Australia’s corporate regulator has taken legal action against a major international bank for allegedly failing to protect customers from scams.
On Dec. 16, the Australian Securities and Investments Commission (ASIC) announced that it had filed a lawsuit against HSBC Australia in the Federal Court.
ASIC alleged that HSBC Australia did not have a proper system to prevent and detect unauthorised payments between Jan. 1, 2023, and June 1, 2024.
It was reported that HSBC customers lost $16 million (US$10.2 million) from October 2023 to March 2024 due to unauthorised transactions.
The losses coincided with a surge in scam activities in which criminals impersonated HSBC staff to illegally gain access to their bank accounts.
Between January 2020 and August 2024, HSBC Australia received around 950 reports of unauthorised transactions, with a total estimated loss of $23 million.
ASIC Deputy Chair Sarah Court alleged that the bank’s failings were “widespread and systematic.”
“We allege that from at least January 2023, HSBC Australia was aware of the risks of unauthorised transactions occurring and that there were gaps in their fraud controls. This resulted in some customers getting scammed out of $90,000 or more,” she said in a statement.
Aside from poor controls over unauthorised payments, the ASIC deputy chair alleged that HSBC Australia failed to comply with its obligations under the ePayments Code from January 2020, which resulted in prolonged wait times for scammed consumers.
On average, it took the bank 145 days to investigate customers’ scam reports and 95 days to restore customers’ full access to their bank accounts.
In an extreme case, a customer did not have their full access restored for 542 days.
Under the ePayments Code, banks are required to either complete their investigations, and advise customers of the outcome, or inform them that more time is needed to complete the investigation within 21 days after an unauthorised transaction report is received.
Unless there are exceptional circumstances, banks’ investigations must be completed within 45 days of receiving an unauthorised transaction report.
“We know scammers are constantly looking for new ways to exploit people. Customers can lose their life savings in an instant. Scammers do not discriminate,” Court said.
“All banks need to pull their weight in the fight against scams. We will not hesitate to take court action where we consider banks fail to comply with their obligations to protect their customers.”
ASIC said it would seek a declaration from HSBC Australia that it had breached the Corporations Act 2001 and the National Consumer Credit Protection Act 2009.
The regulator also wanted the court to impose penalties and adverse publicity orders on the bank.
ASIC’s announcement comes as Australians suffered a $2.74 billion loss to scams in 2023.
The Epoch Times has reached out to HSBC Australia for comment.
