In response to the growing threat of financial scams, the Australian Government has passed the Scams Prevention Framework Bill 2025. The Scams Prevention Framework (SPF) imposes a range of obligations on entities operating within the banking and telecommunications industries as well as digital platform service providers offering social media, paid search engine advertising or direct messaging services (Regulated Entities). In the first article of our scam series, Australia's Proposed Scams Prevention Framework, we provided an overview of the SPF. In this article, we compare the SPF to the reimbursement rules adopted by the United Kingdom and consider the likely implications of each approach.

UK Model

The United Kingdom is a global leader in the introduction of customer protections against authorised push payment (APP) fraud. A customer-authorised transfer of funds may fall within the definition of an APP scam where:

1. The customer intended to transfer the funds to a person, but was instead deceived into transferring the funds to a different person; or
2. The customer transferred funds to another person for what they believed were legitimate purposes, but which were in fact fraudulent.

Reimbursement Requirement

A mandatory reimbursement framework was introduced on 7 October 2024 (the Reimbursement Framework) and applies to the United Kingdom’s payment service providers (PSPs). Under the Reimbursement Framework, PSPs are required to reimburse a customer who has fallen victim to an APP scam. The cost of reimbursement will be shared equally between the customer’s financial provider and the financial provider used by the perpetrator of the scam. However, PSPs will not be liable to reimburse a victim who has been grossly negligent by failing to meet the standard of care that PSPs can expect of their consumers (Consumer Standard of Caution) (discussed below), or who is involved in the fraud. Where the customer is classed as ‘vulnerable’, failure to meet the Consumer Standard of Caution will not exempt the PSP from liability.

Consumer Standard of Caution

The Consumer Standard of Caution exception consists of four key pillars:

1. Intervention - Consumers should have regard to interventions made by their PSP or a competent national authority such as law enforcement. However, a nonspecific ‘boilerplate’ warning will not be sufficient to shift the risk onto the customer. 
2. Prompt reporting - Consumers, upon suspecting they have fallen victim to an APP scam, should report the matter to their PSP within 13 months of the last authorised payment. 
3. Information sharing - Consumers should respond to reasonable and proportionate requests for information made by their PSP in assessing the reimbursement claim. Any requests for information must be limited to essential matters taking into account the value and complexity of the claim. 
4. Involvement of police - Consumers should consent to their PSP reporting the matter to the police on their behalf. PSPs must consider the circumstances surrounding a customer’s reluctance in reporting their claim to the police before relying on this exception. 

Failure to meet one or more of the above pillars will only exempt the PSP from liability where the customer has been grossly negligent. This is a higher standard of negligence than required under the common law and requires the customer to have shown a ‘significant degree of carelessness’.

Vulnerability

A vulnerable customer is someone who, due to their personal circumstances, is especially susceptible to harm. Personal circumstances relevant to determining whether a customer is ‘vulnerable’ include:

• Health conditions or illnesses that affect one’s ability to carry out day-to-day tasks;
• Life events such as bereavement, job losses or relationship breakdown;
• Ability to withstand financial or emotional shocks; and
• Knowledge barriers such as language and digital or financial literacy.

The Consumer Standard of Caution is not applicable to vulnerable customers. Accordingly, where the victim has been classified as a vulnerable customer, PSPs cannot avoid liability on the grounds of gross negligence for failing to meet the Consumer Standard of Caution. 

Limit on Reimbursement

PSPs will not be required to reimburse amounts above the maximum level of reimbursement, which is currently £415,000 per claim. 

Key Distinctions Between the SPF and the UK Model

Financial Burden of Scams

Both the UK and Australian models seek to incentivise entities to adopt policies and procedures aimed at lowering the risk of scams. By requiring PSPs to reimburse scam victims, the UK’s model shifts the economic cost of scams from customers onto PSPs. A similar purpose is achieved under the SPF, which provides for harsh financial penalties for entities that fail to develop and implement appropriate policies to protect customers against scams. However, a significant point of difference is the extent to which these financial burdens benefit victims of scams directly.

Under the UK model, a victim of an APP scam will be able to recover the full amount of their loss (up to the prescribed maximum amount) so long as:

1. They were not grossly negligent in authorising the payment;
2. They were not a party to the fraud;
3. They are not claiming reimbursement fraudulently or dishonestly;
4. The amount claimed is not the subject of a civil dispute or other civil legal action;
5. The payment was not made for an unlawful purpose; and
6. The claim is made within 13 months of the final APP scam payment.

In contrast, there is no indication that any funds paid under Australia’s SPF civil penalty provisions will be directed towards the reimbursement of victims. However, under the Scams Prevention Framework Bill 2025, where a Regulated Entity has failed to comply with its obligations under the SPF and this failure has contributed to a customer’s scam loss, the customer may be able to recover monetary damages from the Regulated Entity.

Possible Effect on Individual Vigilance

The UK’s Reimbursement Framework recognises that PSPs, as opposed to individuals, have greater resources available to combat the threat of scams. However, there is a risk that by passing the economic cost of scams onto PSPs, individuals will become less vigilant. Where an individual fails to make proper inquiries which would have revealed the true nature of the scam, they may still be eligible for reimbursement so long as they have not shown a ‘significant degree of carelessness’. With this safety net, individuals may become complacent about protecting themselves from the threat of scams. 

In contrast to the UK model, individuals will continue to bear the burden of unrecoverable scam losses under Australia’s SPF unless a Regulated Entity’s breach of SPF obligations has contributed to the loss. As a result, individuals will continue to have a financial incentive to remain vigilant in protecting themselves against the threat of scams. 

Scope of Framework

Australia

The SPF applies to entities across multiple industries, reflecting Australia’s ‘whole of the ecosystem’ approach to scams prevention. Upon introduction, the SPF is intended to apply to banking and telecommunications entities as well as entities providing social media, paid search engine advertising or direct messaging services. It is noted in the explanatory materials that the scope of the SPF is intended to be extended to other industries over time to respond to changes in scam trends. 

The purpose of this wider approach is to target the initial point of contact between the perpetrator and victim. For example, a perpetrator may create a social media post purporting to sell fake concert tickets. Successful disruptive actions by the social media provider, such as taking down the post or freezing the perpetrator’s account, may prevent the dissemination of the fake advertisement and potentially reduce the number of individuals who would otherwise fall victim to the scam. 

United Kingdom

In contrast, the UK’s Reimbursement Framework only applies to PSPs participating in the Faster Payments Scheme (FPS) that provide Relevant Accounts. 

FPS

The FPS is one of eight UK payment systems designated by HM Treasury. According to the Payment Systems Regulator, almost all internet and telephone banking payments in the United Kingdom are now processed via FPS. 

Relevant Account

A Relevant Account is an account that:

• Is provided to a service user;
• Is held in the United Kingdom; and
• Can send or receive payments using the FPS,

but excludes accounts provided by credit unions, municipal banks and national savings banks.

Effect of Single-Sector Approach

Due to the United Kingdom’s single-sector approach, different frameworks need to be developed to combat scam activity in other parts of the ecosystem. This disjointed approach may create enforcement issues where entities across multiple sectors fail to implement sufficient procedures to detect and prevent scam activities. Further, it places a disproportionate burden on the banking sector, failing to acknowledge the responsibility of other sectors to protect the community from the growing threat of scams. 

Key Takeaways

While both the United Kingdom and Australia have demonstrated a commitment to adopting tough anti-scams policies, they have adopted very different approaches. Time will tell which approach has the largest impact on scam detection and prevention.

The authors would like to thank paralegal Tamsyn Sharpe for her contribution to this legal insight.