Though the Government initially plans to introduce obligations for the tech, telecoms and banking sectors, the legislation is intended as an eventual whole of economy reform

The Scams Prevention Framework would combine horizontal obligations with industry-specific codes of practice

On 13 September 2024, the Australian Government introduced its Scams Prevention Framework, which would create binding, industry-specific obligations for designated sectors. The framework, which will be introduced through amendments to the Competition and Consumer Act 2010, will initially capture firms in the banking, telecoms and tech sectors and require compliance to prevent, detect, report, disrupt and respond to scams. The legislative package was informed by responses to a November 2023 consultation on mandatory industry codes for scams prevention issued jointly by the Treasury and the Department of Infrastructure, Transport, Regional Development, Communications and the Arts. The consultation on the Scams Prevention Framework draft legislation closed on 4 October 2024, and the Government is expected to introduce its final bill in Parliament before the end of the year.

Regulated firms would be required to join an external dispute resolution scheme, which would be a substantial, new obligation for platforms and operators

The Scams Prevention Framework is written as an economy-wide reform, indicating it could be extended beyond the tech, telecoms and banking sectors in the future. Initially, the Government intends to target social media, paid search advertising and direct messaging services within the tech sector but could therefore extend the rules to other types of online platforms. Generally, firms in regulated sectors will be required to take a proactive approach to preventing and disrupting scams and to regularly report to the Australian Competition and Consumer Commission (ACCC) on the actions they’ve taken. However, specific obligations expected of platforms, telecoms operators and banks will be written into industry-tailored codes of practice, which will be overseen by the ACCC for platforms, the Australian Communications and Media Authority (ACMA) for operators and Australian Securities & Investments Commission (ASIC) for banks. All captured firms will also be required to join an external dispute resolution scheme to resolve consumer complaints on scams. The Government has proposed that the Australian Financial Complaints Authority (AFCA) serve as the administrator for the telecoms, tech and banking sectors. While banks are already required to cooperate with the AFCA, this requirement for an external dispute resolution process represents a significant, new regulatory requirement for platforms and operators. In the event of non-compliance, the framework authorises fines up to A$50m (£26m) or 30% of a firm’s turnover during the non-compliant period for serious breaches and fines up to A$10m (£5m) or 10% of a firm’s turnover during the non-compliant period for minor breaches in governance systems or reporting.

Consumer advocacy groups have criticised the framework for placing too great a burden on consumers in proving a firm’s non-compliance

The proposed framework is the latest action in the Australian Government’s effort to become the “toughest target in the world for scammers”. In its announcement, the Government touts over A$154m (£80m) in public funding over the past two years to address scams, which appears to be paying off as losses to scams in the country are falling for the first time since 2016. However, a group of consumer advocacy bodies, including CHOICE and the Australian Communications Consumer Action Network (ACCAN), has already criticised the framework for placing too big of a burden on consumers to prove the non-compliance of regulated firms when seeking reimbursement. The group’s submission encourages the Government to consider imposing an assumption of reimbursement for consumers and shifting the burden of proof to regulated firms in dispute resolution, claiming these provisions would be a world-first but nonetheless needed advancement in consumer protection. In a separate submission, ACCAN also raises a concern that the framework does not explicitly require industry codes of practice to be made binding and suggests ACMA may be bound by the Telecommunications Act 1997 to create a voluntary code. This criticism may undervalue the substantial progress made under the Reducing Scam Calls and Scam SMS industry code and the Customer Identity Authentication Determination, enforced already by ACMA, as well as voluntary industry action, such as Meta’s partnership with the Australian Financial Crimes Exchange through its Fraud Intelligence Reciprocal Exchange (FIRE) initiative.