Watchdog claims bank's inadequate fraud controls and delays cost customers $23 million
HSBC Australia is facing legal action after the Australian Securities and Investments Commission (ASIC) alleged the bank failed to protect customers who were scammed out of millions of dollars.
In a federal court filing, ASIC accused HSBC Australia of inadequate fraud controls and non-compliance with its obligations to investigate customer complaints about unauthorised transactions within required timeframes. The corporate regulator also alleged the bank delayed reinstating full banking services for affected customers.
According to ASIC, reports of unauthorised transactions by HSBC Australia customers surged from mid-2023, many of which involved scammers impersonating HSBC staff to gain access to customer accounts.
Between January 2020 and August 2024, HSBC Australia received about 950 reports of unauthorised transactions, with customer losses totalling $23 million. Almost $16 million of these losses occurred within a six-month period from October 2023 to March 2024.
ASIC deputy chair Sarah Court (pictured above) described the bank’s alleged shortcomings as “widespread and systemic.”
“We allege HSBC Australia’s failings left some customers vulnerable to losing up to $90,000 or more,” she said. “From at least January 2023, HSBC Australia was aware of the risks of unauthorised transactions and the gaps in its fraud controls but failed to take sufficient action.”
ASIC also criticised the bank’s response times. On average, HSBC allegedly took 145 days to investigate reports of scams and 95 days to restore customers’ access to their accounts. In one case, a customer waited 542 days to regain full access, according to the regulator.
ASIC is seeking court declarations, pecuniary penalties, adverse publicity orders, and costs from HSBC Australia. It alleged that HSBC failed to meet its obligations under the ePayments Code, a voluntary code that governs electronic payments in Australia. The code requires banks to investigate reports of unauthorised transactions within 45 days and to restore account access in a timely manner. It also claimed that HSBC breached requirements under the Corporations Act 2001 and the National Consumer Credit Protection Act 2009, which require financial services and credit activities to be conducted “efficiently, honestly and fairly.”
The legal action comes amid rising financial losses due to scams in Australia. According to the Australian Competition and Consumer Commission (ACCC), Australians lost $2.74 billion to scams in 2023.
In February 2024, Scamwatch issued an alert warning of scammers impersonating HSBC Australia staff. In November, new legislation was introduced to establish a Scams Prevention Framework, aiming to enhance fraud detection and response across key sectors.
“Scammers are constantly evolving their methods, and banks need to step up,” Court said. “We won’t hesitate to act when we see failings in protecting customers from financial harm.”
ASIC encouraged consumers to use its Moneysmart website and Scamwatch for tips on safeguarding against scams and advice on what to do if they suspect they’ve been targeted.
Want to be regularly updated with mortgage news and features? Get exclusive interviews, breaking news, and industry events in your inbox – subscribe to our FREE daily newsletter. You can also follow us on Facebook, X (formerly Twitter), and LinkedIn.
