ASIC claims HSBC Australia lacked adequate controls to detect and prevent unauthorised payments and failed to meet its obligations under the ePayments Code. The bank allegedly did not investigate customer reports of unauthorised transactions within required timeframes or promptly reinstate affected customers' banking services.
According to ASIC, reports of unauthorised transactions involving HSBC Australia surged from mid-2023, often after scammers impersonated HSBC staff to gain access to customer accounts. Between January 2020 and August 2024, HSBC Australia received approximately 950 reports of unauthorised transactions, resulting in losses of about USD 23 million. Notably, nearly USD 16 million of these losses occurred in just six months, between October 2023 and March 2024.
ASIC alleges HSBC Australia was aware of the risks as early as January 2023 but failed to implement sufficient fraud controls. Some customers reportedly lost amounts exceeding USD 90,000, while the bank’s investigations took an average of 145 days to complete. Additionally, customers faced delays in regaining full access to their accounts, with reinstatement averaging 95 days. In one extreme case, a customer waited 542 days.
ASIC contends that HSBC Australia failed to:
Implement adequate systems and processes to address widespread non-compliance with investigation timeframes and reinstatement of banking services since January 2020.
Establish sufficient controls to prevent and detect unauthorised payments between January 2023 and June 2024.
Therefore, ASIC is seeking penalties, declarations of contraventions, adverse publicity orders, and legal costs.
The ePayments Code governs electronic payment transactions in Australia, including credit card payments, internet banking, and mobile banking. As a subscriber to the Code, HSBC Australia must:
Investigate unauthorised transaction reports within 21 days and inform customers of the outcome.
Finalise investigations within 45 days, except in exceptional circumstances, such as delays caused by foreign merchants or other banks.
Scam-related financial losses have escalated nationwide. In 2023, Australians lost approximately USD 2.74 billion to scams, according to the Australian Competition and Consumer Commission (ACCC). Scamwatch issued an alert in February 2024 highlighting scams involving HSBC impersonation.
To address the growing threat, new legislation introduced in November 2024 aims to establish a Scams Prevention Framework. The framework will impose obligations on designated sectors to prevent, detect, disrupt, and report scams, as well as implement robust governance systems.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now