The government is planning to introduce mandatory industry scam codes, with banks at the top of the list of priority sectors alongside telcos and digital platforms.
A key component of a proposed code set out in a consultation paper released by Treasury yesterday is that banks will be required to assist a customer to trace and recover transferred funds.
The paper said: “There is currently no overarching regulatory framework that sets clear roles and responsibilities for the government, regulators and the private sector in addressing scams.
“While many businesses have been responding to the increasing threat of scams to Australian consumers, the government remains concerned that these efforts are often siloed within particular businesses or sectors, or that take-up of broader measures has been irregular across each sector.”
Other sectors that may be covered include superannuation, digital currency exchanges and online marketplaces.
Currently, telecommunications is the only industry operating under an enforceable (but not mandatory) scam code, the Reducing Scam Calls and Scam Short Messages Code.
The paper acknowledges recent scam prevention measures taken by the banking sector, including the announcement last week of the formation of the Scam-Safe Accord, which will invest A$100 million over the next couple of years in the development of a confirmation of payee system.
But it said more needs to be done, citing an ASIC report from earlier year that said the approach to scams in Australia’s major banks was “variable and less mature than expected, with gaps and inconsistencies in scam detection, response and victim support”.
The objective of a mandatory scam code will be to set clear roles and responsibilities for government, regulators and businesses in combatting scams. This includes sharing scam intelligence across and between sectors.
The paper said current arrangements for sharing intelligence are often informal and ad hoc. The proposed codes would set rules for information sharing.
The proposed definition of a scam, for the purposes of these codes, is “a dishonest invitation, request, notification or offer, designed to obtain personal information or a financial benefit by deceptive means”.
Code provisions would cover prevention, detection and disruption, response and reporting. Businesses would be required to develop, maintain and implement an anti-scam strategy.
These strategies would need to have a “high level” of sign-off within the business, most likely at board level.
When it comes to banks, one area of focus will be improving their capacity to recover payments made to scammers.
Banks would have to assist a consumer to trace and recover transferred funds to the extent that funds are recoverable. Receiving banks would be required to reverse transfers upon request from a sending bank.
Other bank-specific obligations would include a requirement to identify customers at higher risk of being targeted by scammers and to verify a transaction is legitimate where a consumer undertakes activity that is identified as having a higher risk than their normal activity.
Banks would have to ensure customers could act quickly when they suspect a transaction is likely to be a scam, such as deploy an in-app “scam switch”.