INTRODUCTION
In January 2024, Deloitte provided a response to the Consultation Paper on Scams – Mandatory Industry Codes (the “Draft Code”, subject to consultation). We made note in our response that the Draft Code is a welcome, necessary and substantial step forward in Australia’s response to societal harm from scams.
Deloitte is committed to playing a role in Australia’s initiative to reduce societal harm from scams. We have an experienced team consisting of local and global subject matter experts in fraud, identity, financial crime, cyber, privacy and customer response and outcomes who are focused on minimising the impact of scams. Each of these domains are pertinent not only in their direct relevance to combatting scams, but also with respect to the lessons learned across their maturity journeys.
With that background, we’ve shared our response to the Draft Code along with a number of insights and opportunities that we have observed to implement the Draft Code in a manner that will drive an effective and efficient cross-sector response to scams.
EXECUTIVE SUMMARY
At its core, the Draft Code obligates impacted businesses to gather, share and act on scam intelligence. Scam intelligence will be generated through analytics, information sharing across the ecosystem, and consumer reports and complaints, among other sources.
The Draft Code additionally obligates impacted businesses to maintain an anti-scam strategy, educate its workforce, implement a range of customer protective features, and provide access for its customers to user-friendly and supportive avenues when they have been impacted by a scam attempt, whether successful or unsuccessful.
The Draft Code solicits feedback in the form of 45 questions across topics on the framework, definitions, principles-based obligations, anti-scam strategy obligations, information sharing requirements, consumer response, sector-specific codes, and approach to oversight, enforcement and non-compliance. We believe the businesses that will be subject to the Draft Code are well placed to respond to those questions.
With Deloitte’s considerable experience supporting regulatory change in Australia and globally, we have drawn on our domestic and global experiences to put forward observations and recommendations aligned with four topics that we believe will further enhance the Draft Code.
Topic 1: Cross-sector regulatory change
We support and find necessary the cross-sector approach of the Draft Code. We believe there is an opportunity for the Draft Code to consider the frameworks required to deliver cohesive and coordinated regulatory change across sectors, including consideration of integration with a unified Economic Crime regime.
Topic 2: Model for intelligence sharing and taking action on intelligence
Intelligence sharing is a cornerstone of the Draft Code, but its scope, speed and interrelationship with existing regulatory intelligence-sharing regulations and protocols may pose challenges. We suggest the Code address the need for a unified cross-sector scheme for intelligence sharing, including standardised taxonomies, privacy management, and system architecture. Moreover, formal clarity on intelligence thresholds and scope for taking action is essential to balance effectiveness and avoid unintended consequences.
Topic 3: Reimbursement of customer losses
The Draft Code rightly emphasises businesses taking reasonable steps to protect customers and acting promptly on scam intelligence. We know from our global experience that clear liability levels deliver the certainty required for operational planning, infrastructure investment and consumer reimbursement strategies. We see an opportunity for the Draft Code to introduce outcomes-based guidelines for reimbursement, considering various perspectives and striking a balance to incentivise customers and business stakeholders across the ecosystem to combat scams collectively.
Topic 4: Governance
We see an opportunity for the Draft Code to incorporate principles for good governance into its suite of obligations, which we believe to be key in keeping anti-scam strategies aligned with a landscape that can change rapidly.
On balance, we believe the Draft Code introduces sensible, straight-forward and appropriate obligations. We believe that when met they will result in an Australia that is far more resilient to scam activity.
References