Australia’s New Scam Prevention Framework: What Banks Need to Know Now

Australia has just released the Scam Prevention Framework (SPF) consultancy with proposed scam controls for banks, telcos, and digital platforms. This moves it from high-level legislation to how the SPF will work in practice. More than a regulatory update, this is a structural realignment of accountability and customer protection for scams.

Businesses that fail to meet their scam-prevention responsibilities could face fines up to AUD $50 million, so this is a major shake-up. We’ve pulled out some key initial takeaways for banks, who will be required to detect and prevent scams more proactively to meet compliance.

Why the Scam Prevention Framework Matters

Scams have outgrown traditional fraud models, becoming more coordinated, more personalized and more difficult for consumers to recognize. Treasury’s response is cross-sector, but places banks at the frontline of prevention.

The shift: liability and remediation will increasingly depend on whether banks took “reasonable steps.” The core test is the bank’s conduct, not the customer’s experience of being a victim.

This elevates scam prevention into a strategic priority for the sector. For banks, this means an uplift across governance, technology, customer engagement and cross-industry cooperation. The SPF raises expectations and creates a more consistent framework for how all institutions must respond.

A Compressed Timeline for Major Change

The implementation schedule is tight:

• By 30 June 2026: Banks must comply with core obligations, including having a fully operational scam reporting and internal dispute resolution (IDR) mechanism.
• 1 September 2026: All banks must be members of AFCA for scam dispute resolution.
• From 1 January 2027: AFCA begins hearing SPF-aligned complaints.
• By end of 2027: Supplementary rules – particularly intelligence sharing and reporting of scam outcomes – come into effect.

This gives banks roughly six months to redesign processes that, in some cases, have evolved over decades.

Governance: Scams Become a Formal Risk Class

The SPF requires banks to integrate scam prevention into existing governance structures with the same seriousness applied to AML/CTF and cybersecurity. That includes:

• Clear executive and board oversight.
• Documented policies and processes.
• Defined risk metrics and performance measures.
• Regular internal assurance and review.

This governance uplift will set the tone for the rest of the framework.

Prevention: A Move Toward Proactive, Risk-Based Controls

Banks must identify and address vulnerabilities before scammers exploit them. Prevention obligations include:

• Targeted warnings for high-risk payments, especially to new or offshore accounts.
• Payee-name checking to reduce misdirected or manipulated payments.
• Strengthened customer verification, with enhanced checks where customers face elevated scam risk.
• Effective brand protection, including measures to limit number spoofing and impersonation.
• Tailored scam education, delivered at the right moments and through the right channels.
• Staff training grounded in current scam trends and real customer scenarios.

The goal is to reduce harm earlier in the customer journey and filter risk before funds move.

Detection: Earlier Insight, Faster Action

Banks must shift from reactive detection to continuous, intelligence-driven monitoring. Expectations include:

• Real-time or near-real-time monitoring of transactions for indicators of scam behavior.
• The ability to identify customers sending funds to known scam accounts – including accounts at other institutions.
• Better visibility into compromised accounts and suspicious patterns.
• Processes for assessing both financial and non-financial impacts, including identity theft exposure.

“Reasonable steps” will be interpreted through the lens of whether a bank could and should have detected the scam earlier.

Disruption: Swift Intervention Becomes Mandatory

Disruption obligations are where the SPF becomes most operationally demanding. Banks must be equipped to:

• Freeze or close scammer-controlled accounts quickly once actionable intelligence is identified.
• Act immediately on payment recall requests, both issuing and responding to them.
• Provide customer-initiated account freezes through app or hotline channels.
• Temporarily limit or block suspicious transactions or account activity while investigations proceed.
• Notify customers who may be implicated in an active scam scenario.

A safe-harbor provision protects banks that intervene in good faith, provided services are restored promptly if the activity is proven legitimate.

Response & Redress: Greater Transparency and Faster Resolution

The SPF reshapes how banks must support customers post-scam:

• Banks must accept scam reports 24/7 and acknowledge them within 24 hours.
• Consumers can complain to any institution in the scam chain – creating a “no wrong door” model.
• Banks have 30 days to resolve complaints and provide a Statement of Compliance detailing which SPF obligations were met or breached and why.
• Multi-party scams require coordinated responses, with default equal cost-sharing unless culpability differs materially.

AFCA will act as the external escalation point, and its decisions will hinge heavily on banks’ documented compliance actions.

Victim Reimbursement

The SPF takes a different approach to victim reimbursement compared with schemes like the UK APP model. Under the SPF, financial redress is not guaranteed simply because a consumer was deceived and lost money. Instead, reimbursement hinges on whether the business met its regulatory obligations under the Prevent, Detect, Disrupt and Respond principles.

If the bank can demonstrate that it took “reasonable steps,” issued appropriate warnings, monitored transactions to the expected standard, acted on actionable intelligence and responded properly to reports, then it may not be required to reimburse the victim. Customer behavior or vulnerability is not the deciding factor.

While it encourages stronger controls and more proactive prevention, it does not offer any certainty to victims seeking reimbursement.

What This Means for Banking Leaders

The SPF elevates scam prevention to a core regulatory responsibility. Many Australian banks already have good measures in place, but the framework requires a much more coordinated and demonstrable standard of performance across prevention, detection, disruption, and response. With a six-month window before obligations come into force, banks need to move quickly to meet mandated expectations.

The framework also demands improved cross-sector cooperation and clearer evidence that “reasonable steps” have been taken. These expectations are significant and will require focused execution across the organization to ensure compliance.

How Outseer Can Help?

The SPF raises expectations across every stage of the scam lifecycle, from early intervention to disruption and remediation. Outseer’s platform is built to help banks meet their obligations with capabilities that detect and prevent threats across channels and improve real-time decisioning.

Adaptive Intervention^™

Outseer delivers real-time behavioral indicators that help banks identify when a customer is being manipulated, enabling the bank to slow, pause or challenge high-risk transactions before funds leave the account.

Cross-Channel Intelligence

Outseer provides consistent scam-risk and behavioral signals across digital banking and CNP transactions, helping banks detect cross-channel scam activity and emerging typologies earlier.

Impersonation and Brand Misuse Detection

Outseer cyber-intelligence identifies signals of brand impersonation and scam websites, allowing banks to respond quickly and support faster takedown of fraudulent assets.

Mule Account Detection

Outseer provides intelligence on high-risk payments and mule network indicators to support earlier interdiction.

Real-Time Machine Learning for Scam Detection

Outseer’s models analyze behavior and transaction context across channels to detect scam patterns as they emerge, enabling banks to block or challenge suspicious activity at scale.

The Bottom Line

Behind every scam is a person who loses far more than money. Many experience shame, fear, and a lasting loss of confidence in the financial system. Australia’s Scams Prevention Framework recognizes this human impact and responds with a cross-sector approach that reflects how scams move across banks, telcos, and digital platforms. Its broad coverage of scam types and shared-responsibility model is a meaningful step forward in national scam prevention.

However, the framework does not guarantee reimbursement for victims. Redress depends on whether businesses have met their compliance obligations, rather than on the fact that a consumer has been deceived.

We will be monitoring the roll-out of the Scams Prevention Framework and working with banks to strengthen detection and intervention capabilities that protect customers at scale.

Read more about Outseer’s approach to scam prevention.