Scam Prevention Framework consultation under way

Banks, telecommunications providers and social media companies will face new obligations to take positive steps to protect their customers from scams under new legislation that's just been released – with tough financial consequences, including responsibility for consumer losses and criminal and civil penalties, if they fail to do so.

The draft legislation released by Treasury for consultation introduces a Scams Prevention Framework (SPF). Stephen Jones, Minister for Financial Services, described the SPF as an economy-wide reform to protect Australians from scams with a view to reducing gaps which scammers can exploit by requiring entities “to detect... disrupt... report and... respond to scam content within their businesses”. Scamming was a $2.7 billion problem for Australian consumers in 2023. The proposed changes will substantially shift the onus on preventing scams from impacted consumers to the designated service providers whose platforms and infrastructure are commonly used to facilitate scams.

Under the SPF, the Minister for Financial Services will have powers to designate sectors of the economy, particular business and/or services who will be subject to new SPF provisions of the Competition and Consumer Act. These designated businesses will be required to take a variety of steps to protect consumers from scams on or relating to the regulated services provided by those entities. Service providers must comply with overarching principles of the SPF including governance arrangements relating to scams as well as the prevention, detection, reporting, disruption and response to scams. The Minister also will have powers to make an SPF code for a sector and for a regulator to enforce that code. It is proposed that the first sectors to be designated under the SPF will be banks, telecommunication providers and providers of digital platform services relating to social media, paid search engine advertising and direct messaging (Tranche 1 Sectors). Future sectors will be considered as scam methods and trends adapt and SPF matures but no timeframe for this has been indicated.

How will the Scam Prevention Framework work?

In broad terms the SPF will comprise:

• overarching principles which will apply to regulated entities and which will be enforced by the Australian Competition and Consumer Commission (ACCC) as the SPF general regulator;
• sector-specific codes, which will set out minimum standards that may be directed at addressing sector-specific scams;
• designated regulators for each sector-specific code will be engaged, resulting in a multi-regulator framework with penalties $50 million for a tier 1 breach and $10 million for lesser tier 2 breaches anticipated under the draft civil penalty provisions. Multiple remedies can be sought for a single contravention;
• other enforcement remedies for contraventions of the SPF include infringement notices, enforceable undertakings, injunctions, actions for damages, public warning notices, remedial directions, adverse publicity orders and other punitive and non-punitive orders;
• senior officers of a designated service provider may also face personal liability for contraventions with some remedies also being available against any person involved in a contravention; and
• dispute resolution mechanisms, including that entities that provide a service regulated by the SPF must become a member of an external dispute resolution (EDR) scheme authorised by the treasury Minister for that sector, with a view to authorise the Australian Financial Complaints Authority (AFCA) as the single EDR scheme that applies to multiple regulated sectors.

The draft legislation provides for criminal and civil penalties if the legislation is breached. It also provides for specific rights to damages for loss suffered by conduct that breaches the legislation.