Australia's Department of the Treasury has released exposure drafts of the Scams Prevention Framework codes and rules and invited feedback on the proposed obligations for the banking, telecommunications and digital platforms sectors. The package would set a common baseline across sectors for governance, secure systems, third party oversight, brand impersonation controls, scam detection and consumer notification, reporting channels and internal dispute resolution, with many of the draft obligations designated as civil penalty provisions. For banks, the draft code would require payee confirmation, identity verification, controls for high risk transactions and activities, transaction and account monitoring, payment recall requests and action to freeze, restrict or close scam-linked accounts. Digital platforms would have to prohibit scam activity in their terms of service, verify users and advertisers, check advertisements before publication, monitor suspicious content, messages and ads, warn users while suspicious activity is being investigated, and remove scam content and disable related accounts once a scam is identified. The separate telecommunications draft would require providers to verify customers and rights to use numbers, block or limit certain call and messaging traffic, maintain Do Not Originate lists, monitor networks and filter messages for scam indicators, and attach warnings or block identifiers while suspected scam traffic is investigated. The draft rules would also exempt digital platform services below the AUD 1 billion revenue test or the 200,000 average monthly active Australian user test, exclude standalone purchased payment facility providers from the banking sector, set a 21 day timeline for statements of compliance in scam complaints, and require records to be kept for six years. The consultation package also includes a position paper on further internal dispute resolution settings that Treasury says are intended to be reflected in the final rules and codes. These proposals would require cooperation on multi party complaints, support automatic reimbursement of verified scam losses below AUD 3,000, and use equal liability sharing where more than one regulated entity has breached the framework, with scope for adjustment in exceptional cases. The draft rules are set to commence on 1 September 2026, while the draft codes are set to commence on the later of 31 March 2027 and registration, and Treasury says separate intelligence sharing rules will be consulted on later with the intention that they take effect by the end of 2027.
Department of Treasury (Australia)2026-05-28
Australia's Department of the Treasury launches consultation on Scams Prevention Framework codes and rules for banks telecommunications and digital platforms
Australia’s Treasury has released exposure drafts of Scams Prevention Framework codes and rules for banking, telecommunications and digital platforms, setting cross-sector obligations on governance, secure systems, third-party oversight, scam detection, consumer notification and dispute resolution, many with civil penalties. Sector-specific measures include payee confirmation and account monitoring for banks, user and advertiser verification and content checks for digital platforms, and customer verification, traffic blocking and message filtering for telecommunications, with exemptions for smaller digital platforms and standalone purchased payment facility providers. A position paper proposes internal dispute resolution settings, cooperation on multi-party complaints, automatic reimbursement of verified scam losses below AUD 3,000 and equal liability sharing where multiple entities breach the framework.