HSBC Australia in Court – ASIC Accuses of Inadequate Fraud Prevention

The Australian Securities and Investments Commission (ASIC) has initiated legal proceedings against HSBC Australia because the bank did not adequately protect its customers from fraud. The regulatory authority alleges that HSBC Australia lacked the necessary controls to prevent or detect unauthorized transactions. Additionally, the bank failed to promptly investigate and respond to reports from customers about such incidents within the required timeframes. Since mid-2023, HSBC Australia has seen a sharp increase in reports of unauthorized transactions, often occurring after account access by individuals posing as bank employees. In the documents submitted to the federal court, ASIC states that between January 2020 and August 2024, the bank received approximately 950 reports of unauthorized transactions, resulting in customer losses totaling around 23 million Australian dollars (approximately 14.6 million US dollars). A particularly noteworthy increase occurred between October 2023 and March 2024, when nearly 16 million Australian dollars (about 10.1 million US dollars) of these losses were incurred. The allegations by ASIC against HSBC Australia include that from January 2020 onwards, there were insufficient systems and processes in place to promptly investigate reports of unauthorized transactions and to quickly restore affected customers' full access to their banking services. Furthermore, the bank is accused of not having adequate controls to prevent and detect unauthorized payments between January 1, 2023, and June 1, 2024. Sarah Court, ASIC's Deputy Chair, stated, "We allege that HSBC Australia exacerbated the issue by failing to meet its obligations under the ePayments Code, leaving its customers in the lurch when they most needed immediate assistance. On average, it took the bank 145 days to respond to customer fraud reports." It is also concerning that, on average, the bank took 95 days to restore full access to customers' accounts, with one case taking as long as 542 days. Scamwatch had already issued a warning about the HSBC Australia impersonation in February of this year. The lawsuit comes against the backdrop of a rising number of fraud cases in Australia, with the ACCC reporting losses of 2.74 billion Australian dollars (about 1.74 billion US dollars) for the year 2023. To counter such threats, a bill was introduced in November, proposing the establishment of a fraud prevention framework that would require companies in certain sectors to protect against fraud.