Chapter 3Structure of the SPF
3.1This chapter discusses the responses to the bill from submitters regarding the structure of the Scams Protection Framework (SPF) legislation, namely the use of both legislation and delegated legislation to enact the responsibilities of regulated entities.
3.2The operational aspects of the SPF are discussed later in Chapter four.
Overall support
3.3The overwhelming majority of submitters expressed support for an effective framework to combat scams. While most submitters presented differing ideas on improvements that could be made, only one submitter wholly opposed the model introduced in the bill.
3.4The Australian Securities and Investments Commission (ASIC) welcomed the introduction of the SPF as ‘important to ensuring increased protections for consumers from scam conduct and the serious harms that result’.
3.5Similarly, the Australian Competition and Consumer Commission (ACCC) welcomed the introduction of the bill, expressing its strong support for ‘the establishment of an ecosystem-wide, mandatory and enforceable regime to effectively address and reduce scam activity in Australia’.
3.6The Australian Financial Complaints Authority (AFCA) submitted that it ‘strongly supports’ the framework proposed in the bill, noting that ‘current legislative and regulatory settings are not fit for purpose and are unable to fully and effectively respond to the complex and evolving challenges scams present’.
3.7At the public hearing on 28 January 2025, AFCA stated its support for the ‘urgent passage’ of the bill ‘so that the significant work that needs to follow to implement the framework can begin’. It noted that ‘if Parliament chooses not to pass the legislation, Australians will continue to lose millions of dollars ... We will lose opportunities to significantly move forward and enhance Australia’s efforts to detect, disrupt and prevent this evil traffic if this legislation doesn’t move forward.’.
3.8The Australian Payments Network highlighted ‘the Government’s commitment to establishing a coordinated, cross-sectoral SPF that would help ensure that key sectors in the scams lifecycle have appropriate measures in place to prevent, detect, disrupt and respond to scams’, and expressed its support in particular for the following aspects of the bill:
an overarching legislative framework setting out the roles and responsibilities of regulators and regulated entities, supported by sector-specific codes, which ‘strikes a balance between… consistent, economy-wide principles and… practical implementation across diverse industries’;
the framework’s built-in flexibility, especially ‘the ability to designate new sectors and adjust the scope of obligations for certain regulated entities or services, and the relative flexibility of the SPF rules and sectoral codes’ which will ‘help maintain the SPF’s relevance and effectiveness over time’;
the multi-regulator model, a ‘pragmatic approach that should facilitate efficient implementation of the SPF’; and
the ‘list of SPF principles, which will be critical to ensuring that all regulated entities have appropriate measures for preventing, detecting, disrupting and responding to scams’.
3.9The Mortgage and Finance Association of Australia (Mortgage Association) submitted that it ‘welcomes the Federal Government’s efforts to implement a legislative framework to prevent and respond to scams impacting the Australian community’ and noted that although it did not expect the mortgage and finance broking sector to be a designated sector covered by the SPF, that sector ‘can often be the first line of defence against scammers in sensitive lending transactions and can play a vital role in educating their clients about the common scams to watch out for and the steps to remain safe’.
3.10The Communications Alliance, while raising some concerns with certain provisions of the bill, welcomed ‘the policy intent to develop a cohesive framework that seeks to limit scams across all sectors of the economy, including banking and digital platforms’ and noted that it and its members ‘have been proactively engaged in fighting scams for many years, having first registered a code with the Australia Communications and Media Authority (ACMA) in 2020, which has resulted in more than 2.1 billion scam calls and almost 700million scam messages being blocked since its introduction’.
3.11The Digital Industry Group Inc. (DIGI), like the Communications Alliance, had reservations about some provisions of the bill. However, it considered that the ‘bill, with its mandatory obligations, will see industries step up and do the very best that they can’ and will lead to ongoing, ‘concerted investment’ in scams prevention.
3.12Westpac described the bill as a ‘national interest-level piece of legislation’ and called for ‘bipartisan support’ to pass the bill.
3.13CHOICE argued that the ‘current voluntary approach to scam protection is not working’ and noted the need for ‘strong laws, with penalties’ to incentivise industry ‘to take scam prevention seriously’. It considered that the bill will ‘establish vital obligations’ for industry ‘to take reasonable steps to protect their customers from scams and introduce a baseline set of obligations that should have existed at law years ago’. CHOICE further contended that without ‘new legal obligations, the incentive for industry to prioritise scam prevention is likely to recede’. It urged the committee to recommend that the bill be passed ‘as a matter of priority next month [February]’.
3.14Consumer advocacy organisations, while expressing some concerns about particular aspects of the bill, overall welcomed the bill and argued that it ‘must pass in early 2025’, noting that ‘Australians cannot risk the uncertainty of a changing political landscape’ with a Federal election imminent, ‘not while they are losing billions of their life savings to scammers’. Further:
…[T]here is … an urgent need to have laws in place to drive industry investment in scams prevention. We share Government and industry concerns that the SPF Bill will not pass during this term of government. This would be an immense loss of years of cross-sector work.
3.15CHOICE considered that if Parliament were to pass the bill ‘as it’s currently drafted, then the minimum would have to be that we put a lot of effort into getting the codes right’ and flagged the importance of reviewing the framework in such a circumstance.
3.16Treasury informed the committee at the public hearing that the Australian Government has taken ‘a whole of ecosystem approach’ to scams ‘in recognition of the fact that scams are prevalent across a number of sectors in the economy’ and ‘focusing on all of those points of entry’ means ‘maximising the ability to harden up all of those systems that would prevent scams from occurring in the first place’. Treasury stated that the framework is ‘targeted to the areas that are most prevalent, so … it focuses on trying to minimise the regulatory burden but at the same time maximising its effectiveness’.
3.17While the majority of feedback to the bill and the proposed SPF was positive, particular aspects of the bill were queried as to how they would be implemented, and a number of recommendations were made to strengthen the bill and the overall operations of the SPF. These are discussed in detail in the remainder of this chapter.
Regulated sectors
3.18As outlined in Chapter two, the bill provides for SPF principles that must be met by all sectors designated as a regulated sector. Additionally, the bill allows for sector-specific codes to be developed that provide detailed and specific obligations for individual sectors. Further, the Minister advised that initial sectors intended to be regulated include:
telecommunication providers;
banks; and
digital platform services relating to social media, paid search engine advertising and direct messaging.
3.19ASIC stressed the importance of ensuring that the SPF, and sector-specific codes, are drafted with ‘simplicity and certainty’ which will ‘support ASIC’s future enforcement of the SPF’.
3.20Some evidence expressed support for flexibility built into the bill that would allow other sectors to be brought into the framework at a later date, and provisions requiring the Minister to consult prior to designating a sector subject to the SPF.
3.21The ACCC noted the concerns of the Senate Standing Committee for the Scrutiny of Bills in the use of delegated legislation for certain aspects integral to the operation of the SPF (as outlined in Chapter one). The ACCC raised similar concerns with the deferral of key obligations to future SPF codes or rules as it considered that ‘the inclusion of more detailed provisions in the primary legislation could assist in harmonising requirements across sectors and ensure regulated entities clearly understand their obligations’. However, the ACCC did not submit that it felt such concerns should halt the passage of the bill.
3.22The Mortgage Association stressed the importance that designated sectors, in this case the banking sector, did not shift their SPF obligations onto their distribution channels, such as brokers, or that ‘obligations imposed on designated sectors, whether through SPF rules or a sector-specific code, are not inadvertently transferred to non-designated participants’. To protect against this, the association recommended that AFCA recognise that smaller businesses may not have the same capacity as larger institutions to meet SPF requirements, and in many cases may not actually be formally designated under a SPF sector-specific code.
3.23Dr Mohiuddin Ahmed expressed concern that regulated sectors will try to pass on the costs of adhering to their obligations on to consumers and called for the Australian Government to ‘support the regulated entities in striking a balance between their revenues and the implementation of the framework’.
3.24Google submitted that until SPF sector-specific codes are in place, ‘regulated entities’ obligations under the Framework are unclear, meaning the circumstances in which a consumer would be entitled to recover losses from a regulated entity are also unclear’.
3.25CHOICE called for the Australian Government to commit ‘to a timeline for prompt expansion of the application of the SPF’ to online marketplaces, superannuation funds and cryptocurrency platforms.
3.26Similarly, Super Consumers Australia proposed that super funds ‘be the next in line for an industry anti-scam code’. Super Consumers Australia submitted that it is vital that the superannuation industry is included in the SPF as a designated sector no later than eight months after the SPF receives Royal Assent, noting that in 2024 there was $161 million of superannuation funds lost in investment scams, the largest of all scam categories, with people aged 65 and over experiencing the highest losses to investment scams, accounting for $55 million in losses.
3.27However, the Law Council of Australia called for care to be ‘exercised before expanding the proposed scheme’ to other sectors, arguing that the absence of information about which sectors would be brought under the SPF in the future is ‘concerning in light of the extensive civil penalty regime provided for under the Bill’.
3.28In a similar vein, the Association of Superannuation Funds of Australia sought ‘confirmation as to how long a newly designated sector has before it must comply with all the civil penalty provisions’ attached to the SPF principles. The Association of Superannuation Funds expressed its support for clause 58AE(1)(a)(ii) requiring the Minister to consider ‘the effectiveness of existing industry initiatives to address scams’ in a sector before deciding to designate businesses or services via legislative instrument as a regulated sector. The Association argued that this ‘provides appropriate flexibility and discretion’.
3.29One submitter with expertise in information technology considered that the bill should ‘mandate regular reviews of regulated sectors’, to ‘ensure that government oversight keeps pace with emerging technologies and industries at risk of scams’. The submitter suggested that designated sectors include AI-driven marketplaces, cryptocurrency exchanges and decentralised finance platforms.
Dual regulatory framework
3.30Many service providers—or their industry representatives—who are likely to be designated as regulated entities used consistently identical language to describe the SPF as a ‘dual regulatory framework’ where requirements captured within the legislation may be later ‘doubled-up’ in sector-specific rules contained in delegated legislation. It was claimed that this would create two separate frameworks that may at times be in conflict, leading to regulated entities unsure of which requirements they must meet.
3.31Westpac also expressed concern that as currently drafted, the bill could see entities compliant with their code obligations while concurrently breaching the SPF principles. Westpac argued that this ‘creates uncertainty, duplication and hinders the ability for entities to make investment decisions about appropriate scam prevention measures’.
3.32DIGI similarly submitted that ‘the Bill contains a set of prescriptive obligations in primary legislation designed to apply to a wide range of industries, in addition to forthcoming obligations that will be set out in sectoral codes through subordinate legislation—creating two sets of obligations, two sets of regulators, and two sets of penalties’.
3.33The Communications Alliance went further, and referred to the framework as creating a system of ‘quadruple jeopardy’:
It subjects designated entities to a dual regime of obligations:
(1)1 the SPF itself; and
(2)2 subordinate regulation;
with a dual set of penalties and a dual enforcement regime (ACCC and, for our sector, the ACMA); and
it subjects designated entities to a dual liability regime through:
(3)3 an external dispute resolution scheme (EDR), envisaged to be the Australian Financial Complaints Authority (AFCA) (s 58DC); and
(4)4 the right to private action which in turn hinges on compliance with the dual regime of obligations (s 58FZC).
In addition (and exacerbating the issue):
regulators can make a claim against regulated entities on behalf of SPF consumers (s 58FZC); and
there may also be a dual EDR scheme.
3.34Further claims were put forward by the Internet Association of Australia, that placing civil penalties in both legislation and delegated legislation (for sector-specific codes) would give rise to a ‘civil penalty double jeopardy’ where regulated entities would be ‘penalised or face other enforcement actions via other multiple means for the same conduct’.
3.35Similarly, the Tech Council of Australia considered it ‘inappropriate that businesses could be separately penalised for non-compliance with the framework principles when they are complying with obligations set out in the mandatory codes’. The Tech Council flagged that the model set out in the bill, comprising the framework set out in the legislation, sector-specific codes, external dispute resolution (EDR), and potential private action may ‘introduce significant complexity and risk for businesses, and will result in businesses over-correcting in response to scams, that is likely to block legitimate traffic’.
3.36On this matter, the Communications Alliance described the possible impact of the legislation as ‘dangerous’ given the potential for telecommunications providers to block legitimate calls and texts. However, upon questioning at the public hearing, the Communications Alliance agreed that it may be able to resolve such issues in the development of its industry code with the ACMA.
3.37Optus had similar concerns with the inclusion of obligations within primary legislation in Division 2 of the bill, as well as in sector-specific codes that may be drafted under Division 3 of the bill. It noted:
… where a scam occurs and despite a telecommunications company being compliant with the requirements of the industry code developed under Division 3, another regulator or court may take the view that the company did not take reasonable steps as required by the overarching principles outlined in Division 2. This is particularly likely where other matters such as customer base and size of a company are equal matters to be considered under reasonable steps. The drafting in s58BB could mean that small telecommunications companies with few customers need only be compliant with industry codes; but the larger telecommunications companies with large customer bases are expected to undertake further, undefined actions which is unknown at the time. It is not clear this is consistent with the intent of the policy.
3.38Optus suggested this be rectified by removing the civil liability elements in Division 2, relying on civil liability through industry codes.
3.39However, the Australian Communications Consumer Action Network (ACCAN) did not share the above views and considered that ‘recent commentary regarding the SPF appears to conflate penalties with compensation’. ACCAN contended that this position reflects ‘a misinterpretation of the substantive requirements of the SPF’ which, in ACCAN’s view, ‘clearly articulates a series of primary obligations via the primary legislation and envisions the creation of sector specific codes to address sector specific risks’. Further, ‘this approach to institutional design has been extremely effective in the context of work health and safety’.
3.40On the matters of ‘double or ‘quadruple’ jeopardy, ACCAN argued that ‘existing EDR frameworks … do not extinguish the ability of a consumer to seek redress at law’, and questioned ‘to what extent the SPF is in any fashion more complex than the legislative frameworks that already operate with respect to industries that afford consumers access to EDR’. In addition, obligations set out in delegated legislation ‘would be distinct requirements from the general duty imposed by the proposed SPF … [W]e note that in many instances the breach of a subsidiary obligation will be insufficient to trigger the imposition of penalties for breaches of the principal legislation’.
3.41At the public hearing on 28 January 2025, Treasury noted that in the bill ‘there’s actually a provision that explicitly talks about double jeopardy and preventing civil penalties being imposed for the same conduct in two different circumstances’. Further, Treasury suggested that ‘what would be borne out in reality is regulatory pragmatism, in the sense that we do have regulators that are forming judgements about how they should pursue particular types of conduct’. Treasury stated that it is ‘well within the powers of regulators to actually examine those cases and ensure that those cases of overlap don’t result in an over-penalisation for misconduct’.
Sector-specific codes
3.42As noted in Chapter one, the Senate Standing Committee for the Scrutiny of Bills (Scrutiny committee) raised concerns with the approach of using delegated legislation for enacting sector-specific codes for the SPF, particularly where such codes will include civil penalties.
3.43The Australian Small Business and Family Enterprise Ombudsman expressed concern about the ‘proposed reliance on delegated legislation to set out the detail (sector specific codes and/or rules) regarding how the framework will work’. The Ombudsman recognised the need for a framework that is flexible, but proposed consideration of whether including more detailed provisions in the bill, rather than delegated legislation, ‘would help expedite and harmonise requirements across sectors and ensure regulated entities clearly understand their obligations’.
3.44Conversely, DIGI agreed with setting out SPF obligations in delegated legislation, and argued the approach should go further, where the ‘primary legislation should simply focus on enabling the development of mandatory codes that outline robust, sector-specific obligations for regulated entities’.
3.45Westpac called for all codes to be ‘reviewed and approved by the ACCC to ensure consistency and robustness’. It suggested that a ‘whole-of-ecosystem approach, as intended by the Bill, cannot be effective if the sector Codes’ do not require regulated entities to meet the same standards’. Westpac argued that the ACCC would be best-placed to oversee the development of sector-specific codes, rather than delegating ‘this authority to SPF sector regulators which won’t have the same system-wide view’.
3.46The Communications Alliance raised concerns that the inclusion of standards within both the primary legislation and the delegated legislation (sector-specific codes) could lead to confusion as to which standards must be met for an entity to be compliant. It recommended that the SPF standards should be contained wholly within the sector-specific codes, but provided another option if this was not preferred by government:
If the Government felt it infeasible to remove all detail and dual application from the SPF, at a minimum, the primary legislation must put beyond doubt that compliance with the applicable sector-specific code is sufficient for a regulated entity to be deemed as having taken all ‘reasonable steps’ and, consequently, also as having complied with the requirements of the SPF. The current addition of code compliance as only one factor in the list of matters for consideration is insufficient.
3.47Optus similarly recommended ‘developing a framework that enables powerful mandatory industry codes with effective enforcement mechanisms’ via ‘enabling legislation providing clear principles which each industry code must address; and by trusting the regulators empowered to facilitate necessary industry expertise to draft mandatory industry codes that are implementable, enforceable and effective’.
3.48Telstra called for the codes to ‘contain prescriptive, sector-relevant detail’ and for the primary legislation to be ‘focussed on economy-wide, principles-based obligations which the sector specific codes must meet and enabling powers’. Telstra considered that such an approach would ensure that ‘technical sector specific obligations can adjust flexibly over time, that obligations remain appropriate for each different designated sector, and, importantly, avoid duplicative regulation across differing levels of legislation’.
3.49National Australia Bank (NAB) called for sector-specific codes to be ‘more than “minimum standards”‘ that ‘translate the principles in the legislation into deliverable actions and outcomes’. It also suggested including a provision ‘requiring regulated entities to advise their sector-specific regulator of the name and role of their accountable senior SPF officer’.
3.50Treasury informed the committee that the Government had moved some content from the principles in an earlier version of the bill, intending that ‘as codes are prepared and drafted, there will be further engagement with relevant sectors and other stakeholders so that detail appropriate to that industry’s role can be brought in’. Treasury further advised:
The legislation … sets out high-level principles and obligations. The reason the codes exist is to move from some of those high-level obligations into some of the more detailed areas that are much more appropriate to handle in subordinate legislation, because, as you can imagine, scams evolve and change quickly, so it’s necessary for us to have a capability that enables some sort of response to that in a timely way. That’s why you have the two. In terms of the consultation process, I think, in some ways, you would see a mirroring of some of the consultation that we’ve already undertaken to date, where we’d make sure that there’s public and full engagement from all of the sectors that are involved.
3.51In addition, Treasury anticipated that draft codes will be released for public consultation, ‘giving not just industry but other interested stakeholders an opportunity to comment on and consider what the obligations are’.
3.52Treasury noted that the Minister must consider the effectiveness of existing industry initiatives to address scams, the interests of consumers in a sector and the likely consequences of making a designation before deciding to designate a particular sector as a regulated sector. In addition, the Minister ‘can also consider any other factors that they believe are necessary to consider and that may be relevant.’
Digital platforms
3.53Much comment was made by submitters and witnesses around the incorporation of digital platforms into the SPF, particularly on what services would be included and the multinational nature of the industry. These issues are discussed below.
3.54CHOICE argued that digital platforms are ‘perhaps the best example’ of a ‘desperate need for laws to require businesses who enable their services or platforms to be exploited by scammers to do more to protect their customers’.
3.55However, some evidence noted issues that may arise with designating digital platforms as regulated entities. For example, the Internet Association of Australia noted that the broad definition of ‘carriage services’ that may be designated may include internet service providers (ISPs), ‘many of which may only be in the business of Internet service provision, as distinct from other telephony services like calls and SMS’ and the association recommended they are carved out from the SPF due to the ‘the limited control and visibility ISPs have into the nature of the data facilitated via their services’.
3.56Likewise, DIGI submitted that the definition of what constitutes a digital platform has not been articulated, and noted that the Online Safety Act 2021 definition of social media services is defined broadly to encompass interaction between ‘two or more end users’, which ‘encompasses a wide range of services, such as local and small business community forums, educational technology, business forums, health support forums, games, news services and any blogs with comments enabled’. DIGI argued that ‘compliance requirements required under the Framework, and the associated penalties, are not appropriate nor proportionate for this extremely wide range of services’. DIGI recommended that SPF obligations on the digital platform sector should be ‘limited by size of user base or risk profile, similarly to how the level of obligation placed on platforms under the Online Safety Act’s codes and standards is determined’.
3.57DIGI raised additional concerns that the SPF regulator for the digital platform sector was proposed to be the ACCC, as opposed to the ACMA which is the regulator for the Telecommunications sector. DIGI submitted ‘the ACMA has a combination of subject matter and sectoral expertise, through its oversight of the telecommunications industry’s scams code and its work with digital platforms in areas such as misinformation’.
Offshore digital platforms
3.58Some evidence expressed concern particularly about the role of digital platforms in publishing scams. CHOICE argued that there is little that digital platforms ‘don’t know about their users, but the rate that scams have proliferated on Google and Meta platforms makes it abundantly clear these tech giants are choosing not to adequately invest in scam prevention’. CHOICE also contended that digital platforms take an ‘approve first and ask questions later, if ever’ approach to publishing ads, which means they are ‘paid directly by scammers to promote scam advertisements, [so] there is an inherent conflict between the financial interests of digital platforms and the safety of their users.
3.59Tattarang, the private investment group of Dr Andrew Forrest AO and Nicola Forrest AO, argued that, based on Dr Forrest’s experience bringing legal action against Meta because of its alleged inaction on scams featuring Dr Forrest, there will be ‘significant impediments’ to enforcement of the provisions of the bill on offshore social media companies.Tattarang expressed concern that social media platforms may deliberately house all technical and decision-making functions offshore, with Australian users and advertisers required to agree to contracts drafted ‘under exclusive California law and courts provisions’, so that they are able to operate ‘outside the reach of Australian law’.
3.60Tattarang further contended that ‘assessing compliance with principles and codes will be severely hampered if relevant personnel and information are not located in Australia’. It was of the view that the bill could address this issue by requiring foreign corporations to operate through Australian corporations or resident foreign corporations, or to submit to ‘Australian jurisdiction through licensing regimes and other mechanisms’. Examples that Tattarang gave from other legislative regimes included:
foreign banks being required to ‘have local subsidiaries that hold Australian banking licences because the banking system is so critical to the economy and society’; and
foreign-manufacturers of medical devices being required to have a local ‘sponsor’ (an Australian importer) who can attest to compliance with relevant regulations for a device to be assessed under the Therapeutic Goods Act 1989.
3.61Tattarang noted that it intended to ‘approach the Government with … options to give effect to these requirements’.
3.62On a related matter, the Law Council of Australia proposed ‘further consideration of how extraterritorial application will be enforced in the context of the SPF’.
Burden on smaller entities
3.63Multiple submitters argued that the SPF requirements may be reasonable for larger organisations but would be a regulatory and financial burden that smaller businesses would not be able to meet.
3.64The Australian Banking Association reported that ‘every bank has huge financial fraud teams’ and one major bank has 500 staff working on combating scams. However, it noted that with banks already doing this work, the bill would only place ‘a legal obligation on them to maintain that effort’ and not necessarily require ‘a significant uplift in staffing’.
3.65BDO Australia noted that smaller and mid-tier proposed regulated entities are already ‘grappling with significant challenges due to their limited resources in comparison to the larger industry entities’ and they often find themselves at a disadvantage when it comes to the costs associated with regulatory and legislative compliance.
3.66Conversely, Mr David Niven, a consumer lawyer, expressed concern that smaller banks would be held to a lower standard than major banks under the bill as currently drafted.
3.67Telstra also contended that placing ‘an overly lower expectation’ on smaller transit carriers and carriage service providers, despite ‘the majority of scams in the telco sector’ coming through these providers, ‘signals to the scammers’ that they ‘are their “way in” to the ecosystem. To avoid frustrating the purpose of the SPF, this reference should be removed’.
3.68The Special Broadcasting Service (SBS) argued that as a smaller and publicly funded broadcaster, it ‘sits at the end of the online ad supply chain, and the limited measures available to SBS to deal with scams are comparatively slow, inefficient, costly, and much less effective’. SBS therefore argued that it should not be included in the SPF, given ‘little benefit would accrue to audiences from this outcome, given the ability to control online scam activity lies with other parties in the ad tech supply chain, and broadcasting services are already subject to robust measures’.
3.69It is important to note that the SPF also recognises small business as an SPF consumer, and the protections against scams will apply equally to them.
Exclusion of certain sectors
3.70Some evidence called for certain sectors to be excluded from the obligations to be imposed by sector specific codes. The Australian Financial Markets Association proposed that only authorised deposit-taking institutions that provide services to retail customers should be subject to the requirements that would be imposed by the bill and the proposed banking sector code, arguing that because the purpose of the bill is to implement a legislative framework to protect Australian consumersagainst scams, ‘entities that are not licenced to provide services to consumers should be outside the scope of the Bill’.
3.71In addition, the Australian Financial Markets Association was of the view that ‘foreign banks operating via Australian branches should be excluded’ because their ADI authorisations issued by the Australian Prudential Regulation Authority only allow them to conduct banking business with wholesale clients. They suggested that there is a ‘shared view that scams relate to retail banking operations and not wholesale entities’.
3.72The Australian Banking Association called for Third-Party Payment Providers (TPPPs) to be included in the SPF, as ‘there remains a possibility that other parties within the ecosystem will be held responsible for losses incurred through them [TPPs]’. The Association recommended that TPPPs be included in future iterations of the SPF, and in the meantime the SPF should ‘clearly demarcate areas of bank liability for these losses’.
3.73The Commonwealth Bank of Australia similarly recommended the inclusion of ‘providers of stored-value facilities, payment facilitation services, payment technology and enablement services’ and noted this inclusion would be increasingly important ‘as payments shift from direct entry to PayTo with the planned retirement of the Bulk Electronic Clearing System (BECS) under the Government’s Strategic Plan for the Australian Payments System’.
3.74Twilio called for the principles of ‘prevent’, ‘detect’, ‘report’ and ‘disrupt’ to be applied ‘only to originators of telecommunications who are best placed to take effective action against scam[s]’. Twilo argued that if the principles were applied to every provider, ‘disproportionate power over traffic would be given to the three dominant players, potentially without any scam reduction’. Further, legitimate ‘traffic such as an emergency alert broadcast, marketing campaigns or appointment reminders could all trigger a pattern alert and be blocked erroneously’. As such, Twilio called for amendments to the bill to ensure the above requirements are targeted only at originating providers.
3.75The Tech Council of Australia also argued that ‘obligations to prevent and detect scams should not apply to every stage of the supply chain’. It considered that under the bill, even if ‘carriage service providers have vetted and confirmed the identity of their customer … the traffic could still be blocked by a carrier using pattern detection that detects a new, high volume of traffic coming from particular numbers’.