Australian banks, insurers, and financial services providers are facing new compliance obligations in 2025. Under the proposed framework, which became law in February 2025:
- Banks, telecommunications companies, and digital platforms will be legally required to take proactive steps to detect, prevent, and disrupt scams.
- Penalties for non-compliance could reach up to $50 million.
- Companies may also be required to compensate scam victims under a proposed mandatory compensation mechanism.
- Internal dispute resolution processes must be transparent and accessible.
Implementation is though a modification of the Competition and Consumer Act, and gives the ACCC the powers under the new legislation.
Under the new framework, the Government can identify ‘regulated entities’ and ‘regulated services’ (which will likely include banking, finance, insurance and other scam-prone industries such as telecomms).
The framework sets out some obligations (‘principles-based obligations’) but more specifically allows the Government to create and implement industry-specific codes which will then have the power of law.
Ahead of the introduction of new codes, institutions should:
- Review and strengthen fraud prevention policies to align with the principles-based requirements of the new framework.
- Formalise internal procedures for scam detection, blocking, and victim compensation.
- Integrate scam prevention into their AML/CTF programs.
- Ensure staff training programs include scam identification and response protocols.
- Update external-facing materials, including terms and conditions, to reflect customer rights under the new rules.
We have specialists who can help with the development of policies and procedures and training materials. Contact us to find out specifically how we can help.
