Second Reading of the CDSA and CMA Bills (Wrap Up Speech by Minister Josephine Teo)
Wrap-Up Speech at the Second Reading of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits)(Amendment) Bill and Computer Misuse (Amendment) Bill
9 May 2023
SPEECH BY MRS JOSEPHINE TEO,
MINISTER FOR COMMUNICATIONS AND INFORMATION
AND SECOND MINISTER FOR HOME AFFAIRS
Introduction
Madam Deputy Speaker, I thank the Members for their support of the Bills.
The eight Members who spoke raised important questions which I will try my best to address.
Scope of the new offences
Let me start with the scope of the new offences, which Mr Yip Hon Weng, Ms Sylvia Lim, Mr Louis Ng, Ms Yeo Wan Ling, and Mr Sharael Taha all spoke about.
They raised two broad types of concerns:
-
One, what if a person was genuinely tricked into giving up control of their bank accounts or disclosing their Singpass credentials?
-
Two, what if a person needed help making transactions and gave up control of their bank accounts or disclosed their Singpass credentials to a family member or friend, and subsequently had their trust betrayed?
Let me assure the Members that the intention is not to penalise such persons through these new offences.
-
Mr Yip shared his strong belief that our public prosecutors and Police officers will act judiciously. They will indeed do so.
-
The provisions of the Bills are not targeted at persons who had no reasonable grounds to believe they were dealing with criminal proceeds or facilitating offences. The Police also recognise that there are indeed situations where there is a genuine need to share credentials for legitimate transactions.
-
The Police will investigate the cases comprehensively, considering factors such as the person’s mental capacity, which Ms Lim, Ms Yeo, and Mr Ng asked about, and the context of the incident. They will consider any credible evidence that a person was genuinely tricked into entering their banking or Singpass credentials on phishing websites.
-
The Attorney-General’s Chambers will also carefully consider each case on its own facts and circumstances, and assess if there is public interest to pursue prosecution, even if the evidential threshold is crossed. This is already the case today.
Mr Zhulkarnain cited a story of a 19-year-old who responded to a job ad and gave up control of his bank and Singpass account to an unknown employer he had never met, for income. This is a common money mule recruitment tactic observed by the Police, which typically does not involve any real work, especially considering the high wages being offered. In one such case which occurred in 2021, also involving a 19-year-old money mule, two money mules helped to facilitate the laundering of $1 million belonging to scam victims. For every money mule investigated, there are usually many more victims who will never recover their monies lost. This must surely be considered when deciding whether or not to prosecute someone.
Mr Murali suggested having a policy not to hold individuals criminally liable if they speedily report transactions to the Police even if they might have been negligent in the first place.
-
The authorities will take this into account during investigations, though I will not go so far as to say that they should automatically be freed of criminal liability.
-
Each case has to be assessed on its own facts and circumstances.
Mr Louis Ng asked about the “red flags” that individuals should watch out for. He and Mr Zhulkarnain also asked about the extent of verification needed to address suspicious behaviour.
It begins with having a clear understanding of our payment accounts (including our bank accounts) and Singpass.
-
First, everyone must understand that these accounts are for our own use. They should not be used by another person, especially if we do not know who the other party is or what the transactions are for.
-
Second, as a rule, we do not share details about these accounts because they should only be operated by ourselves.
With this understanding in mind, the common tactics used by scammers to approach prospective victims become easier to recognise. I will outline three.
-
One common tactic by scammers is to not present themselves in person. Instead, they tend to connect out of the blue through phone calls or video calls, claiming to help you or to need help from you. Can such a mysterious person be trusted with privileged information?
-
Another common tactic is to give fairly well-rehearsed reasons for you to let someone else use your account to receive or transfer monies. It should cause us to ask, why can’t this person use their own account instead?
-
It is also common for scammers to give reasons for wanting your bank account login or Singpass credentials. But, why should you hand over the keys to anyone to unlock your valuables?
These “red flags” are by no means exhaustive, but they should set off alarm bells. In general, my advice to the public is:
-
If you are told something very bad has happened to you or your loved ones, pause and think; scammers love to make people panic, because that is when we lose our best judgment.
-
On the other hand, if you are told something that sounds too good to be true, also pause and think; scammers know that greed can make fools of geniuses.
-
Also, the bigger the amount at stake, the more carefully you should proceed.
To summarise, we would like everyone to be vigilant and take proper care of our payment accounts and Singpass accounts. At the same time, it is not our intention to penalise anyone who was genuinely tricked into giving up control of their bank accounts or disclosing their Singpass credentials, or those who needed help from their family members or friends, and subsequently had their trust betrayed. The Police and the Attorney-General’s Chambers will act judiciously.
Specific clarifications about the Bills
Let me now move to other queries on the Bills.
Mr Sharael Taha asked whether platforms such as Apple Pay and Google Pay are included in the amendments to the CDSA Bill.
-
It’s a good question because the money mules do not only use traditional banking accounts.
-
In the CDSA, payment accounts are as defined by the Payment Services Act 2019.
-
Hence, the new offences will apply to various types of payment accounts including e-wallets.
On Singpass abuse, Mr Sharael asked how prevalent the problem is and whether individuals selling or inadvertently giving their Singpass credentials to scammers were aware of the implications.
-
While the large majority of money mule cases involved abuse of bank accounts, the Police has observed a worrying trend of Singpass abuse.
-
I spoke about the challenges to prove wrongful intent, when trying to prosecute offending Singpass users. We have even seen cases where the user is taught by scammers how he can lie to the Police to get himself off the hook.
-
As Dr Tan Wu Meng reminded us during question time yesterday, we cannot be fighting yesterday’s war only, but must be ready to tackle new scam tactics as they evolve. Having seen such behaviors with Singpass, I seek Members’ support to empower the Police to arrest a likely trend, and not wait till cases have snowballed.
Mr Sharael also asked whether the proposed penalties in the CMA Bill are sufficient. Madam Deputy Speaker, the penalties of the new offences are pegged to similar offences in the CMA.
We will monitor the situation after the offences come into effect, and see whether adjustments are needed, including to deal with other forms of cybercrime, which is also something that Ms Janet Ang mentioned.
Ms Lim had asked whether prosecution rates of money mules will increase with the new offences. Ms Ang also raised questions about the enforcement of the new laws, including the challenges relating to the transnational nature of the scam syndicates.
-
Madam, these Bills will definitely allow the Police to better act against money mules and those who abuse Singpass. However, both Bills are also intended to clearly set the guardrails for the proper use of payment accounts and Singpass accounts.
-
The goal is therefore not to increase the number of prosecutions per se, but to have far fewer money mules. If the introduction of the new laws deters individuals from acting as money mules in the first place, resulting in fewer being prosecuted, this will be a welcome development. But, like Ms Lim, I will not be so sanguine. We must remain vigilant and be ready to up the ante if needed.
-
For cases involving offences committed overseas, we will work with our international counterparts, though I am sure Members are familiar with some of the challenges of overseas enforcement.
I also fully agree with Mr Sharael, Ms Ang, Ms Yeo, and Mr Zhulkarnain on the need to educate the public. This work will never end. We will cooperate with key stakeholders and intensify public education efforts before implementing the Bills, to explain the dangers, the new guardrails, and the red flags that we should be mindful of. If passed, the Bills are intended to come into force approximately six months later, to allow time for members of the public to familiarise themselves with the new laws.
Mr Louis Ng spoke about section 8B(4) of the CMA Bill, which states that the mere transmission of Singpass credentials by network access providers and data transmission service providers does not amount to an offence under the new section 8B.
-
For avoidance of doubt, section 8B(4) makes clear that service providers, such as telcos, will not have committed an offence merely because their networks or services were used as the conduit or platform for the transmission of credentials.
-
This is because it would neither be fair nor reasonable in these circumstances to expect such providers to know whether a person was using their networks or services to transmit the credentials of another person.
Mr Ng asked about the responsibility of these providers in addressing the illegal use of bank accounts and Singpass credentials.
The bigger question is how they can help prevent scams from taking place. I’ve spoken previously about our efforts in this area, including IMDA’s work with the telcos to block spoofed calls and SMSes. We are also working with the telcos to block suspicious websites in a speedier fashion.
On Mr Yip’s comment that the CMA Bill may be contrary to the general position of innocence until proven guilty, let me assure Members that this is not so. The presumption of innocence is a fundamental principle, and in fact the foundation, of our criminal justice system.
Both the CDSA and the CMA Bills continue to uphold, and are consistent with, the presumption of innocence. In both Bills, the overall burden remains on the Prosecution to prove the offences beyond reasonable doubt.
Other suggestions
Next, I will deal with the questions and suggestions which relate to our broader anti-scam efforts. I will do so briefly, because these fall outside the scope of the Bills, and some of them have been discussed in this House before.
Let me recap our approach to fight scams.
-
We have taken proactive measures to (i) educate the public, (ii) prevent and block scammers from being able to reach victims in the first place, (iii) make it easier to detect and report scams, and (iv) enforce and recover lost monies.
-
I have given some examples in my opening speech, which address Mr Yip, Ms Ang, and Mr Sharael’s questions about our efforts in these areas.
-
We will step up our efforts, including enabling our Police with technology like Mr Sharael suggested.
-
In line with Ms Yeo’s suggestion, we will continue to work with relevant government agencies like MAS and the banks to provide assistance to scam victims, and also leverage analytics to detect and mitigate scam-related transactions.
-
In line with Mr Murali’s suggestion, we will also continue to work with parties which rely on Singpass to do more to prevent scams.
Mr Yip and Ms Ang asked about Singpass security. The Smart Nation and Digital Government Group (SNDGG) has introduced the following measures to better protect Singpass users:
-
GovTech has put in place early detection mechanisms, and fraud analytics, to detect potential scams involving Singpass. For higher risk transactions, users may also be asked to further verify themselves with Singpass Face Verification. These measures allow GovTech to take prompt action to investigate, and where possible, prevent or stop the scams.
-
GovTech has also given users the option to block their Singpass from overseas access. This is a useful feature because most scammers operate outside of Singapore. So if you block your Singpass from overseas access, in essence, you are preventing it from being abused by overseas scammers.
-
Some of these measures can also help to protect the more vulnerable members of our society, which Mr Zhulkarnain had asked about. I thank him for his other suggestions to better protect individuals with special needs from being scammed. GovTech and the Police will study how best to implement them.
Conclusion
Madam Deputy Speaker, let me conclude by thanking the Members for their support of the two Bills.
Everyone has a role to play in the fight against scams, and should exercise care and responsibility in the use of our payment accounts and Singpass.
Scammers are not remaining static, and neither can we. We will continue to conduct regular security reviews and enhance our defences. Even as we prepare to respond to future threats, I am glad that Members agree on the need for these Bills to tackle the pressing issues at hand.
The proposed amendments will build up our collective defence against scams, disrupt scam syndicates, and better protect Singaporeans. If we are able to do so, it will help preserve Singaporeans’ confidence in going digital, even for the elderly and more vulnerable.
Madam Deputy Speaker, I beg to move.