In November 2023 Treasury issued its much anticipated “Consultation Paper on Scams – Mandatory Industry Codes” (the “Draft Code”, subject to consultation).
The Draft Code lands at a pivotal moment, where annual losses to scams have dramatically risen to over $3 billion per annum , drawing the fear and attention of Australian citizens, government and the business sectors who all find themselves impacted. And these figures reflect only reported losses, ignoring the downstream economic, social and human impacts of scams, making the real impact much more significant.
As the first major governmental initiative in this space since the announcement of the National Anti-Scams Centre, the Draft Code represents a solid foundation for greater coordination, collaboration and efficacy across the multitude of public and private parties driving initiatives to reduce harm from scams for Australians. Importantly, it will also give legislative force to key scam mitigation principles and set in train the development of sector-specific codes across the scams ecosystem.
What’s In The Draft Code?
The Draft Code outlines the scope of businesses that will be subject to its requirements, the standards it seeks to impose on its subjects, and the interplay with existing regulatory regime. We set out below a summary of these elements:
1. Prevention – Subject businesses will be required to assess the nature of their own specific vulnerability to scams and to define a fit-for-purpose strategy for identifying and preventing scams in their environment, including educating customers and training staff.
2. Detection and disruption – Subject businesses will become part of a public / private community which will share scam-related intelligence across its participants. Businesses will be expected to act quickly and efficiently on the intelligence they gather and receive and to provide tools for customers to verify information in real-time.
3. Respond – Subject businesses will be required to establish user-friendly and timely avenues for customers to report scams, act promptly to prevent further loss and for customers to be informed of escalation pathways if the customer is unsatisfied with their outcome.
4. Report to regulators and other businesses – Subject businesses must promptly notify others when they confirm or suspect large-scale activity, must share intelligence with relevant regulators and NASC, and must keep records of scam activity and the business’ response.
Preparing To Implement The Draft Code – Complexities To Navigate
There are a number of complex topics to navigate that are inherent already in how businesses are grappling with scams. The Draft Code provides additional guidance related to these topics, and will require businesses to focus on the key implementation aspects including:
To Sum It All Up
The Draft Code is a welcome, necessary and substantial step forward in Australia’s response to societal harm from scams. The Draft Code will now be iterated and debated through the open consultation period and will prompt engagement from across sectors that will be required for Australia to ultimately progress a robust, multi-party and coordinated national defence against scams. In this regard, we believe that the Draft Code, and the complexity of both the threat and the policy environment in which it lands, highlights starkly the need for Australia to develop a unifying Economic Crime strategy (similar to that established by the United Kingdom).
While the consultation process will result in change to some elements of the Draft Code, it makes clear the substantial shifts that are forthcoming and sounds the call for banks, telcos and social media to act now to ready their response.