HSBC Australia Faces A$35mn Scam Penalty

Overview

HSBC Bank Australia has been proposed a penalty of A$35 million (approximately US$24.6 million) by the Australian Securities and Investments Commission (ASIC) for serious failures in protecting customers from scams. ASIC and HSBC will jointly seek Federal Court approval of the settlement, making it one of the first global cases focused on a bank’s alleged shortcomings in scam prevention.

Regulatory Findings

ASIC reported that HSBC admitted to failing to maintain adequate controls over its internal transfer system between May 2023 and May 2024, which increased the risk of unauthorised transactions for its customers. The bank also acknowledged that it had been aware since 2021 of the rising threat from impersonation scams, where fraudsters pose as HSBC representatives.

Scope of Impact

Between January 2020 and August 2024, HSBC received more than 1,000 reports of unauthorised transactions amounting to A$34.6 million. The number of such reports surged by approximately 380 % in 2023 and 2024, driven largely by impersonation scams. ASIC further found that HSBC breached its licence obligations by taking an average of 144 days to resolve scam reports and by not providing adequate systems for customers who were locked out of their accounts.

Remediation and Compensation

HSBC has instituted a remediation programme, under which it has already paid about A$21.5 million in compensation to affected customers and has recovered and returned an additional A$6.5 million. The proposed A$35 million penalty and the remediation measures remain subject to approval by the Federal Court.