I am getting bored of singing the praises of the authorities in Australia, but I have to keep doing it because their thinking about how to tackle scams is so advanced. The government’s proposed scams prevention framework applies a nested approach to regulators, each of which has responsibility for implementing a consistent anti-scam strategy. The aim is to ensure businesses across multiple sectors will all have the same aligned responsibilities for tackling scams whilst their regulators are motivated to work together instead of arguing over who has jurisdiction over which mitigation for what kind of scam. The Australian Competition and Consumer Commission (ACCC) becomes the super-regulator with overall responsibility for tackling consumer scams, with other regulators accepting delegated responsibility for overseeing the particular organizations that lie within their domain. This means the Australian Communications and Media Authority (ACMA) will enforce the rules for the communications and media sector (duh!), the Australian Securities and Investments Commission (ASIC) will enforce the rules for the financial sector, and the door is left open to enroll other regulators in similarly subordinate roles to the ACCC if it becomes apparent that other kinds of organizations also need to take more responsibility for stopping scams. The philosophy is clearly designed to counter the problems otherwise created by too many legal and regulatory silos.
Each regulator will be responsible for fleshing out the details for the sectors they oversee, but each should adhere to the same six principles when setting expectations for the organizations they regulate.
- Prevent: activities designed to stop scams before they occur
- Detect: monitoring and identifying when scams occur
- Disrupt: halt scams in progress
- Report: share information about scams with any relevant party
- Respond: listen to the experience of consumers and address their complaints
- Govern: organizations publish an explanation of how they intend to satisfy the principles above
Governance includes making senior management responsible for adhering to new expectations.
Each regulated entity must develop and implement governance policies, procedures, metrics and targets for combatting scams. These must be reviewed, and certified by a senior officer of the entity, at least annually.
And most importantly, the framework promises tough penalties for organizations that fail to play their part in reducing scams. Civil penalties will be aligned across sectors for failing to meet the requirement to report, respond or govern, or for failing to take ‘reasonable steps’ to prevent, detect or disrupt scams. Much of the work for regulators will involve fleshing out the detail for what is considered a ‘reasonable step’ to prevent, detect or disrupt wildly different kinds of scams, including any new ones. However, there is a clear intention to tackle scams holistically and consistently, so society can use the broadest range of tools to reduce scams whilst spreading the burden evenly and fairly.



