Australia’s Federal Parliament has passed the Scams Prevention Framework Act 2025, marking a major step in the country’s fight against digital fraud. The new legislation imposes sector-specific obligations on designated sectors to detect, prevent, and disrupt scams impacting Australian consumers and small businesses. The legislation will take effect immediately upon Royal Assent subject to further Ministerial designations and codes.
The Scams Prevention Framework (SPF) is expected to impose additional regulatory oversight of and mandates on key sectors including banks, telcos, and digital platforms to play a proactive role in combating scams. The SPF is likely to be expanded to additional sectors (including the cryptocurrency sector) over time.
With its passage, the SPF introduces a multi-layered compliance structure, requiring businesses to:
Prevent scams through internal governance policies.
Detect fraudulent activity with actionable intelligence.
Disrupt scams by blocking suspicious transactions and communications.
Report scams to regulators and affected consumers.
Respond effectively to consumer complaints and participate in external dispute resolution schemes.
The SPF primarily targets highly regulated sectors, which include banks, telecommunications providers, and digital platforms. These businesses must comply with new code-based obligations, which the Minister may introduce to address specific scam-related risks.
Failure to comply with the SPF may result in civil penalties, with regulators such as the ACCC and ASIC enforcing compliance.
Unlike previous approaches that largely relied on post-fraud enforcement, the SPF mandates upstream protections—forcing businesses to take preventative measures before scams occur. This shifts accountability onto service providers who facilitate digital transactions and communications.
The passing of the Scams Prevention Framework Act 2025 means affected businesses will need to review their compliance obligations and prepare for increased scrutiny. Expect further regulatory guidance, industry codes, and enforcement actions as the framework takes effect.
By Steven Pettigrove and Luke Misthos
Comments