‘Nascent & immature’: ASIC takes non-major banks to task on scam response

  • FST Media
  • 21 August 2024
Non-big four banking scams

Australia’s non-major banks were last year detecting and stopping just 19 per cent of scam transactions by value and recovering just 20 per cent of transactions made to scam accounts, ASIC has revealed in a new report.

In its snapshot review (taken at the end of the 2023 financial year) assessing 15 non-major Australian banks’ anti-scam capabilities and measures, ASIC overall found a “fairly nascent approach to the implementation of scams strategies and low maturity of governance” in the detection and prevention of and response to scams.

The report noted an overall failure by the non-majors, aside from scam education initiatives, to fully implement the regulator’s key recommendations issued in an earlier report, which identified similar deficiencies in the big four banks’ anti-scam activities.

ASIC also identified an inconsistent and narrow approach by the non-majors in determining liability for scam losses, as well as a lack of sufficient support for scam victims.

However, the report found significant differences in the levels of anti-scam maturity, with considerable variability across the group of 15 surveyed banks.

The report noted in particular that surveyed non-major banks’: 

  • Governance and reporting tended to be fraud-focused. Only five of the 15 reviewed banks had a scams strategy in place, with only one strategy fully implemented. Of the banks with strategies, ASIC noted that most did not have timelines to implement initiatives or measurable targets to monitor progress against the strategy.
  • Capabilities to hold or delay potential scam payments were inconsistent across payment channels. A significant number of reviewed banks did not have payment hold capabilities and the majority had not fully implemented monitor and stop capabilities across all payment channels.
  • Lack of protection against brand misuse across all telecommunication channels. Only one of the reviewed banks had fully implemented controls to minimise misuse of its telephone numbers and SMS alpha tags to prevent impersonation scams.
  • Poor customer experiences due to lack of resourcing and customer focus. For instance, a significant portion of banks (that were part of a in-depth survey by ASIC) were found not to have end-to-end coverage of the customer scam journey. As well, ASIC found that the reviewed banks did not always consider the likely distressed state and vulnerability of the scammed customer and scam reports were frequently mishandled, leading to delays – in part due to resourcing constraints, financial loss to the customer, unclear and confusing communication, and failure to identify and respond to scam victims who were experiencing vulnerability.ASIC cited one case where a scammed customer recorded 29 separate interactions with their bank over the span of 14 months, including having to initiate contact to ask for updates on their case.
  • Adoption of inconsistent and narrow approaches when considering liability. ASIC noted that many reviewed banks lacked a bank-wide approach to determining liability for scam losses resulting in inconsistent outcomes for customers. In addition, policies did not always consider all relevant factors for determining liability.

 

ASIC acknowledged that reviewed banks had started or were accelerating initiatives to combat scams during the 2023 calendar year (in some cases using ASIC’s observations in the initial report as a benchmark, the regulator said), with increasing impetus driven by the Australian banking sector’s wholesale adoption of the Scam Safe Accord last November.

For instance, ASIC noted that most the surveyed non-major banks had implemented or were planning to implement stop-and-hold capabilities for payments, such as blocking or preventing potential scam transactions from proceeding – generally in-house for the larger banks, and outsourced to third-party payment services providers for smaller institutions.

“This work appears to have had a positive impact on scam losses reported, which fell by 15 percentage points – as a share of the total value of scam transactions made by customers – down from 77 per cent in the first half of the reviewed year, to 62 per cent in the second half,” ASIC wrote.

Indeed, the regulator found that certain smaller banks in the group closely matched or even outperformed some larger ones on key anti-scam metrics.

“This suggests that the scale and size of banks does not generally hinder the development and implementation of anti-scam initiatives.”

ASIC also observed that a top-down approach – that is, the degree of management’s focus on responding to scams – was a significant contributor to an organisation’s scam maturity.

“Generally, the higher the levels of board and senior management involvement and investment in scam prevention, the greater the quality of scam detection and response capabilities, and the faster the speed of implementing initiatives in response to changes in the scam environment.”

Willingness to reimburse

The report further found that non-majors reimbursed or compensated just four per cent of scam losses, with the rest borne by customers – notably lower than the seven per cent refunded by the big four during the 2022–23 financial year (however, ASIC noted that the major banks’ figure was driven by the actions of just one bank).

At least some reimbursement or compensation was paid to scammed customers in around 16 per cent of the cases when there was a scam loss, ASIC revealed.

Just two per cent of scam losses were reimbursed or compensated by the reviewed banks if the customer did not complain; this increased to seven per cent when a complaint was lodged.

According to scam reporting agency the Australian Competition and Consumer Commission (ACCC), consumers lost more than $2.74 billion to scams last year.

Commenting on the results of the survey, ASIC deputy chair Sarah Court noted that, like the big four banks reviewed last year, the 15 non-majors “also demonstrated a less mature approach to scams strategy and governance than we expected”.

“While recent data suggests Australians are becoming more savvy in avoiding scams, we need continued focus across industry and regulators to effectively tackle this important issue,“ Court said.

She noted that the data in the report underscores, however, where the 15 reviewed banks were mid-last year in their anti-scam capabilities “before the delivery of key anti-scam infrastructure including the National Anti-Scam Centre and ASIC’s website takedown service.”

Court added: “We expect all banks regardless of their size, to pull their weight in the fight against scams. Boards and senior management have a key role to play in driving improvement.

“What’s important for customers before you act is that you”.

 

Share This Post
Related News
Sydney launch
Leading trade surveillance fintech makes Aussie debut
Genetic testing
Govt bans genetic testing by life insurers
New Zealand AI adoption
In-house AI development falls short, with Kiwi FSIs opting for third-party tech
judobank
Judo migrates loan book to new business lending platform
Peter King and Anthony Miller
Westpac’s King to depart, successor named