Scam Prevention Framework consultation under way

Steven Klimt, Natalie William
16 Sep 2024
2 minutes

Banks, telecommunications providers and social media companies will face new obligations to take positive steps to protect their customers from scams under new legislation that's just been released – with tough financial consequences, including responsibility for consumer losses and criminal and civil penalties, if they fail to do so.

The draft legislation released by Treasury for consultation introduces a Scams Prevention Framework (SPF). Stephen Jones, Minister for Financial Services, described the SPF as an economy-wide reform to protect Australians from scams with a view to reducing gaps which scammers can exploit by requiring entities “to detect... disrupt... report and... respond to scam content within their businesses”. Scamming was a $2.7 billion problem for Australian consumers in 2023. The proposed changes will substantially shift the onus on preventing scams from impacted consumers to the designated service providers whose platforms and infrastructure are commonly used to facilitate scams.

Under the SPF, the Minister for Financial Services will have powers to designate sectors of the economy, particular business and/or services who will be subject to new SPF provisions of the Competition and Consumer Act. These designated businesses will be required to take a variety of steps to protect consumers from scams on or relating to the regulated services provided by those entities. Service providers must comply with overarching principles of the SPF including governance arrangements relating to scams as well as the prevention, detection, reporting, disruption and response to scams. The Minister also will have powers to make an SPF code for a sector and for a regulator to enforce that code. It is proposed that the first sectors to be designated under the SPF will be banks, telecommunication providers and providers of digital platform services relating to social media, paid search engine advertising and direct messaging (Tranche 1 Sectors). Future sectors will be considered as scam methods and trends adapt and SPF matures but no timeframe for this has been indicated.

How will the Scam Prevention Framework work?

In broad terms the SPF will comprise:

  • overarching principles which will apply to regulated entities and which will be enforced by the Australian Competition and Consumer Commission (ACCC) as the SPF general regulator;
  • sector-specific codes, which will set out minimum standards that may be directed at addressing sector-specific scams;
  • designated regulators for each sector-specific code will be engaged, resulting in a multi-regulator framework with penalties $50 million for a tier 1 breach and $10 million for lesser tier 2 breaches anticipated under the draft civil penalty provisions. Multiple remedies can be sought for a single contravention;
  • other enforcement remedies for contraventions of the SPF include infringement notices, enforceable undertakings, injunctions, actions for damages, public warning notices, remedial directions, adverse publicity orders and other punitive and non-punitive orders;
  • senior officers of a designated service provider may also face personal liability for contraventions with some remedies also being available against any person involved in a contravention; and
  • dispute resolution mechanisms, including that entities that provide a service regulated by the SPF must become a member of an external dispute resolution (EDR) scheme authorised by the treasury Minister for that sector, with a view to authorise the Australian Financial Complaints Authority (AFCA) as the single EDR scheme that applies to multiple regulated sectors.

The draft legislation provides for criminal and civil penalties if the legislation is breached. It also provides for specific rights to damages for loss suffered by conduct that breaches the legislation.

What you need to do

If you want to have your say on the effectiveness of the draft legislation and explanatory materials, you can submit a response to the consultation here. Consultation on the SPF ends on 4 October 2024.

Some critical questions remain to be answered, such as how the EDR processes will practically operate, which has been flagged by the Minister as a key issue that will be worked through as part of the public consultation. These details will have significant impact on how this new legislative regime is operationalised and steps that businesses will need to take to ensure compliance.

The draft legislation contains significantly more detail than is set out above. Please feel free to contact us if you would like more information or assistance in responding to the consultation.

Disclaimer
Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.