The suit raised concerns about the bank's fraud controls and support for customers affected by scams
ASIC has initiated legal action against HSBC Bank Australia Limited (HSBC Australia), alleging systemic failures in protecting customers from unauthorised transactions and scams.
The proceedings, filed in the Federal Court, highlighted concerns about HSBC’s fraud controls and its ability to assist customers affected by scams.
ASIC claimed HSBC Australia failed to implement adequate systems to detect and prevent unauthorised payments and did not meet its obligations under the ePayments Code. The regulator also alleged the bank took excessive time to investigate scam-related complaints and restore customer access to their accounts.
According to ASIC, HSBC received approximately 950 reports of unauthorised transactions between January 2020 and August 2024, resulting in customer losses of about $23 million. Notably, $16m of these losses occurred over a six-month period from October 2023 to March 2024, following a sharp rise in scams. Many cases involved scammers impersonating HSBC staff to gain access to customer accounts.
ASIC Deputy Chair Sarah Court said HSBC Australia’s alleged shortcomings were widespread and left customers vulnerable. “We allege HSBC Australia compounded the problem by failing to comply with its obligations under the ePayments Code and let its customers down when they needed their help the most, on average taking 145 days to investigate customers’ reports that they had been scammed,” Court said in a statement.
ASIC argued HSBC Australia was aware of weaknesses in its fraud controls from January 2023 but failed to take appropriate steps to address the risks. The regulator contended that HSBC did not meet its obligations under both the Corporations Act 2001 and the National Consumer Credit Protection Act 2009, which require financial services to be provided “efficiently, honestly, and fairly.”
The ePayments Code, to which HSBC Australia subscribes, requires banks to investigate reports of unauthorised transactions within 21 days and resolve matters within 45 days, except under exceptional circumstances.
Court stressed the importance of banks strengthening their fraud controls to combat the evolving tactics of scammers. This legal action follows a broader effort to address scams in Australia. Earlier this year, the federal government introduced legislation to establish a Scams Prevention Framework, aimed at improving measures to detect, disrupt, and respond to scams.
