ASIC report on anti-scam practices of banks

ASIC has released a report (REP 790) into anti-scam practices of 15 banks and financial services providers outside the four major banks. Background.

From its findings about existing and emerging bank practices in preventing, detecting and responding to scams, ASIC has provided observations for all banks to consider, to minimise the impact of scams on their customers.

While “scams” are generally defined as a subset of fraud where people are tricked into providing information or money, for the report ASIC employed a narrower definition of scams, limiting scams to situations where customers authorised the transaction by either making the transaction or aiding the scammer to make the transaction, including by providing multi-factor authentication passwords.

This is differentiated from the broader definition of scams where the customer provided the scammer with personal information (such as date of birth and address) allowing them to impersonate the customer and conduct the unauthorised transaction.

ASIC’s findings are in the following categories:

  • Scams strategy, governance and reporting;
  • Preventing scams;
  • Detecting and stopping scams;
  • Responding to scams and scam victims.

ASIC observed that:

  • Governance and reporting tended to be fraud focussed.
  • Capabilities to hold or delay potential scam payments were inconsistent across payment channels.
  • Lack of protection against brand misuse across all telecommunication channels.
  • Poor customer experiences due to lack of resourcing and customer focus. The reviewed banks did not always consider the likely distressed state and vulnerability of the scammed customer and scam reports were frequently mishandled. This led to delays – in part due to resourcing constraints, financial loss to the customer, unclear and confusing communication, and failure to identify and respond to scam victims who were experiencing vulnerability.
  • Adoption of inconsistent and narrow approaches when considering liability. Many reviewed banks lacked a bank-wide approach to determining liability for scam losses resulting in inconsistent outcomes for customers. In addition, policies did not always consider all relevant factors for determining liability.

ASIC says the issues noted above were generally acknowledged by the reviewed banks as leading to poor customer outcomes and requiring improvement.

The report also contains an update on scam prevention by the four major banks.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.