The Australian Securities and Investments Commission (ASIC) has initiated legal action against HSBC for allegedly failing to adequately protect customers from scams that resulted in significant financial losses.
ASIC claims that HSBC Australia did not implement sufficient controls to prevent and detect unauthorized payments and did not fulfill its responsibilities to investigate customer reports of such transactions within mandated timeframes. Additionally, the bank allegedly failed to quickly restore banking services to affected customers.
Reports of unauthorized transactions reportedly surged among HSBC Australia customers starting mid-2023, often as a result of scammers posing as HSBC staff to gain account access. From January 2020 to August 2024, HSBC received around 950 reports of unauthorized transactions, leading to total customer losses of approximately $23 million. Notably, nearly $16 million of this loss occurred in a six-month period between October 2023 and March 2024.
ASIC deputy chair Sarah Court stated, “We allege that HSBC Australia’s failings were widespread and systemic, resulting in inadequate protection for its customers.” She added that the bank’s failure to adhere to obligations under the ePayments Code significantly exacerbated the situation, with the average investigation time for scam reports being 145 days. Moreover, the delay in restoring customers’ full access to their accounts averaged 95 days, with one case taking as long as 542 days for resolution.
ASIC is pursuing a range of actions, including declarations of contraventions, financial penalties, adverse publicity orders, and the recovery of costs.