The duty of financial institutions to protect customers from fraud

The AML/CTF Act requires financial services providers which are reporting entities to report suspicious matters, including fraud, to Austrac. (Background)

Austrac’s case studies  give examples of the range of frauds being committed.

A particular area of concern is international funds transfers which could be part of a scam.

How far must a FSP go to protect customers from scams?

Typically such scams involve overseas persons posing as a potential romantic partner of the customer. Often the customer denies they have been defrauded even when their financial institution raises concerns about the amount of money being transferred.

A FOS determination earlier this year (Case number: 404469) concerned a claim by a customer who lost $360,324.73 in credit card payments to a scam. ASIC had notified the FSP of the scam in relation to particular bank accounts and the FSP put in place a process to detect payments but not in relation to the merchant facility. The customer said the FSP should have warned him about the scam, should not have allowed the transfers and should have charged back the transactions

Between 28 April and 15 May 2015, the customer made twenty one credit card payments totalling $360,324.73 to an overseas company representing it traded in sophisticated financial products. The customer was not able to recover any of the monies and ASIC advised that the company is operating a scam.

The customer said the FSP: 

  • Was on notice of the scam and should have warned him.
  • Improperly allowed transfers in excess of the credit card limit.
  • Should have charged back the transactions.

FOS decided that the FSP ought to have detected and blocked the transactions after its fraud area became involved following the first three transactions.

FOS ordered the FSP should pay the customer $235,539.06.

FOS decided that the difference between the name mentioned in the ASIC email and the merchant were not material.

FOS concluded that:

  • The FSP should not have allowed the transactions in the first instance;
  • The FSP was on notice of the scam and so could have attempted to charge back the transactions using an alternate reason code such as services not received or escalated it to Visa even without the customer’s information; and
  • Even if the customer could have assisted in mitigating the losses, the FSP failed to properly assist him with the chargeback process by raising the prospect of legal action to a person who was already facing losses of about $360,000 together with its opinion there was a low likelihood of success.
 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.