There is no escaping the scam problem, and Australia has been no exception. There were over 600,000 scam cases reported in 2023, costing Australians $2.7 billion, not to mention the financial, psychological, and emotional consequences. The digital economy's growth has heightened these risks, and current protections are inconsistent across sectors. The Scams Prevention Framework (SPF) is part of a broader initiative to modernise Australia's laws for the digital age, including privacy and online safety reforms.
Currently in consultation, the Australian Scams Prevention Framework establishes a legislative framework to safeguard Australians against scams. It introduces overarching principles that apply to regulated entities, including sector-specific codes and a multi-regulator framework for enforcement. The framework empowers the Treasury Minister to designate sectors for regulation and sets dispute resolution mechanisms.
What makes the Australian framework stand out from similar legislative proposals in other countries is that the onus is not entirely on the banks and includes other sectors such as telecommunications and digital platforms, with provisions for future designations. The SPF mandates actions like scam prevention, detection, and disruption across regulated sectors, and introduces a responsive, adaptable mechanism to address evolving scam threats.
With that, let’s summarise the most important details of the Scams Prevention Framework.
Key features of the SPF
1. Overarching Principles: These apply to all regulated entities and are enforced by the Australian Competition and Consumer Commission (ACCC). They focus on governance, scam prevention, detection, reporting, and disruption.
2. Sector-Specific Codes: Each sector may have codes that outline specific obligations. For example, the industry code C661:2022, also known as the Reducing Scam Calls and Scam SMS, was introduced in 2022 to identify and block scam calls and SMS messages.
3. Multi-Regulator Model: The framework leverages existing relationships with regulators like the ACCC, Australian Securities & Investments Commission (ASIC), and Australian Communications and Media Authority (ACMA), ensuring effective enforcement across sectors.
4. Dispute Resolution: Entities must join an External Dispute Resolution (EDR) scheme authorised by the Treasury Minister, with the Australian Financial Complaints Authority (AFCA) likely to be the initial EDR provider.
New obligations for regulated entities
The SPF mandates telecommunications companies, banks, and digital platforms to:
• Prevent: Proactively identify and block scam activities. Entities must educate consumers on scam identification and warn vulnerable groups.
• Detect: Implement mechanisms to spot scams in progress, such as suspicious transactions or high-risk behaviours.
• Disrupt: Take action to block or mitigate the impact of scams as soon as they are detected.
• Report: Share scam intelligence with regulatory bodies and provide consumer support.
Governance requirements
Entities must develop and maintain internal governance structures to combat scams. This includes setting performance metrics and targets, having certified policies, and publishing information to inform consumers about scams. Governance must be reviewed annually by senior officers, and compliance reports must be made available to regulators on request.
Information sharing and collaboration
A core aspect of the SPF is the collection and sharing of actionable scam intelligence. Regulated entities must report scam-related data to the SPF general regulator (ACCC) and collaborate with other regulated entities to ensure a coordinated response to emerging scam trends.
Sector-specific details
Telecommunications Sector: The Reducing Scam Calls and Scam SMS has already led to the blocking of 1.9 billion scam calls and 533 million scam SMS messages. The SPF builds on this by adding obligations like verifying sender IDs via the forthcoming Australian Sender ID registry.
Banking Sector: Banks are pivotal in scam detection, as they often process fraudulent transactions. The sector has been working on the Scam-Safe Accord and implementing technology like confirmation of payee to safeguard consumers.
Digital Platforms: Social media ads and paid search platforms are increasingly utilised by scammers. While some voluntary measures have been adopted, the SPF will enforce consistent protections across platforms to minimise scam risks.
Flexibility and adaptability
The SPF recognises that scams are a constantly evolving threat and that countermeasures such as these will often displace criminal behaviours rather than eradicate them. With this reality in mind, the SPF provides for the inclusion of additional sectors, as scammers adapt their methods. The framework is intended to support an agile, responsive approach to scams as they evolve.
Consumer protections
The Australian Government hopes consumers will benefit from stronger protection because of the SPF, with the framework ensuring streamlined dispute resolution, quicker response times from service providers, and enhanced transparency about their rights. The framework ensures that small businesses (under 100 employees) and individuals have equal access to these protections.
Enforcement mechanisms
Non-compliance with the SPF principles or codes will attract civil penalties, ensuring entities take their obligations seriously. The ACCC, as the general regulator, will work closely with other sector regulators to enforce compliance.
The maximum penalties under the Treasury Laws Amendment Bill 2024, as outlined in the Scams Prevention Framework, are structured in a tiered system based on the severity of the contravention:
Tier 1 Contraventions: These involve breaches of the key SPF principles related to scam prevention, detection, disruption, and response.
• For body corporates, the penalty is the greater of 159,745 penalty units (approximately $50,000,185); Three times the total value of the benefit gained from the contravention; and 30% of the adjusted turnover of the company during the breach period.
• For individuals or non-corporate entities, the maximum penalty is 7,990 penalty units (approximately $2,500,870).
Tier 2 Contraventions: These involve breaches of SPF codes or governance/reporting principles.
• For body corporates, the maximum penalty is 31,950 penalty units (approximately $10,000,350); Three times the total value of the benefit obtained; and 10% of the company’s adjusted turnover during the breach period.
• For individuals, the maximum penalty is 1,600 penalty units (approximately $500,800).
Conclusion
While scam losses declined for the first time last year in nearly a decade, they were still almost $1 billion higher than two years ago. Banks in Australia have been employing innovative approaches to counteract the rising tide of scams, but they are only the final target. We must implement controls further upstream, at the source where scams originate, to truly have a chance to get ahead in this fight.
The Australia Scams Prevention Framework introduces a much-needed framework that takes an ecosystem-wide approach to closing the gaps that scammers exploit. The framework builds upon the provisions within the Australian Online Safety Act 2021 and reflects a growing focus by governments around the world to the significant impact of fraud on the emotional, financial and economic wellbeing of their citizens.