Scams Prevention Framework Act 2025 (Cth)
Contents
[
The Parliament of Australia enacts:
This Act is the
Scams Prevention Framework Act 2025 .
(1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.
The day after this Act receives the Royal Assent. | 21 February 2025 | |
Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.
(2) Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.
Legislation that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.
Insert:
The object of this Part is to prevent and respond to scams impacting:
(a) either:
(i) natural persons while they are in Australia; or
(ii) persons who carry on small businesses in Australia;
if the scams relate to, are connected with, or use certain services that are or may be provided or purportedly provided to those persons; or
(b) natural persons while they are outside of Australia if:
(i) they are ordinarily resident in Australia; and
(ii) the scams relate to, are connected with, or use certain services that are or may be provided or purportedly provided to those persons by Australian service providers or by foreign service providers through permanent establishments in Australia.
The Scams Prevention Framework is a multifaceted approach for protecting Australian consumers from scams. The Framework requires service providers in selected sectors of the economy to take a variety of actions to combat scams relating to, connected with, or using their services.
These service providers must comply with the overarching principles of the Framework. These principles are about:
(a) governance arrangements relating to scams; and
(b) preventing, detecting, reporting, disrupting and responding to scams.
Under the Framework, the Minister may make a code (an
SPF code ) setting out sector‑specific requirements for the service providers in a selected sector of the economy relating to:
(a) governance arrangements relating to scams; and
(b) preventing, detecting, disrupting and responding to scams.
Under the Framework, the Minister may authorise external dispute resolution schemes for participation by these service providers. The operator of such a scheme will be able to determine complaints by consumers about how these service providers respond to scams.
The Commission is to regulate and enforce compliance with the overarching principles of the Framework. Other Commonwealth entities will be selected by the Minister to regulate and enforce compliance with SPF codes.
(1) The Minister may, by legislative instrument, designate one or more businesses or services to be a
regulated sector of the Australian economy.Note 1: An individual business or service could be designated, or businesses or services could be designated by class (see subsection 13(3) of the
Legislation Act 2003 ).Note 2: For variation and repeal, see subsection 33(3) of the
Acts Interpretation Act 1901 .(2) Without limiting subsection (1), the following classes of businesses or services could be designated:
(a) businesses of banking, other than State banking (within the meaning of paragraph 51(xiii) of the Constitution) not extending beyond the limits of the State concerned;
(b) businesses of insurance, other than State insurance (within the meaning of paragraph 51(xiv) of the Constitution) not extending beyond the limits of the State concerned;
(c) postal, telegraphic, telephonic or other like services (within the meaning of paragraph 51(v) of the Constitution), such as one or more of the following:
(i) carriage services (within the meaning of the
Telecommunications Act 1997 );(ii) electronic services (within the meaning of the
Online Safety Act 2021 ), such as social media services (within the meaning of that Act);(iii) broadcasting services (within the meaning of the
Broadcasting Services Act 1992 ).Note: This is not an exhaustive list. Similarly, a subset of paragraph (a), (b) or (c) could be designated.
Entities with businesses or services within the banking, insurance or communications constitutional powers
(1) To the extent that a regulated sector includes a business or service covered by paragraph 58AC(2)(a), (b) or (c):
(a) the person who carries on or provides that business or service is a
regulated entity for the sector; and(b) that business or service is a
regulated service of the regulated entity for the sector.Note 1: This subsection extends to a regulated sector consisting of businesses or services that are a subset of paragraph 58AC(2)(a), (b) or (c).
Note 2: Sections 58GA to 58GC extend the meaning of
person for partnerships, unincorporated associations and trusts.
Other entities who may be regulated entities
(2) Otherwise:
(a) the
regulated entities for a regulated sector; and(b) the
regulated services of each of those regulated entities;are as set out in the following table:
1 | a corporation that carries on or provides a business or service that is part of the regulated sector | that business or service. |
2 | a person to the extent that the person is both:
| so much of that business or service as relates to the person acting in that way. |
3 | a person to the extent that the person is both:
| so much of that business or service as relates to the person acting in that way. |
Note 1: For the meaning of
corporation , see section 4.Note 2: Sections 58GA to 58GC extend the meaning of
person for partnerships, unincorporated associations and trusts.
(3) For the purposes of item 3 of the table in subsection (2), the kinds of trade or commerce are as follows:
(a) trade or commerce between Australia and places outside Australia;
(b) trade or commerce among the States;
(c) trade or commerce within a Territory, between a State or Territory or between 2 Territories.
Exceptions—complete
(4) Despite subsections (1) and (2):
(a) a person is not a
regulated entity for a regulated sector to the extent that an exception prescribed by the SPF rules applies to the person; and(b) a business or service is not a
regulated service of a person for a regulated sector to the extent that an exception prescribed by the SPF rules applies to the business or service.Note: A person, business or service may be specified by class (see subsection 13(3) of the
Legislation Act 2003 ).
Exceptions—partial
(5) Despite subsections (1) and (2), the instrument made under subsection 58AC(1) designating a business or service to be all or part of the regulated sector may declare that:
(a) the person who carries on or provides the business or service is not a
regulated entity for the regulated sector for the purposes of specified SPF provisions; or(b) the business or service is not a
regulated service for the regulated sector for the purposes of specified SPF provisions.Note: An individual person, business or service could be declared, or persons, businesses or services could be declared by class (see subsection 13(3) of the
Legislation Act 2003 ).
(1) Before making an instrument under subsection 58AC(1) about a sector of the economy, the Minister must:
(a) consider all of the following:
(i) scam activity in the sector;
(ii) the effectiveness of existing industry initiatives to address scams in the sector;
(iii) the interests of persons who would be SPF consumers of regulated services for the sector if the instrument were made;
(iv) the likely consequences (including benefits and risks) to the public if the instrument were made;
(v) the likely consequences (including benefits and risks) to the businesses or services making up the sector;
(vi) any other matters the Minister considers relevant; and
(b) consult the businesses or services making up the sector, or such associations or other bodies representing them as the Minister thinks appropriate; and
(c) consult such associations or other bodies representing the persons referred to in subparagraph (a)(iii) as the Minister thinks appropriate.
Note: For the meaning of
SPF consumer , see section 58AH.(2) A failure to comply with subsection (1) does not invalidate an instrument made under subsection 58AC(1).
The Minister may, in writing, delegate the Minister’s power to make an instrument under subsection 58AC(1) to another Minister.
Note: Sections 34AA to 34A of the
Acts Interpretation Act 1901 contain provisions relating to delegations. For example, section 34A of that Act means that section 58AE of this Act can be satisfied by the delegate.
(1) A
scam is a direct or indirect attempt (whether or not successful) to engage an SPF consumer of a regulated service where it would be reasonable to conclude that the attempt:
(a) involves deception (see subsection (2)); and
(b) would, if successful, cause loss or harm including obtaining SPF personal information of, or a financial or other benefit from, the SPF consumer or the SPF consumer’s associates.
(2) The attempt involves deception if the attempt:
(a) deceptively represents something to be (or to be related to) the regulated service; or
(b) impersonates a regulated entity in connection with the regulated service; or
(c) is an attempt to deceive the SPF consumer into:
(i) performing an action using the regulated service; or
(ii) facilitating another person to perform an action using the regulated service; or
(d) is an attempt to deceive the SPF consumer that is made using the regulated service.
(3) The attempt may be a single act or a course of conduct.
(4) However, the attempt is not a
scam if the attempt is of a kind prescribed by the SPF rules.
(1) An
SPF consumer , of a regulated service, is any of the following:
(a) a natural person, or a small business operator, who is or may be provided or purportedly provided the service in Australia;
(b) a natural person who:
(i) is ordinarily resident in Australia; and
(ii) is or may be provided or purportedly provided the service outside of Australia by a regulated entity that satisfies the residency requirements in subsection (2).
(2) The regulated entity satisfies the residency requirements if it:
(a) is an Australian resident (within the meaning of the Income Tax Assessment Act 1997); or
(b) is so providing or purportedly providing the service through a permanent establishment (within the meaning of the
Income Tax Assessment Act 1997 ) in Australia.Note 1: For paragraph (1)(a), a person who is a small business operator at the time the person is impacted by a scam continues to be an SPF consumer
for that time even if the business later has 100 or more employees.Note 2: Sections 58GA to 58GC extend the meaning of
person for partnerships, unincorporated associations and trusts.(3) Subsection (1) includes the provision or purported provision of a regulated service:
(a) directly or indirectly to the person; or
(b) whether or not under a contract, arrangement or understanding with the person; or
(c) whether or not the regulated entity providing the service knows that the person is:
(i) a natural person; or
(ii) a small business operator; or
(d) that involves the supply of goods.
Note: This is not an exhaustive list.
(4) However, the person is not an
SPF consumer of the regulated service if a condition prescribed by the SPF rules applies to the person in relation to regulated services of that kind.(5) In this section:
annual turnover has the same meaning as in theCorporations Act 2001 .
related body corporate has the same meaning as in theCorporations Act 2001 .
small business operator means a person who carries on a business if:
(a) in the case of the person being a body corporate:
(i) the sum of the person’s employees, and the employees of any body corporate related to the person, is less than 100 employees; and
(ii) the person’s annual turnover during the last financial year is less than $10 million; and
(b) in the case of the person not being a body corporate:
(i) the person has less than 100 employees; and
(ii) the person’s annual turnover (worked out as if the person were a body corporate) during the last financial year is less than $10 million; and
(c) in every case—the business has a principal place of business in Australia.
(6) Section 4B (about consumers) does not apply to this Part.
A regulated entity identifies or has
actionable scam intelligence if (and when) there are reasonable grounds for the entity to suspect that a communication, transaction or other activity relating to, connected with, or using a regulated service of the entity is a scam.Note 1: Whether there are reasonable grounds for such a suspicion is an objective test. Relevant information for this test may include:
(a) information about the mechanism or identifier being used to scam SPF consumers, such as URLs, email addresses, phone numbers, social media profiles, digital wallets and bank account information of the scam promotors; and
(b) information about the suspected scammer; and
(c) information (including complaints) provided by SPF consumers.
Note 2: Gathering and reporting this information will minimise the harm from scams (see SPF principles 4 and 5 in Subdivisions E and F of Division 2).
(1) Each of the following provisions (the
SPF provisions ) extends to every external Territory:
(a) a provision of this Part;
(b) a provision of a legislative instrument made under this Part;
(c) another provision of this Act to the extent that it relates to a provision covered by paragraph (a) or (b);
(d) a provision of the Regulatory Powers Act to the extent that it applies in relation to a provision covered by paragraph (a) or (b).
(2) The SPF provisions extend to acts, omissions, matters and things outside Australia.
Conduct of agents etc. of a regulated entity is attributable to the regulated entity
(1) For the purposes of the SPF provisions, section 97 of the Regulatory Powers Act (to the extent that it applies in relation to the SPF provisions) applies to a regulated entity who is not a body corporate in a corresponding way to the way that provision applies to a regulated entity who is a body corporate.
Acts done in relation to an agent of a regulated entity taken to be done in relation to the regulated entity
(2) For the purposes of SPF provisions, if an act is done by a person in relation to another person (the
agent ) who:
(a) is acting on behalf of a regulated entity; and
(b) is so acting within the scope of the agent’s actual or apparent authority;
the act is taken to have also been done in relation to the regulated entity.
Each regulated entity must comply with the overarching principles of the Scams Prevention Framework.
These principles require each regulated entity to:
(a) document and implement governance arrangements to combat scams; and
(b) take reasonable steps to prevent, detect, report, disrupt and respond to scams.
These requirements are civil penalty provisions. The Commission (in its capacity as the SPF general regulator) will monitor, investigate and enforce compliance with these provisions. Division 6 sets out remedies for non‑compliance with these provisions.
(1) Matters relevant to whether a regulated entity has taken
reasonable steps for the purposes of a provision of this Division include:
(a) the size of the regulated entity; and
(b) the kind of regulated services concerned; and
(c) the consumer base of those services; and
(d) the kinds of scam risks those services face; and
(e) whether the regulated entity has complied with any relevant SPF code obligations relating to that provision.
(2) In determining whether a regulated entity has taken
reasonable steps for the purposes of a provision of this Division, the primary consideration must be the matter in paragraph (1)(e) (if applicable).
Each regulated entity must document and implement governance policies, procedures, metrics and targets for combatting scams.
These must be reviewed, and certified by a senior officer of the entity, at least annually.
The entity must keep records and give reports about its compliance with this principle.
The SPF code for the sector may include sector‑specific provisions for this principle.
(1) A regulated entity for a regulated sector contravenes this subsection if the entity fails to do one or more of the following:
(a) document governance policies and procedures about:
(i) preventing, detecting and disrupting scams; and
(ii) responding to scams; and
(iii) reports relating to scams;
relating to, connected with, or using the entity’s regulated services for the sector;
(b) implement those governance policies and procedures;
(c) develop and implement performance metrics and targets that:
(i) are for measuring the effectiveness of those governance policies and procedures; and
(ii) comply with any requirements for those metrics and targets that are prescribed by the SPF rules.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity for a regulated sector contravenes this subsection if:
(a) no senior officer of the entity certifies in writing, within 12 months of the day the entity becomes a regulated entity for the sector, whether the entity’s SPF governance policies, procedures, metrics and targets for the sector comply with this Subdivision; or
(b) no senior officer of the entity certifies in writing, within 7 days after each 12‑month anniversary of the day the entity becomes a regulated entity for the sector, whether the entity’s SPF governance policies, procedures, metrics and targets for the sector comply with this Subdivision.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity for a regulated sector contravenes this subsection if the entity fails to keep records of information of a material nature relating to each of the following activities for at least 6 years after that activity happens:
(a) the initial documenting, and each revision of the documenting, of the entity’s SPF governance policies, procedures, metrics and targets for the sector;
(b) the initial implementation, and each reimplementation, of those SPF governance policies, procedures, metrics and targets;
(c) each consideration (including certification) by one of the entity’s senior officers of those SPF governance policies, procedures, metrics and targets, including in relation to their documenting, implementation and review;
(d) any other activities that are prescribed by the SPF rules.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
58BG Reporting about compliance with this Subdivision—civil penalty provision
(1) A regulated entity for a regulated sector contravenes this subsection if:
(a) the SPF general regulator, or the SPF sector regulator for the sector, gives the entity a written request for a copy of:
(i) the entity’s SPF governance policies, procedures, metrics and targets for the sector; or
(ii) specified kinds of other records required by this Subdivision to be kept for the sector by the entity; and
(b) the entity fails to comply with the request within:
(i) 10 business days after the day the entity is given the request; or
(ii) such longer period as is allowed by the SPF regulator.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
For the purposes of (but without limiting) subsection 58CC(1), the SPF code for a regulated sector may include sector‑specific provisions describing:
(a) the matters that a regulated entity for the sector must include in the entity’s governance policies and procedures for the purposes of this Subdivision; or
(b) the factors that a regulated entity for the sector must have regard to when developing the entity’s governance policies and procedures for the purposes of this Subdivision.
Each regulated entity for a regulated sector must take reasonable steps to prevent scams.
The SPF code for the sector may include sector‑specific provisions for this principle.
(1) A regulated entity contravenes this subsection if the entity fails to take reasonable steps to prevent another person from committing a scam relating to, connected with, or using a regulated service of the entity.
Note: Sections 58GA to 58GC extend the meaning of
person for partnerships, unincorporated associations and trusts.(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) Taking reasonable steps for the purposes of subsection 58BJ(1) requires more than merely acting on actionable scam intelligence in the form of information provided to the regulated entity by another person.
Further sector‑specific details can be set out in SPF codes
(2) For the purposes of (but without limiting) subsection 58CC(1), the SPF code for a regulated sector may include sector‑specific provisions:
(a) describing what are reasonable steps for the purposes of this Subdivision (see also section 58BB); or
(b) requiring each regulated entity for the sector to:
(i) identify its SPF consumers who are at risk of being targeted by a scam; or
(ii) identify its SPF consumers who have a higher risk of being targeted by a scam; or
(c) requiring each regulated entity for the sector to provide information about such scams to an SPF consumer described in subparagraph (b)(i) or (ii).
Each regulated entity for a regulated sector must take reasonable steps to detect scams. This includes:
(a) investigating, in a timely way, activities that are the subjects of its actionable scam intelligence; and
(b) identifying, in a timely way, its consumers that have or may have been impacted by such activities.
The SPF code for the sector may include sector‑specific provisions for this principle.
(1) A regulated entity contravenes this subsection if the entity fails to take reasonable steps to detect a scam relating to, connected with, or using a regulated service of the entity.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).(3) Without limiting subsection (1), the regulated entity fails to take reasonable steps to detect a scam relating to, connected with, or using a regulated service of the entity if the entity fails to take reasonable steps to:
(a) detect such a scam as it happens; or
(b) detect such a scam after it happens.
Note: For further details about the meaning of reasonable steps, see sections 58BB and 58BP.
(1) A regulated entity contravenes this subsection if the entity:
(a) has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity; and
(b) fails to take reasonable steps to investigate whether or not the activity is a scam during the 28‑day period starting on the day that the intelligence becomes actionable scam intelligence for the entity.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity contravenes this subsection if the entity:
(a) has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity; and
(b) fails to take reasonable steps within a reasonable time to identify the persons who were SPF consumers of that service at the time when the persons were or may have been impacted by the activity.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
For the purposes of (but without limiting) subsection 58CC(1), the SPF code for a regulated sector may include sector‑specific provisions describing:
(a) what are reasonable steps (see also section 58BB); or
(b) what is a reasonable time;
for the purposes of this Subdivision.
Each regulated entity must give the SPF general regulator reports of any actionable intelligence the entity has about activities relating to, connected with, or using the entity’s regulated services.
A regulated entity must give an SPF regulator a report about a scam if the SPF regulator requests.
The SPF general regulator may disclose information about scams to certain other entities.
(1) This section applies if a regulated entity has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity.
Civil penalty provision
(2) The entity contravenes this subsection if the entity fails to give a report about the actionable scam intelligence:
(a) to the SPF general regulator within the period, and in the manner and form, prescribed by the SPF rules; and
(b) that contains the kinds of information prescribed by the SPF rules.
Note: This subsection only applies to the entity when the SPF rules prescribe matters for paragraphs (a) and (b) that apply to the entity.
(3) Subsection (2) is a civil penalty provision.
Note: This means subsection (2) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
Defence
(4) Subsection (2) does not apply to the entity if circumstances of a kind prescribed by the SPF rules apply to the entity.
Note: A defendant bears an evidential burden in relation to the matter in this subsection (see section 96 of the Regulatory Powers Act).
Matters relevant to reports
(5) For the purposes of (but without limiting) subsection (2), the SPF rules may prescribe:
(a) that the report may be given via access to a specified data gateway, portal or website; and
(b) that the report include the sources or evidence that the entity has for that intelligence (see section 58AI); and
(c) different matters for different kinds of regulated entities.
Note: For more about the data gateways, portals or websites referred to in paragraph (a), see section 58BT.
(6) The report may be required to include SPF personal information.
(1) This section applies if an SPF regulator gives a written request to a regulated entity for the entity to give the SPF regulator a report about a scam relating to, connected with, or using a regulated service of the entity.
Civil penalty provision
(2) The entity contravenes this subsection if the entity fails to give a report about the scam:
(a) to the SPF regulator within the period, and in the manner and form, set out in the request; and
(b) that contains the kinds of information set out in the request.
(3) Subsection (2) is a civil penalty provision.
Note: This means subsection (2) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).(4) For the purposes of (but without limiting) subsection (2), the SPF regulator’s request may:
(a) provide that the report may be given via access to a specified data gateway, portal or website; and
(b) ask that the report set out:
(i) what loss or harm may have resulted from the scam, what disruptive actions the entity has taken and whether any of those actions have been reversed; and
(ii) what steps the entity is taking to disrupt similar scams, and to prevent loss or harm resulting from similar scams.
Note: For more about the data gateways, portals or websites referred to in paragraph (a), see section 58BT.
(5) The request may ask for the report to include SPF personal information. If so, the request must require the entity to de‑identify the information unless the SPF regulator reasonably believes that doing so would not achieve the object of this Part.
(6) If:
(a) a regulated entity gives a scam report to an SPF regulator under this section; and
(b) another SPF regulator later requests a scam report under this section from the regulated entity about the same matters;
then, despite subsection (2), the later scam report need only state that an earlier scam report about those matters was given to the first‑mentioned SPF regulator on a specified date and time.
Note: The SPF regulators can share the earlier scam report under Subdivision C of Division 5.
(1) The SPF rules may prescribe a scheme for authorising third parties to operate data gateways, portals or websites that give access to reports under this Division.
(2) For the purposes of (but without limiting) subsection (1), the SPF rules may include the following:
(a) provisions conferring functions or powers on the SPF general regulator under the scheme;
(b) the criteria for a person to be authorised under the scheme;
(c) provisions providing that authorisations may be granted subject to conditions, and that conditions may be imposed on an authorisation after it has been granted;
(d) provisions providing that authorisations may be granted at different levels corresponding to different risks;
(e) provisions specifying what a person authorised at a particular level is authorised to do (or not authorised to do);
(f) provisions dealing with the period, renewal, transfer, variation, suspension, revocation or surrender of authorisations;
(g) notification requirements on persons whose authorisations have been varied, suspended, revoked or surrendered;
(h) transitional rules for when an authorisation is varied, is suspended or ends, including in relation to SPF personal information;
(i) provisions for the making of applications for internal review, or of applications to the Administrative Review Tribunal for review, of decisions of a person under the scheme.
(3) A person authorised under the scheme may use or disclose SPF personal information to the extent that this is reasonably necessary to achieve the object of this Part.
A duty of confidence owed under an agreement or arrangement is of no effect to the extent that it is contrary to section 58BR or 58BS.
Note: Each of sections 58BR and 58BS is also a requirement by law to disclose the information contained in the report referred to in that section. So, complying with that section can be a defence to a secrecy provision such as section 276 of the
Telecommunications Act 1997 (see paragraph 280(1)(b) of that Act).
(1) The SPF general regulator may disclose information relating to either of the following actions (a
scamming action ):
(a) a scam (as defined in section 58AG);
(b) a scam (within the ordinary meaning of that expression);
to an entity mentioned in subsection (2).
Note 1: This includes disclosing SPF personal information, but such information may first need to be de‑identified (see subsection (4)).
Note 2: The SPF general regulator can also disclose the information to an SPF sector regulator (see section 58EG).
(2) The entities are as follows:
(a) a regulated entity;
(b) a Commonwealth agency or authority involved in developing Government policy relating to this Part;
(c) a law enforcement agency of the Commonwealth, or of a State or Territory;
(d) an agency of a foreign country, or of part of a foreign country, that:
(i) is a law enforcement agency; or
(ii) is a regulatory agency responsible for scam prevention;
if subsection (3) applies to a disclosure of information to the agency.
(3) This subsection applies to a disclosure of information to a foreign agency if the SPF general regulator is satisfied that:
(a) the agency has given an undertaking for the following:
(i) controlling the storage and handling of the information;
(ii) controlling the use that will be made of the information;
(iii) ensuring that the information will be used only for the purpose for which it is disclosed to the agency; and
(b) it is appropriate, in all the circumstances, to disclose the information to the agency.
(4) SPF personal information may be disclosed under subsection (1). However, for a disclosure to an entity mentioned in paragraph (2)(b) such information must be de‑identified unless the SPF general regulator reasonably believes that doing so would not achieve the object of this Part.
Each regulated entity for a regulated sector must take reasonable steps to:
(a) disrupt an activity that is the subject of actionable scam intelligence; and
(b) prevent losses from such an activity.
The entity will also need to report to the SPF general regulator the outcomes of the entity’s investigation about whether such an activity is a scam. The report may also need to describe any disruptive actions the entity has taken in relation to the activity.
The entity is not liable for damages etc. in taking certain actions to disrupt such an activity.
The SPF code for the sector may include sector‑specific provisions for this principle.
(1) A regulated entity contravenes this subsection if the entity:
(a) has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity; and
(b) fails to take reasonable steps within a reasonable time to:
(i) disrupt the activity; or
(ii) prevent loss or harm (including further loss or harm) arising from the activity.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).(3) For the purposes of subsection (1), the steps taken should be proportionate to the actionable scam intelligence that the entity has.
Note 1: For example, if a bank has received a substantial number of similar reports of suspicious activities, it may be appropriate to pause or delay authorised push payments while the bank investigates these suspicious activities.
Note 2: For further details about the meaning of reasonable steps, see sections 58BB and 58BZ.
(1) This section applies if a regulated entity has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity.
Civil penalty provision
(2) The entity contravenes this subsection if the entity fails to give a report about the actionable scam intelligence:
(a) to the SPF general regulator:
(i) before the end of the period prescribed by the SPF rules that starts at the end of the period referred to in paragraph 58BZA(2)(d) for that intelligence; and
(ii) in the manner and form prescribed by the SPF rules; and
(b) that contains the kinds of information prescribed by the SPF rules.
Note: This subsection only applies to the entity when the SPF rules prescribe matters for paragraphs (a) and (b) that apply to the entity.
(3) Subsection (2) is a civil penalty provision.
Note: This means subsection (2) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).(4) For the purposes of (but without limiting) subsection (2), the SPF rules may prescribe:
(a) that the report may be given via access to a specified data gateway, portal or website; and
(b) that the report set out whether the entity reasonably believes that the activity that is the subject of the intelligence is a scam; and
(c) different matters for different kinds of regulated entities.
Note: For more about the data gateways, portals or websites referred to in paragraph (a), see section 58BT.
(5) The report may be required to include SPF personal information.
(6) A duty of confidence owed under an agreement or arrangement is of no effect to the extent that it is contrary to this section.
For the purposes of (but without limiting) subsection 58CC(1), the SPF code for a regulated sector may include sector‑specific provisions:
(a) describing what are reasonable steps (see also section 58BB), or what is a reasonable time, for the purposes of this Subdivision; or
(b) requiring each regulated entity for the sector to provide its SPF consumers with information about activities that are the subjects of the entity’s actionable scam intelligence.
(1) This section applies if a regulated entity has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity.
(2) The regulated entity is not liable in a civil action or civil proceeding for taking action to disrupt the activity if the action:
(a) is taken in good faith; and
(b) is taken in compliance with the SPF provisions; and
(c) is reasonably proportionate to the activity, and to information that would reasonably be expected to be available to the entity about the activity; and
(d) is taken during the period:
(i) starting on the day that the intelligence becomes actionable scam intelligence for the entity; and
(ii) ending when the entity reasonably believes that the activity is or is not a scam, or after 28 days, whichever is the earlier; and
(e) is promptly reversed if:
(i) the entity identifies that the activity is not a scam; and
(ii) it is reasonably practicable to reverse the action.
Note: Assume the regulated entity temporarily blocks an SPF consumer’s website while investigating whether an activity relating to the website is a scam. This subsection protects the regulated entity from civil actions brought by the consumer when the regulated entity is acting appropriately.
(3) For the purposes of paragraph (2)(c), matters relevant to whether the action is reasonably proportionate to the activity include:
(a) the potential loss or damage to SPF consumers, or to persons carrying on the activity, if the action is not taken; and
(b) the potential loss or damage to SPF consumers, or to persons carrying on the activity, if the action is taken and the activity is not a scam.
Each regulated entity must have an accessible mechanism for its consumers to report activities that are or may be scams.
The entity must have an accessible and transparent internal dispute resolution mechanism for its consumers to complain about:
(a) activities that are or may be scams; or
(b) the entity’s conduct relating to such activities.
The entity must publish information about these mechanisms.
When undertaking such internal dispute resolution about a complaint, the entity must give a statement, relevant to the complaint, about whether it has complied with its obligations.
When undertaking such internal dispute resolution, the entity must have regard to:
(a) any processes prescribed by the SPF rules; and
(b) any guidelines prescribed by the SPF rules for apportioning any liability.
The entity must become a member of an authorised external dispute resolution scheme for dealing with complaints about scams if the entity provides services regulated by the Scams Prevention Framework.
The SPF code for the sector may include sector‑specific provisions for this principle.
(1) A regulated entity contravenes this subsection if the entity does not have an accessible mechanism for a person to report to the entity an activity that:
(a) is or may be a scam; and
(b) relates to, is connected with, or uses a regulated service of the entity; and
(c) impacts the person at a time when the person is an SPF consumer of the service.
Note: The reporting mechanism will need to extend to scams impacting the person at a time when the regulated service is only purportedly being provided to the person (see subsection 58AH(1) (about the meaning of SPF consumer)).
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity contravenes this subsection if the entity does not have an accessible and transparent internal dispute resolution mechanism to deal with a person’s complaint about:
(a) an activity that:
(i) is or may be a scam; and
(ii) relates to, is connected with, or uses a regulated service of the entity; and
(iii) impacts the person at a time when the person is an SPF consumer of the service; or
(b) the entity’s conduct relating to an activity of a kind described in paragraph (a).
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity contravenes this subsection if the entity:
(a) is undertaking internal dispute resolution in dealing with a person’s complaint of a kind described in paragraph 58BZD(1)(a) or (b); and
(b) does not give the person a statement of compliance in accordance with subsection (2).
Note: This subsection only applies to the entity when the SPF rules prescribe matters for paragraphs (2)(b), (d) and (e) that are relevant to the complaint.
(2) For the purposes of paragraph (1)(b), the statement of compliance must:
(a) include a statement by the regulated entity about whether, based on information reasonably available to the entity at the time of making the statement, it has complied with its obligations under the SPF provisions that are relevant to the complaint; and
(b) contain the kinds of information prescribed by the SPF rules that are relevant to the complaint; and
(c) not contain the kinds of information (if any) prescribed by the SPF rules that are relevant to the complaint; and
(d) be in writing and signed by a person who is an authorised representative of the entity of a kind prescribed by the SPF rules; and
(e) be given in accordance with the timeframes, and in the manner and form, prescribed by the SPF rules.
(3) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).(4) A statement of compliance given by the entity under this section is admissible, in any proceeding that:
(a) relates to the complaint; and
(b) is under or relates to an SPF EDR scheme;
as prima facie evidence of the entity’s position, at the time of making the statement, on the matters in the statement.
(5) Nothing in this section limits or affects the admissibility in a proceeding of any other statement or evidence.
(1) A regulated entity contravenes this subsection if the entity:
(a) is undertaking internal dispute resolution in dealing with a person’s complaint of a kind described in paragraph 58BZD(1)(a) or (b); and
(b) in doing so, the entity fails to have regard to:
(i) any process prescribed by the SPF rules for undertaking internal dispute resolution; or
(ii) any guidelines prescribed by the SPF rules for apportioning any liability arising from the complaint.
(1A) To avoid doubt, guidelines prescribed for the purposes of subparagraph (1)(b)(ii) do not have to be consistent with sections 58FZD to 58FZK (about proportionate liability for concurrent wrongdoers in actions for damages).
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity for a regulated sector contravenes this subsection if the entity fails to make publicly accessible information about the rights of SPF consumers of the entity’s regulated services for the sector under:
(a) the reporting mechanism required by subsection 58BZC(1); or
(b) the internal dispute resolution mechanism required by subsection 58BZD(1); or
(c) if the entity is a member of an SPF EDR scheme for the sector—the SPF EDR scheme.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a
civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
Regulated entity must not provide a regulated service if the entity is not a member of an SPF EDR scheme
(1) A regulated entity for a regulated sector contravenes this subsection if the entity:
(a) provides a regulated service for the sector that has one or more SPF consumers; and
(b) is not a member of an SPF EDR scheme for the sector.
Regulated entity that is a member of an SPF EDR scheme must give reasonable assistance to, and cooperate with, the scheme operator
(2) A regulated entity for a regulated sector contravenes this subsection if the entity:
(a) is a member of an SPF EDR scheme for the sector; and
(b) fails to give reasonable assistance to, or cooperate with, the operator of the scheme.
Regulated entity that is a member of an SPF EDR scheme must comply with related obligations in an SPF code
(3) A regulated entity for a regulated sector contravenes this subsection if the entity:
(a) is a member of an SPF EDR scheme for the sector; and
(b) fails to comply with an obligation in the SPF code for the sector that relates to the scheme.
Civil penalty provisions
(4) Subsections (1), (2) and (3) are civil penalty provisions.
Note: This means these subsections are
civil penalty provisions of an SPF principle for the purposes of section 58FJ (about civil penalties).
For the purposes of (but without limiting) subsection 58CC(1), the SPF code for a regulated sector may include sector‑specific provisions setting out:
(a) conditions that must be met for a reporting mechanism required by subsection 58BZC(1); or
(b) conditions (such as standards and requirements) that must be met for an internal dispute resolution mechanism required by subsection 58BZD(1); or
(c) obligations that must be met in relation to an SPF EDR scheme for the sector by a regulated entity for the sector that is a member of the scheme.
The Minister may make a code for each regulated sector.
Each code is to include sector‑specific provisions for the following overarching principles of the Scams Prevention Framework (see Subdivisions B, C, D, F and G of Division 2):
(a) SPF principle 1—governance;
(b) SPF principle 2—prevent;
(c) SPF principle 3—detect;
(d) SPF principle 5—disrupt;
(e) SPF principle 6—respond.
Requirements in a code can be civil penalty provisions. The relevant SPF sector regulator will monitor, investigate and enforce compliance with these provisions. Division 6 sets out remedies for non‑compliance with these provisions.
The Minister may, by legislative instrument, make a code (an
SPF code ) for a regulated sector.
Main rule about the content of SPF codes
(1) An SPF code must:
(a) be consistent with the SPF principles; and
(b) deal with only:
(i) the themes or matters covered by Subdivisions B, C, D, F and G of Division 2; and
(ii) related or incidental matters; and
(c) subject to paragraphs (a) and (b), include provisions about matters of a kind (if any) prescribed by the SPF rules.
Related or incidental matters in SPF codes
(2) Without limiting subparagraph (1)(b)(ii), an SPF code for a regulated sector may include the following:
(a) provisions relating to only certain kinds of regulated services for the sector;
(b) provisions relating to only certain kinds of SPF consumers of regulated services for the sector;
(c) provisions dealing with the circumstances in which entities are, or may be, relieved from complying with requirements in the SPF code that would otherwise apply to them;
(d) a provision that:
(i) confers powers on the SPF sector regulator for the sector or on another person; or
(ii) depends on the SPF sector regulator for the sector, or another person, being satisfied of one or more specified matters;
(e) provisions for the making of applications for internal review, or of applications to the Administrative Review Tribunal for review, of decisions of a person under the SPF code;
(f) provisions about the manner or form in which persons or bodies:
(i) may exercise powers under the SPF code; or
(ii) must comply with requirements imposed by the SPF code;
which could include requiring the use of a form approved by the SPF sector regulator for the sector or by the SPF general regulator;
(g) provisions about the following matters:
(i) whether a regulated entity for the sector may charge (or cause to be charged) a fee for a matter covered by the SPF code;
(ii) the manner in which such a fee may be charged;
(iii) the time for paying such a fee;
(iv) giving notice of, or publicising, such a fee or matters about such a fee;
(h) provisions requiring agents of a regulated entity for the sector to do or not to do specified things when acting on behalf of the regulated entity and within the scope of the agent’s actual or apparent authority;
(i) provisions authorising a regulated entity for the sector to use or disclose SPF personal information to the extent necessary to comply with the entity’s obligations under the code;
(j) provisions about any other matters that the provisions of this Part provide may be included, or otherwise dealt with, in the SPF code.
Civil penalty provisions of the SPF code
(3) An SPF code may provide that specified provisions of the SPF code are civil penalty provisions (within the meaning of the Regulatory Powers Act).
Note: Division 6 of this Part deals with enforcing the civil penalty provisions.
Adopting matters in instruments as in force from time to time etc.
(4) An SPF code may make provision in relation to a matter by applying, adopting or incorporating (with or without modification) any matter contained in any other instrument or writing:
(a) as in force or existing at a particular time; or
(b) as in force or existing from time to time.
(5) Subsection (4) has effect despite subsection 14(2) of the
Legislation Act 2003 .
The Minister may, in writing, delegate the Minister’s power under section 58CB to make a code for a regulated sector to:
(a) another Minister; or
(b) the Commission; or
(c) the entity that is, or is to be, the SPF sector regulator for the sector.
Note: Sections 34AA to 34A of the
Acts Interpretation Act 1901 contain provisions relating to delegations.
One or more external dispute resolution schemes may be authorised for dealing with consumer complaints about scams relating to, connected with, or using regulated services.
An existing scheme like the AFCA scheme could be authorised for this purpose, or new schemes could be developed and authorised.
(1) The Minister may, by legislative instrument, authorise an external dispute resolution scheme (an
SPF EDR scheme ) for the purposes of this Part and one or more regulated sectors if:
(a) the scheme is already authorised under a Commonwealth law for another purpose; or
(b) the Minister is satisfied that the requirements prescribed by the SPF rules for the purposes of subsection 58DC(1) are met for the scheme.
Note 1: For paragraph (a), the Minister could, for example, authorise the AFCA scheme (within the meaning of the
Corporations Act 2001 ) to apply for the purposes of this Part and a regulated sector. If that happens, ASIC’s functions and powers relating to the AFCA scheme (for example, under section 1052A of that Act) will also apply for the purposes of this Part and the regulated sector.Note 2: For variation and repeal, see subsection 33(3) of the
Acts Interpretation Act 1901 .(2) Before authorising a scheme, the Minister must consider:
(a) the accessibility of the scheme; and
(b) the independence of the scheme; and
(c) the fairness of the scheme; and
(d) the accountability of the scheme; and
(e) the efficiency of the scheme; and
(f) the effectiveness of the scheme; and
(g) any other matters the Minister considers relevant.
A failure to comply with this subsection does not invalidate an instrument made under subsection (1) authorising the scheme.
(3) An instrument made under subsection (1) may make the authorisation of the scheme subject to specified conditions.
(4) An instrument made under subsection (1) authorising a scheme for which paragraph (1)(b) applies must set out the scheme.
(5) More than one scheme may be authorised under subsection (1).
(1) The SPF rules may prescribe the following requirements for a scheme for which paragraph 58DB(1)(b) is to apply:
(a) organisational requirements for membership of the scheme;
(b) requirements for the operator (the
operator ) of the scheme;(c) requirements for how the scheme is to operate;
(d) requirements to be complied with by members of the scheme;
(e) requirements for making changes to the scheme.
(2) A scheme for which paragraph 58DB(1)(b) is to apply may also include provisions dealing with the following:
(a) powers of one or more of the following under the scheme:
(i) the Minister;
(ii) an SPF regulator;
(iii) a Commonwealth entity (within the meaning of the
Public Governance, Performance and Accountability Act 2013 );(b) powers of the operator under the scheme, including powers to:
(i) seek information; and
(ii) make determinations of complaints; and
(iii) make determinations imposing financial and non‑financial remedies; and
(c) appeals to the Federal Court from such determinations by the operator;
(d) information sharing and reporting;
(e) a provision that depends on the operator or another person being satisfied of one or more specified matters;
(f) provisions about the following matters:
(i) the manner in which the operator may charge (or cause to be charged) a fee under the scheme;
(ii) the time for paying such a fee;
(iii) giving notice of, or publicising, such a fee or matters about such a fee;
(g) provisions about any other matters that the provisions of this Part provide may be specified, or otherwise dealt with, in the scheme.
Referring contraventions, failures and systemic issues
(1) If the operator of an SPF EDR scheme for a regulated sector becomes aware that:
(a) a serious contravention of any law may have occurred in connection with a complaint under the scheme; or
(b) a party to a complaint under the scheme may have failed to give effect to a determination by the operator relating to the complaint; or
(c) there is a systemic issue arising from the consideration of complaints under the scheme;
the operator must give particulars of the contravention, failure or issue to the SPF general regulator and to the SPF sector regulator for the sector.
Referring settled complaints
(2) If:
(a) the parties to a complaint made under an SPF EDR scheme for a regulated sector agree to a settlement of the complaint; and
(b) the operator of the scheme thinks the settlement may require investigation;
the operator may give particulars of the settlement to the SPF general regulator and to the SPF sector regulator for the sector.
De‑identifying any SPF personal information
(3) If any SPF personal information is to be given under subsection (1) or (2) by the operator of the scheme, the operator must de‑identify the information unless the operator reasonably believes that doing so would not achieve the object of this Part.
(1) An SPF regulator may disclose information to the operator of an SPF EDR scheme for the purposes of enabling or assisting the operator to perform any of the operator’s functions or powers.
(2) The SPF regulator may impose conditions to be complied with by the operator in relation to the information.
(3) If an SPF regulator is to disclose SPF personal information under subsection (1), the SPF regulator must de‑identify the information unless the SPF regulator reasonably believes that doing so would not achieve the object of this Part.
The Commission is the regulator (the
SPF general regulator ) of most aspects of the Scams Prevention Framework, in particular of the overarching principles of the Framework.
Other Commonwealth entities may be selected to be regulators (
SPF sector regulators ) of each of the SPF codes.The SPF general regulator must enter into arrangements with the SPF sector regulators about the regulation and enforcement of the Framework. These regulators may disclose relevant information and documents to each other for this purpose.
(1) The Commission is the
SPF general regulator for all SPF provisions apart from the provisions of SPF codes.(2) The functions and powers of the SPF general regulator include:
(a) reviewing, and advising the Minister about, the operation of the SPF provisions; and
(b) the Commission’s functions and powers under section 155 to the extent that section 155 relates to:
(i) the SPF provisions, other than the provisions of SPF codes; or
(ii) a designated scams prevention framework matter (within the meaning of that section), other than the performance of a function, or the exercise of a power, conferred by or under an SPF code; and
(c) developing and publishing non‑binding guidance material relating to the SPF provisions, other than the provisions of SPF codes; and
(d) the functions and powers of the SPF general regulator conferred by any other SPF provisions.
Note: Paragraph (d) includes the SPF general regulator’s powers under the Regulatory Powers Act that are referred to in Division 6.
(1) The Commission may, by resolution, delegate any of:
(a) the Commission’s functions and powers (as the SPF general regulator) under an SPF provision; or
(b) the Commission’s functions and powers under section 155 as described in paragraph 58EB(2)(b);
to a person to whom subsection (3) applies.
(2) A member of the Commission may, by writing, delegate any of the member’s functions and powers under section 155 to the extent that section 155 relates to:
(a) the SPF provisions, other than the provisions of SPF codes; or
(b) a designated scams prevention framework matter (within the meaning of that section), other than the performance of a function, or the exercise of a power, conferred by or under an SPF code;
to a person to whom any of paragraphs (3)(b) to (e) applies.
(3) This subsection applies to the following persons:
(a) a member of the Commission;
(b) person who is an employee of the Commission who:
(i) is an SES employee or acting SES employee; or
(ii) holds or performs the duties of an Executive Level 1 or 2 position;
and who the Commission is satisfied has appropriate qualifications, training, skills or experience to perform the functions or exercise the powers;
(c) an SPF sector regulator;
(d) a member (if any) of an SPF sector regulator;
(e) an employee of an SPF sector regulator who holds or performs the duties of a position that is equivalent to a position mentioned in subparagraph (b)(i) or (ii).
(4) A delegation of functions or powers must not be made under subsection (1) or (2) to a person to whom paragraph (3)(c), (d) or (e) applies unless the relevant SPF sector regulator:
(a) has agreed to the delegation in writing; and
(b) in the case of a person to whom paragraph (3)(e) applies—is satisfied that the person has appropriate qualifications, training, skills or experience to perform the functions or exercise the powers.
(5) In performing any functions or exercising any powers under a delegation under subsection (1) or (2), the delegate must comply with any directions of the delegator.
(1) The Minister may, by legislative instrument, designate an entity that:
(a) is a Commonwealth entity (within the meaning of the
Public Governance, Performance and Accountability Act 2013 ); and(b) is already conferred functions by or under a law;
to be the
SPF sector regulator for a regulated sector.
(2) The Commission is the
SPF sector regulator for a regulated sector if (and while) no instrument under subsection (1) is in force for the sector.Note: The Commission could also be designated under subsection (1) to be the SPF sector regulator for a regulated sector.
(3) The functions and powers of the SPF sector regulator for a regulated sector include those conferred:
(a) by the SPF code for the sector; or
(b) by any other SPF provisions; or
(c) if the SPF sector regulator is the Commission—the Commission’s functions and powers under section 155 to the extent that section 155 relates to:
(i) the provisions of the SPF code for the sector; or
(ii) a designated scams prevention framework matter (within the meaning of that section) involving the performance of a function, or the exercise of a power, conferred by or under the SPF code for the sector.
Note: The functions and powers of SPF regulators other than the Commission include the monitoring and investigating functions and powers referred to in Division 6 (see paragraph (b) of this subsection).
(4) The Minister may, in writing, delegate the Minister’s power under subsection (1) to another Minister.
Note: Sections 34AA to 34A of the
Acts Interpretation Act 1901 contain provisions relating to delegations.
(1) An SPF sector regulator may, by writing, delegate any of the SPF sector regulator’s functions and powers under:
(a) an SPF provision, other than a provision of the Regulatory Powers Act; or
(b) if the SPF sector regulator is the Commission—the Commission’s functions and powers under section 155 as described in paragraph 58ED(3)(c);
to a person to whom subsection (3) applies.
Note: A function or power of the SPF sector regulator under a provision of the Regulatory Powers Act may be able to be delegated under the Subdivision of Division 6 of this Part that refers to that provision of that Act (for example, see subsection 58FE(5) of this Act).
(2) If an SPF sector regulator is the Commission, a member of the Commission may, by writing, delegate any of the member’s functions and powers under section 155 to the extent that section 155 relates to:
(a) the provisions of the SPF code for the sector; or
(b) a designated scams prevention framework matter (within the meaning of that section) involving the performance of a function, or the exercise of a power, conferred by or under the SPF code for the sector;
to a person to whom paragraph (3)(b) applies.
(3) This subsection applies to the following persons:
(a) a member (if any) of the SPF sector regulator;
(b) person who is an employee of the SPF sector regulator who:
(i) is an SES employee or acting SES employee; or
(ii) holds or performs the duties of an Executive Level 1 or 2 position; or
(iii) holds or performs the duties of a position that is equivalent to a position mentioned in subparagraph (i) or (ii);
and who the SPF sector regulator is satisfied has appropriate qualifications, training, skills or experience to perform the functions or exercise the powers.
(4) In performing any functions or exercising any powers under a delegation under subsection (1) or (2), the delegate must comply with any directions of the delegator.
(1) The SPF general regulator, and each SPF sector regulator, must enter into an arrangement relating to the regulation and enforcement of the SPF provisions.
(2) The SPF general regulator may choose to comply with subsection (1) by entering into:
(a) a single arrangement with all, or one or more, SPF sector regulators; or
(b) a separate arrangement with each SPF sector regulator.
However, subsection (1) does not apply to the extent that the Commission is an SPF sector regulator.
(3) The arrangement must include provisions relating to the matters (if any) prescribed by the SPF rules.
Note: For example, the SPF rules could require an SPF regulator that requests a scam report under subsection 58BS(1) to:
(a) notify each other SPF regulator of the request; and
(b) give a copy of the scam report to any of those other SPF regulators that asks for one.
(4) Each SPF regulator that is a party to such an arrangement must publish the arrangement on its website.
(5) A failure to comply with this section does not invalidate the performance or exercise of a function or power by an SPF regulator.
(1) The SPF general regulator must publish a statement on its website summarising, in general terms, the roles and responsibilities of:
(a) each SPF regulator; and
(b) each operator of an SPF EDR scheme; and
(c) any other entity the SPF general regulator considers appropriate;
with respect to the regulation, enforcement and administration of the SPF provisions.
Note: The purpose of the statement is to explain these matters at a high level.
(2) Before publishing the statement, the SPF general regulator must consult the entities mentioned in subsection (1).
(3) The statement is not a legislative instrument.
(1) An SPF regulator may disclose to another SPF regulator:
(a) particular information or documents; or
(b) information or documents of a particular kind;
held by the first‑mentioned SPF regulator that are relevant to the operation (including enforcement) of the SPF provisions.
(2) An SPF regulator may make a disclosure under subsection (1) on request or on its own initiative.
Note: This section means such a disclosure is permitted by provisions like:
(a) paragraph 155AAA(1)(b); and
(b) section 59DB of the
Australian Communications and Media Authority Act 2005 ; and(c) subsection 127(2) of the
Australian Securities and Investments Commission Act 2001 .Similarly, the exception in paragraph 6.2(b) of Australian Privacy Principle 6 will apply to such a disclosure.
(3) SPF personal information may be disclosed under subsection (1).
An SPF regulator must have regard to the object of this Part when deciding whether to make a disclosure under this Subdivision.
Note: Arrangements made under section 58EF between SPF regulators could deal with when disclosures should be made (see subsection 58EF(3) in particular).
An SPF regulator need not notify any person that the SPF regulator:
(a) has collected SPF personal information under this Part; or
(b) plans to make a disclosure of information or documents under this Part; or
(c) has made such a disclosure under this Part; or
(d) plans to use information or documents disclosed under this Part; or
(e) has used such information or documents under this Part.
Nothing in this Part requires an SPF regulator to disclose information or documents that:
(a) concern the internal administrative functioning of that regulator; or
(b) disclose a matter in respect of which that regulator or any other person has claimed legal professional privilege; or
(c) are of a kind prescribed by the SPF rules.
The Commission, in its role as the SPF general regulator or an SPF sector regulator, may use its powers under this Act (including section 155) to monitor and investigate compliance with the aspects of the Scams Prevention Framework that are relevant for that role.
If the ACMA or ASIC is an SPF sector regulator, it must use powers in its own legislation to monitor and investigate compliance with an SPF code for the sector. Other SPF sector regulators may monitor and investigate compliance with an SPF code either using the powers in Subdivision B or, with the Minister’s permission, powers in their own legislation.
The maximum penalties for contraventions of the civil penalty provisions of the Scams Prevention Framework are set out in Subdivision C.
Other remedies for contraventions of the Framework are set out in later Subdivisions of this Division, and include:
(a) infringement notices; and
(b) enforceable undertakings; and
(c) injunctions; and
(d) actions for damages; and
(e) public warning notices; and
(f) remedial directions; and
(g) adverse publicity orders; and
(h) other punitive and non‑punitive orders.
Some of these remedies may also be available against a person involved in a contravention of the Framework by a regulated entity, such as a senior officer of the regulated entity (for example, see subsection 58FW(1)).
Note: Sections 58GA to 58GC extend the meaning of
person for partnerships, unincorporated associations and trusts.
(1) An SPF regulator may, in writing, appoint a person who is one of the following to be an
inspector of that regulator for the purposes of one or more Subdivisions of this Division:
(a) a person who is an employee of that regulator who:
(i) is an SES employee or acting SES employee; or
(ii) holds or performs the duties of an Executive Level 1 or 2 position; or
(iii) holds or performs the duties of a position that is equivalent to a position mentioned in subparagraph (i) or (ii);
(b) a member or special member of the Australian Federal Police.
(2) However, the SPF regulator must not appoint a person as an inspector unless the SPF regulator is satisfied that the person has appropriate qualifications, training, skills or experience to exercise the powers of an inspector.
(3) A person must, in exercising powers as an inspector of an SPF regulator, comply with any directions of the SPF regulator that are of an administrative character.
(4) If (and while) no appointments under subsection (1) by an SPF regulator are in force for the purposes of a Subdivision of this Division, the SPF regulator is an
inspector of the SPF regulator for the purposes of that Subdivision.
Subject to section 58FM (about civil penalties), a provision of this Division does not limit a court’s powers under any other provision of this Act or of any other Act.
If a court considers that:
(a) it is appropriate to order a person (the
defendant ) to pay a pecuniary penalty under an SPF civil penalty order in relation to a contravention or conduct; and(b) it is appropriate to order under Subdivision G the defendant to pay compensation to a person who has suffered loss or damage as result of that contravention or conduct; and
(c) the defendant does not have sufficient financial resources to pay both the pecuniary penalty and the compensation;
the court must give preference to making an order for compensation.
No alternative monitoring powers apply
(1) This section applies for the SPF code for a regulated sector unless:
(a) the ACMA, ASIC or the Commission is the SPF sector regulator for the sector; or
(b) a declaration is in force under subsection 58FI(2) declaring that provisions that include monitoring powers of the kind mentioned in subparagraph 58FI(1)(a)(i) apply in relation to provisions of the SPF code.
Provisions subject to monitoring
(2) Each provision of the SPF code is subject to monitoring under Part 2 of the Regulatory Powers Act.
Note: Part 2 of the Regulatory Powers Act creates a framework for monitoring whether these provisions have been complied with. That Part includes powers of entry and inspection.
Information subject to monitoring
(3) Information given in compliance or purported compliance with the SPF code is subject to monitoring under Part 2 of the Regulatory Powers Act.
Note: Part 2 of the Regulatory Powers Act creates a framework for monitoring whether the information is correct. It includes powers of entry and inspection.
Related provisions, authorised applicant, authorised person, issuing officer, relevant chief executive and relevant court
(4) For the purposes of Part 2 of the Regulatory Powers Act, as that Part applies in relation to the provisions mentioned in subsection (2) and the information mentioned in subsection (3):
(a) there are no related provisions; and
(b) an inspector of the SPF sector regulator is an authorised applicant; and
(c) an inspector of the SPF sector regulator is an authorised person; and
(d) a magistrate is an issuing officer; and
(e) the SPF sector regulator is the relevant chief executive; and
(f) each of the following courts is a relevant court:
(i) the Federal Court;
(ii) the Federal Circuit and Family Court of Australia (Division 2);
(iii) a court of a State or Territory that has jurisdiction in relation to the matter.
(5) The relevant chief executive may, in writing, delegate the powers and functions mentioned in subsection (6) to:
(a) an SES employee, or acting SES employee, of the SPF sector regulator; or
(b) an employee of the SPF sector regulator who holds or performs the duties of a position that is equivalent to an SES employee;
if the relevant chief executive is satisfied that the employee has appropriate qualifications, training, skills or experience to exercise the powers and perform the functions.
(6) The powers and functions that may be delegated are:
(a) powers and functions under Part 2 of the Regulatory Powers Act in relation to the provisions mentioned in subsection (2) and the information mentioned in subsection (3); and
(b) powers and functions under the Regulatory Powers Act that are incidental to a power or function mentioned in paragraph (a) of this subsection.
(7) A person exercising powers or performing functions under a delegation under subsection (5) must comply with any directions of the relevant chief executive.
Person assisting
(8) An authorised person may be assisted by other persons in exercising powers or performing functions or duties under Part 2 of the Regulatory Powers Act in relation to the provisions mentioned in subsection (2) and the information mentioned in subsection (3).
No alternative investigation powers apply
(1) This section applies for the SPF code for a regulated sector unless:
(a) the ACMA, ASIC or the Commission is the SPF sector regulator for the sector; or
(b) a declaration is in force under subsection 58FI(2) declaring that provisions that include investigation powers of the kind mentioned in subparagraph 58FI(1)(a)(ii) apply in relation to provisions of the SPF code.
Provisions subject to investigation
(2) Each civil penalty provision of the SPF code is subject to investigation under Part 3 of the Regulatory Powers Act.
Note: Part 3 of the Regulatory Powers Act creates a framework for investigating whether a provision has been contravened. It includes powers of entry, search and seizure.
Related provisions, authorised applicant, authorised person, issuing officer, relevant chief executive and relevant court
(3) For the purposes of Part 3 of the Regulatory Powers Act, as that Part applies in relation to evidential material that relates to a provision mentioned in subsection (2):
(a) there are no related provisions; and
(b) an inspector of the SPF sector regulator is an authorised applicant; and
(c) an inspector of the SPF sector regulator is an authorised person; and
(d) a magistrate is an issuing officer; and
(e) the SPF sector regulator is the relevant chief executive; and
(f) each of the following courts is a relevant court:
(i) the Federal Court;
(ii) the Federal Circuit and Family Court of Australia (Division 2);
(iii) a court of a State or Territory that has jurisdiction in relation to the matter.
(4) The relevant chief executive may, in writing, delegate the powers and functions mentioned in subsection (5) to:
(a) an SES employee, or acting SES employee, of the SPF sector regulator; or
(b) an employee of the SPF sector regulator who holds or performs the duties of a position that is equivalent to an SES employee.
if the relevant chief executive is satisfied that the employee has appropriate qualifications, training, skills or experience to exercise the powers and perform the functions.
(5) The powers and functions that may be delegated are:
(c) aiding, abetting, counselling or procuring a person to contravene such a provision; or
(d) inducing, or attempting to induce, whether by threats, promises or otherwise, a person to contravene such a provision; or
(e) being in any way, directly or indirectly, knowingly concerned in, or party to, the contravention by a person of such a provision; or
(f) conspiring with others to contravene such a provision.
(2) In this Subdivision:
Court , in relation to a matter, means any court having jurisdiction in the matter.
(1) The Court may grant an injunction under section 58FW restraining a person from engaging in conduct:
(a) whether or not it appears to the Court that the person intends to engage again, or to continue to engage, in conduct of that kind; and
(b) whether or not the person has previously engaged in conduct of that kind; and
(c) whether or not there is an imminent danger of substantial damage to any person if the first‑mentioned person engages in conduct of that kind.
(2) The Court may grant an injunction under section 58FW requiring a person to do an act or thing:
(a) whether or not it appears to the Court that the person intends to refuse or fail again, or to continue to refuse or fail, to do that act or thing; and
(b) whether or not the person has previously refused or failed to do that act or thing; and
(c) whether or not there is an imminent danger of substantial damage to any person if the first‑mentioned person refuses or fails to do that act or thing.
(3) The Court may grant an injunction under section 58FW by consent of all the parties to the proceedings whether or not the Court is satisfied that a person has engaged, or is proposing to engage, in conduct of a kind mentioned in that section.
The Court may, if in the opinion of the Court it is desirable to do so, grant an interim injunction pending determination of an application for an injunction under section 58FW.
The Court may rescind or vary an injunction granted under this Subdivision.
(1) An application for an injunction under this Subdivision may be made by an SPF regulator or any other person.
(2) If an SPF regulator applies for such an injunction, the Court must not require the applicant or any other person, as a condition of granting an interim injunction, to give any undertakings as to damages.
(3) If:
(a) a person other than an SPF regulator:
(i) applies for such an injunction; and
(ii) apart from this subsection, would be required by the Court to give an undertaking as to damages or costs; and
(b) an SPF regulator gives the undertaking;
the Court must accept the undertaking by the SPF regulator and must not require a further undertaking from any other person.
The powers conferred on the Court by this Subdivision are in addition to, and not instead of, any other powers of the Court, whether conferred by this Act or otherwise.
(1) A person (the
victim ) who suffers loss or damage by conduct of another person that was done in contravention of:
(a) a civil penalty provision of an SPF principle; or
(b) a civil penalty provision of an SPF code;
may recover the amount of the loss or damage by action against that other person.
(2) An SPF regulator may make a claim under subsection (1) on behalf of the victim if the SPF regulator has the victim’s written consent to do so.
(3) A claim under subsection (1) may be made at any time within 6 years after the day the cause of action that relates to the conduct accrued.
(4) However, this section applies subject to sections 58FZD to 58FZK (about proportionate liability for concurrent wrongdoers).
Note: See subsection 58FZF(1) in particular.
(1) In this Subdivision, a
concurrent wrongdoer , in relation to a claim under subsection 58FZC(1), is a person who is one of 2 or more persons:
(a) who each contravened a civil penalty provision of an SPF principle or a civil penalty provision of an SPF code (whether or not the same civil penalty provision); and
(b) whose contraventions caused, independently of each other or jointly, the loss or damage that is the subject of the claim.
(2) For the purposes of this Subdivision, a person can be a concurrent wrongdoer if the person is insolvent, is being wound up or has ceased to exist or died.
(1) Nothing in this Subdivision operates to exclude the liability of a concurrent wrongdoer (an
excluded concurrent wrongdoer ) in proceedings involving a claim under subsection 58FZC(1) to recover an amount of loss or damage if:
(a) the concurrent wrongdoer intended to cause the loss or damage; or
(b) the concurrent wrongdoer fraudulently caused the loss or damage.
(2) The liability of an excluded concurrent wrongdoer is to be determined in accordance with the legal rules (if any) that (apart from sections 58FZD to 58FZK) are relevant.
(3) The liability of any other concurrent wrongdoer who is not an excluded concurrent wrongdoer is to be determined in accordance with the other provisions of this Subdivision.
(1) In any proceedings involving a claim under subsection 58FZC(1) to recover an amount of loss or damage:
(a) the liability of a defendant who is a concurrent wrongdoer in relation to the claim is limited to an amount reflecting that proportion of the loss or damage that the court considers just having regard to the extent of the defendant’s responsibility for the loss or damage; and
(b) the court may give judgment against the defendant for not more than that amount.
(2) If the proceedings also involve another claim that is not a claim under subsection 58FZC(1), liability for the other claim is to be determined in accordance with the legal rules, if any, that (apart from this Subdivision) are relevant.
(3) In apportioning responsibility between defendants in the proceedings:
(a) the court is to exclude that proportion of the loss or damage in relation to which the victim is contributorily negligent under any relevant law; and
(b) the court may have regard to the comparative responsibility of any concurrent wrongdoer who is not a party to the proceedings.
(4) This section applies in proceedings whether or not all concurrent wrongdoers are parties to the proceedings.
(5) A reference in this Subdivision to a defendant in proceedings includes any person joined as a defendant or other party in the proceedings (except as a plaintiff) whether joined under this Subdivision, under rules of court or otherwise.
(1) If:
(a) a defendant in proceedings involving a claim under subsection 58FZC(1) has reasonable grounds to believe that a particular person (the
other person ) may be a concurrent wrongdoer in relation to the claim; and(b) the defendant fails to give the plaintiff, as soon as practicable, written notice of the information that the defendant has about:
(i) the identity of the other person; and
(ii) the circumstances that may make the other person a concurrent wrongdoer in relation to the claim; and
(c) the plaintiff unnecessarily incurs costs in the proceedings because the plaintiff was not aware that the other person may be a concurrent wrongdoer in relation to the claim;
the court hearing the proceedings may order that the defendant pay all or any of those costs of the plaintiff.
Note: The plaintiff is the victim or an SPF regulator (see subsections 58FZC(1) and (2)).
(2) The court may order that the costs to be paid by the defendant be assessed on an indemnity basis or otherwise.
A defendant against whom judgment is given under this Subdivision as a concurrent wrongdoer in relation to a claim under subsection 58FZC(1):
(a) cannot be required to contribute to any damages or contribution recovered from another concurrent wrongdoer in respect of the claim (whether or not the damages or contribution are recovered in the same proceedings in which judgment is given against the defendant); and
(b) cannot be required to indemnify any such wrongdoer.
(1) For a claim under subsection 58FZC(1), nothing in this Subdivision or any other law prevents a plaintiff (or a victim) who has previously recovered judgment against a concurrent wrongdoer for an apportionable part of any loss or damage from bringing another action against any other concurrent wrongdoer for that loss or damage.
(2) However, in any proceedings in respect of any such action, an amount of damages cannot be recovered by or for the victim that, having regard to any damages previously recovered by or for the victim in respect of the loss or damage, would result in the victim receiving compensation for loss or damage that is greater than the loss or damage actually sustained by the victim.
(1) The court may give leave for any one or more persons to be joined as defendants in proceedings involving a claim under subsection 58FZC(1).
(2) The court is not to give leave for the joinder of any person who was a party to any previously concluded proceedings in respect of the claim.
Nothing in this Subdivision:
(a) prevents a person being held vicariously liable for a proportion of a claim under subsection 58FZC(1) for which another person is liable; or
(b) prevents a person from being held severally liable with another person for that proportion of a claim under subsection 58FZC(1) for which the other person is liable; or
(c) affects the operation of any other provision of this Act or of any other Act to the extent that the provision imposes several liability on any person in respect of what would otherwise be a claim under subsection 58FZC(1).
Suspected contraventions of a provision of the SPF principles
(1) The SPF general regulator may issue to the public a written notice containing a warning about the conduct of a person if the SPF general regulator:
(a) reasonably suspects that the person’s conduct may constitute a contravention of a specified provision of the SPF principles; and
(b) is satisfied that one or more persons has suffered, or is likely to suffer, detriment as a result of the conduct; and
(c) is satisfied that it is in the public interest to issue the notice.
Suspected contraventions of a provision of an SPF code
(2) The SPF sector regulator for a regulated sector may issue to the public a written notice containing a warning about the conduct of a person if the SPF sector regulator:
(a) reasonably suspects that the person’s conduct may constitute a contravention of a specified provision of the SPF code for the sector; and
(b) is satisfied that one or more persons has suffered, or is likely to suffer, detriment as a result of the conduct; and
(c) is satisfied that it is in the public interest to issue the notice.
Related matters
(3) An SPF regulator that issues a notice under subsection (1) or (2) must publish the notice on the SPF regulator’s website.
(4) A notice under subsection (1) or (2) is not a legislative instrument.
Giving directions—to comply with an SPF principle
(1) If the SPF general regulator reasonably suspects that a regulated entity:
(a) is failing to comply with an SPF principle; or
(b) will fail to comply with an SPF principle;
the SPF general regulator may, by written notice given to the entity, direct the entity to take specified action to comply with that SPF principle.
Giving directions—to comply with an SPF code
(2) If the SPF sector regulator for a regulated sector reasonably suspects that a regulated entity for the sector:
(a) is failing to comply with a provision of the SPF code for the sector; or
(b) will fail to comply with such a provision;
the SPF sector regulator may, by written notice given to the entity, direct the entity to take specified action to comply with that provision of the SPF code.
Complying with a direction
(3) A regulated entity given a direction under subsection (1) or (2) must comply with the direction.
(a) within the time specified in the direction, which must be a reasonable time; or
(b) if the direction does not specify a reasonable time—within a reasonable time.
(4) Subsection (3) is a civil penalty provision.
Note: To work out how sections 58FJ to 58FL (about civil penalties) apply to subsection (3), see the definitions of
civil penalty provision of an SPF principle , andcivil penalty provision of an SPF code in subsection 4(1).
Extending the time for complying with a direction
(5) The SPF regulator who gives a direction under subsection (1) or (2) to an entity may extend the time for complying with the direction by written notice given to the entity.
Before giving a direction
(6) Before an SPF regulator gives an entity a direction under subsection (1) or (2), the SPF regulator must give the entity an opportunity to make submissions to the SPF regulator on the matter.
Varying and revoking directions
(7) An SPF regulator may vary or revoke a direction given by the SPF regulator under subsection (1) or (2) in like manner and subject to like conditions.
Publishing directions
(8) As soon as practicable after an SPF regulator gives, varies or revokes a direction under subsection (1) or (2), the SPF regulator must publish a notice of its action on its website.
Making adverse publicity orders
(1) The Court may, on application, make an adverse publicity order against a person who has been ordered to pay a pecuniary penalty under an SPF civil penalty order.
(2) Such an order may require the person to:
(a) disclose, in the way and to the persons specified in the order, specified information that the person has possession of or access to; and
(b) publish, at the person’s expense and in in a specified way, an advertisement in the terms specified in, or determined in accordance with, the order.
Applying for adverse publicity orders
(3) An application for such an order may be made by:
(a) if the SPF civil penalty order was for a contravention of a civil penalty provision of an SPF principle—the SPF general regulator; or
(b) if the SPF civil penalty order was for a contravention of a civil penalty provision of an SPF code for a regulated sector—the SPF sector regulator for the sector.
Definitions
(4) In this section:
Court , in relation to a matter, means any court having jurisdiction in the matter.
Making non‑punitive orders
(1) The Court may, on application, make one or more of the following orders in relation to a person who has engaged in conduct contravening an SPF principle or a provision of an SPF code:
(a) a community service order;
(b) a probation order for a period of no longer than 3 years;
(c) an order requiring the person to disclose, in the way and to the persons specified in the order, specified information that the person has possession of or access to;
(d) an order requiring the person to publish, at the person’s expense and in a specified way, an advertisement in the terms specified in, or determined in accordance with, the order.
Applying for non‑punitive orders
(2) An application for such an order may be made by:
(a) for conduct contravening an SPF principle—the SPF general regulator; or
(b) for conduct contravening a provision of the SPF code for a regulated sector—the SPF sector regulator for the sector.
Definitions
(3) For the purposes of this section, a
probation order is an order made to ensure that a person does not engage in:
(a) the conduct that resulted in the order; or
(b) similar conduct or related conduct;
during the period of the order.
(4) Without limiting subsection (3), a
probation order includes:
(a) an order directing a person to establish a compliance program, or an education and training program, that:
(i) is for employees or other persons involved in the person’s business; and
(ii) is designed to ensure awareness of responsibilities and obligations relating to conduct covered by paragraph (3)(a) or (b); and
(b) an order directing a person to revise the internal operations of the person’s business that lead to conduct covered by paragraph (3)(a) or (b).
(5) In this section:
community service order means an order directing a person to perform a service that:
(a) is specified in the order; and
(b) is or relates to the conduct that resulted in the order;
for the benefit of the community or a section of the community.
contravening : conductcontravening an SPF principle or a provision of an SPF code includes conduct that constitutes being involved in such a contravention.Note: For the meaning of
involved , see subsection 4(1).
Court , in relation to a matter, means any court having jurisdiction in the matter.
Making orders
(1) The Court may, on application, make such orders (other than an award of damages) as the Court thinks appropriate against a person who:
(a) engaged in conduct (the
contravening conduct ) contravening a civil penalty provision of an SPF principle or a civil penalty provision of an SPF code; or(b) is involved in the contravening conduct;
if the contravening conduct caused, or is likely to cause, a class of persons (the
victims ) to suffer loss or damage.Note 1: The orders that the court may make include all or any of the orders set out in section 58FZQ.
Note 2: For the meaning of
involved , see subsection 4(1).
(2) Subsection (1) applies whether or not the victims include persons (
non‑parties ) who are not, or have not been, parties to a proceeding (anenforcement proceeding ) instituted under another provision in or referred to in this Division in relation to the contravening conduct.(3) The Court must not make such an order unless the Court considers that the order will:
(a) redress, in whole or in part, the loss or damage suffered by the victims in relation to the contravening conduct; or
(b) prevent or reduce the loss or damage suffered, or likely to be suffered, by the victims in relation to the contravening conduct.
Applying for orders
(4) An application for such an order may be made:
(a) by the following:
(i) if the contravening conduct contravened a civil penalty provision of an SPF principle—the SPF general regulator;
(ii) if the contravening conduct contravened a civil penalty provision of an SPF code for a regulated sector—the SPF sector regulator for the sector; and
(b) even if an enforcement proceeding in relation to the contravening conduct has not been instituted; and
(c) at any time within 6 years after the day on which the cause of action that relates to the contravening conduct accrues.
Working out whether to make an order
(5) In working out whether to make such an order against a person referred to in paragraph (1)(a) or (b), the Court may have regard to the conduct of:
(a) the person; and
(b) the victims;
in relation to the contravening conduct since the contravention occurred.
(6) However, the Court need not make a finding about either of the following matters:
(a) which persons are victims in relation to the contravening conduct;
(b) the nature of the loss or damage suffered, or likely to be suffered, by such persons.
When a non‑party victim is bound by an order etc.
(7) If all of the following happen:
(a) such an order is made against a person;
(b) the loss or damage suffered, or likely to be suffered, by a non‑party victim in relation to the contravening conduct has been redressed, prevented or reduced in accordance with the order;
(c) the non‑party victim has accepted the redress, prevention or reduction;
then:
(d) the non‑party victim is bound by the order; and
(e) any other order made under subsection (1) relating to that loss or damage has no effect in relation to the non‑party victim; and
(f) despite any other provision of this Act or any other law of the Commonwealth, or a State or Territory, no claim, action or demand may be made or taken against the person by the non‑party victim in relation to that loss or damage.
Definitions
(8) In this section:
Court , in relation to a matter, means any court having jurisdiction in the matter.
(1) Without limiting subsection 58FZP(1), the orders that the Court may make under that subsection against a person (the
respondent ) include all or any of the following:
(a) an order declaring the whole or any part of a contract made between the respondent and a victim referred to in that subsection, or a collateral arrangement relating to such a contract:
(i) to be void; and
(ii) if the Court thinks fit—to have been void ab initio or void at all times on and after such date as is specified in the order (which may be a date that is before the date on which the order is made);
(b) an order:
(i) varying such a contract or arrangement in such manner as is specified in the order; and
(ii) if the Court thinks fit—declaring the contract or arrangement to have had effect as so varied on and after such date as is specified in the order (which may be a date that is before the date on which the order is made);
(c) an order refusing to enforce any or all of the provisions of such a contract or arrangement;
(d) an order directing the respondent to refund money or return property to a victim referred to in that subsection;
(e) an order directing the respondent, at the respondent’s own expense, to repair, or provide parts for, goods that have been supplied under the contract or arrangement to a victim referred to in that subsection;
(f) an order directing the respondent, at the respondent’s own expense, to supply specified services to a victim referred to in that subsection;
(g) an order, in relation to an instrument creating or transferring an interest in land, directing the respondent to execute an instrument that:
(i) varies, or has the effect of varying, the first‑mentioned instrument; or
(ii) terminates or otherwise affects, or has the effect of terminating or otherwise affecting, the operation or effect of the first‑mentioned instrument.
(2) In this section:
interest , in land, means:
(a) a legal or equitable estate or interest in the land; or
(b) a right of occupancy of the land, or of a building or part of a building erected on the land, arising by virtue of the holding of shares, or by virtue of a contract to purchase shares, in an incorporated company that owns the land or building; or
(c) a right, power or privilege over, or in connection with, the land.
(1) The SPF provisions apply to a partnership as if it were a person, but with the changes set out in this section.
(2) An obligation that would otherwise be imposed on the partnership by an SPF provision is imposed on each partner instead, but may be discharged by any of the partners.
(3) If an SPF provision would otherwise permit something to be done by the partnership, the thing may be done by one or more of the partners on behalf of the partnership.
(4) For the purposes of the SPF provisions, a change in the composition of a partnership does not affect the continuity of the partnership.
(1) The SPF provisions apply to an unincorporated association as if it were a person, but with the changes set out in this section.
(2) An obligation that would otherwise be imposed on the association by an SPF provision is imposed on each member of the association’s committee of management instead, but may be discharged by any of the members.
(3) If an SPF provision would otherwise permit something to be done by the unincorporated association, the thing may be done by one or more of the members of the association’s committee of management on behalf of the association.
(1) The SPF provisions apply to a trust as if it were a person, but with the changes set out in this section.
Trusts with a single trustee
(2) If the trust has a single trustee:
(a) an obligation that would otherwise be imposed on the trust by an SPF provision is imposed on the trustee instead; and
(b) if an SPF provision would otherwise permit something to be done by the trust, the thing may be done by the trustee.
Trusts with multiple trustees
(3) If the trust has 2 or more trustees:
(a) an obligation that would otherwise be imposed on the trust by an SPF provision is imposed on each trustee instead, but may be discharged by any of the trustees; and
(b) if an SPF provision would otherwise permit something to be done by the trust, the thing may be done by any of the trustees.
(1) This section applies if the operation of the SPF provisions would result in an acquisition of property (within the meaning of paragraph 51(xxxi) of the Constitution) from a person otherwise than on just terms (within the meaning of that paragraph).
(2) The person who acquires the property is liable to pay a reasonable amount of compensation to the first‑mentioned person.
(3) If the 2 persons do not agree on the amount of the compensation, the person to whom compensation is payable may institute proceedings in:
(a) the Federal Court; or
(b) the Supreme Court of a State or Territory;
for the recovery from the other person of such reasonable amount of compensation as the Court determines.
(1) The Minister may, by legislative instrument, make rules (the
SPF rules ) prescribing matters:
(a) required or permitted by this Part to be prescribed by the SPF rules; or
(b) necessary or convenient to be prescribed for carrying out or giving effect to this Part.
Note: A matter may be prescribed by the SPF rules by class (see subsection 13(3) of the
Legislation Act 2003 ). For example, a specific regulated entity or a class of regulated entities may be able to be prescribed in some cases.(2) The Minister may, in writing, delegate the Minister’s power to make SPF rules to another Minister or to an SPF regulator.
(3) To avoid doubt, the SPF rules may not do the following:
(a) create an offence or civil penalty;
(b) provide powers of:
(i) arrest or detention; or
(ii) entry, search or seizure;
(c) impose a tax;
(d) set an amount to be appropriated from the Consolidated Revenue Fund under an appropriation in this Act;
(e) directly amend the text of this Act.
(1) The Minister must cause a review to be conducted of the operation of the SPF provisions.
(2) The review must be conducted as soon as practicable after the end of the 3‑year period starting on the day the first SPF code is made under section 58CB.
(3) The persons who conduct the review must give the Minister a written report of the review.
(4) The Minister must cause a copy of the report of the review to be tabled in each House of the Parliament within 15 sitting days of that House after the Minister receives the report.
Add:
; or (vii) the SPF provisions (within the meaning of the
Competition and Consumer Act 2010 ) if the ACMA is designated as a SPF sector regulator under subsection 58ED(1) of that Act;
Insert:
An ACMA official authorised by the Chair, in writing, for the purposes of this section may disclose authorised disclosure information if the disclosure:
(a) is to:
(i) an SPF regulator (within the meaning of the
Competition and Consumer Act 2010 ); or(ii) the operator of an SPF EDR scheme (within the meaning of that Act); and
(b) is for the purposes of the operation (including enforcement) of the SPF provisions (within the meaning of that Act).
Add:
; (o) the SPF provisions (within the meaning of the
Competition and Consumer Act 2010 ).
Insert:
ACMA means the Australian Communications and Media Authority.
actionable scam intelligence has the meaning given by section 58AI.
associate , of an SPF consumer, means an associate (within the meaning of section 318 of theIncome Tax Assessment Act 1936 ) of the SPF consumer who is:
(a) a natural person who is in Australia or is ordinarily resident in Australia; or
(b) a person who carries on a business having a principal place of business in Australia;
civil penalty provision of an SPF code means:
(a) a provision of an SPF code (see Division 3 of Part IVF) that is a civil penalty provision (within the meaning of the Regulatory Powers Act); or
(b) subsection 58FZM(3) in relation to compliance with a direction given under subsection 58FZM(2).
civil penalty provision of an SPF principle means:
(a) a provision of Division 2 of Part IVF (about the Scams Prevention Framework) that is a civil penalty provision (within the meaning of the Regulatory Powers Act); or
(b) subsection 58FZM(3) in relation to compliance with a direction given under subsection 58FZM(1).
de‑identified : information isde‑identified if the information is no longer about an identifiable individual or an individual who is reasonably identifiable.
infringement notice compliance period for an SPF infringement notice: see section 58FT.
inspector , of an SPF regulator, has the meaning given by section 58FB.
involved , in a contravention of a civil penalty provision of an SPF principle or of a civil penalty provision of an SPF code, means:
(a) aiding, abetting, counselling or procuring a contravention of the provision; or
(b) inducing, whether by threats or promises or otherwise, such a contravention; or
(c) being in any way, directly or indirectly, knowingly concerned in, or party to, such a contravention; or
(d) conspiring with others to effect such a contravention.
reasonable steps , for the purposes of Division 2 of Part IVF (about overarching principles of the Scams Prevention Framework), has a meaning affected by section 58BB.
regulated entity has the meaning given by section 58AD.
regulated sector has the meaning given by subsection 58AC(1).
regulated service has the meaning given by section 58AD.
scam has the meaning given by section 58AG.
senior officer , of a regulated entity, means:
(a) an officer (within the meaning of the
Corporations Act 2001 ) of the entity; or(b) a senior manager (within the meaning of that Act) of the entity.
SPF civil penalty order means a civil penalty order under Part 4 of Regulatory Powers Act (as that Part applies because of section 58FJ of this Act).
SPF code has the meaning given by section 58CB.
SPF consumer has the meaning given by section 58AH.
SPF EDR scheme , for a regulated sector, means an external dispute resolution scheme authorised under subsection 58DB(1) for the sector.
SPF general regulator has the meaning given by section 58EB.
SPF governance policies, procedures, metrics and targets , for a regulated entity for a regulated sector, means the entity’s:
(a) policies and procedures required under paragraph 58BD(1)(a) for the sector; and
(b) performance metrics and targets required under paragraph 58BD(1)(c) for those policies and procedures.
SPF infringement notice means an infringement notice issued under subsection 58FO(1) or (2).
SPF personal information means:
(a) personal information; or
(b) information relating to a person that may be used (whether alone or in conjunction with other information) to access:
(i) a service or an account; or
(ii) funds, credit or other financial benefits.
SPF principles means the provisions in Subdivisions B to G of Division 2 of Part IVF (about the Scams Prevention Framework).
SPF provisions has the meaning given by section 58AJ.
SPF regulator means:
(a) the SPF general regulator; or
(b) the SPF sector regulator for a regulated sector.
SPF rules means rules made under section 58GE.
SPF sector regulator has the meaning given by section 58ED.
Repeal the definition.
Repeal the definition.
Repeal the definition.
Add:
(v) an SPF code; or
Insert:
(ic) a designated scams prevention framework matter (as defined by subsection (9AC) of this section); or
Insert:
(9AC) A reference in this section to a
designated scams prevention framework matter is a reference to the performance of a function, or the exercise of a power, conferred on the Commission (as an SPF regulator) by or under:
(a) Part IVF; or
(b) a legislative instrument (such as an SPF code) made under that Part; or
(c) the Regulatory Powers Act to the extent that it applies in relation to a provision of that Part.
Omit “Australian Communications and Media Authority”, substitute “ACMA”.
Add:
Note: A law, instrument or condition referred to in paragraph (a) that requires entities to be members of the scheme need not be a law, instrument or condition regulating providers of financial products or services. The constitutional basis for that law, instrument or condition would need to support the scheme’s application to such entities.
Add:
Note: This power to issue regulatory requirements extends to any application of the AFCA scheme in relation to members of the scheme that are not providers of financial products or services.
Omit “Note”, substitute “Note 1”.
Add:
Note 2: This power to give directions extends to any application of the AFCA scheme in relation to members of the scheme that are not providers of financial products or services.
17 At the end of subsections 1052BA(1) and 1052C(1) Add:
Note: This power to give directions extends to any application of the AFCA scheme in relation to members of the scheme that are not providers of financial products or services.
Omit “Note”, substitute “Note 1”.
Add:
Note 2: This right to make requests extends to any application of the AFCA scheme in relation to members of the scheme that are not providers of financial products or services.
Add:
Note: This subsection extends to any application of the AFCA scheme in relation to members of the scheme that are not providers of financial products or services.
[
(135/24) |
0
0
0