KUALA LUMPUR – The recent suit by the Australian Securities and Investment Commission (Asic) against HSBC for RM64 million over scam-related losses has reignited calls for stronger accountability in Malaysia’s banking sector.
Derek Fernandez, a lawyer and expert in cybersecurity law, stressed that a stronger political will is essential to ensure financial institutions take greater responsibility in protecting consumers from scams.
“Protecting the public from online harms and cybersecurity threats must be a national priority,” said Derek.
“There must be a real willingness to devote sufficient and verifiable resources by financial institutions and regulators to address these issues with transparent oversight.
“The old ways of self-regulation and pushing financial risks of digital transactions to customers, while at the same time profiteering from digitalisation with insufficient regulatory intervention, have not worked at all.”
Derek described Asic’s suit against HSBC as a bold and welcome development, one that decentralises the regulatory paradigm by involving co-regulators outside the financial sector.
“This decision reflects a global trend where institutions such as securities regulators are stepping in to hold financial institutions accountable.
“In the future, other regulators such as those from the telco and digital security sectors could intervene when irregularities are noticed. It’s a direction that promotes a more equitable global financial system,” he said.
Derek further outlined critical measures that banks and regulators could consider to curb rising cybercrime, recommending allowing customers to request additional authentication technologies – particularly for mobile payments – to enhance security.
He also advocated for setting a maximum time frame for scam complaints, with a 30-day deadline for resolution or refunds to affected customers.
Additionally, Derek proposed real-time notifications for all financial transactions and a mechanism to alert merchants when scam complaints are raised, especially for payments in float or pending. Another suggestion included introducing a “kill switch” that halts all future transactions, including international payments, immediately upon activation.
Drawing comparisons to regional efforts, Derek highlighted Singapore’s Shared Responsibility Framework (SRF) as a benchmark. The framework, introduced by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority (IMDA), obliges banks and telcos to assume greater responsibility for mitigating phishing scams.
Under the SRF, banks in Singapore will be accountable for fraudulent losses starting December 16, a step Derek described as “an excellent example of collaborative regulation in protecting consumers.”
In Malaysia, initiatives such as the 12-hour cooling-off period and the 997 fraud hotline have been introduced to address scam-related issues. However, Derek believes these measures are insufficient in light of the billions of ringgit lost annually to cybercrimes.
He stressed the importance of implementing more comprehensive reforms to address the ever-evolving tactics used by scammers, including AI-driven deepfake technologies.
“The true cost of digitalisation has been underestimated,” Derek said.
“Fast and effective changes must be made to procedures and laws that serve national and public interests. This isn’t just an issue for the banking sector but for any financial service or transaction that utilises a network service.”
As cybercrimes become more sophisticated, Derek emphasised the need for urgent action and collaboration across Asean nations.
He urged Malaysian regulators and lawmakers to prioritise legislative reforms and implement robust frameworks to protect consumers while fostering trust in digital financial systems. – December 19, 2024
