Login
ISCOVER
A non-major lender is being sued for allegedly failing to adequately protect customers scammed out of $23 million.
The financial services regulator has announced it is suing HSBC Bank Australia Limited (HSBC Australia) over allegations it failed to adequately protect customers scammed out of millions of dollars.
To continue reading the rest of this article, please log in.
Looking for more benefits? Become a Premium Member.
Create free account to get unlimited news articles and more!
Looking for more benefits? Become a Premium Member.
According to documents filed in the Federal Court, the Australian Securities and Investments Commission (ASIC) alleges that:
-
From January 2020, HSBC Australia failed to have adequate systems and processes to protect against significant, widespread, or systemic non-compliance with its obligations.
==== -
From January 2020, it failed to investigate reports of unauthorised transactions within specified time frames and to promptly reinstate banking services to customers who reported unauthorised transactions.
-
From 1 January 2023 to 1 June 2024, it failed to have adequate controls for the prevention and detection of unauthorised payments.
-
The bank failed to do all things necessary to ensure that the financial services covered by its Australian financial services licence were provided efficiently, honestly, and fairly.
-
The bank failed to do all things necessary to ensure that the credit activities authorised by its credit licence were engaged in efficiently, honestly, and fairly.
What happened?
The financial services regulator has said that there was “a significant escalation” in reports of unauthorised transactions by HSBC Australia customers from mid-2023.
ASIC has said that it often occurred after scammers had obtained access to their accounts by impersonating HSBC Australia staff.
Indeed, on 2 February 2024, Scamwatch released a scam alert on the HSBC Australia impersonation scam. The scam involved the victim receiving a fake text or call pretending to be from HSBC, who urged them to provide personal details and bank codes to prevent fraud. However, in actual fact, the HSBC “representatives” were scammers attempting to steal their account information.
ASIC has estimated that, between January 2020 and August 2024, HSBC received approximately 950 reports of unauthorised transactions, resulting in customer losses of about $23 million.
Almost $16 million of this occurred in the six months from October 2023 to March 2024, according to ASIC.
The regulator has also alleged that the bank was aware of the risks of unauthorised transactions occurring and had holes in its fraud controls.
Morover, despite the ePayments Code obligating subscribers (including HSBC Australia) to investigate unauthorised transactions within 21 days of receiving a report – and completing an investigation within 45 days of receiving a report – ASIC alleges that it took the bank an average of 145 days to investigate customers’ reports that they had been scammed.
Some customers scammed out of $90k or more
ASIC deputy chair Sarah Court said: “We allege HSBC Australia’s failings were widespread and systemic, and the bank failed to protect its customers.
“We allege that from at least January 2023, HSBC Australia was aware of the risks of unauthorised transactions occurring and that there were gaps in their fraud controls. This resulted in some customers getting scammed out of $90,000 or more.
“We allege HSBC Australia compounded the problem by failing to comply with its obligations under the ePayments Code and let its customers down when they needed their help the most, on average taking 145 days to investigate customers’ reports that they had been scammed.”
The regulator said it was also concerned that HSBC Australia had “failed to promptly restore customers’ full access to their bank accounts, on average taking 95 days to do so”.
“One customer did not have full access restored for 542 days,” Court said.
“We know scammers are constantly looking for new ways to exploit people. Customers can lose their life savings in an instant. Scammers do not discriminate.
“All banks need to pull their weight in the fight against scams. We will not hesitate to take court action where we consider banks fail to comply with their obligations to protect their customers.”
ASIC is seeking declarations of contraventions, pecuniary penalties, adverse publicity orders, and costs.
In a statement provided to The Adviser, an HSBC spokesperson said: “HSBC acknowledges the claim commenced by ASIC today.
“We are considering the matters raised and will continue to co-operate and work constructively with ASIC.
“Protecting our customers from scammers remains our top priority. We continue to make significant investments in our fraud and scam prevention, detection, and response.”
The action comes amid increased scam activity in Australia, with the festive season expected to see more nefarious activity.
Cyber scams could pose a greater risk to brokers during the holiday season, according to aggregation group LMG, which this week warned brokers to be extra vigilant during the festive period.
Criminals may use the summer holidays, typically a time brokers let their guard down, to exploit skeleton staff and settlement deadlines at brokerages, LMG acting chief risk officer, Luke Jarmaine, said.
[Related: Brokers warned of heightened cyber scam risk during holidays]
JOIN THE DISCUSSION