02 June 2025
The new Scams Prevention Framework (SPF) is now law and the next steps are for SPF Codes and SPF Rules to be prepared in consultation with industry, and for sectors to be designated. Looking abroad at other scam prevention regimes provides insights into how the details of the SPF might be developed.
The SPF does not in itself impose any obligations on entities until a designation of their sector is made. Treasury has indicated that banks, telecommunication providers and digital platforms will be the first sectors to be designated for SPF regulation. Future sectors for designation may include superannuation, insurance, online marketplaces and cryptocurrency providers.
The SPF sets the foundations for the regime but the operational details are yet to be developed, including:
Although the SPF is now law and does not provide for a transitional period, it is envisioned that regulated entities will not be required to adhere to the SPF’s obligations until their sector is designated and the designation instrument for their sector is in force. Those instruments may include transitional arrangements.
The United Kingdom, Singapore, and Malta have established regulatory regimes to combat scams, each with distinct approaches that provide insight into how the SPF might develop in practice. The Australian regime stands out for its comprehensive approach to disrupting the entire lifecycle of scams. It aims to regulate multiple sectors where scams originate and spread - banks, telecommunications providers and digital platforms.
In contrast, overseas frameworks have so far focused only on banks, payment service providers and in the case of Singapore, telecommunication companies. However, the approaches abroad were considered by Treasury in developing the SPF and may provide insights into how the SPF Codes may be developed, particularly in relation to apportionment of liability, scams controls and regulator intervention.
The UK Authorised Push Payments (APP) regime commenced in October 2024 and differs from the SPF in key respects:
Australia | UK | |
---|---|---|
Sectors |
Banks, digital platforms, telecommunications |
Only banks and other payment service providers (PSPs) |
Scope |
Payments by Australian residents (including when abroad), visitors to Australia, small businesses |
Only UK-UK payments via Faster Payments and CHAPs |
Mandatory repayment |
No |
Yes |
Compensation cap |
No |
£85,000 (approx. $168,000 AUD) |
Mandated apportionment |
Not yet |
50:50 split between sending & receiving PSP |
Limitation period |
Six years |
13 months |
Mandated time to reimburse |
Not yet |
Within five business days (subject to exceptions) |
Scam prevention obligations |
Yes, to take ‘reasonable steps’ to prevent and detect scams |
No |
Insights from the UK for the forthcoming SPF consultations include:
Singapore’s Shared Responsibility Framework (SRF) came into effect in December 2024 and differs from the SPF in key respects:
Australia | Singapore | |
---|---|---|
Sectors |
Banks, digital platforms, telecommunications |
Banks (and PSPs) and telecommunications |
Scope |
Payments by Australian residents (including when abroad), visitors to Australia, small businesses |
Phishing scams where the impersonated entity has a Singapore nexus |
Mandatory repayment |
No |
No |
Compensation cap |
No |
No |
Mandated apportionment |
Not yet |
Yes |
Limitation period |
Six years |
No later than 30 calendar days after receiving a notification alert |
Mandated time to reimburse |
Not yet |
21 business days for straightforward cases/45 business days for complex cases |
Scam prevention obligations |
Yes, to take ‘reasonable steps’ to prevent and detect scams |
Yes |
Insights from Singapore for the forthcoming SPF consultations include:
In Malta, scam complaints are managed by the Office of the Arbiter for Financial Services (AFS). The Maltese regime differs from the SPF in key respects:
Australia | Malta | |
---|---|---|
Sectors |
Banks, digital platforms, telecommunications |
Financial service providers (FSP) |
Scope |
Payments by Australian residents (including when abroad), visitors to Australia, small businesses |
Any type of scam involving an FSP, including PSPs under Directive (EU) 2015/2366 (PDS2) |
Mandatory repayment |
No |
Yes, for scams under PDS2 (except where gross negligence by consumer) No for other types of scams (but AFS can award compensation) |
Compensation cap |
No |
Yes, for PDS2 scams: €250,000 (approx. $420,000) No for other types of scams (AFS will award amount it considers appropriate) |
Mandated apportionment |
Not yet |
Yes, between PSP and consumer for PDS2 scams, via a ‘reasonability allocation’ model No for other types of scams |
Limitation period |
Six years |
Complaint must be raised in writing with the FSP within two years; and brought to the AFS within five years |
Mandated time to reimburse |
Not yet |
AFS specifies the period within which the FSP must provide compensation |
Scam prevention obligations |
Yes |
No |
Insights from Malta for the forthcoming SPF consultations include:
Allocation of responsibility criteria | PSP | Consumer |
---|---|---|
Unquestionable gross negligence by consumer |
0% |
100% |
Fraudster used PSP’s normal channels of communication giving the clear impression of being a genuine communication |
add 50% |
reduce by 50% |
Consumer actively participated in the fraud beyond disclosure of credentials |
reduce by 30% |
add 30% |
PSP notified consumer by direct communication to beware of such scams in: last three months |
reduce by 20% |
add 20% |
last six months |
reduce by 10% |
add 10% |
over six months |
no reduction |
no addition |
Special circumstances apply |
add 20% |
reduce by 20% |
Consumer made no similar genuine payments in last 12 months or payment amount is atypical |
add 20% |
reduce by 20% |
Businesses within the sectors which are anticipated to be designated initially under the new Australian SPF regime (banking, telecommunications, and digital platforms) should take steps to prepare for the rollout of the SPF regime, including by considering the insights from abroad in:
Harriet Codd, Jasper Rasmussen, Nicole Jackson, Ciara Lavendar and Sebastian Judge also contributed to this Insight.
Authors
Tags
This publication is introductory in nature. Its content is current at the date of publication. It does not constitute legal advice and should not be relied upon as such. You should always obtain legal advice based on your specific circumstances before taking any action relating to matters covered by this publication. Some information may have been obtained from external sources, and we cannot guarantee the accuracy or currency of any such information.