Amendments to the Computer Misuse Act
Amendments to the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act and the Computer Misuse Act
18 Apr 2023
The Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) (Amendment) Bill [CDSA Bill] and the Computer Misuse (Amendment) Bill [CMA Bill] were introduced for First Reading in Parliament today. The amendments proposed by the Ministry of Home Affairs (MHA) and the Smart Nation and Digital Government Office (SNDGO) will strengthen our collective defence against scams.
The amendments promote public vigilance and responsible behaviour in the use of payment and Singpass accounts. The amendments also seek to disrupt the operations of criminal syndicates preying on Singaporeans and will empower the Police to better act against money mules, and those who abuse Singpass to perpetrate scams and other crimes.
Background
Scam cases have increased significantly and are a major problem in Singapore. In 2022 alone, scam victims lost $660.7 million to scams. Scams are facilitated by money mules who facilitate the movement of scam monies. Money mules are typically individuals who hand over control of their payment accounts, e.g. bank accounts, to criminals, or who use their payment accounts to receive or transfer monies under the instruction of criminals.
For successful conviction under the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (CDSA), the prosecution currently has to prove that the money mule had knowledge or reasonable grounds to believe that the monies transacted through his bank account are linked to criminal activity. Today, a large number of the money mules arrested by the Police cannot be prosecuted due to difficulties in proving their intent to facilitate the criminal activities. Between 2020 and 2022, more than 19,000 money mules were investigated by the Police. However, fewer than 250 cases were eventually prosecuted.
In addition, there is an emerging trend of Singpass users giving away their Singpass credentials (e.g. Singpass password and one-time password), usually for money. Using these Singpass accounts, criminals can register companies, open bank accounts and sign up for new phone lines, to facilitate the perpetration of scams or other offences. It is often hard to prosecute such Singpass users today, e.g. under the Computer Misuse Act (CMA), as the prosecution has to prove that the Singpass user knowingly disclosed his credentials for wrongful gain or unlawful purposes, or that it would cause wrongful loss, which are difficult to do.
MHA and SNDGO will thus expand our laws to curb the facilitation of scams and the movement of criminal proceeds, and the abuse of Singpass. This aims to deter individuals from enabling or facilitating the commission of criminal activities by others, and in the case of Singpass, also helps protect citizens and businesses who depend on Singpass as our national digital identity.
Key Provisions of the CDSA Bill
Rash and negligent money laundering
New offences of rash and negligent money laundering are introduced via the CDSA Bill. Where the money is found to be proceeds of crime, it is proposed that it be an offence if a person acted rashly by proceeding to carry out transactions while he had some suspicion but he did not make further enquiries to address those suspicions. A person who acted negligently by continuing with a transaction despite the presence of red flags that are noticeable by an ordinary, reasonable person, can also be liable for an offence.
Assisting another to retain benefits from criminal conduct
In addition, a person can also be deemed liable for a money laundering offence if:
-
the value of the property he dealt with is disproportionate to his known sources of income;
-
he allowed another person(s) to access, operate or control his payment account and failed to take reasonable steps to find out the purpose of this arrangement;
-
he received or transferred money in his payment account and failed to take reasonable steps to find out the source or destination of the money; or
-
he received money from or transferred money to another person(s), and failed to take reasonable steps to find out that person’s identity and physical location.
Owners of payment accounts, including bank accounts, must use their accounts responsibly. They will be held accountable for any transaction that takes place through their accounts. In considering requests by others to use their payment accounts to receive and transfer monies, owners are expected to always find out more about the other party, to verify the other party’s identity and to understand the origin or destination of the monies.
Examples
With the amendments to the law, a bank account owner who gives away control of his bank account and does not take any measures to understand what his account will be used for, can be liable for an offence.
Another example is where a bank account owner responds to a job advertisement offering attractive commission for receiving and transferring money through his bank account. If the individual does not take any steps to understand the origin or destination of the monies, he can be liable for an offence.
An individual will not be liable for the offence of assisting another to retain benefits from criminal conduct if he can prove that he had no reason to suspect that the property dealt with through his account was criminal proceeds.
Penalties
The offence of rash money laundering will carry a maximum fine of up to $250,000 or imprisonment of up to five years, or both. The offence of negligent money laundering will carry a fine of up to $150,000 or imprisonment of up to three years, or both. The offence of assisting another to retain benefits from criminal conduct will carry a maximum fine of up to $50,000 or imprisonment of up three years, or both.
Key Provisions of the CMA Bill
The Bill will introduce new offences to prevent Singpass abuse.
Disclosing a user’s own Singpass credentials to facilitate an offence
First, it will be an offence if an individual:
-
Discloses his Singpass password or access codes, or provides any other means of access to his Singpass account, and
-
The individual did so, knowing or having reasonable grounds to believe that the purpose of the disclosure is to commit or facilitate the commission of an offence.
The Singpass user will be presumed to have fulfilled condition (b), if he disclosed his Singpass credentials in any of the following situations:
-
Where he received any gain for disclosing his Singpass credentials;
-
Where he disclosed his credentials knowing that the disclosure is likely to cause wrongful loss to any person; or
-
Where he disclosed his credentials without taking reasonable steps to find out the identity and physical location of the person to whom he disclosed his credentials.
These proposed provisions are based on actual situations, where individuals have deliberately sold or provided their Singpass credentials to criminal syndicates. The proposed provisions also reinforce that Singpass users must be careful and exercise due diligence with regard to their Singpass credentials, so as to protect themselves and prevent Singpass from being abused.
This offence, however, is not intended to capture those who share their Singpass credentials for lawful purposes, such as seniors who need the help of their family members to make Singpass transactions. It is also not intended to capture persons who were genuinely tricked into giving up their Singpass credentials.
Obtaining or dealing in Singpass credentials to facilitate criminal activities
Second, it is proposed for it to be an offence for an individual to obtain, retain, supply, offer to supply, transmit or make available, the Singpass credentials of another person to commit or facilitate the commission of any offence. This is to deal with criminals who purchase Singpass credentials, and syndicates who engage in trading of Singpass credentials.
Examples
A person (W) sells his Singpass password to his friend (X) for monetary reward. W may be liable for the offence of disclosing his Singpass credentials. X may be liable for the offence of obtaining or dealing in Singpass credentials.
A person (Y) responds to a Telegram message from a stranger (Z) requesting Y to share his Singpass username and password. Z claims that in return, Y will have a chance to participate in a lucky draw. Y discloses his Singpass username and password to Z without finding out the identity or location of Z. Y may be liable for the offence of disclosing his Singpass credentials. Z may be liable for the offence of obtaining or distributing Singpass credentials.
Penalties
The offence of disclosing an individual’s own Singpass credentials will carry a maximum fine of up to $10,000 or imprisonment of up to three years, or both.
The offence of obtaining or dealing in Singpass credentials will carry a maximum penalty of a fine of up to $10,000 or imprisonment of up to three years, or both, for a first offence. For a second or subsequent offence, the maximum penalty will be a fine of up to $20,000 or imprisonment of up to five years, or both.
Conclusion
Our payment accounts, including bank accounts, and Singpass accounts are for our own use. They should not be used by another person, especially if we do not know who the other party is or what the transactions are for. Everyone has a role to play in the fight against scams, and should exercise care and responsibility in the use of our payment accounts and Singpass.
Ministry of Home Affairs
Smart Nation and Digital Government Office