online scams
ACKNOWLEDGEMENTS
HM thanks Glen Chee, Andrew Chow, Karyn Kenny, and Ian Lee
For further information, contact:
Chris Holland: Partner | [email protected]
Disclaimer: The material in this post represents general information only and should not be relied upon as legal advice. Holland & Marie Pte. Ltd. is not a law firm and may not act as an advocate or solicitor for purposes of the Singapore Legal Profession Act.
2 See “Complaints made in US, S’pore against local firm that promised quick returns on crypto investments”
3 See “Annual Scams and Cybercrime Brief 2022”. SPF. February 8, 2023.
4 See “Annual Scams and Cybercrime Brief 2023”. SPF. February 19, 2024.
5 See “2024 Crypto Crime Trends: Illicit Activity Down as Scamming and Stolen Funds Fall, But Ransomware and Darknet Markets See Growth”. Chainalysis, January 18, 2024
6 See “Annual Scams and Cybercrime Brief 2023”. SPF. February 19, 2024..
7 See “Safe App Standard”.Cyber Security Agency of Singapore. January 10, 2024.
8 See “MAS and ABS Announce Measures to Bolster the Security of Digital Banking”. MAS. January 19, 2022.
9 See “MAS and IMDA consult on Shared Responsibility Framework for phishing scams” IMDA. October 25, 2023.
10 See “Google Sues Crypto Scammers for Allegedly Uploading Fake Apps to Android App Store.”
11 See “Information Paper: Culture and Conduct Practices of Financial Institutions (FIs)”. MAS. September 2020.
12 See “Consultation Paper on Proposed Shared Responsibility Framework”. MAS. October 25, 2023
13 See paragraph 1 of “Guidelines on Fit and Proper Criteria”. MAS. July 1, 2021.
14 See paragraph 8 of “Guidelines on Fit and Proper Criteria”. MAS. July 1, 2021.
15 See “Reply to Parliamentary Question on Regulation of NFT Activities”. February 15, 2022.