Second Reading of the CDSA and CMA Bills (Opening Speech by Minister Josephine Teo)
Opening Speech at the Second Reading of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits)(Amendment) Bill and Computer Misuse (Amendment) Bill
8 May 2023
SPEECH BY MRS JOSEPHINE TEO,
MINISTER FOR COMMUNICATIONS AND INFORMATION
AND SECOND MINISTER FOR HOME AFFAIRS
Introduction
Mr Deputy Speaker, I beg to move that the Bill be now read a second time.
Sir, this Bill is linked to the next Bill on the Order Paper, the Computer Misuse (Amendment) Bill. May I propose that the debates on both Bills take place together?
Thank you, Sir. We will still have the Second Reading of the Computer Misuse (Amendment) Bill to comply with the procedural requirements.
Scam problem in Singapore
Sir, scams have become a global problem. Scammers lurk in every corner and victims are often caught unawares. Many scams go unreported, because victims feel embarrassed or don’t believe any good will come of their reporting. But even just counting those that were reported, the amount lost to scams worldwide grew by about 16% from 2020 to over S$77 billion in 2021.
In Singapore, the number of scams has also increased sharply.
-
Police reported that scam cases exceeded 31,000 in 2022.
-
This is more than a five-fold increase since 2018.
-
Scam cases are now more than 1.5 times that of physical crime. Back in 2018, they were only a quarter.
The amount of money lost to scams is staggering.
-
In 2022 alone, victims lost S$660 million.
-
Since 2018, close to S$2 billion.
Impact of scams
Many of us know or have personally heard stories of people who have fallen prey.
-
They include elderly Singaporeans who lost their life savings.
-
Younger Singaporeans are not immune. In fact, more than half of scam victims in 2022 were aged 20 to 39.
-
Victims often lose more than money. They lose peace of mind, sense of well-being, relations with family sometimes become very strained, and all of these things bring about great distress.
Many scams in Singapore have an overseas nexus. We cannot stop the global tide, but must do everything we can to keep the scammers far from shore.
Anti-scam approach
The Bills we are debating today are part of the Government’s multi-pronged strategy to fight scams.
We have been educating the public so that they are aware of the signs of scam, and know what actions they can take to protect themselves. Members would have seen the public campaign, “I can ACT against Scams”, or hosted outreach sessions by Police officers in their constituency events involving residents.
We have taken proactive measures to prevent scammers from being able to reach victims in the first place.
-
For example, the Infocomm Media Development Authority has been working with the telcos to block spoofed calls from reaching Singaporeans. Every month, close to 60 million calls are blocked.
-
We launched the ScamShield app in November 2020, which has been downloaded more than 550,000 times and filtered out more than 7.4 million SMSes that are suspected to be part of a scam.
-
Earlier this sitting, we tabled the Online Criminal Harms Bill. Among other things, the Online Criminal Harms Bill will help to stop potential scams from taking place, or as soon as they are detected.
We have also made it easier to detect and report scams, and follow-up with partners.
-
The Police set up the Anti-Scam Command in 2022 to consolidate expertise and resources in combatting scams.
-
Staff from the major banks are co-located with the Police, so that all the parties can quickly act together to freeze scam-tainted accounts.
With the help of our foreign partners, Police brought down 13 scam syndicates in 2022. More than 70 persons based overseas were arrested.
The Bills we are proposing today will add to our suite of anti-scam measures outlined above. We propose to empower the authorities to deal more effectively with money mules, and to prevent the abuse of Singpass for scam operations.
Role of money mules
First, let me explain the role of money mules.
-
They are individuals who allow criminals to control their bank or other payment accounts.
-
They also include those who use their accounts to receive or transfer monies under the criminals’ instructions.
Some of the Members may recall the OCBC phishing scam that occurred between December 2021 and January 2022.
-
790 victims fell prey. The total losses amounted to S$13.7 million.
-
In this scam, the Police identified more than 120 suspected money mules. More than 120 local bank accounts were used to receive the scam victims’ monies.
Why do the scammers need money mules?
-
Scam syndicates typically cultivate a network of money mules to facilitate their crimes, or to launder criminal proceeds.
-
The money mules’ bank accounts form a web of multiple accounts; scammed monies can be split into different denominations and transferred through these accounts.
-
This process is repeated many times over so that the monies go through multiple layers of bank accounts, before being transferred out of Singapore, into the hands of the syndicate.
-
This tactic of “layering” is designed to make it difficult for the authorities to follow the money trail and get to the perpetrators.
Between 2020 and 2022, scammers exploited more than 38,000 bank accounts to launder their proceeds from local victims. Over the same period, more than 19,000 money mules were investigated by the Police.
One big problem for the Police is that with electronic transactions, all these actions that I described earlier happen quickly, often in a matter of hours. Another problem is that when interviewed by the Police, most of the money mules claimed they did not know that they were handling illegal funds.
-
They claimed not to have known the identity of the person who instructed them, nor the identity of the bank account holders whom they were receiving funds from or transferring funds to.
-
Many agreed to facilitate these money transfers because they were paid to do so.
-
They claimed that they did not think that they were doing anything illegal, and did not know they were dealing with criminal proceeds.
-
The fact is, however, that their actions caused great harm to scam victims, whose monies have been moved beyond reach, beyond our ability to recover.
Trend of scammers abusing Singpass
Besides money mules, the Police have also observed a trend of scam syndicates abusing Singpass to facilitate their criminal activities. For example, syndicates recruit Singpass users with the promise of monetary gain, and then use the Singpass accounts to further their schemes.
Scam syndicates who get hold of another person’s Singpass credentials can use them to open bank accounts, which are then used to receive and transfer funds obtained through scams. Irresponsible Singpass users have facilitated this by selling or sharing their Singpass credentials, such as their Singpass password and SMS one-time password.
Scam syndicates effectively assume the identity of a Singpass user for their criminal activities, and exploit the Singpass account to commit criminal activities while hiding their own tracks. As a result, these scam syndicates are extremely difficult to pursue.
Rationale for the Bills
Sir, we must do everything we can to prevent scams from harming Singaporeans.
This includes recognising the limitations of current laws, which make it difficult to take the money mules to task.
-
It requires the Prosecution to prove that the money mule had knowledge or reasonable grounds to believe that the monies transacted through his bank account are linked to criminal activity.
-
As a result of these difficulties, of the 19,000 money mules investigated by Police from 2020 to 2022, fewer than 250 money mules were eventually prosecuted.
-
In the OCBC phishing scam which I mentioned earlier, out of the 120 suspected money mules, only 9 could be charged for money mule offences.
-
Similarly, it has been challenging to prove the wrongful intention of those who give up their Singpass credentials under existing laws like the Computer Misuse Act.
Clearly, there is a gap that has allowed money mules to continue abetting scammers at little cost to themselves. Why should they be deterred if they can evade prosecution by simply claiming ignorance?
The two sets of amendments we are proposing are therefore intended to strengthen our collective defence against scams:
-
First, it sets guardrails on the use of bank and Singpass accounts.
-
Bank account holders and Singpass users must be careful and exercise diligence regarding their bank accounts and Singpass credentials.
-
Our bank accounts and Singpass accounts are for our own use. We should not allow them to be used by another person, especially if we do not know who the party is or what the transactions are for.
-
-
Second, the amendments will empower the Police to act more effectively against those who blatantly ignore these guardrails and abuse, or allow to be abused, their bank accounts and Singpass credentials to perpetrate scams and other crimes.
Provisions of the CDSA Bill
I will first explain the proposed amendments to the CDSA.
Rash and negligent money laundering
Clauses 3 to 6 of the CDSA Bill amend Sections 50, 51, 53 and 54 to introduce the offences of rash and negligent money laundering.
-
“Rash” and “negligent” are not new concepts. They are defined in Sections 26E and 26F of the existing Penal Code and are also applied in the Road Traffic Act.
-
A person can be liable for rash money laundering if he proceeded to carry out a transaction while he had some suspicions about the transaction, but did not make further enquiries to address those suspicions.
-
A person can be liable for negligent money laundering if he continued with a transaction despite the presence of red flags or suspicious indicators, which would be noticeable by an ordinary, reasonable person.
-
These changes will allow a money laundering offence to be made out against an individual at a lower level of culpability, compared with the current laws.
Which of these offences are made out, if any, will depend on the facts and circumstances of the case.
Example of rash money laundering
Let me share an example where a money mule can be held liable for a rash money laundering offence.
Person A responds to an online job advertisement seeking to hire an accounts manager. A was told that he would be paid $2,000 a month to receive money using his personal bank account, and all he had to do was to transfer sums of more than S$100,000 to other bank accounts weekly. That is all the job requires – allowing the bank account to be used for transfer of monies. It is nothing like the kind of work that would justify a monthly salary of $2,000 that we would normally expect.
Despite the exceptional attractiveness of this job, which should have raised suspicions, A did not verify the source of the funds he was receiving, the purpose of the transfers, nor the authenticity of his purported employer. Due to the frequency and amount of money transacted, A suspected that the monies could be criminal proceeds. But he chose to carry on without further checks and the money was eventually found to be criminal proceeds from scam victims.
Example of negligent money laundering
I would also share an example of negligent money laundering.
Person B responded to an online advertisement on a social media platform calling for people to “rent out” their bank accounts. B provided the Internet banking login details for his personal bank account to an unknown subject and was paid $800 to let his personal bank account be used by that subject. B did not know what his bank account was used for. B claimed that he did not suspect anything wrong with the arrangement, despite receiving this quite easy $800. Investigations found that his bank account was used to receive about $20,000 from a Singaporean victim of a love scam. To an ordinary, reasonable person, this offer would have sounded suspicious and really “too good to be true”.
Penalties
Sir, the offence of rash money laundering will carry a fine of up to $250,000 or imprisonment of up to five years, or both. The offence of negligent money laundering will carry a fine of up to $150,000 or imprisonment of up to three years, or both. ** Assisting another person to retain benefits from criminal conduct**
Based on investigations into scams, the Police have observed conduct common among money mules in facilitating a scam.
Hence, Clause 7 of the Bill adds a new subsection 55A which introduces a new offence of assisting another person to retain benefits from criminal conduct. A money mule can be held liable for this offence if his conduct falls within any of the following four circumstances:
-
One, the value of the property he dealt with is disproportionate to his known sources of income; or
-
Two, he allowed another person, or persons, to access, operate or control his payment account and failed to take reasonable steps to find out the purpose of this arrangement; or
-
Three, he received or transferred money using his payment account and failed to take reasonable steps to find out the source or destination of the money; or
-
Four, he received money from or transferred money to another person, or persons, and failed to take reasonable steps to find out that person’s identity and physical location.
I will cite an example to illustrate the above offence.
Person C responded to a job advertisement by a company. C is told he will earn $100 a day for using his own bank account to receive money from the company’s customers and transfer the money to the company’s bank account. All this from a purported employer whom he does not ever meet.
As unusual as the job may have sounded, C did not question why he needed to use his personal account to receive and transfer money from the company’s customers. He did not take steps to find out where the money was coming from or going to. After all, the effort required of him is quite minimal. Why do all these details matter then?
Sir, to stop the build-up of such a network of money mules, this new Section 55A could render a person like C liable for an offence of assisting another person to retain benefits from criminal conduct.
Defence
While Clause 7 provides that a person could be liable for an offence under any of the four circumstances I described earlier, Clause 7 also provides in the new subsection 55A that it is a defence if the person is able to prove that he did not know and had no reason to believe that the property he had dealt with directly through his account, or indirectly, was criminal proceeds.
Penalties
The offence of assisting another person to retain benefits from criminal conduct will carry a fine of up to $50,000 or imprisonment of up to three years, or both.
Provisions of the CMA Bill
Let me move now to explain the second set of proposed amendments, the amendments to the Computer Misuse Act (CMA).
Disclosing a user’s own Singpass credentials knowing or having reason to believe that the purpose is to facilitate an offence
I mentioned the worrying trend of Singpass users who give away their Singpass credentials, often for money. The actions of such errant Singpass users facilitate scams and other criminal conduct. They undermine Singpass as our national digital identity service which many people have come to depend on for digital transactions.
However, it is challenging to take such errant Singpass users to task. For example, under the CMA today, it must be proven that the Singpass user knowingly disclosed his credentials for wrongful gain or an unlawful purpose, or that it would cause wrongful loss, which is difficult to do.
In one recent case, one Singpass user who had sold his login credentials subsequently pretended to be a victim, and came to the Police claiming that he had been deceived into giving up his Singpass credentials.
-
It was only through extensive investigations taking up enormous Police resources, that the Singpass user eventually admitted to have sold his credentials knowing that his Singpass would be used for criminal activities.
-
The authorities managed to crack this case. But in many others, the Singpass users are uncooperative in investigations, and fabricate stories about how their Singpass came to be abused.
-
This situation favours the scammers, and it is highly unsatisfactory.
Therefore, Clause 4 of the CMA Bill introduces a new offence in the form of a new Section 8A in the CMA, to address the conduct of Singpass users who deliberately give their credentials to other persons, which are then used to facilitate criminal activities.
-
We are concerned with the behaviour of Singpass users who disclose their Singpass passwords or access codes, or who provide any means of accessing their Singpass accounts, in situations where the credentials can then be used to facilitate criminal conduct. In my speech, for ease of reference, I will refer to all of these types of acts collectively as “disclosing Singpass credentials”.
-
To combat such behaviour, it will now be an offence for a Singpass user to disclose his Singpass credentials, if he did so knowing, or having reasonable grounds to believe, that the purpose of the disclosure is for any person to commit, or facilitate the commission by any person, of any offence under any written law.
The intent of this change is not to make legitimate users of Singpass fearful of disclosing their credentials. They should however, be aware that in certain situations, the disclosure could be an offence if:
-
One, the disclosure was carried out for any form of gain;
-
Two, the disclosure was carried out with the knowledge it would likely cause wrongful loss to any person; or
-
Three, the disclosure was carried out but without reasonable steps being taken to find out the identity and physical location of the person to whom the credentials were disclosed.
These proposed provisions are based on actual situations Police have observed, where individuals have deliberately sold or disclosed their Singpass credentials to criminal syndicates.
The offence of disclosing an individual’s own Singpass credentials will carry a fine of up to $10,000 or imprisonment of up to three years, or both.
Again, to be abundantly clear, it is not our intent to criminalise situations where there is a genuine need to share credentials for legitimate transactions. For instance, seniors may in some situations need the help of their family members to make Singpass transactions. The new provisions are also not intended to capture persons who were genuinely tricked into giving up their Singpass credentials.
Obtaining or dealing in Singpass credentials to facilitate criminal activities
Clause 4 of the CMA Bill also introduces a new offence in the form of a Section 8B in the CMA, which criminalises acts of obtaining, retaining, or dealing in another person’s Singpass credentials. This is to deal with those who purchase Singpass credentials, and syndicates which trade the Singpass credentials.
The Bill introduces provisions in section 8B to clarify the scope of this new offence. It is not an offence if an individual obtained or retained another person’s Singpass credentials for a legitimate purpose. It is also not an offence if an individual supplied, offered to supply, transmitted or made available the Singpass credentials of another person for a legitimate purpose, and the individual did not know or have reason to believe that those credentials will be or is likely to be used to commit an offence.
The offence of obtaining or dealing in Singpass credentials will carry a fine of up to $10,000 or imprisonment of up to three years, or both, for a first offence. For a second or subsequent offence, the penalty will be a fine of up to $20,000 or imprisonment of up to five years, or both.
Extra-territoriality
In addition, Clause 5 amends the Section 13 of the CMA so that the two new offences will apply, and our courts will have jurisdiction over the offences, even if they are committed outside Singapore. The nature of scam syndicates is that they operate mostly from overseas. Regardless of where these offences are committed, it is critical for us to prevent conduct that amounts to an abuse of Singpass to facilitate scams and other criminal activities, and to protect Singpass as Singapore’s national digital identity service.
Summary
Mr Deputy Speaker, these two Bills are necessary to strengthen our defence against scams. They seek to disrupt the operations of criminals preying on Singaporeans by:
-
Acting as guardrails for the use of payment accounts and Singpass credentials; and
-
Allowing the Police to better act against money mules and those who abuse Singpass to perpetrate scams and other crimes.
Sir, I beg to move.