Luke Howarth

I rise to speak in consideration in detail. The coalition supports the actions of the government when it comes to preventing scams. We feel that it is very important legislation, so I have some questions for the minister regarding the Scams Prevention Framework Bill 2024. I know that this is an important bill for the minister, and I want to acknowledge the work that the minister and his staff have done. With his recent announcement about finishing up at the next election, I would—through you, Mr Speaker—just say to the minister: well done; we wish you well, and thank you for the work that you've done for Australians. We'll give you more time to speak on this, because we know that you love it and that you want lots of questions, so we've got a fair few questions to ask you.

There are some concerns that have been raised about whether the bill will achieve its objectives for consumers. It has been described by some as a bit rushed, complex and unclear, and stacked against consumers. Through you, Mr Speaker: Minister, this framework relies heavily on leaving matters to be determined in future delegated legislation, which has not been made available or consulted upon alongside this bill. These include sector designation instruments, mandatory sector codes and other operational rules and guidelines.

First, given that significant matters, including the prescriptive obligations in the codes, will be in this delegated legislation, why has it not been made publicly available alongside the bill? Second, have these instruments been developed or drafted already? Third, if not, why has this work, which is the substance and scope of the framework, not been done after 31 months of the Albanese government? Fourth, is this work being actively progressed by your department, and when will it be consulted on? I note that this policy work can be progressed and consulted on before the bill passes. Fifth, why are stakeholders and the parliament being expected to pass the bill through this enabling legislation when so much of the detail is not yet available?

They're the initial questions. I also have some questions on regulation. The regulation impact analysis for this bill, which was tabled as part of the explanatory memorandum, uses costing assumptions that appear to significantly understate the regulatory compliance costs. For example, it makes assumptions, including 1.1 full-time equivalent staff required for a major bank to uplift anti-scam activity and governments' improvements; a $40,000 initial technology investment required for a major bank to comply with the info-sharing and reporting obligations and $20,000 ongoing; a $40,000 initial investment in staff for a COBA member bank to administer anti-scam activity and governments' improvements and $10,000 ongoing; and a $100,000 initial investment for a major telco to uplift anti-scam activity in governments and $50,000 ongoing.

Minister, you have said this framework will not be the bare minimum. Can you explain how that statement is compatible with the costing assumptions? Do you stand by the findings of the regulation impact analysis conducted? And has this regulation impact analysis been signed off as compliant by the Office of Impact Analysis? Minister, if you agree that the costings require correction, will you ask the department to do further consultation to get it right and then table a replacement explanatory memorandum?

Stephen Jones

I thank the member for Petrie and the shadow minister for what I took to be his qualified good wishes, and I thank him for the indication of broad support for the legislation. I'll address some of the issues that he's raised. It's not uncommon in matters such as this and, in fact, not uncommon in the structure of Australian competition and consumer law, where broad principles with penalties and obligations are established in the primary law and subsidiary instruments fill out some of the details, and that's the way we have approached this task in this legislation. There will be an obligation, a principal obligation to prevent, detect, disrupt and ensure that consumers are protected and that scam threats across the infrastructure of banks, telecommunications companies and social media companies are lifted up to ensure it protects their consumers.

We are asked why so much of the force of those principles will be filled out in industry codes. The answer is simple. There are two reasons. The first is that the things that will be required of a social media company will be different from those required of a telecommunications company and different from what we'll require of a bank. There will be commonality—there's no doubt about that—but there will be different obligations based on the technology inherent in the platforms we are approaching. That is the first reason. The second reason is the need to move and change and to change rapidly over time. As threats across those vectors change, and change rapidly, with the best will in the world, two houses of parliament are not necessarily going to be the way to enable us to nimbly respond to those sorts of threats, which is why a subsidiary delegated legislation, the mandatory codes, is the best means on which to deal with that—to give us flexibility to move quickly as and when we need. Of course, there is still the regular parliamentary scrutiny available to all members and, in particular, senators in relation to disallowable instruments.

I am asked by the honourable member if work has started on the code. Of course, there have been initial discussions with industry both between my office and Treasury officials. That's not the same as drafting the codes, but that doesn't mean no work has been done. For example, as members have alluded to in this debate, the banking sector is well advanced. They have the Scam-Safe Accord, which has been in operation for close to 18 months. The telecommunications industry has a statutory code of practice in place. The social media platforms are not currently brought within an enforceable code framework, but this bill will change that.

The other point—and it's a matter of great frustration as a minister in this place—is that there is fierce competition for the resources of the Public Service. Because there are scarce resources and unlimited demands upon them, the department won't start work on drafting the codes until they know there's going to be a bill through the parliament to ensure that they are enforceable.

In terms of the regulatory compliance costs, I've got to say to the honourable member that I've had this raised with me a lot of times. The simple answer to, 'How was this data put together?' is that there was a consultation process from Treasury with all those sectors that are likely to be designated. The question put to them was, 'What is the uplift cost likely to be?' The numbers in the regulatory impact statement reflect what was told to us by the banks, the telcos and the social media platforms. Can I say in relation to that that it's about the additionality—what additional resources are any of these institutions going to have to put in place to comply with the measures within this code? That might raise suspicions in the minds of some, but can I simply make this point: any one of the major banks has probably got more resources dedicated to this particular task today than the entirety of the Commonwealth government. Any one of the banks will have, in their criminal fraud and financial crimes protection sections, more resources dedicated to this task. And so they should, because it's customers' money at stake. Hopefully, that explains some of that. I'm advised, and on the basis of that information I inform the House, that the regulatory impact statement, through the Office of Impact Analysis, complies with all the obligations.

Luke Howarth

I have just a few more questions for the minister, and I thank him for his answers. Feedback from both industry and consumer advocates on the draft bill pointed to the complexity arising from the lack of clear liability rules and an apportionment mechanism for situations where multiple entities across different sectors are involved in a scam. How have these concerns been addressed in the final bill? Will AFCA have carte blanche to make decisions on apportionment of liability for each regulated entity? If regulated entities disagree with an apportionment decision, will they be able to litigate to overturn that decision? Do you anticipate these disputes will delay consumer redress? Have you estimated the potential costs and delays arising from litigation relating to these disputes, including for scam victims?

In addition, I note that the Competition and Consumer Act, at section 51AE, already has a regulation-making power for the minister to prescribe enforceable mandatory codes to provide a set of rules or minimum standards for an industry, including the relationship between industry participants and their customers. Was it open to the government to use this existing power to make codes without having to enact new primary legislation? Could using the existing code-making power have meant mandatory codes were developed and made earlier than the 31 months and counting of the Albanese government that we have been waiting for the Scams Prevention Code? If it was open to the minister, why did you choose to delay action on scams by coming up with a much more complex approach? This is an approach which has been criticised by most stakeholders, who have asked for this framework to be focused on the codes. Did you choose this approach so that you could draw this out and have another announcement?

You have previously mentioned that you had difficulty getting legislation drafted. We are still waiting for these industry codes. When would we see these draft codes now? I do note you just addressed that—you're saying the department wouldn't start until this legislation was done—but how long would you expect the draft codes to take from here?

I have some questions about concerns raised about the draft bill and how they've been addressed in this final bill. I make the point again that the government took a long time to come up with this and then ran a shortened three-week consultation period on the draft legislation. This bill was then turned around for introduction just four weeks later, with little of the consultation feedback incorporated as a result. It is important legislation that will impact all Australians. These aren't minor amendments that should be rammed through without scrutiny and without the bare minimum of consultation. Most regulated sector stakeholders, including the ABA and the Communications Alliance, have raised concerns about the double liability issues that arise as a result of the private right of action set out in section 58 of the bill.

Given the whole-of-ecosystem external dispute resolution and the substantial civil penalties, is this additional private right of action necessary? Does the minister anticipate it will be useful or accessible for individual consumers? Many stakeholders, including the Customer Owned Banking Association, have raised concerns about the breadth of actual scam intelligence that might need to be reported and the regulatory burden that this would create. COBA have said: 'The sheer volume of data and information being contemplated by this definition means that what is expected from the obligations may not be reasonably achievable.' So have any changes been made to the final bill to address these concerns? If so, what are these? How will the burden of this data reporting be minimised?

Stephen Jones

I note that the questions that have been asked by the shadow minister are in almost identical form to the issues that have been raised in the Senate legislative inquiry and have been answered in the report on that inquiry, and I refer the minister to the answers contained there within.

Andrew Wilkie

WILKIE () (): Can the minister please explain to my community and the thousands of Australians across the country who are targeted by scammers each year exactly why the government won't rebalance the power in scam compensation and is choosing instead not to impose a UK style presumption of reimbursement by banks and other responsible parties?

Stephen Jones

I thank the member for his question, and I addressed some of the issues related to this in my address-in-reply. Can I simply say this: we believe in attaching liability to fault. It's a fairly rudimentary process, known well to any lawyer in this place. If you're at fault, then you should be liable for the damages or other harm associated with that fault. The problem we have at the moment is there is no standard to which people are held accountable. There's no standard for banks, no standard for telcos and no standard for social media platforms. That changes when this bill is enacted.

I'm asked why we haven't gone down the UK approach. The answer, quite simply, is we do not think it will work, because it is not focused on preventing scams and it has nothing to say about the major vector of scams, which is social media platforms. It beggars belief—I gave some examples here in my address-in-reply—that we should hold the Broken Hill building society, a mutual bank, accountable for a Facebook puppy scam that the members of that bank and the owners of that bank could have no knowledge of or no control over. We would hold the members of that bank accountable for the losses of that Facebook puppy scam, yet the biggest company in the world—or one of the biggest companies in the world—which actually made money out of advertising that scam, is not held liable. That just beggars belief in my mind. I understand why there is a simple attraction to it, but when you dig down into what we are trying to do here—that is, to prevent the scam in the first place—we believe that our approach is the better approach. I think the proof in the pudding of this is that our scam losses are dropping quicker than those in the UK, and there is intense interest from the United Kingdom and other countries around the world in the approach that the Australian government is taking because they think it is a stronger framework.

Long debate text truncated.

Summary

Date and time: 1:22 PM on 2025-02-06
Allegra Spender's vote: Aye
Total number of "aye" votes: 13
Total number of "no" votes: 52
Total number of abstentions: 86
Related bill: Scams Prevention Framework Bill 2025

Adapted from information made available by theyvoteforyou.org.au