Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) (Amendment) Bill

Order for Second Reading read.

Mr Deputy Speaker: Second Minister for Home Affairs.

Order. I propose to take a short break. Okay, I will not take a short break and adjournment. Second Minister for Home Affairs.

5.31 pm

The Second Minister for Home Affairs (Mrs Josephine Teo): Mr Deputy Speaker, my sincere apologies. Nature does call.

Mr Deputy Speaker: Not at all.

Mrs Josephine Teo: Mr Deputy Speaker, Sir, I beg to move, "That the Bill be now read a Second time."

Sir, this Bill is linked to the next Bill on the Order Paper, the Computer Misuse (Amendment) Bill. May I propose that the debates on both Bills take place together?

Mr Deputy Speaker: Please proceed.

Mrs Josephine Teo: Thank you, Sir. We will still have the Second Reading of the Computer Misuse (Amendment) Bill to comply with the procedural requirements.

Sir, scams have become a global problem. Scammers lurk in every corner and victims are often caught unawares. Many scams go unreported, because victims feel embarrassed or do not believe any good will come of their reporting. But even just counting those that were reported, the amount lost to scams worldwide grew by about 16% from 2020 to over $77 billion in 2021.

In Singapore, the number of scams has also increased sharply. Police reported that scam cases exceeded 31,000 in 2022. This is more than a fivefold increase since 2018. Scam cases are now more than one-and-a-half times that of physical crime. Back in 2018, they were only a quarter.

The amount of money lost to scams is staggering. In 2022 alone, victims lost $660 million. Since 2018, close to $2 billion. Many of us know or have personally heard stories of people who have fallen prey. They include elderly Singaporeans who lost their life savings. Younger Singaporeans are not immune. In fact, more than half of scam victims in 2022 were aged 20 to 39. Victims often lose more than money – they lose peace of mind, sense of well-being, relations with family sometimes become very strained and all of these things bring about great distress.

Many scams in Singapore have an overseas nexus. We cannot stop the global tide but must do everything we can to try and keep the scammers far from shore. The Bills we are debating today are part of the Government's multi-pronged strategy to fight scams. We have been educating the public so that they are aware of the signs of scam and know what actions they can take to protect themselves.

Members would have seen the public campaign, "I can ACT against Scams", or hosted outreach sessions by Police officers in their constituency events involving residents. We have taken proactive measures to prevent scammers from being able to reach victims in the first place. For example, the Infocomm Media Development Authority (IMDA) has been working with the telcos to block spoofed calls from reaching Singaporeans. Every month, close to 60 million calls are blocked.

We launched the ScamShield app in November 2020, which has been downloaded more than 550,000 times and filtered out more than 7.4 million SMSes that are suspected to be part of a scam. Earlier this Sitting, we tabled the Online Criminal Harms Bill. Among other things, the Online Criminal Harms Bill will help to stop potential scams from taking place, or as soon as they are detected.

We have also made it easier to detect and report scams and follow-up with partners. The Police set up the Anti-Scam Command in 2022 to consolidate expertise and resources in combatting scams. Staff from the major banks are co-located with the Police, so that all the parties can quickly act together to freeze scam-tainted accounts. With the help of our foreign partners, Police brought down 13 scam syndicates in 2022. More than 70 persons based overseas were arrested.

The Bills we are proposing today will add to our suite of anti-scam measures outlined above. We propose to empower the authorities to deal more effectively with money mules and to prevent the abuse of Singpass for scam operations.

First, let me explain the role of money mules. They are individuals who allow criminals to control their bank or other payment accounts. They also include those who use their accounts to receive or transfer monies under the criminals' instructions. Some Members may recall the OCBC phishing scam that occurred between December 2021 and January 2022 – 790 victims fell prey. The total losses amounted to $13.7 million. In this scam, the Police identified more than 120 suspected money mules. More than 120 local bank accounts were used to receive the scam victims' monies.

Why do the scammers need money mules? Scam syndicates typically cultivate a network of money mules to facilitate their crimes or to launder criminal proceeds. The money mules' bank accounts form a web of multiple accounts; scammed monies can be split into different denominations and transferred through these accounts. This process is repeated many times over, so that the monies go through multiple layers of bank accounts, before being transferred out of Singapore into the hands of the syndicate. This tactic of "layering" is designed to make it difficult for the authorities to follow the money trail and to get to the perpetrators.

Between 2020 and 2022, scammers exploited more than 38,000 bank accounts to launder their proceeds from local victims. Over the same period, more than 19,000 money mules were investigated by the Police. One big problem for the Police is that with electronic transactions, all these actions that I described earlier happen very quickly, often in a matter of hours.

Another problem is that when interviewed by the Police, most of the money mules claimed they did not know that they were handling illegal funds. They claimed not to have known the identity of the person who instructed them, nor the identity of the bank account holders whom they were receiving funds from or transferring funds to. Many agreed to facilitate these money transfers because they were paid to do so. They claimed that they did not think that they were doing anything illegal and did not know they were dealing with criminal proceeds.

The fact is, however, that their actions caused great harm to scam victims, whose monies have been moved beyond reach, beyond our ability to recover. Besides money mules, the Police have also observed a trend of scam syndicates abusing Singpass to facilitate their criminal activities. For example, syndicates recruit Singpass users with the promise of monetary gain and then use the Singpass accounts to further their schemes.

Scam syndicates who get hold of another person's Singpass credentials can use them to open bank accounts, which are then used to receive and transfer funds obtained through scams. Irresponsible Singpass users have facilitated this by selling or sharing their Singpass credentials, such as their Singpass password and SMS one-time password. Scam syndicates effectively assume the identity of a Singpass user for their criminal activities and exploit the Singpass account to commit criminal activities while hiding their own tracks. As a result, these scam syndicates are extremely difficult to pursue.

Sir, we must do everything we can to prevent scams from harming Singaporeans. This includes recognising the limitations of current laws, which make it difficult to take the money mules to task. It requires the Prosecution to prove that the money mule had knowledge or reasonable grounds to believe that the monies transacted through his bank account are linked to criminal activity. As a result of these difficulties, of the 19,000 money mules investigated by Police from 2020 to 2022, fewer than 250 money mules were eventually prosecuted. Out of 19,000, fewer than 250 ended up being prosecuted.

In the OCBC phishing scam which I mentioned earlier, out of the 120 suspected money mules, only nine could be charged for money mule offences. Think about that, it is fewer than one in 10. Similarly, it has been challenging to prove the wrongful intention of those who give up their Singpass credentials under existing laws like the Computer Misuse Act.

Clearly, there is a gap that has allowed money mules to continue abetting scammers at little cost to themselves. Why should they be deterred if they can evade prosecution by simply claiming ignorance?

The two sets of amendments we are proposing are, therefore, intended to strengthen our collective defence against scams.

First, it sets guardrails on the use of bank and Singpass accounts. Bank account holders and Singpass users must be careful and exercise diligence regarding their bank accounts and Singpass credentials. Our bank accounts and Singpass accounts are for our own use. We should not allow them to be used by another person, especially if we do not know who the other party is or what the transactions are for.

Second, the amendments will empower the Police to act more effectively against those who blatantly ignore these guardrails, and abuse or allow to be abused, their bank accounts and Singpass credentials to perpetrate scams and other crimes.

I will first explain the proposed amendments to the CDSA. Clauses 3 to 6 of the CDSA Bill amend sections 50, 51, 53 and 54 to introduce the offences of rash and negligent money laundering. "Rash" and "negligent" are not new concepts. They are defined in sections 26(E) and 26(F) of the existing Penal Code and are also applied in the Road Traffic Act.

A person can be liable for rash money laundering if he proceeded to carry out a transaction while he had some suspicions about the transaction, but did not make further enquiries to address those suspicions. A person can be liable for negligent money laundering if he continued with a transaction despite the presence of red flags or suspicious indicators, which would be noticeable by an ordinary, reasonable person.

These changes will allow a money laundering offence to be made out against an individual at a lower level of culpability, compared with the current laws. Which of these offences are made out, if any, will depend on the facts and circumstances of the case. Let me share an example where a money mule can be held liable for a rash money laundering offence.

Person A responds to an online job advertisement seeking to hire an accounts manager. A was told that he would be paid $2,000 a month to receive money using his personal bank account and all he had to do was to transfer sums of more than $100,000 to other bank accounts weekly. That is all the job requires, allowing the bank account to be used for transfer of monies. It is nothing like the kind of work that would justify a monthly salary of $2,000 that we would normally expect.

Despite the exceptional attractiveness of this job, which should have raised suspicions, A did not verify the source of the funds he was receiving, the purpose of the transfers nor the authenticity of his purported employer. Due to the frequency and amount of money transacted, A suspected that the monies could be criminal proceeds, but he chose to carry on without further checks and the money was eventually found to be criminal proceeds from scam victims.

I will also share an example of negligent money laundering.

Person B responded to an online advertisement on a social media platform calling for people to "rent out" their bank accounts; it literally used those terms – "rent out". B provided the Internet banking login details for his personal bank account to an unknown subject and was paid $800 to let his personal bank account be used by that subject. B did not know what his bank account was used for. B claimed that he did not suspect anything wrong with the arrangement despite receiving this quite easy $800. Investigations found that his bank account was used to receive about $20,000 from a Singaporean victim of a love scam. To an ordinary reasonable person, this offer would have sounded suspicious and really "too good to be true".

Sir, the offence of rash money laundering will carry a fine of up to $250,000 or imprisonment of up to five years, or both. The offence of negligent money laundering will carry a fine of up to $150,000 or imprisonment of up to three years, or both.

Based on investigations into scams, the Police have observed conduct common among money mules in facilitating a scam.

Hence, clause 7 of the Bill adds a new section 55A which introduces a new offence of assisting another person to retain benefits from criminal conduct. A money mule can be held liable for this offence if his conduct falls within any of the following four circumstances.

One, the value of the property he dealt with is disproportionate to his known sources of income; or two, he allowed another person, or persons, to access, operate or control his payment account and failed to take reasonable steps to find out the purpose of this arrangement; or three, he received or transferred money using his payment account and failed to take reasonable steps to find out the source or destination of the money; or four, he received money from or transferred money to another person or persons and failed to take reasonable steps to find out that person's identity and physical location.

I will cite an example to illustrate the above offence.

Person C responded to a job advertisement by a company. C is told he will earn $100 a day for using his own bank account to receive money from the company's customers and transfer the money to the company's bank account. All these from a purported employer whom he does not ever meet. As unusual as the job may have sounded, C did not question why he needed to use his personal account to receive and transfer money from the company's customers. He did not take steps to find out where the money was coming from or going to. After all, the effort required of him is quite minimal.

Why do all these details matter then?

Sir, to stop the build-up of such a network of money mules, this new section 55A could render a person like C liable for an offence of assisting another person to retain benefits from criminal conduct.

While clause 7 provides that a person could be liable for an offence under any of the four circumstances I described earlier, clause 7 also provides in the new subsection 55A that it is a defence if the person is able to prove that he did not know and had no reason to believe that the property he had dealt with directly through his account, or indirectly, was criminal proceeds.

The offence of assisting another person to retain benefits from criminal conduct will carry a fine of up to $50,000 or imprisonment of up to three years, or both.

Let me move now to explain the second set of proposed amendments, the amendments to the Computer Misuse Act (CMA).

I mentioned the worrying trend of Singpass users who give away their Singpass credentials, often for money. The actions of such errant Singpass users facilitate scams and other criminal conduct. They undermine Singpass as our national digital identity service which many people have come to depend on for digital transactions.

However, it is challenging to take such errant Singpass users to task. For example, under the CMA today, it must be proven that the Singpass user knowingly disclosed his credentials for wrongful gain or an unlawful purpose, or that it would cause wrongful loss, which is difficult to do.

In one recent case, one Singpass user who had sold his login credentials subsequently pretended to be a victim and came to the Police, claiming that he had been deceived into giving up his Singpass credentials.

It was only through extensive investigations, taking up enormous Police resources, that the Singpass user eventually admitted to have sold his credentials, knowing that his Singpass would be used for criminal activities. The authorities managed to crack this case. But in many others, the Singpass users are uncooperative in investigations and fabricate stories about how their Singpass came to be abused. This situation favours the scammers and it is highly unsatisfactory.

Therefore, clause 4 of the CMA Bill introduces a new offence in the form of a new section 8A in the CMA, to address the conduct of Singpass users who deliberately give their credentials to other persons, which are then used to facilitate criminal activities.

We are concerned with the behaviour of Singpass users who disclose their Singpass passwords or access codes, or who provide any means of accessing their Singpass accounts in situations where the credentials can then be used to facilitate criminal conduct.

In my speech, for ease of reference, I will refer to all of these types of acts collectively as "disclosing Singpass credentials".

To combat such behaviour, it will now be an offence for a Singpass user to disclose his Singpass credentials, if he did so knowing, or having reasonable grounds to believe, that the purpose of the disclosure is for any person to commit, or facilitate the commission by any person, of any offence under any written law.

The intent of this change is not to make legitimate users of Singpass fearful of disclosing their credentials. They should, however, be aware that in certain situations, the disclosure could be an offence if, one, the disclosure was carried out for any form of gain; two, the disclosure was carried out with the knowledge it would likely cause wrongful loss to any person; or three, the disclosure was carried out but without reasonable steps being taken to find out the identity and physical location of the person to whom the credentials were disclosed.

These proposed provisions are based on actual situations Police have observed, where individuals have deliberately sold or disclosed their Singpass credentials to criminal syndicates.

The offence of disclosing an individual's own Singpass credentials will carry a fine of up to $10,000 or imprisonment of up to three years, or both.

Again, to be abundantly clear, it is not our intent to criminalise situations where there is a genuine need to share credentials for legitimate transactions. For instance, seniors may, in some situations, need the help of their family members to make Singpass transactions. The new provisions are also not intended to capture persons who were genuinely tricked into giving up their Singpass credentials.

Clause 4 of the CMA Bill also introduces a new offence in the form of a section 8B in the CMA, which criminalises acts of obtaining, retaining or dealing in another person's Singpass credentials. This is to deal with those who purchase Singpass credentials and syndicates which trade the Singpass credentials.

The Bill introduces provisions in section 8B to clarify the scope of this new offence. It is not an offence if an individual obtained or retained another person's Singpass credentials for a legitimate purpose. It is also not an offence if an individual supplied, offered to supply, transmitted or made available the Singpass credentials of another person for a legitimate purpose and the individual did not know or have reason to believe that those credentials will be or are likely to be used to commit an offence.

The offence of obtaining or dealing in Singpass credentials will carry a fine of up to $10,000 or imprisonment of up to three years, or both, for a first offence. For a second or subsequent offence, the penalty will be a fine of up to $20,000 or imprisonment of up to five years, or both.

In addition, clause 5 amends section 13 of the CMA so that the two new offences will apply and our Courts will have jurisdiction over the offences, even if they are committed outside of Singapore.

The nature of scam syndicates is that they operate mostly from overseas. Regardless of where these offences are committed, it is critical for us to prevent conduct that amounts to an abuse of Singpass to facilitate scams and other criminal activities and to protect Singpass as Singapore's national digital identity service.

Mr Deputy Speaker, these two Bills are necessary to strengthen our collective defence against scams. They seek to disrupt the operations of criminals preying on Singaporeans by acting as guardrails for the use of payment accounts and Singpass credentials and allowing Police to better act against money mules and those who abuse Singpass to perpetrate scams and other crimes. Sir, I beg to move.

Question proposed.

Mr Deputy Speaker: Mr Zhulkarnain Abdul Rahim.

5.57 pm

Mr Zhulkarnain Abdul Rahim (Chua Chu Kang): Mr Deputy Speaker, I stand in support of the amendment Bills which will help to further strengthen our vigilance against online scams and enforcement against money mules and abuses of Singpass accounts.

With the increase in instances of reported cases of scams both globally and in Singapore, our fellow Singaporeans are even more susceptible to risks of being scammed and taken advantage of as unwitting money mules.

We have heard from the Minister just now on the facts and figures. In the last two years, Singapore has lost about $1.2 billion to scams. Scam cases are now more than 1.5 times in number, compared to physical crimes.

While we can increase public vigilance and awareness in our defence against scams, we need our legislative framework to remain up to date with technological developments in order to disrupt the operations of scammers, which are increasingly more sophisticated and challenging.

One aspect is the use of money mules as a means to facilitate scams and getting scam proceeds out of Singapore.

Currently, between 2020 and 2022, out of the more than 19,000 money mule cases investigated by the Police, only less than 250 cases were eventually prosecuted, as explained by the hon Minister. These cases involved amounts of more than $440 million. That is almost 20% of the entire scams in terms of quantum.

Money mules are a key part of scammers' operations here in Singapore and I agree that there is a lacuna in the law that needs to be plugged.

Currently, the evidential challenge is to prove that money mules have actual knowledge or intent to facilitate such criminal activities. Further, money mules are currently charged under the Computer Misuse Act for abetting a person to gain access to the bank account without authority. This provision does not seem the most appropriate for the acts committed. Hence, I welcome the changes proposed by the Bill and their direct intervention in this regard.

My firm is part of the Criminal Legal Aid Scheme (CLAS) acting for accused persons on a pro bono basis and we see some of these cases. From experience, not all alleged money mules fit the typical stereotype of a criminal scammer. Some of them claim or maybe are as much victims of circumstances as the scammed victims themselves.

If I may share a case about one such young accused person that walked through our office doors. Aged 19, he was serving his NS. He saw a job advertisement and responded to it with the intention of working to support his family of seven and supplement the income of the sole breadwinner. He ended up giving up control of his bank account and Singpass to an unknown person in return for payment. He thought this is his income or salary. Easy come, easy go. But it was too good to be true. Call it youthful brashfulness. He faces charges now, accused of being a money mule.

Besides that case, I have also received appeals during my Meet-the-People Sessions from families in Keat Hong who also faced similar situations. Mostly, these money mules were lured by the prospect of job opportunities and some were scammed out of their savings and forced to act as money mules in order to regain some of those monies back. We must ensure that the amendments strike a balance between protecting the public and also meting out the appropriate penalties commensurate to the crime and culpability.

The proposed amendments to the law will place the burden on the accused money mule to prove that he or she had reasonable grounds to believe that the disclosure of his or her Singpass was lawful and to take reasonable steps to ascertain the purpose of the person accessing the account and the source of funds and/or the person's identity in relation to the bank account. I think this is commonsensical. In practice, it is likely that the person will face difficulty to prove otherwise and may be found guilty under the amended provisions. This is despite the fact that he or she may not have had any knowledge as to how the bank account was being used.

There are various offences, such as rash or negligent money laundering, where the accused money mule has a suspicion that the monies could be criminal proceeds but chose not to verify the legitimacy of such funds. If I may ask, what would be the reasonable steps that a person can take to make such verifications? Perhaps, the Ministry can consider forming a public reporting office which provides an avenue through the anti-scam hotline or an enhancement on the ScamShield app for members of the public and those who genuinely intend to make such verifications. This way, a person can just make a call, alert the agencies or banks of such offer or make verifications for such transactions before it is being made. This can come under the suspicious transactions reporting office for AML transactions, something which our ordinary members of the public may not be aware of.

Next, the burden of proof is about to shift, some say, in a drastic manner. I wonder if the Ministry may wish to consider delaying the implementation of the amendments while carrying out public education events as to the seriousness of such offences. Because the advertisements are framed as job advertisements, many young persons or even older ones may not appreciate that. Just by letting another person access their Singpass or bank account, they are committing a serious offence. Or as the Minister mentioned, the disclosing of their Singpass credentials.

In addition, such awareness campaigns should be done in concert with the banks and financial institutions, the Ministry of Manpower (MOM) and potential employers as well. The risk and dangers of being used as money mules can be amplified through our job seeking portals to alert potential jobseekers of the scams and pitfalls out there.

Lastly, I agree with the amendments under the Computer Misuse Act to protect the use of our Singpass credentials. In this regard, may I also suggest that for vulnerable members of our society, like the elderly and adults with special needs, that any changes or unauthorised access to their Singpass accounts also be notified to their next-of-kin, guardian or adult children.

I raised in this House previously about one of my Keat Hong residents, who is an adult with special needs, and how he was scammed into signing up for various phone lines by scammers and that his elderly parents were helpless to prevent the scam. We need to have a more robust way of protecting the vulnerable groups of our society. Perhaps, the use of data analytics to see the pattern of access by such groups can also help alert or red flag any sudden unathorised access. What are the steps that the Ministry will take to bolster such protection? Perhaps, before any changes to access to such Singpass accounts can be made, there can be a two-factor authentication to be approved by the next-of-kin, guardian or their adult children.

I thank the Minister for clarifying about the cases of sharing Singpass credentials for genuine legitimate purposes and also where the elderly seek help to access their Singpass accounts. So, when I do my house visits and my AICs, the volunteers are quite aware in this regard.

In conclusion, Mr Deputy Speaker, Sir, we are working and walking in the right direction to stop the scourge of scams in our midst. This does not just affect the elderly but also the young who are looking for jobs and to earn a decent and honest living, and maybe may not have had the full brunt of life experiences before them. Our people's hard-earned money and lifesavings are at risk and at stake and, with that, their hopes and aspirations for a better future. I stand in support of the Bills.

Mr Deputy Speaker: Ms Sylvia Lim.

6.06 pm

Ms Sylvia Lim (Aljunied): Sir, in the past few years, Members of Parliament have encountered residents whose lives have been devastated by online crimes, such as scams. Not only have these victims lost significant amounts of hard-earned monies or retirement savings, they also lived with the mental anguish and guilt of being gullible enough to fall for such deception. Often, the victims were vulnerable in certain ways and susceptible to exploitation, such as those who live alone and are desperate for friends to chat with, or those searching for a life partner, who then become the victim of a love scam.

Some may blame the victims for being foolish or authors of their own misfortune. But this ignores the fact that we are dealing here with perpetrators who are parts of organised syndicates who appear well-trained to find targets. Their criminal behaviour is truly despicable.

After their ordeals, victims usually report the matter to the Police, hoping that their monies can be recovered or, at the very least, that the perpetrators would be arrested, prosecuted and punished. Due to the organised nature of scams, which are often transnational, Police have the unenviable task of informing victims that their chances of recovering their monies are often slim. Such news to a younger victim is certainly bad news, but at least he or she has the potential to recover from the loss. Such news to a retiree, however, can be crushing.

Scams have become a major crime issue in Singapore, warranting the Police to issue separate scam updates in their annual crime reporting since last year. Sir, I, therefore, support the rationale for the CMA and CDSA (Amendment) Bills. These Bills tighten the net around those who facilitate money laundering, including letting their bank accounts and Singpass accounts be used for fund transfers.

Reducing the opportunities for syndicates to redirect the fruits of crime is a step in the right direction. As to how effective these provisions will be to disrupt the operations of criminal syndicates, only time will tell.

That said, I have three clarifications and concerns about the CDSA (Amendment) Bill.

First, on the difficulties of prosecuting money mules currently. According to the Ministry of Home Affairs (MHA) press release of 18 April 2023, a large number of money mules arrested by Police could not be prosecuted due to difficulties in proving their intent to facilitate criminal activities. It was highlighted that between 2020 and 2022, more than 19,000 money mules were investigated but fewer than 250 cases were eventually prosecuted. I believe the Second Minister stated these statistics earlier as well.

This works out to a prosecution rate of just 1.3%. Could MHA clarify whether the balance 98.7% of cases were all not prosecuted due to the difficulties in proving intention or does this number include non-prosecutions due to other grounds as well?

Secondly, on the likely effect of the proposed amendments to reduce the mental element required to prosecute money mules. Clauses 3 to 6 of the CDSA Bill will amend sections 50, 51, 53 and 54 to criminalise acts of money laundering done unintentionally or unknowingly, if rashness or negligence can be shown. The punishment for such acts of rashness or negligence will be lower than for acts done deliberately or with knowledge.

Coming back to the earlier statistic of not being able to prosecute more than 98% of money mules investigated in the last three years, what is MHA's assessment of how these changes will improve prosecution rates in future?

Finally, on the new CDSA offence of assisting another person to retain the proceeds of crime under the proposed section 55A. It is stated in the explanatory statement to the Bill that the new section 55A is meant to criminalise certain acts that facilitate money laundering "regardless of a person's mental state". My concern here is about persons who may be manipulated into letting others use their bank accounts to transfer money.

I encountered one resident recently who told me that her bank account had been frozen by Police as it had apparently been used to make or receive some suspicious funds. I tried asking her how her account got compromised, but she was unable to answer coherently. She appeared, to me at least, to be a person who was easily confused and cognitively impaired, and may have been made use of.

I note that the proposed section 55A(3) and (4) provide a defence to a charge under section 55A if the person did not know or had no reasonable grounds to believe that the funds concerned were the proceeds of crime. Under the law then, a suspected money mule is expected to make some sort of reasoned assessment about the nature of the transaction. How will the authorities approach a case where the suspect appears to be mentally impaired?

Sir, while we certainly want to curtail scams and money laundering, we also need to be fair to suspects who may also be victims themselves.

Mr Deputy Speaker: Ms Janet Ang.

6.12 pm

Ms Janet Ang (Nominated Member): Mr Deputy Speaker, thank you for the opportunity to join in this debate. The current situation is very concerning on several counts. Firstly, the increased number of persons being scammed to release their Singpass and/or personal banking credentials and the value involved give cause for grave concern.

Secondly, that Singaporeans are becoming money mules who knowingly participate in the criminal activities involving their Singpass and/or personal banking credentials is even more concerning as it points to potential waning of Singapore's high integrity value system. Maybe I am watching too many Mediacorp programmes, but are we seeing the return of triads, only this time, triads in digital skin?

So, with the amendments to the CDSA and CMA Bills, it will give the appropriate power to the authorities to take action and I hope will also deter persons who think this is easy money to recognise the severity of their actions.

At the same time, we do not want Singaporeans to lose confidence in moving to digital. Digital is here to stay and, in fact, will accelerate and become more pervasive in our lives. So, it becomes even more important for Singaporeans to be digital first, even if not digital only. The Minister has assured us in previous speeches that, for Singapore, we are definitely going to take care of those who are less digitally savvy but it does not mean that we are going to go back to the old ages of totally non-digital just because we have such situations going on.

That said, I do have a few questions for the Minister.

(a) What are the challenges envisaged by the Ministry with regard to enforcement of the law and how does the Ministry intend to address those challenges?

(b) There has been a lot of efforts in driving awareness of importance and responsibility of protecting one's digital identity and digital footprint across the board, from banking access to social media and so on. What else is the Government planning to do to increase the effectiveness of these initiatives and what else needs to be done by the banks, financial services institutions, the community and the rest of Government?

(c) Is the Government considering additional levels of authentication, for example, using biometrics identification, AI-generated questions, to authenticate that the individual using the identification is really who they say they are? It is probably no longer secure enough to use a login with simply a password and a one-time password (OTP). All this, of course, leads to more costs being involved and more steps. But it looks to me that this may be required. So, how is the Government planning to fight this kind of crime?

(d) As this inevitably always involves the banks, the proposed set-up of COSMIC, the FI-to-FI information sharing services platform, which will be debated under the amendment to the Financial Services and Markets Bill will, I believe, be pertinent because everything flows through the banking system. In lieu of COSMIC going online, what data will the Government use to strengthen enforcement of this Bill?

(e) Enforcement of Computer Misuse legislation can be challenging due to several factors, including the rapidly evolving technology. So, how is Singapore planning to keep pace with new forms of cybercrime and methods of committing offences and enable MHA to be able to identify and prosecute perpetrators and the syndicates involved?

(f) With the Internet enabling global communication and transactions as we have seen in past cases, cybercrimes often occur across multiple jurisdictions, making it challenging to identify and prosecute offenders. How does MHA involve INTERPOL and their overseas counterparts to ensure that the Bill can be enforced effectively?

(g) Most important are the poor victims. The victims need to be protected as much as possible and, where possible, the victims are supported as much as possible with recovering the monies that have been scammed. What else beyond the initiatives already in place will the Government be planning to put into action that can help the victims recover as much of the monies that have been scammed? And perhaps a little bit of compassion from the banks would help, because, in fact, in 2021, a very good friend of mine had somebody, her friend who was totally scammed and then the bank locked down all her bank accounts and she was left borrowing money from other friends. So, certainly, we hope that we need to have a little bit of compassion for the victims and ensure that there is a systematic approach to helping them and supporting them. But, of course, the most important help is to tell them not to give away their identity.

So, in conclusion, to overcome these challenges, MHA and Anti-Scam Centre Singapore as well as CSA need to work closely with technology experts, cybersecurity professionals and other stakeholders like the Monetary Authority of Singapore (MAS) and the banks as well as international communities to stay abreast of emerging threats and develop effective strategies for preventing and prosecuting computer misuse crimes. This will involve investing in new technology, enhancing international cooperation and improving training and resources for all personnel involved. Notwithstanding my clarifications, Mr Deputy Speaker, I stand in support of the Bill.

Mr Deputy Speaker: Minister Josephine Teo. Would you like to adjourn the debate?

Resumption of Debate on Question [8 May 2023], "That the Bill be now read a Second time." – [Second Minister for Home Affairs].

Question again proposed.

Mdm Deputy Speaker: Mr Louis Ng.

12.36 pm

Mr Louis Ng Kok Kwang (Nee Soon): Madam, the Bills will strengthen our ability to tackle scams through the misuse of bank and Singpass accounts. The Bills will also introduce new offences of rash and negligent money laundering, expand the scope of money laundering offences and introduce new offences to prevent Singpass abuse. The proposed amendments will allow us to more effectively investigate and prosecute money mules who allow their Singpass or bank accounts to be used for scams. I have three points to make.

My first point is on the new offences of rash and negligent money laundering. A person may commit an offence if they enter into an arrangement acting rashly as to the fact that it relates to benefits from criminal conduct. The Ministry for Home Affairs (MHA) has said that a person acts rashly if they had suspicions but did not make further enquiries to address those suspicions.

Does the offence require that the person must be suspicious that the arrangement is linked to criminal conduct? Is it sufficient that the person is suspicious that the facts they were given, for example, people's identities or reasons for the transaction that may not be true? Can the Minister elaborate on the extent of verification that a person should make to address any suspicions?

A person may also commit an offence if they negligently enter into such an arrangement. MHA explained that a person is negligent if they continue with a transaction despite the presence of "red flags" that are noticeable by an ordinary, reasonable person. Can the Minister elaborate further on what these "red flags" are?

Money mules who are implicated in money laundering may not have a clear understanding of money laundering arrangements. For instance, they may be elderly persons or less financially sophisticated persons. Can the Minister explain if the standards of the "ordinary, reasonable person" will be calibrated to factor in the individual characteristics of the accused?

My second point is on the new offences under both Bills which involve a failure to verify details. Under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, or CDSA (Amendment) Bill, a person can be deemed liable for money laundering if they allow certain transactions to take place through their accounts without verifying the purpose of the arrangement, the source or destination of the country, or the person's identity and physical location.

Under the Computer Misuse Act or CMA (Amendment) Bill, a person is presumed to believe that the disclosure of his Singpass credentials was for the commission of an offence if the person fails to take steps to find out the identity and physical location of the recipient. Again, can the Minister elaborate on the extent of verification that is expected?

It is possible that an individual may provide another with access to their account or to their Singpass credentials for a legitimate purpose, but the access is later abused for criminal purposes. Can the Minister share what is expected of the individual in this situation to avoid committing an offence? Is there an ongoing requirement that the individual periodically verifies the transactions going through their account?

For example, an elderly parent may give their children access to their account to help manage their finances. They may also give their children their Singpass details to help with a transaction.

While MHA has stated that owners of payment accounts must be responsible for how their accounts are being used, the reality is that a financially illiterate elderly person may trust their children and be content to leave control of their accounts to their children. It is also possible that they may not be in a position to regain control of their accounts after allowing their children initial access, even if they are aware that the accounts are being used for illegitimate purposes. Can the Minister share how the Police will view such cases?

My third point is on the responsibility of network access facility operators and service providers. The Computer Misuse Bill clarifies that network access facility operators and service providers are not guilty of making available any Singpass information that comes across their platforms. However, platforms, too, have a role to play in addressing illegal or harmful content transmitted on their platforms.

Can the Minister elaborate on what it views as the responsibility of network access facility operators and service providers in addressing the illegal use of accounts and Singpass credentials? What are the regulatory frameworks in place to ensure that network access facility operators and service providers are not complicit in the use of their platforms for illegal purposes? Notwithstanding these clarifications, Madam, I stand in support of the Bills.

Mdm Deputy Speaker: Mr Murali Pillai.

12.41 pm

Mr Murali Pillai (Bukit Batok): Mdm Deputy Speaker, I rise in support of both Bills. These Bills are really about equipping our Home Team with the necessary legal tools to combat the scourge of scams.

The hon Second Minister for Home Affairs apprised us of the staggering numbers involved here – tens of thousands of victims, tens of thousands of bank accounts used to launder money from local victims, and billions of dollars lost.

The pain and suffering caused to the victims of the scams is very real. I have spoken to several residents in the Bukit Batok Single Member Constituency who have fallen victim to scams and lost their life savings to criminals who preyed on their vulnerabilities. It is heartbreaking for them to realise that, given the international nature of these crimes, there is little prospect of them recovering their monies stolen from them once the monies get transferred overseas, despite the best efforts of our enforcement officers.

The introduction of these Bills represents a decisive step in Home Team's strategy to deal with this scourge. Madam, before I go further, I wish to pay tribute to our Home Team officers who have been waging an all-out battle against the perpetrators of the scams, especially the officers charged with the responsibility of investigating these cases.

Our officers from the Anti-Scam Command (ASC), which includes the Scam Strike Teams in all land divisions, have been working feverishly on thousands of cases since the Command was set up last year. Their job is complex. Frequently, cross-border cooperation is needed to bring perpetrators to book and recover funds transmitted overseas. This can, admittedly, be a frustrating exercise.

Also, speed is of the essence as these officers, through their network of more than 80 partners, try to freeze and recover monies belonging to the victims before they leave our jurisdiction. These officers deserve our appreciation and full support as they discharge their duties to the best of their abilities.

I now turn to the proposals set out in the Bill. I appreciate the policy underpinning of the decision to make account holders responsible for the transactions in their accounts, so that their accounts would not be used by scammers. I have no issue with the proposal to extend criminal liability to an account holder who engaged in rash money laundering activities.

As I see it, the account holder would have been put on notice but decided to assume the risk nonetheless, usually for profit, as explained by the hon Second Minister in her speech. Hence, he should be made criminally liable for helping the scammers. I am, however, concerned about the proposal for an account holder to be criminally liable if he was negligent and that led to his account being used for money laundering activities.

The reality is that account holders have different levels of knowledge and experiences. Their susceptibility to overtures and influences of a scammer may also vary. This is an observation made by the hon Member Ms Sylvia Lim in her speech yesterday and by the hon Member Mr Louis Ng in his speech today.

In these circumstances, to apply an objective standard may operate unfairly against some of the account holders who do not have sufficient knowledge and experience and, therefore, are less discerning than others.

On the other hand, I do appreciate though that this may give a free pass to too many people who can feign ignorance after the fact. This is especially unhelpful, given the sheer number of scams that we face on a daily basis – on an industrial scale, actually.

Clearly, there is a pressing need to clamp down on accounts that may be accessible by scammers. Hence, I appreciate why a tough stance has to be taken. I wonder though, if the potential harsh effect of applying an objective standard on certain account holders, by reason of their personal backgrounds, can be mitigated by two measures.

First, to have what I call a "whitewash" policy which allows for the account holders to not be held criminally liable if he were to lodge a Police report soon after they received monies which they believe to be derived from ill-gotten gains, even if they may be criminally liable in the first place for facilitating the transfer of these monies into their accounts owing to their negligence.

By lodging the Police report, the ASC will be placed in a position to freeze the monies in the accounts and prevent the monies from falling into hands of the scammers.

For the account holders who do not act with diligence, I will imagine that the penny would drop for them as soon as they are put into funds. So, these account holders should be incentivised and given credit for proactively reaching out to the authorities in such circumstances.

Second, for the Home Team to set out clearly in legislation or other platforms what its expectations of the account holders are. In this regard, I note that the hon Second Minister mentioned that the rash or negligence concept is not new and is employed in the Penal Code as well as the Road Traffic Act. I would suggest that the hon Minister consider the approach taken under the Immigration Act in relation to persons who are found to have harboured immigration offenders as a result of their negligence.

As some Members here may recall, in the 1980s, we had a big problem with illegal immigrants. Hence, the Government passed strict laws to deal with this problem by making it an offence for employers and landlords to harbour illegal immigrants.

In 1993 and later in 1998, the Government set out the due diligence requirements in legislation, so that employers and landlords were put on notice on the checks they have to perform, failing which they will be deemed not to have exercised due diligence. In short, all these measures will make it harder for someone to say, "But I didn't know!". The response would be, "Well, you ought to have known."

I also would like to take this opportunity, as an aside, to deal with a scenario that I believe may come up from time to time in Police investigations against suspected money mules for not exercising due diligence in allowing their accounts to be used by others.

The suspects may explain that this is because the subject to whom he provided access to his account is unbanked, meaning that they had no access to a banking account, and had sought his assistance to receive or send monies.

Whilst at first glance this explanation may be rejected as being unbelievable, there is anecdotal and statistical evidence to suggest otherwise. The Government statistics show that while more than 98% of Singapore residents here have bank accounts, about 2% do not. This works out to about more than 200,000 persons here who are unbanked. I have also come across cases of adult Singaporeans who have not being able to open bank accounts because of their criminal past, or because they are subject to investigations of certain offences. As a result, the banks have assessed them to be high risk cases and rejected their applications to open bank accounts.

I suggest that more be done between the Monetary Authority of Singapore (MAS) and banks to ensure that even if a person has a criminal past or is a subject of investigation, he or she should be able to open an account to at least to have access to basic banking services. No bank regulated by MAS should be allowed to reject an application for basic banking services on the basis that he is high risk. This should be a universal right and, in fact, this is not a controversial point. I note that in 2020, Senior Minister Tharman Shanmugaratnam, in response to a Parliamentary Question filed by the hon Member Louis Chua, stated that MAS was working with banks on further ways to enhance financial inclusion whilst ensuring that risks were adequately managed.

Should we be able to ensure that all Singaporean residents have universal access to banking services, this can help in the fight against scams too. Money mules will no longer be able to provide the excuse that the third party who took control of their account is unbanked.

I now proceed to deal with the proposed amendments to the CMA. I support the hon Second Minister's proposal to make it an offence for an individual to disclose his Singpass credentials to another knowingly or having reasonable grounds to believe that the purpose of the disclosure is to facilitate the commission of an offence. Such access would enable criminals to open bank accounts, registering companies and sign up for new phone lines.

There is one further area that I would like to respectfully suggest to the hon Second Minister with a view to further bolster the steps, to prevent unauthorised disclosure of Singpass credentials.

As part of our efforts to be a digital nation, the Government offers Singpass Application Programming Interface (API) to both Government and private entities. As a result, Singaporeans now, through Singpass, can gain access to a plethora of services provided by both Government and private entities.

With the convenience, unfortunately, comes the risk of some Singaporeans being scammed. We have heard and seen cases of people falling prey to phishing and spoofing scams by scammers allegedly representing the Government and private entities that led them to disclose their Singpass credentials to scammers.

For this reason, I would like to suggest that it should be made a regulatory must for all entities using Singpass APIs for access into their services be given the responsibility to proactively conduct due diligence to identify phishing and spoofing attempts on unsuspecting people.

By imposing a regulatory responsibility, I hope that alarm can be raised sooner rather than later and the number of victims falling prey to such scams can be reduced.

There is no sure way to guard against the ill intentions of malicious men, just as there is no way to match the ingenuity of criminal minds, save by the ingenuity of all of us who stand against them.

My first set of proposals requires the presence of minds from individuals to pay attention to the rules of engagement in a digital world. My second requires institutions to play this role too. Together, we can form a tighter net against those would wish us harm.

Mdm Deputy Speaker: Mr Yip Hon Weng.

12.51 pm

Mr Yip Hon Weng (Yio Chu Kang): Mdm Deputy Speaker, our nation is moving towards a digital-ready future, as part of our Smart Nation strategy. Correspondingly, this comes with the increasing prevalence of digital transactions. As a financial hub, it is imperative that we tighten our legislations on the digital front. The amendments to the two Bills are therefore timely and necessary. I have several clarifications.

First, Mdm Deputy Speaker, I wish to raise some general queries on the implementation of the two Bills.

Recent media reports have shed light on a different aspect of scamming incidents. Specifically, some individuals who were believed to be scammers, were, in fact, victims of scam syndicates. They may have been lured into committing offences.

From such incidents, we understand that there is a myriad of factors involved. This includes the fact that these individuals may themselves have been deceived and were unaware as to where the truth lies. With the constantly evolving nature and increasing complexity of scams, how does the Ministry ascertain whether a suspect is adequately educated, or can recognise a scam? How does the Ministry determine whether the suspect was cognisant of their role in a scam?

Next, I note that between 2020 and 2022, the Police investigated over 19,000 money mules. Yet, fewer than 250 cases were prosecuted. Is the rate of prosecution a result of insufficient evidence? As such, does this Bill seek to remedy the inherent difficulty of proving that money mules have knowingly assisted in money laundering offences? Moreover, how will the changes proposed in the Bills specifically address the challenges?

My second concern is regarding the enforcement of penalties against criminal masterminds in scam and cybercrime syndicates. While going after the small fry or runners is important to break the chain, these people are just a cog in the wheel, who are easily replaceable. We need to also target the mastermind behind these criminal operations. Can the Government share what is being done to track the syndicate masterminds, even if the crimes are transnational in nature?

While it may not be directly under the purview of the two Bills, can the Government share what is being done to track and retrieve the amount of money stolen via cybercrimes? What is the current success rate of the retrieval of stolen funds? And is this level deemed satisfactory? This is an issue that is of utmost importance to scam victims and residents who are becoming increasingly wary of cyber transactions.

Third, Mdm Deputy Speaker, while we take action against those who intentionally give away their Singpass credentials for criminal activities, we must also consider the security weaknesses that may lead to the compromise of Singpass credentials. These deficiencies can arise from both technological vulnerabilities and social engineering, such as manipulating not just the user, but also customer service staff who handle the affected accounts. What measures are Government taking to enhance the security of these systems? How can we leverage technology to prevent users from unintentionally or wilfully disclosing their Singpass login information during any part of the login process? Will the system require additional levels of authentication to ensure better safeguards?

How will the Government balance the need for increased authentication, with the goal of expanding the use of Singpass for various transactions and services, which is a critical aspect of our Smart Nation initiatives?

Will the Government be more selective in granting access to Singpass to more companies and services? This is something which Member Mr Murali raised earlier. Additionally, what measures are in place to mitigate the risks associated with the exposure of Singpass credentials, if these services are compromised? How can the security of users' credentials be guaranteed?

To ensure the full support of our people in our Smart Nation ambition, we must build their confidence not only in the robustness of our cyber networks and systems, but also in the solutions available, in case of system failures and vulnerabilities. Citizens should not have to fear losing money or personal data with each attempt to conduct a digital transaction.

Fourth, Mdm Deputy Speaker, some aspects of the Bills pose concern for seniors, who may be less savvy with online transactions and scams. Many banks are shifting towards digital transactions, which is disconcerting for seniors who may not be familiar with online banking technology. Despite the lack of confidence, some of them invariably may have to resort to conducting their banking activities online. In such cases, they may seek assistance from others, which puts them at risk, if these individuals have malicious intentions.

Amongst seniors who conduct banking activities online on a regular basis, can the Government share what percentage have fallen victim to scams or have become involved in money transfers for illegal activities? How will the law address cases where seniors willingly hand over control of their Singpass or bank accounts to family members or caregivers who may then use them for illegal activities? What measures will be taken to mitigate the exploitation of seniors who may not fully understand the nature of their actions, when transferring money under the guidance of others, such as "friends" or acquaintances?

In my Yio Chu Kang estate, there are many senior residents who live alone or spend a significant amount of time alone as their children are working. These vulnerable individuals are often not digitally savvy, making them more susceptible to falling prey to scammers who pose as friends or manipulate or force them into becoming money mules. Scammers often take advantage of their victims' fears and insecurities to extract more money or account information. If the victims' accounts are frozen due to illegal activity, they face a double whammy of being charged with a criminal offence for acting out of fear.

While my grassroots leaders and I do our best to raise awareness, emotions and panic tend to cloud judgement, as often seen in love or kidnap scams. Will the law consider the circumstances and susceptibility of elderly victims in these cases?

Another important consideration is how the proposed law will affect our ongoing efforts to educate seniors about digital and cyber safety, such as the Seniors Go Digital initiative. Could the law make seniors more apprehensive about using digital technology and undermine our progress in this area? It is disheartening to hear seniors express reluctance to transact online when we discuss new scams with them. Their reaction suggests that they may forsake digital transactions altogether, to avoid the risk of being scammed.

In conclusion, Mdm Deputy Speaker, it is important that individuals face penalties for allowing the use of their personal and banking accounts to abet criminal activities. But there needs to be a balance between allowing for easier prosecution and collaborators who may have genuinely been misled by syndicates.

My concern is for seniors. We cannot ignore the fact that vulnerable seniors and genuine scam victims exist. We must adopt a comprehensive approach to safeguard our seniors' personal data, whilst also provide education on digital and cyber safety to vulnerable groups. The Government and relevant organisations should also continue to work towards enhancing the security of their systems to prevent the compromise of personal data.

I pause here to note that the effect of the Bill makes it easier for the prosecution to prove an offence. In part, the Bill removes the burden on the prosecution to prove that the accused had actual knowledge or reasonable grounds to believe, and puts the onus on the accused to rebut the presumption of reasonable grounds of belief.

Whilst the Bills may be contrary to the general position that one is innocent until proven otherwise, ultimately, I agree that the proposed amendments set out in the Bills are vital to meet the ever-evolving financial crimes in a digital age. Further, I firmly believe that our Attorney-General's Chambers (AGC) prosecutors and our Singapore Police Force investigation officers will act judiciously in deciding whether to prosecute individuals. I support the Bills.

Mdm Deputy Speaker: Mr Sharael Taha.

1.00 pm

Mr Sharael Taha (Pasir Ris-Punggol): Thank you, Mdm Deputy Speaker. The number of reported scams and the amount lost to scams are steadily increasing, with significant impact on individuals and their hard-earned money.

In 2022, there were 31,728 scam cases reported in Singapore, a 32.6% increase from 2021, and victims lost a staggering $660.7 million in 2022 alone, up from $632 million in 2021. Hence, in the last two years, $1.3 billion had been lost through scams and some of these are the retirement funds of many of our residents.

During my Meet-the-People Sessions (MPS) at Pasir Ris, one of my residents, who is a professional, came up to me, sharing that he had lost more than $200,000 to a scam and that the majority of the money lost was his mother's retirement savings.

It is essential to address this issue promptly and effectively. Whilst scammers continue to change their modus operandi, our agencies are diligently working to catch up with them. It is encouraging to witness the collaboration between the MHA and the Smart Nation and Digital Government Office as they work closely together to strengthen our collective defence against scams.

However, I have three points of clarification for the Minister. My first point will be on clarifying some of the clauses in the amendments. My second point will focus on how we continue to educate the general public effectively on scams. And my third and last point will be focusing on how we improve the recovery of the monies lost to scams.

The proposed amendments in the Bills stipulate that the payment account owners, including bank accounts, must exercise responsible conduct in the utilisation of the said account. They will be held accountable for any transaction that takes place through their accounts. In considering requests by others to use their payment accounts to receive and transfer monies, owners are always expected to find out more about the other party, to verify the other party's identity and to understand the origin or destination of the monies.

Can I confirm with the Second Minister that payment accounts include other types of platforms beyond banks or Singpass accounts, such as e-wallets like Apple Pay, Samsung Pay, Grab Pay, Google Pay and We Chat Pay?

In the amendments, when an account owner receives money from or transfers money to another person, he must also take reasonable steps to enquire and identify the source or destination of the money. He would be deemed to have acted rashly if he proceeded to carry out transactions while he had suspicions, but did not make further enquiries to address those suspicions. Furthermore, he would be deemed to have acted negligently if he continues with a transaction despite the presence of "red flags" that are noticeable by an ordinary, responsible person.

Given that scammers will often impersonate officials, trusted entities and even family members, what is the threshold required to prove that the account owner has acted negligently or recklessly? Very often we hear of how victims were completely convinced that the scammers were from trusted sources. The burden of proof has shifted and we must be careful how we manage this threshold, so as not to make it even more challenging for victims who have already lost their money and compound their predicament by holding them responsible for allowing money to be transacted out of their account.

The proposed amendments to the CMA were prompted by instances of Singpass account being sold by individuals, which is a worrisome occurrence. In light of this development, it is pertinent to inquire as to the current prevalence of such incidents and the total number of such cases reported to the Police.

The proposed penalty for obtaining or dealing with Singpass credentials is a maximum penalty of a fine of up to $10,000 or imprisonment of up to three years, or both, for a first offence. For a second or subsequent offence, the maximum penalty will be a fine of up to $20,000 or imprisonment of up to five years, or both. This seems similar to the penalty for theft.

However, given that in Singapore, an individual's Singpass account provides access to many other facilities and has bigger implications if abused as compared to physical theft, the proposed penalties for obtaining or dealing with Singpass credentials should serve as an adequate deterrent. How do we ensure that this is enough of a deterrent to prevent the illegal sale and theft of Singpass account access?

This brings me to my second point of whether individuals who had sold or inadvertently divulged their Singpass details to scammers were cognisant of the potential ramifications of such actions. How do we continue to educate people on the importance of keeping this information private and not sharing it with others? How effective has our outreach been? How do we continue to better educate people in ensuring that they always remain curious and enquire about sources and the destination of transactions and not just trust others openly?

Educating the public about scams is crucial for prevention. It is a misconception that only the old and the digitally illiterate gets scammed. Contrary to popular belief, more than 53% of scam victims were between the ages of 20 and 39 years old. These individuals are digital natives, indicating a need for targeted education efforts that debunk misconceptions about scam victims and cater to the unique challenges faced by the younger generations too.

Lastly, while the amendments to the two Bills strengthen our collective defence against scams, for most scam victims, recovery of the monies lost to a scam is just as important as apprehending the scammers, if not more so. I am pleased to see in the report that over $200 million has been recovered by Anti-Scam Centre since its inception in 2019 to 2022. How has this improved since then?

How do we stop money from quickly exiting the accounts of the victims to multiple banks and then quickly channelled outside of our jurisdiction? How do we balance between the efficiency of money transfers through banks versus providing adequate protection for victims of scams? Is there a fail-safe system to immediately stop fraudulent transactions from crossing our boundaries?

How much responsibility is placed on the banks to ensure that it is not easy for the scammers or money launderers to move money quickly around? How are we using technology tools such as blockchain and AI to detect and prevent such fraudulent transactions?

To elaborate more on my last point, the continuous rise in the number of scam cases is deeply concerning. In fact, the number of scam cases reported in 2022 at 31,728 cases is far higher, almost 50% more than the number of cases of physical crimes.

As our hon colleague Mr Murali earlier mentioned, the number of scam cases has reached an industrial scale. Do we have enough resources and capability along with the correct organisational structure within our Police force to take on this changing nature of crimes effectively? How can our Police force be equipped with the right technology like generative AI to help "patrol" the digital space and investigate such crimes? Mdm Deputy Speaker, in Malay please.

(In Malay): [Please refer to Vernacular Speech.] The rise in scam cases continues to be a worrying trend. The number of cases and amount lost to scams continue to increase. Over the past two years between 2021 and 2022, about $1.3 billion of workers' hard-earned money has been lost due to scams.

The modus operandi of scammers changes frequently, and our agencies are working together to strengthen our collective defence against scams. However, I have three points of clarification for the Minister.

The first point seeks clarification on some clauses in the amendments, namely, to ensure that this Bill covers all forms of payment, not just bank accounts, but also e-wallets, such as Google Pay or Apple Pay.

In addition, while the amendments mean that account holders will be responsible if there are fraudulent transactions going through their account, we must ensure that we set the threshold so that we do not make it even harder for scam victims who have already lost their money.

My second point is about educating the public on scam prevention. It is not only the elderly that fall prey to scams, and in fact, 53% of scam victims are between 20 to 39 years old. So, we must continue to stay vigilant and further enhance our capabilities to work together to prevent and stop these scams.

Finally, I would like to see more focus on improving the success rate of recovering monies that have been lost to scams.

(In English): Mdm Deputy Speaker, with all the scam cases that are happening around us, it is unnerving to hear that between 2020 and 2022, more than 19,000 money mules were investigated by the Police, but only fewer than 250 cases were eventually prosecuted.

Hence, Mdm Deputy Speaker, I am pleased to see how our agencies are working together to strengthen our collective defence against scams with the amendments to the Bills. Notwithstanding the clarifications above, I stand in support the Bills.

Mdm Deputy Speaker: Ms Yeo Wan Ling.

1.11 pm

Ms Yeo Wan Ling (Pasir Ris-Punggol): Mdm Deputy Speaker, it is in the middle of the afternoon and you suddenly receive a call from a "long-lost bro" who strangely asks you to remember his name and needs a quick loan of $500 from you; or perhaps you receive a text from a private number promising you your dream job without you needing to really put in any effort for a disproportionately dreamy salary.

Madam, I am sure many in this Chamber and beyond have experienced such similar scam scenarios, given the multitude of channels and methods that are digitally available to innocent victims, citizens and pernicious actors alike. Most worryingly, more Singaporeans are falling prey to such scams, and national statistics aside, on a local level, I have seen a stark increase of residents coming to see me at MPS on scam matters. Some devastated, seeking justice for monies and life savings lost, some seething, seeking redress for loved ones who have been found guilty of being involved in scams.

Dealing with scams presents a set of distinct and novel challenges for law enforcement. To navigate and patrol the digital space while ensuring freedoms and privacy of our citizens will be a perennial balancing act; to heavily monitor and limit online interaction presents not only an ethical conundrum of over-policing, but also an operational problem, given the rapidly changing techniques and technology that is used by scammers.

Yet, we cannot allow for the present situation to persist and scammers to exploit the identified loopholes in our current legal system. Therefore, the latest amendments to the two Bills have sought to redress the reach of law enforcement by encouraging online vigilance and responsible behaviour regarding the use of bank accounts and Singpass details, these are which information that was identified to have been critical in facilitating the perpetration of scams and other similar offences.

While I support the intention and aim of these amendments, I cannot help but consider the potential repercussions of placing significant onus on individuals to take responsibility for how they dispense and share their personal data online, especially in the ever-evolving situation of scams. In an age where there is an ever-growing digitalisation of i-banking and Government services that require the use of bank accounts and Singpass details, we have to be mindful of how this Bill may implicate those in our society who are not tech-natives, particularly our senior citizens, and persons with special needs and mental disabilities.

Scams today are no longer overt, blatant advertisements which are easily recognisable, but they reach us in a host of ways that can appear subtle and very genuine. Scams get to the best of us. Just last evening, after MPS, one of my volunteers, a smart savvy individual in his 40s, sheepishly admitted to me that he was a phishing scam victim last year, having inadvertently given his OTP to a fake delivery site. Indeed, by transferring the responsibility of online vigilance onto our senior citizens, or our less digitally inclined, it presents a twofold problem.

Firstly, for senior citizens who attempt but struggle to navigate these online services and fall prey to scams, they now possibly have no clear and simple path of redress, should they be found to have willingly shared their information online or with their loved ones. For such seniors, they not only suffer financial loss as victims of scams, but are re-victimised by their "failed" attempt to utilise digital services.

Secondly, because this Bill potentially leaves the digitally illiterate with less protection and more risks, I fear that this may only serve to provide greater inertia for our senior citizens who view our online spaces with scepticism, fostering a sense of digital alienation that we, as a nation, have worked hard to bridge.

Furthermore, by shifting the onus onto the individual, I fear the impact it may have on vulnerable communities such as adults with special needs. Many such adults currently have no right to create a bank account. This new amendment will only serve to setback the timeline for financial inclusion. If one struggles with managing sensitive data on a day-to-day basis, doing so in the complex digital sphere without empathetic safeguards can only be exponentially more difficult.

A conversation with a resident in my constituency highlighted the struggles her stepson faces as an adult with special needs. Without the right to create a bank account, the family faced much difficulty in receiving monies due to him via his father's will when his father passed on.

As the world become ever more dependent on digital services for daily functions, we must continue to consider what byproducts our laws may have on those on the fringes of society and ensure that we do not systematically inhibit the access to the life they desire.

In the spirit of "Forward Singapore", I believe that this Bill is best served with supplementary safeguards and policies to ensure our vulnerable communities are not inadvertently affected. We must continue to provide and amplify present digital literacy initiatives for seniors and other vulnerable members of our community who face difficulty dealing with the growing digitalisation of Government and banking services. Furthermore, given the ever-evolving nature of scams, we need to keep on our toes and feed our communities through digital ambassadors and other agency representatives active in our local community.

I call on the Ministry, as we enhance our crime enforcement safety nets, to also augment this with community outreach efforts to provide timely and up-to-date scam advisories, enabling our communities to develop long-term know-how on identifying and reacting to scams.

Yet, the Government should not be the sole stakeholder to ameliorate potential gaps. Banks and other digital platforms can do more to provide additional protection for our vulnerable. Creating sandboxes to experiment with new solutions, such as increased levels of authentication or the tailoring of experiences suitable to certain age groups or demographics, may be the first step towards mitigating the exposure to scams and providing financial inclusion. What are the Ministry's plans in involving more stakeholders, especially our businesses, in our endeavour towards scam awareness and protection?

As we address the present lapses in our efforts to combat scams, I hope that we do not lose sight of the potential effects this new Bill can have on our technologically vulnerable. We have to be cognisant of the implications in placing greater responsibility on individuals to navigate the digital world, seek to provide support and aid and ensure that we do not leave vulnerable groups to greater risk and alienation. These concerns notwithstanding, I support the Bill.

Mdm Deputy Speaker: Minister Josephine Teo.

1.18 pm

The Second Minister for Home Affairs (Mrs Josephine Teo): Mdm Deputy Speaker, I thank the Members for their support of the Bills. The eight Members who spoke raised important questions, which I will try my best to address.

Let me start with the scope of the new offences, which Mr Yip Hon Weng, Ms Sylvia Lim, Mr Louis Ng, Ms Yeo Wan Ling and Mr Sharael Taha all spoke about.

They raised two broad types of concerns: one, what if a person was genuinely tricked into giving up control of their bank accounts or disclosing their Singpass credentials; and two, what if a person needed help making transactions and gave up control of their bank accounts or disclosed their Singpass credentials to a family member or friend, and subsequently had their trust betrayed?

Let me assure the Members that the intention is not to penalise such persons through these new offences.

Mr Yip shared his strong belief that our public prosecutors and Police Officers will act judiciously. They will indeed do so. The provisions of the Bills are not targeted at persons who had no reasonable grounds to believe they were dealing with criminal proceeds or facilitating offences. The Police also recognise that there are indeed situations where there is a genuine need to share credentials for legitimate transactions.

The Police will investigate the cases comprehensively, considering factors such as the person's mental capacity – which Ms Lim, Ms Yeo and Mr Ng all asked about – and also the context of the incident. They will consider any credible evidence that a person was genuinely tricked into entering their banking or Singpass credentials on phishing websites.

The AGC will also carefully consider each case on its own facts and circumstances, and assess if there is public interest to pursue prosecution even if the evidential threshold is crossed. This is already the case today.

Mr Zhulkarnain cited a story of a 19-year-old who responded to a job ad and gave up control of his bank and Singpass account to an unknown employer he had never met, for income. This is a common money mule recruitment tactic observed by the Police, which typically does not involve any real work, especially considering the high wages being offered.

In one such case which occurred in 2021, also involving a 19-year-old money mule, two money mules helped to facilitate the laundering of $1 million belonging to scam victims. For every money mule investigated, there are usually many more victims who will never recover their monies lost. This must surely be considered when deciding whether or not to prosecute someone.

Mr Murali suggested having a policy not to hold individuals criminally liable if they speedily report transactions to the Police, even if they might have been negligent in the first place. The authorities will take this into account during investigations, though I will not go so far as to say that they should be automatically freed of criminal liability. Each case has to be assessed on its own facts and circumstances.

Mr Louis Ng asked about the "red flags" that individuals should watch out for. He and Mr Zhulkarnain also asked about the extent of verification needed to address suspicious behaviour.

It begins with having a clear understanding of our payment accounts, including our bank accounts, and Singpass. First, everyone must understand that these accounts are for our own use. They should not be used by another person, especially if we do not know who the other party is or what the transactions are for. Second, as a rule, we do not share details about these accounts because they should only be operated by ourselves.

With this understanding in mind, the common tactics used by scammers to approach prospective victims become easier to recognise. I will outline three.

One common tactic by scammers is not to present themselves in person. Instead, they tend to connect out of the blue through phone calls or video calls, claiming to help you or to need help from you. Can such a mysterious person be trusted with privileged information? That is the question we must ask.

Another common tactic is to give various fairly well-rehearsed reasons for you to let someone else use your account to receive or transfer monies. It should cause us to ask – why can this person not use their own account instead? It is also common for scammers to give reasons for wanting your bank account login or Singpass credentials. But think a little bit – why should you hand over the keys to anyone to unlock your valuables? These "red flags" are by no means exhaustive, but they should set off alarm bells.

In general, my advice to the public is: if you are told something very bad has happened to you or your loved ones, pause and think. Scammers love to make people panic because that is when we lose our best judgement.

On the other hand, if you are told something that sounds too good to be true, also pause and think. Scammers know that greed can make fools of geniuses. Also, the bigger the amount at stake, the more carefully you should proceed. To summarise, we would like everyone to be vigilant and take proper care of our payment accounts and Singpass accounts.

At the same time, it is not our intention to penalise anyone who was genuinely tricked into giving up control of their bank accounts or disclosing their Singpass credentials, or those who needed help from their family members or friends and subsequently had their trust betrayed. The Police and the AGC will act judiciously. Let me now move to other queries on the Bills.

Mr Sharael Taha asked whether platforms such as Apple Pay and Google Pay are included in the amendments to the CDSA (Amendment) Bill. It is a good question because the money mules do not only use traditional banking accounts. In the CDSA, payment accounts are as defined by the Payment Services Act 2019. Hence, the new offences will apply to various types of payment accounts, including e-wallets.

On Singpass abuse, Mr Sharael asked how prevalent the problem is and whether individuals selling or inadvertently giving their Singpass credentials to scammers were aware of the implications. While the large majority of money mule cases involved abuse of bank accounts, the Police has observed a worrying trend of Singpass abuse. I spoke about the challenges to prove wrongful intent when trying to prosecute offending Singpass users. We have seen cases where the user is taught by scammers how he can lie to the Police to get himself off the hook.

As Dr Tan Wu Meng reminded us during Question Time yesterday, we cannot be fighting yesterday's war only, but must be ready to tackle new scam tactics as they evolve. Having seen such behaviours with Singpass, I seek Members' support to empower the Police to arrest a likely trend and not wait till cases have snowballed.

Mr Sharael also asked whether the proposed penalties in the CMA (Amendment) Bill are sufficient. Mdm Deputy Speaker, the penalties of the new offences are pegged to similar offences in the CMA. We will monitor the situation after the offences come into effect and see whether adjustments are needed, including to deal with other forms of cybercrime, which is also something that Ms Janet Ang mentioned.

Ms Lim asked whether prosecution rates of money mules will increase with the new offences. Ms Ang also raised questions about the enforcement of the new laws, including the challenges relating to the transnational nature of the scam syndicates.

Madam, these Bills will definitely allow the Police to better act against money mules and those who abuse Singpass. However, both Bills are also intended to clearly set the guardrails for the proper use of payment accounts and Singpass accounts. The goal is therefore not to increase the number of prosecutions per se, but to have far fewer money mules.

If the introduction of the new laws deters individuals from acting as money mules in the first place, resulting in fewer being prosecuted, this will be a welcome development. But, like Ms Lim, I will not be so sanguine. We must remain vigilant and be ready to up the ante, if needed. For cases involving offences committed overseas, we will work with our international counterparts, though I am sure Members are familiar with some of the challenges of overseas enforcement.

I also fully agree with Mr Sharael, Ms Ang, Ms Yeo and Mr Zhulkarnain on the need to educate the public. This work will never end. We will cooperate with key stakeholders and intensify public education efforts before implementing the Bills to explain the dangers, the new guard rails and the "red flags" that we should be mindful of. If passed, the Bills are intended to come into force approximately six months later to allow time for members of the public to familiarise themselves with the new laws.

Mr Louis Ng spoke about section 8B(4) of the CMA Bill, which states that the mere transmission of Singpass credentials by network access providers and data transmission service providers does not amount to an offence under the new section 8B.

For avoidance of doubt, section 8B(4) makes clear that service providers, such as telecommunication companies (telcos), will not have committed an offence merely because their networks or services were used as the conduit or platform for the transmission of credentials. This is because it would neither be fair nor reasonable in these circumstances to expect such providers to know whether a person was using their networks or services to transmit the credentials of another person.

Mr Ng asked about the responsibility of these providers in addressing the illegal use of bank accounts and Singpass credentials. The bigger question is how they can help prevent scams from taking place. I have spoken previously about our efforts in this area, including the Infocomm Media Development Authority's work with the telcos to block spoofed calls and SMSes. We are also working with the telcos to block suspicious websites in a speedier fashion.

On Mr Yip's comment that the CMA Bill may be contrary to the general position of "innocence until proven guilty", let me assure Members that this is not so. The presumption of innocence is a fundamental principle, and in fact the foundation of our criminal justice system. Both the CDSA and the CMA Bills continue to uphold and are consistent with the presumption of innocence. In both Bills, the overall burden remains on the Prosecution to prove the offences beyond reasonable doubt.

Next, I will deal with the questions and suggestions which relate to our broader anti-scam efforts. I will do so briefly because these fall outside the scope of the Bills and some of them have been discussed in this House before.

Let me recap our approach to fight scams. We have taken proactive measures to: educate the public; prevent and block scammers from being able to reach victims in the first place; make it easier to detect and report scams; and enforce and recover lost monies. I have given some examples in my opening speech, which address Mr Yip, Ms Ang and Mr Sharael's questions about our efforts in these areas.

We will step up our efforts, including enabling our Police with technology like Mr Sharael suggested. In line with Ms Yeo's suggestion, we will continue to work with relevant Government agencies like MAS and the banks to provide assistance to scam victims, and also leverage analytics to detect and mitigate scam-related transactions. In line with Mr Murali's suggestion, we will also continue to work with parties which rely on Singpass to do more to prevent scams.

Mr Yip and Ms Ang asked about Singpass security. The Smart Nation and Digital Government Group has introduced the following measures to better protect Singpass users.

GovTech has put in place early detection mechanisms and fraud analytics to detect potential scams involving Singpass. For higher risk transactions, users may also be asked to further verify themselves with Singpass Face Verification. These measures allow GovTech to take prompt action to investigate and, where possible, prevent or stop the scams.

GovTech has also given users the option to block their Singpass from overseas access. This is a useful feature because most scammers operate outside of Singapore. So, if you block your Singpass from overseas access, in essence, you are preventing it from being abused by overseas scammers.

Some of these measures can also help to protect the more vulnerable members of our society, which Mr Zhulkarnain had asked about. I thank him for his other suggestions to better protect individuals with special needs from being scammed. GovTech and the Police will study how best to implement them.

Mdm Deputy Speaker, let me conclude by thanking the Members for their support of the two Bills.

Everyone has a role to play in the fight against scams and should exercise care and responsibility in the use of our payment accounts and Singpass. Scammers are not remaining static and neither can we. We will continue to conduct regular security reviews and enhance our defences.

Even as we prepare to respond to future threats, I am glad that Members agree on the need for these Bills to tackle the pressing issues at hand. The proposed amendments will build up our collective defence against scams, disrupt scam syndicates and better protect Singaporeans. If we are able to do so, it will help preserve Singaporeans' confidence in going digital, even for the elderly and more vulnerable. Mdm Deputy Speaker, I beg to move.

Mdm Deputy Speaker: Mr Murali Pillai.

1.34 pm

Mr Murali Pillai (Bukit Batok): Mdm Deputy Speaker, on a point of clarification. I note the hon Second Minister's response to my suggestion about not holding persons criminally liable in the event that they lodge a Police report of monies that they have received in their accounts.

I would just like to clarify that what my proposal is, is actually in the context of persons who were negligent in having their accounts being used and subsequently realised when the monies came in, that their accounts were misused, and therefore they proceed to lodge a Police report. Certainly not advocating a carte blanche to deal with all scenarios. That is the first point.

And in relation to my suggestion that the Ministry consider putting up due diligence measures that account holders should generally subscribe to, something akin to the Immigration Act, I wonder whether the hon Second Minister has the response to that?

Mrs Josephine Teo: Mdm Deputy Speaker, firstly, I would like to thank the Member for his clarification that he is not advocating a carte blanche. And indeed, the Police will look at the situation, understand where the person who made the report was coming from, examine the circumstances carefully and if indeed, it was a matter of negligence and perhaps not much harm had been done, the Police will certainly take these into consideration in deciding whether or not to proceed with further action.

On the Member's second question which has to do with due diligence, he had referred to the actions that landlords can take under the Immigration Act to, in some sense, demonstrate that they have done their part in trying to prevent illicit activities. In principle, we would like to get to a point where these due diligence steps can be very clearly articulated and all of us can take part in preventing scams from happening.

But as many Members have noticed and commented on during their speeches, the scam types and tactics are evolving so quickly. At present, it would be very hard to say that "here are the three things you can do", and you would have been considered to have fulfilled your due diligence. In fact, the measures that we have to take to protect ourselves are still a matter that is evolving each day. As the scam types present themselves, we notice increasingly new actions that we will have to take to protect ourselves and to protect our accounts from being misused.

So, appreciating the Member's very well-intended suggestions, we would certainly like to get to a point where we can articulate "here are the three things or five things that you can do". If and when we are able to get to that situation, please be assured that we would be very willing to consider his suggestions being taken forward.

Question put, and agreed to.

Bill accordingly read a Second time and committed to a Committee of the whole House.

The House immediately resolved itself into a Committee on the Bill. – [Mrs Josephine Teo].

Bill considered in Committee; reported without amendment; read a Third time and passed.