In 2023, bad actors stole 2.7 billion from consumers — and the Australian government acted quickly to propose protections.
“The Scams Prevention Framework [...] is an economy-wide reform to protect the Australian community from scams. It recognises that a whole-of-ecosystem approach is required to reduce gaps which can be exploited by scammers, and that everyone, including industry, government, and consumers, have a role to play to combat scams.”
In 2024, the Treasury released an exposure draft of the bill detailing the framework. Let’s explore the reforms and consumer protections they plan to implement.
The Scams Prevention Framework Drafted in 2024
The Scams Prevention Framework requires service providers in selected sectors of the economy to take a variety of actions to combat scams relating to their services.
How the Framework Relates to Internet, Search, and Social Media Companies
Under the proposal, regulated entities such as social media companies that operate in Australia will be required to have appropriate governance arrangements and have appropriate strategies for preventing, detecting, reporting, disrupting, and responding to scams.
The simplified outline for subdivision B—SPF principle 1 states:
“Each regulated entity must develop and implement governance policies, procedures, metrics, and targets for combatting scams.
These must be reviewed, and certified by a senior officer of the entity, at least annually.
The entity must publish information about how the entity is protecting its consumers from scams and about the rights of its consumers in relation to scams.
The entity must keep records and give reports about its compliance with this principle.”
Regulated entities like social media companies will be legally obligated to maintain adequate records, report their compliance efforts, take reasonable steps to prevent scams, and provide resources and warnings to consumers.
All Regulated Sectors Subject to the Framework
The framework explicitly states what sectors of business are regulated entities and to what extent. Banking and insurance businesses are subject to the framework (other than State banking or insurance). Buried within the postal, telegraphic, telephonic, and/or other similar services subsection includes a few distinct clarifications.
Businesses subject to and/or regulated by the framework include those regulated by existing law including:
- The Telecommunications Act 1997 which regulates telecommunications providers.
- The Broadcasting Services Act 1992 which regulates radio and television services.
- The Online Safety Act 2021 which regulates internet, search, and social media companies.
Social Media Companies and Internet Platforms Are Also Subject to the Online Safety Act and the Framework
Part three of the Online Safety Act 2021 outlines the legal necessity for a social media service and/or internet platform to provide users with recourse to complain or object and receive an investigation.
There must be a complaint system in place for the following.
- Cyberbullying material targeted at a child.
- Non‑consensual sharing of intimate images.
- Violent material that depicts abhorrent behavior.
- Online content scheme(s)
How Internet, Search, and Social Media Companies Can Come into Compliance with the Framework
There are a multitude of penalties for non-compliance with the Framework. An action that violates the Framework is called a contravention.
“The SPF general regulator may obtain information, documents, and evidence relating to possible contraventions of the Scams Prevention Framework.”
Other remedies for contraventions of the Framework are listed as follows:
- Infringement notices
- Enforceable undertakings
- Injunctions
- Actions for damages
- Public warning notices
- Remedial directions
- Adverse publicity orders
- Other punitive and non-punitive orders
Let’s explore what tier 1 and tier 2 contraventions are.
The Maximum Penalty for Tier 1 Contraventions
Tier 1 contraventions are “a civil penalty provision of an SPF10 principle in any of Subdivisions C, D, F or G of Division 2” as outlined in the exposure draft. The maximum penalty for corporate bodies is 159,745 units. The maximum penalty for non-corporate or “other” bodies is 7,990 units.
The Maximum Penalty for Tier 2 Contraventions
Tier 2 contraventions are, “a civil penalty provision of an SPF principle in 3 Subdivision B or E of Division 2.” The maximum penalty for corporate bodies is 31,950 units, and the maximum for non-corporate or “other” bodies is 7,990 units.
