Scams Prevention Framework Act 2025
No. 15, 2025
An Act to provide a framework for preventing and responding to scams, and for related purposes
Scams Prevention Framework Act 2025
No. 15, 2025
An Act to provide a framework for preventing and responding to scams, and for related purposes
1 Short title
2 Commencement
3 Schedules
Schedule 1—Amendments
Part 1—Main amendments
Competition and Consumer Act 2010
Part 2—Other amendments
Australian Communications and Media Authority Act 2005
Australian Securities and Investments Commission Act 2001
Competition and Consumer Act 2010
Corporations Act 2001
Scams Prevention Framework Act 2025
No. 15, 2025
An Act to provide a framework for preventing and responding to scams, and for related purposes
[Assented to 20 February 2025]
The Parliament of Australia enacts:
This Act is the Scams Prevention Framework Act 2025.
(1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.
Commencement information | ||
Column 1 | Column 2 | Column 3 |
Provisions | Commencement | Date/Details |
1. The whole of this Act | The day after this Act receives the Royal Assent. | 21 February 2025 |
Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.
(2) Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.
Legislation that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.
1 After Part IVE
Insert:
The object of this Part is to prevent and respond to scams impacting:
(a) either:
(i) natural persons while they are in Australia; or
(ii) persons who carry on small businesses in Australia;
if the scams relate to, are connected with, or use certain services that are or may be provided or purportedly provided to those persons; or
(b) natural persons while they are outside of Australia if:
(i) they are ordinarily resident in Australia; and
(ii) the scams relate to, are connected with, or use certain services that are or may be provided or purportedly provided to those persons by Australian service providers or by foreign service providers through permanent establishments in Australia.
The Scams Prevention Framework is a multifaceted approach for protecting Australian consumers from scams. The Framework requires service providers in selected sectors of the economy to take a variety of actions to combat scams relating to, connected with, or using their services.
These service providers must comply with the overarching principles of the Framework. These principles are about:
(a) governance arrangements relating to scams; and
(b) preventing, detecting, reporting, disrupting and responding to scams.
Under the Framework, the Minister may make a code (an SPF code) setting out sector‑specific requirements for the service providers in a selected sector of the economy relating to:
(a) governance arrangements relating to scams; and
(b) preventing, detecting, disrupting and responding to scams.
Under the Framework, the Minister may authorise external dispute resolution schemes for participation by these service providers. The operator of such a scheme will be able to determine complaints by consumers about how these service providers respond to scams.
The Commission is to regulate and enforce compliance with the overarching principles of the Framework. Other Commonwealth entities will be selected by the Minister to regulate and enforce compliance with SPF codes.
(1) The Minister may, by legislative instrument, designate one or more businesses or services to be a regulated sector of the Australian economy.
Note 1: An individual business or service could be designated, or businesses or services could be designated by class (see subsection 13(3) of the Legislation Act 2003).
Note 2: For variation and repeal, see subsection 33(3) of the Acts Interpretation Act 1901.
(2) Without limiting subsection (1), the following classes of businesses or services could be designated:
(a) businesses of banking, other than State banking (within the meaning of paragraph 51(xiii) of the Constitution) not extending beyond the limits of the State concerned;
(b) businesses of insurance, other than State insurance (within the meaning of paragraph 51(xiv) of the Constitution) not extending beyond the limits of the State concerned;
(c) postal, telegraphic, telephonic or other like services (within the meaning of paragraph 51(v) of the Constitution), such as one or more of the following:
(i) carriage services (within the meaning of the Telecommunications Act 1997);
(ii) electronic services (within the meaning of the Online Safety Act 2021), such as social media services (within the meaning of that Act);
(iii) broadcasting services (within the meaning of the Broadcasting Services Act 1992).
Note: This is not an exhaustive list. Similarly, a subset of paragraph (a), (b) or (c) could be designated.
Entities with businesses or services within the banking, insurance or communications constitutional powers
(1) To the extent that a regulated sector includes a business or service covered by paragraph 58AC(2)(a), (b) or (c):
(a) the person who carries on or provides that business or service is a regulated entity for the sector; and
(b) that business or service is a regulated service of the regulated entity for the sector.
Note 1: This subsection extends to a regulated sector consisting of businesses or services that are a subset of paragraph 58AC(2)(a), (b) or (c).
Note 2: Sections 58GA to 58GC extend the meaning of person for partnerships, unincorporated associations and trusts.
Other entities who may be regulated entities
(2) Otherwise:
(a) the regulated entities for a regulated sector; and
(b) the regulated services of each of those regulated entities;
are as set out in the following table:
Other regulated entities, and their regulated services, for the regulated sector | ||
Item | This person is a regulated entity: | for this regulated service: |
1 | a corporation that carries on or provides a business or service that is part of the regulated sector | that business or service. |
2 | a person to the extent that the person is both: (a) carrying on or providing a business or service that is part of the regulated sector; and (b) acting using a postal, telegraphic, telephonic or other like service (within the meaning of paragraph 51(v) of the Constitution) | so much of that business or service as relates to the person acting in that way. |
3 | a person to the extent that the person is both: (a) carrying on or providing a business or service that is part of the regulated sector; and (b) acting in the course of, or in relation to, a kind of trade or commerce mentioned in subsection (3) | so much of that business or service as relates to the person acting in that way. |
Note 1: For the meaning of corporation, see section 4.
Note 2: Sections 58GA to 58GC extend the meaning of person for partnerships, unincorporated associations and trusts.
(3) For the purposes of item 3 of the table in subsection (2), the kinds of trade or commerce are as follows:
(a) trade or commerce between Australia and places outside Australia;
(b) trade or commerce among the States;
(c) trade or commerce within a Territory, between a State or Territory or between 2 Territories.
Exceptions—complete
(4) Despite subsections (1) and (2):
(a) a person is not a regulated entity for a regulated sector to the extent that an exception prescribed by the SPF rules applies to the person; and
(b) a business or service is not a regulated service of a person for a regulated sector to the extent that an exception prescribed by the SPF rules applies to the business or service.
Note: A person, business or service may be specified by class (see subsection 13(3) of the Legislation Act 2003).
Exceptions—partial
(5) Despite subsections (1) and (2), the instrument made under subsection 58AC(1) designating a business or service to be all or part of the regulated sector may declare that:
(a) the person who carries on or provides the business or service is not a regulated entity for the regulated sector for the purposes of specified SPF provisions; or
(b) the business or service is not a regulated service for the regulated sector for the purposes of specified SPF provisions.
Note: An individual person, business or service could be declared, or persons, businesses or services could be declared by class (see subsection 13(3) of the Legislation Act 2003).
(1) Before making an instrument under subsection 58AC(1) about a sector of the economy, the Minister must:
(a) consider all of the following:
(i) scam activity in the sector;
(ii) the effectiveness of existing industry initiatives to address scams in the sector;
(iii) the interests of persons who would be SPF consumers of regulated services for the sector if the instrument were made;
(iv) the likely consequences (including benefits and risks) to the public if the instrument were made;
(v) the likely consequences (including benefits and risks) to the businesses or services making up the sector;
(vi) any other matters the Minister considers relevant; and
(b) consult the businesses or services making up the sector, or such associations or other bodies representing them as the Minister thinks appropriate; and
(c) consult such associations or other bodies representing the persons referred to in subparagraph (a)(iii) as the Minister thinks appropriate.
Note: For the meaning of SPF consumer, see section 58AH.
(2) A failure to comply with subsection (1) does not invalidate an instrument made under subsection 58AC(1).
The Minister may, in writing, delegate the Minister’s power to make an instrument under subsection 58AC(1) to another Minister.
Note: Sections 34AA to 34A of the Acts Interpretation Act 1901 contain provisions relating to delegations. For example, section 34A of that Act means that section 58AE of this Act can be satisfied by the delegate.
(1) A scam is a direct or indirect attempt (whether or not successful) to engage an SPF consumer of a regulated service where it would be reasonable to conclude that the attempt:
(a) involves deception (see subsection (2)); and
(b) would, if successful, cause loss or harm including obtaining SPF personal information of, or a financial or other benefit from, the SPF consumer or the SPF consumer’s associates.
(2) The attempt involves deception if the attempt:
(a) deceptively represents something to be (or to be related to) the regulated service; or
(b) impersonates a regulated entity in connection with the regulated service; or
(c) is an attempt to deceive the SPF consumer into:
(i) performing an action using the regulated service; or
(ii) facilitating another person to perform an action using the regulated service; or
(d) is an attempt to deceive the SPF consumer that is made using the regulated service.
(3) The attempt may be a single act or a course of conduct.
(4) However, the attempt is not a scam if the attempt is of a kind prescribed by the SPF rules.
(1) An SPF consumer, of a regulated service, is any of the following:
(a) a natural person, or a small business operator, who is or may be provided or purportedly provided the service in Australia;
(b) a natural person who:
(i) is ordinarily resident in Australia; and
(ii) is or may be provided or purportedly provided the service outside of Australia by a regulated entity that satisfies the residency requirements in subsection (2).
(2) The regulated entity satisfies the residency requirements if it:
(a) is an Australian resident (within the meaning of the Income Tax Assessment Act 1997); or
(b) is so providing or purportedly providing the service through a permanent establishment (within the meaning of the Income Tax Assessment Act 1997) in Australia.
Note 1: For paragraph (1)(a), a person who is a small business operator at the time the person is impacted by a scam continues to be an SPF consumer for that time even if the business later has 100 or more employees.
Note 2: Sections 58GA to 58GC extend the meaning of person for partnerships, unincorporated associations and trusts.
(3) Subsection (1) includes the provision or purported provision of a regulated service:
(a) directly or indirectly to the person; or
(b) whether or not under a contract, arrangement or understanding with the person; or
(c) whether or not the regulated entity providing the service knows that the person is:
(i) a natural person; or
(ii) a small business operator; or
(d) that involves the supply of goods.
Note: This is not an exhaustive list.
(4) However, the person is not an SPF consumer of the regulated service if a condition prescribed by the SPF rules applies to the person in relation to regulated services of that kind.
(5) In this section:
annual turnover has the same meaning as in the Corporations Act 2001.
related body corporate has the same meaning as in the Corporations Act 2001.
small business operator means a person who carries on a business if:
(a) in the case of the person being a body corporate:
(i) the sum of the person’s employees, and the employees of any body corporate related to the person, is less than 100 employees; and
(ii) the person’s annual turnover during the last financial year is less than $10 million; and
(b) in the case of the person not being a body corporate:
(i) the person has less than 100 employees; and
(ii) the person’s annual turnover (worked out as if the person were a body corporate) during the last financial year is less than $10 million; and
(c) in every case—the business has a principal place of business in Australia.
(6) Section 4B (about consumers) does not apply to this Part.
A regulated entity identifies or has actionable scam intelligence if (and when) there are reasonable grounds for the entity to suspect that a communication, transaction or other activity relating to, connected with, or using a regulated service of the entity is a scam.
Note 1: Whether there are reasonable grounds for such a suspicion is an objective test. Relevant information for this test may include:
(a) information about the mechanism or identifier being used to scam SPF consumers, such as URLs, email addresses, phone numbers, social media profiles, digital wallets and bank account information of the scam promotors; and
(b) information about the suspected scammer; and
(c) information (including complaints) provided by SPF consumers.
Note 2: Gathering and reporting this information will minimise the harm from scams (see SPF principles 4 and 5 in Subdivisions E and F of Division 2).
(1) Each of the following provisions (the SPF provisions) extends to every external Territory:
(a) a provision of this Part;
(b) a provision of a legislative instrument made under this Part;
(c) another provision of this Act to the extent that it relates to a provision covered by paragraph (a) or (b);
(d) a provision of the Regulatory Powers Act to the extent that it applies in relation to a provision covered by paragraph (a) or (b).
(2) The SPF provisions extend to acts, omissions, matters and things outside Australia.
Conduct of agents etc. of a regulated entity is attributable to the regulated entity
(1) For the purposes of the SPF provisions, section 97 of the Regulatory Powers Act (to the extent that it applies in relation to the SPF provisions) applies to a regulated entity who is not a body corporate in a corresponding way to the way that provision applies to a regulated entity who is a body corporate.
Acts done in relation to an agent of a regulated entity taken to be done in relation to the regulated entity
(2) For the purposes of SPF provisions, if an act is done by a person in relation to another person (the agent) who:
(a) is acting on behalf of a regulated entity; and
(b) is so acting within the scope of the agent’s actual or apparent authority;
the act is taken to have also been done in relation to the regulated entity.
Each regulated entity must comply with the overarching principles of the Scams Prevention Framework.
These principles require each regulated entity to:
(a) document and implement governance arrangements to combat scams; and
(b) take reasonable steps to prevent, detect, report, disrupt and respond to scams.
These requirements are civil penalty provisions. The Commission (in its capacity as the SPF general regulator) will monitor, investigate and enforce compliance with these provisions. Division 6 sets out remedies for non‑compliance with these provisions.
(1) Matters relevant to whether a regulated entity has taken reasonable steps for the purposes of a provision of this Division include:
(a) the size of the regulated entity; and
(b) the kind of regulated services concerned; and
(c) the consumer base of those services; and
(d) the kinds of scam risks those services face; and
(e) whether the regulated entity has complied with any relevant SPF code obligations relating to that provision.
(2) In determining whether a regulated entity has taken reasonable steps for the purposes of a provision of this Division, the primary consideration must be the matter in paragraph (1)(e) (if applicable).
Each regulated entity must document and implement governance policies, procedures, metrics and targets for combatting scams.
These must be reviewed, and certified by a senior officer of the entity, at least annually.
The entity must keep records and give reports about its compliance with this principle.
The SPF code for the sector may include sector‑specific provisions for this principle.
(1) A regulated entity for a regulated sector contravenes this subsection if the entity fails to do one or more of the following:
(a) document governance policies and procedures about:
(i) preventing, detecting and disrupting scams; and
(ii) responding to scams; and
(iii) reports relating to scams;
relating to, connected with, or using the entity’s regulated services for the sector;
(b) implement those governance policies and procedures;
(c) develop and implement performance metrics and targets that:
(i) are for measuring the effectiveness of those governance policies and procedures; and
(ii) comply with any requirements for those metrics and targets that are prescribed by the SPF rules.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity for a regulated sector contravenes this subsection if:
(a) no senior officer of the entity certifies in writing, within 12 months of the day the entity becomes a regulated entity for the sector, whether the entity’s SPF governance policies, procedures, metrics and targets for the sector comply with this Subdivision; or
(b) no senior officer of the entity certifies in writing, within 7 days after each 12‑month anniversary of the day the entity becomes a regulated entity for the sector, whether the entity’s SPF governance policies, procedures, metrics and targets for the sector comply with this Subdivision.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity for a regulated sector contravenes this subsection if the entity fails to keep records of information of a material nature relating to each of the following activities for at least 6 years after that activity happens:
(a) the initial documenting, and each revision of the documenting, of the entity’s SPF governance policies, procedures, metrics and targets for the sector;
(b) the initial implementation, and each reimplementation, of those SPF governance policies, procedures, metrics and targets;
(c) each consideration (including certification) by one of the entity’s senior officers of those SPF governance policies, procedures, metrics and targets, including in relation to their documenting, implementation and review;
(d) any other activities that are prescribed by the SPF rules.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity for a regulated sector contravenes this subsection if:
(a) the SPF general regulator, or the SPF sector regulator for the sector, gives the entity a written request for a copy of:
(i) the entity’s SPF governance policies, procedures, metrics and targets for the sector; or
(ii) specified kinds of other records required by this Subdivision to be kept for the sector by the entity; and
(b) the entity fails to comply with the request within:
(i) 10 business days after the day the entity is given the request; or
(ii) such longer period as is allowed by the SPF regulator.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
For the purposes of (but without limiting) subsection 58CC(1), the SPF code for a regulated sector may include sector‑specific provisions describing:
(a) the matters that a regulated entity for the sector must include in the entity’s governance policies and procedures for the purposes of this Subdivision; or
(b) the factors that a regulated entity for the sector must have regard to when developing the entity’s governance policies and procedures for the purposes of this Subdivision.
Each regulated entity for a regulated sector must take reasonable steps to prevent scams.
The SPF code for the sector may include sector‑specific provisions for this principle.
(1) A regulated entity contravenes this subsection if the entity fails to take reasonable steps to prevent another person from committing a scam relating to, connected with, or using a regulated service of the entity.
Note: Sections 58GA to 58GC extend the meaning of person for partnerships, unincorporated associations and trusts.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) Taking reasonable steps for the purposes of subsection 58BJ(1) requires more than merely acting on actionable scam intelligence in the form of information provided to the regulated entity by another person.
Further sector‑specific details can be set out in SPF codes
(2) For the purposes of (but without limiting) subsection 58CC(1), the SPF code for a regulated sector may include sector‑specific provisions:
(a) describing what are reasonable steps for the purposes of this Subdivision (see also section 58BB); or
(b) requiring each regulated entity for the sector to:
(i) identify its SPF consumers who are at risk of being targeted by a scam; or
(ii) identify its SPF consumers who have a higher risk of being targeted by a scam; or
(c) requiring each regulated entity for the sector to provide information about such scams to an SPF consumer described in subparagraph (b)(i) or (ii).
Each regulated entity for a regulated sector must take reasonable steps to detect scams. This includes:
(a) investigating, in a timely way, activities that are the subjects of its actionable scam intelligence; and
(b) identifying, in a timely way, its consumers that have or may have been impacted by such activities.
The SPF code for the sector may include sector‑specific provisions for this principle.
(1) A regulated entity contravenes this subsection if the entity fails to take reasonable steps to detect a scam relating to, connected with, or using a regulated service of the entity.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(3) Without limiting subsection (1), the regulated entity fails to take reasonable steps to detect a scam relating to, connected with, or using a regulated service of the entity if the entity fails to take reasonable steps to:
(a) detect such a scam as it happens; or
(b) detect such a scam after it happens.
Note: For further details about the meaning of reasonable steps, see sections 58BB and 58BP.
(1) A regulated entity contravenes this subsection if the entity:
(a) has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity; and
(b) fails to take reasonable steps to investigate whether or not the activity is a scam during the 28‑day period starting on the day that the intelligence becomes actionable scam intelligence for the entity.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity contravenes this subsection if the entity:
(a) has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity; and
(b) fails to take reasonable steps within a reasonable time to identify the persons who were SPF consumers of that service at the time when the persons were or may have been impacted by the activity.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
For the purposes of (but without limiting) subsection 58CC(1), the SPF code for a regulated sector may include sector‑specific provisions describing:
(a) what are reasonable steps (see also section 58BB); or
(b) what is a reasonable time;
for the purposes of this Subdivision.
Each regulated entity must give the SPF general regulator reports of any actionable intelligence the entity has about activities relating to, connected with, or using the entity’s regulated services.
A regulated entity must give an SPF regulator a report about a scam if the SPF regulator requests.
The SPF general regulator may disclose information about scams to certain other entities.
(1) This section applies if a regulated entity has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity.
Civil penalty provision
(2) The entity contravenes this subsection if the entity fails to give a report about the actionable scam intelligence:
(a) to the SPF general regulator within the period, and in the manner and form, prescribed by the SPF rules; and
(b) that contains the kinds of information prescribed by the SPF rules.
Note: This subsection only applies to the entity when the SPF rules prescribe matters for paragraphs (a) and (b) that apply to the entity.
(3) Subsection (2) is a civil penalty provision.
Note: This means subsection (2) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
Defence
(4) Subsection (2) does not apply to the entity if circumstances of a kind prescribed by the SPF rules apply to the entity.
Note: A defendant bears an evidential burden in relation to the matter in this subsection (see section 96 of the Regulatory Powers Act).
Matters relevant to reports
(5) For the purposes of (but without limiting) subsection (2), the SPF rules may prescribe:
(a) that the report may be given via access to a specified data gateway, portal or website; and
(b) that the report include the sources or evidence that the entity has for that intelligence (see section 58AI); and
(c) different matters for different kinds of regulated entities.
Note: For more about the data gateways, portals or websites referred to in paragraph (a), see section 58BT.
(6) The report may be required to include SPF personal information.
(1) This section applies if an SPF regulator gives a written request to a regulated entity for the entity to give the SPF regulator a report about a scam relating to, connected with, or using a regulated service of the entity.
Civil penalty provision
(2) The entity contravenes this subsection if the entity fails to give a report about the scam:
(a) to the SPF regulator within the period, and in the manner and form, set out in the request; and
(b) that contains the kinds of information set out in the request.
(3) Subsection (2) is a civil penalty provision.
Note: This means subsection (2) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(4) For the purposes of (but without limiting) subsection (2), the SPF regulator’s request may:
(a) provide that the report may be given via access to a specified data gateway, portal or website; and
(b) ask that the report set out:
(i) what loss or harm may have resulted from the scam, what disruptive actions the entity has taken and whether any of those actions have been reversed; and
(ii) what steps the entity is taking to disrupt similar scams, and to prevent loss or harm resulting from similar scams.
Note: For more about the data gateways, portals or websites referred to in paragraph (a), see section 58BT.
(5) The request may ask for the report to include SPF personal information. If so, the request must require the entity to de‑identify the information unless the SPF regulator reasonably believes that doing so would not achieve the object of this Part.
(6) If:
(a) a regulated entity gives a scam report to an SPF regulator under this section; and
(b) another SPF regulator later requests a scam report under this section from the regulated entity about the same matters;
then, despite subsection (2), the later scam report need only state that an earlier scam report about those matters was given to the first‑mentioned SPF regulator on a specified date and time.
Note: The SPF regulators can share the earlier scam report under Subdivision C of Division 5.
(1) The SPF rules may prescribe a scheme for authorising third parties to operate data gateways, portals or websites that give access to reports under this Division.
(2) For the purposes of (but without limiting) subsection (1), the SPF rules may include the following:
(a) provisions conferring functions or powers on the SPF general regulator under the scheme;
(b) the criteria for a person to be authorised under the scheme;
(c) provisions providing that authorisations may be granted subject to conditions, and that conditions may be imposed on an authorisation after it has been granted;
(d) provisions providing that authorisations may be granted at different levels corresponding to different risks;
(e) provisions specifying what a person authorised at a particular level is authorised to do (or not authorised to do);
(f) provisions dealing with the period, renewal, transfer, variation, suspension, revocation or surrender of authorisations;
(g) notification requirements on persons whose authorisations have been varied, suspended, revoked or surrendered;
(h) transitional rules for when an authorisation is varied, is suspended or ends, including in relation to SPF personal information;
(i) provisions for the making of applications for internal review, or of applications to the Administrative Review Tribunal for review, of decisions of a person under the scheme.
(3) A person authorised under the scheme may use or disclose SPF personal information to the extent that this is reasonably necessary to achieve the object of this Part.
A duty of confidence owed under an agreement or arrangement is of no effect to the extent that it is contrary to section 58BR or 58BS.
Note: Each of sections 58BR and 58BS is also a requirement by law to disclose the information contained in the report referred to in that section. So, complying with that section can be a defence to a secrecy provision such as section 276 of the Telecommunications Act 1997 (see paragraph 280(1)(b) of that Act).
(1) The SPF general regulator may disclose information relating to either of the following actions (a scamming action):
(a) a scam (as defined in section 58AG);
(b) a scam (within the ordinary meaning of that expression);
to an entity mentioned in subsection (2).
Note 1: This includes disclosing SPF personal information, but such information may first need to be de‑identified (see subsection (4)).
Note 2: The SPF general regulator can also disclose the information to an SPF sector regulator (see section 58EG).
(2) The entities are as follows:
(a) a regulated entity;
(b) a Commonwealth agency or authority involved in developing Government policy relating to this Part;
(c) a law enforcement agency of the Commonwealth, or of a State or Territory;
(d) an agency of a foreign country, or of part of a foreign country, that:
(i) is a law enforcement agency; or
(ii) is a regulatory agency responsible for scam prevention;
if subsection (3) applies to a disclosure of information to the agency.
(3) This subsection applies to a disclosure of information to a foreign agency if the SPF general regulator is satisfied that:
(a) the agency has given an undertaking for the following:
(i) controlling the storage and handling of the information;
(ii) controlling the use that will be made of the information;
(iii) ensuring that the information will be used only for the purpose for which it is disclosed to the agency; and
(b) it is appropriate, in all the circumstances, to disclose the information to the agency.
(4) SPF personal information may be disclosed under subsection (1). However, for a disclosure to an entity mentioned in paragraph (2)(b) such information must be de‑identified unless the SPF general regulator reasonably believes that doing so would not achieve the object of this Part.
Each regulated entity for a regulated sector must take reasonable steps to:
(a) disrupt an activity that is the subject of actionable scam intelligence; and
(b) prevent losses from such an activity.
The entity will also need to report to the SPF general regulator the outcomes of the entity’s investigation about whether such an activity is a scam. The report may also need to describe any disruptive actions the entity has taken in relation to the activity.
The entity is not liable for damages etc. in taking certain actions to disrupt such an activity.
The SPF code for the sector may include sector‑specific provisions for this principle.
(1) A regulated entity contravenes this subsection if the entity:
(a) has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity; and
(b) fails to take reasonable steps within a reasonable time to:
(i) disrupt the activity; or
(ii) prevent loss or harm (including further loss or harm) arising from the activity.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(3) For the purposes of subsection (1), the steps taken should be proportionate to the actionable scam intelligence that the entity has.
Note 1: For example, if a bank has received a substantial number of similar reports of suspicious activities, it may be appropriate to pause or delay authorised push payments while the bank investigates these suspicious activities.
Note 2: For further details about the meaning of reasonable steps, see sections 58BB and 58BZ.
(1) This section applies if a regulated entity has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity.
Civil penalty provision
(2) The entity contravenes this subsection if the entity fails to give a report about the actionable scam intelligence:
(a) to the SPF general regulator:
(i) before the end of the period prescribed by the SPF rules that starts at the end of the period referred to in paragraph 58BZA(2)(d) for that intelligence; and
(ii) in the manner and form prescribed by the SPF rules; and
(b) that contains the kinds of information prescribed by the SPF rules.
Note: This subsection only applies to the entity when the SPF rules prescribe matters for paragraphs (a) and (b) that apply to the entity.
(3) Subsection (2) is a civil penalty provision.
Note: This means subsection (2) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(4) For the purposes of (but without limiting) subsection (2), the SPF rules may prescribe:
(a) that the report may be given via access to a specified data gateway, portal or website; and
(b) that the report set out whether the entity reasonably believes that the activity that is the subject of the intelligence is a scam; and
(c) different matters for different kinds of regulated entities.
Note: For more about the data gateways, portals or websites referred to in paragraph (a), see section 58BT.
(5) The report may be required to include SPF personal information.
(6) A duty of confidence owed under an agreement or arrangement is of no effect to the extent that it is contrary to this section.
For the purposes of (but without limiting) subsection 58CC(1), the SPF code for a regulated sector may include sector‑specific provisions:
(a) describing what are reasonable steps (see also section 58BB), or what is a reasonable time, for the purposes of this Subdivision; or
(b) requiring each regulated entity for the sector to provide its SPF consumers with information about activities that are the subjects of the entity’s actionable scam intelligence.
(1) This section applies if a regulated entity has actionable scam intelligence about an activity relating to, connected with, or using a regulated service of the entity.
(2) The regulated entity is not liable in a civil action or civil proceeding for taking action to disrupt the activity if the action:
(a) is taken in good faith; and
(b) is taken in compliance with the SPF provisions; and
(c) is reasonably proportionate to the activity, and to information that would reasonably be expected to be available to the entity about the activity; and
(d) is taken during the period:
(i) starting on the day that the intelligence becomes actionable scam intelligence for the entity; and
(ii) ending when the entity reasonably believes that the activity is or is not a scam, or after 28 days, whichever is the earlier; and
(e) is promptly reversed if:
(i) the entity identifies that the activity is not a scam; and
(ii) it is reasonably practicable to reverse the action.
Note: Assume the regulated entity temporarily blocks an SPF consumer’s website while investigating whether an activity relating to the website is a scam. This subsection protects the regulated entity from civil actions brought by the consumer when the regulated entity is acting appropriately.
(3) For the purposes of paragraph (2)(c), matters relevant to whether the action is reasonably proportionate to the activity include:
(a) the potential loss or damage to SPF consumers, or to persons carrying on the activity, if the action is not taken; and
(b) the potential loss or damage to SPF consumers, or to persons carrying on the activity, if the action is taken and the activity is not a scam.
Each regulated entity must have an accessible mechanism for its consumers to report activities that are or may be scams.
The entity must have an accessible and transparent internal dispute resolution mechanism for its consumers to complain about:
(a) activities that are or may be scams; or
(b) the entity’s conduct relating to such activities.
The entity must publish information about these mechanisms.
When undertaking such internal dispute resolution about a complaint, the entity must give a statement, relevant to the complaint, about whether it has complied with its obligations.
When undertaking such internal dispute resolution, the entity must have regard to:
(a) any processes prescribed by the SPF rules; and
(b) any guidelines prescribed by the SPF rules for apportioning any liability.
The entity must become a member of an authorised external dispute resolution scheme for dealing with complaints about scams if the entity provides services regulated by the Scams Prevention Framework.
The SPF code for the sector may include sector‑specific provisions for this principle.
(1) A regulated entity contravenes this subsection if the entity does not have an accessible mechanism for a person to report to the entity an activity that:
(a) is or may be a scam; and
(b) relates to, is connected with, or uses a regulated service of the entity; and
(c) impacts the person at a time when the person is an SPF consumer of the service.
Note: The reporting mechanism will need to extend to scams impacting the person at a time when the regulated service is only purportedly being provided to the person (see subsection 58AH(1) (about the meaning of SPF consumer)).
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity contravenes this subsection if the entity does not have an accessible and transparent internal dispute resolution mechanism to deal with a person’s complaint about:
(a) an activity that:
(i) is or may be a scam; and
(ii) relates to, is connected with, or uses a regulated service of the entity; and
(iii) impacts the person at a time when the person is an SPF consumer of the service; or
(b) the entity’s conduct relating to an activity of a kind described in paragraph (a).
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity contravenes this subsection if the entity:
(a) is undertaking internal dispute resolution in dealing with a person’s complaint of a kind described in paragraph 58BZD(1)(a) or (b); and
(b) does not give the person a statement of compliance in accordance with subsection (2).
Note: This subsection only applies to the entity when the SPF rules prescribe matters for paragraphs (2)(b), (d) and (e) that are relevant to the complaint.
(2) For the purposes of paragraph (1)(b), the statement of compliance must:
(a) include a statement by the regulated entity about whether, based on information reasonably available to the entity at the time of making the statement, it has complied with its obligations under the SPF provisions that are relevant to the complaint; and
(b) contain the kinds of information prescribed by the SPF rules that are relevant to the complaint; and
(c) not contain the kinds of information (if any) prescribed by the SPF rules that are relevant to the complaint; and
(d) be in writing and signed by a person who is an authorised representative of the entity of a kind prescribed by the SPF rules; and
(e) be given in accordance with the timeframes, and in the manner and form, prescribed by the SPF rules.
(3) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(4) A statement of compliance given by the entity under this section is admissible, in any proceeding that:
(a) relates to the complaint; and
(b) is under or relates to an SPF EDR scheme;
as prima facie evidence of the entity’s position, at the time of making the statement, on the matters in the statement.
(5) Nothing in this section limits or affects the admissibility in a proceeding of any other statement or evidence.
(1) A regulated entity contravenes this subsection if the entity:
(a) is undertaking internal dispute resolution in dealing with a person’s complaint of a kind described in paragraph 58BZD(1)(a) or (b); and
(b) in doing so, the entity fails to have regard to:
(i) any process prescribed by the SPF rules for undertaking internal dispute resolution; or
(ii) any guidelines prescribed by the SPF rules for apportioning any liability arising from the complaint.
(1A) To avoid doubt, guidelines prescribed for the purposes of subparagraph (1)(b)(ii) do not have to be consistent with sections 58FZD to 58FZK (about proportionate liability for concurrent wrongdoers in actions for damages).
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
(1) A regulated entity for a regulated sector contravenes this subsection if the entity fails to make publicly accessible information about the rights of SPF consumers of the entity’s regulated services for the sector under:
(a) the reporting mechanism required by subsection 58BZC(1); or
(b) the internal dispute resolution mechanism required by subsection 58BZD(1); or
(c) if the entity is a member of an SPF EDR scheme for the sector—the SPF EDR scheme.
(2) Subsection (1) is a civil penalty provision.
Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).
Regulated entity must not provide a regulated service if the entity is not a member of an SPF EDR scheme
(1) A regulated entity for a regulated sector contravenes this subsection if the entity:
(a) provides a regulated service for the sector that has one or more SPF consumers; and
(b) is not a member of an SPF EDR scheme for the sector.
Regulated entity that is a member of an SPF EDR scheme must give reasonable assistance to, and cooperate with, the scheme operator
(2) A regulated entity for a regulated sector contravenes this subsection if the entity:
(a) is a member of an SPF EDR scheme for the sector; and
(b) fails to give reasonable assistance to, or cooperate with, the operator of the scheme.
Regulated entity that is a member of an SPF EDR scheme must comply with related obligations in an SPF code
(3) A regulated entity for a regulated sector contravenes this subsection if the entity:
(a) is a member of an SPF EDR scheme for the sector; and
(b) fails to comply with an obligation in the SPF code for the sector that relates to the scheme.
Civil penalty provisions
(4) Subsections (1), (2) and (3) are civil penalty provisions.
Note: This means these subsections are civil penalty provisions of an SPF principle for the purposes of section 58FJ (about civil penalties).
For the purposes of (but without limiting) subsection 58CC(1), the SPF code for a regulated sector may include sector‑specific provisions setting out:
(a) conditions that must be met for a reporting mechanism required by subsection 58BZC(1); or
(b) conditions (such as standards and requirements) that must be met for an internal dispute resolution mechanism required by subsection 58BZD(1); or
(c) obligations that must be met in relation to an SPF EDR scheme for the sector by a regulated entity for the sector that is a member of the scheme.
The Minister may make a code for each regulated sector.
Each code is to include sector‑specific provisions for the following overarching principles of the Scams Prevention Framework (see Subdivisions B, C, D, F and G of Division 2):
(a) SPF principle 1—governance;
(b) SPF principle 2—prevent;
(c) SPF principle 3—detect;
(d) SPF principle 5—disrupt;
(e) SPF principle 6—respond.
Requirements in a code can be civil penalty provisions. The relevant SPF sector regulator will monitor, investigate and enforce compliance with these provisions. Division 6 sets out remedies for non‑compliance with these provisions.
The Minister may, by legislative instrument, make a code (an SPF code) for a regulated sector.
Main rule about the content of SPF codes
(1) An SPF code must:
(a) be consistent with the SPF principles; and
(b) deal with only:
(i) the themes or matters covered by Subdivisions B, C, D, F and G of Division 2; and
(ii) related or incidental matters; and
(c) subject to paragraphs (a) and (b), include provisions about matters of a kind (if any) prescribed by the SPF rules.
Related or incidental matters in SPF codes
(2) Without limiting subparagraph (1)(b)(ii), an SPF code for a regulated sector may include the following:
(a) provisions relating to only certain kinds of regulated services for the sector;
(b) provisions relating to only certain kinds of SPF consumers of regulated services for the sector;
(c) provisions dealing with the circumstances in which entities are, or may be, relieved from complying with requirements in the SPF code that would otherwise apply to them;
(d) a provision that:
(i) confers powers on the SPF sector regulator for the sector or on another person; or
(ii) depends on the SPF sector regulator for the sector, or another person, being satisfied of one or more specified matters;
(e) provisions for the making of applications for internal review, or of applications to the Administrative Review Tribunal for review, of decisions of a person under the SPF code;
(f) provisions about the manner or form in which persons or bodies:
(i) may exercise powers under the SPF code; or
(ii) must comply with requirements imposed by the SPF code;
which could include requiring the use of a form approved by the SPF sector regulator for the sector or by the SPF general regulator;
(g) provisions about the following matters:
(i) whether a regulated entity for the sector may charge (or cause to be charged) a fee for a matter covered by the SPF code;
(ii) the manner in which such a fee may be charged;
(iii) the time for paying such a fee;
(iv) giving notice of, or publicising, such a fee or matters about such a fee;
(h) provisions requiring agents of a regulated entity for the sector to do or not to do specified things when acting on behalf of the regulated entity and within the scope of the agent’s actual or apparent authority;
(i) provisions authorising a regulated entity for the sector to use or disclose SPF personal information to the extent necessary to comply with the entity’s obligations under the code;
(j) provisions about any other matters that the provisions of this Part provide may be included, or otherwise dealt with, in the SPF code.
Civil penalty provisions of the SPF code
(3) An SPF code may provide that specified provisions of the SPF code are civil penalty provisions (within the meaning of the Regulatory Powers Act).
Note: Division 6 of this Part deals with enforcing the civil penalty provisions.
Adopting matters in instruments as in force from time to time etc.
(4) An SPF code may make provision in relation to a matter by applying, adopting or incorporating (with or without modification) any matter contained in any other instrument or writing:
(a) as in force or existing at a particular time; or
(b) as in force or existing from time to time.
(5) Subsection (4) has effect despite subsection 14(2) of the Legislation Act 2003.
The Minister may, in writing, delegate the Minister’s power under section 58CB to make a code for a regulated sector to:
(a) another Minister; or
(b) the Commission; or
(c) the entity that is, or is to be, the SPF sector regulator for the sector.
Note: Sections 34AA to 34A of the Acts Interpretation Act 1901 contain provisions relating to delegations.
One or more external dispute resolution schemes may be authorised for dealing with consumer complaints about scams relating to, connected with, or using regulated services.
An existing scheme like the AFCA scheme could be authorised for this purpose, or new schemes could be developed and authorised.
(1) The Minister may, by legislative instrument, authorise an external dispute resolution scheme (an SPF EDR scheme) for the purposes of this Part and one or more regulated sectors if:
(a) the scheme is already authorised under a Commonwealth law for another purpose; or
(b) the Minister is satisfied that the requirements prescribed by the SPF rules for the purposes of subsection 58DC(1) are met for the scheme.
Note 1: For paragraph (a), the Minister could, for example, authorise the AFCA scheme (within the meaning of the Corporations Act 2001) to apply for the purposes of this Part and a regulated sector. If that happens, ASIC’s functions and powers relating to the AFCA scheme (for example, under section 1052A of that Act) will also apply for the purposes of this Part and the regulated sector.
Note 2: For variation and repeal, see subsection 33(3) of the Acts Interpretation Act 1901.
(2) Before authorising a scheme, the Minister must consider:
(a) the accessibility of the scheme; and
(b) the independence of the scheme; and
(c) the fairness of the scheme; and
(d) the accountability of the scheme; and
(e) the efficiency of the scheme; and
(f) the effectiveness of the scheme; and
(g) any other matters the Minister considers relevant.
A failure to comply with this subsection does not invalidate an instrument made under subsection (1) authorising the scheme.
(3) An instrument made under subsection (1) may make the authorisation of the scheme subject to specified conditions.
(4) An instrument made under subsection (1) authorising a scheme for which paragraph (1)(b) applies must set out the scheme.
(5) More than one scheme may be authorised under subsection (1).
(1) The SPF rules may prescribe the following requirements for a scheme for which paragraph 58DB(1)(b) is to apply:
(a) organisational requirements for membership of the scheme;
(b) requirements for the operator (the operator) of the scheme;
(c) requirements for how the scheme is to operate;
(d) requirements to be complied with by members of the scheme;
(e) requirements for making changes to the scheme.
(2) A scheme for which paragraph 58DB(1)(b) is to apply may also include provisions dealing with the following:
(a) powers of one or more of the following under the scheme:
(i) the Minister;
(ii) an SPF regulator;
(iii) a Commonwealth entity (within the meaning of the Public Governance, Performance and Accountability Act 2013);
(b) powers of the operator under the scheme, including powers to:
(i) seek information; and
(ii) make determinations of complaints; and
(iii) make determinations imposing financial and non‑financial remedies; and
(c) appeals to the Federal Court from such determinations by the operator;
(d) information sharing and reporting;
(e) a provision that depends on the operator or another person being satisfied of one or more specified matters;
(f) provisions about the following matters:
(i) the manner in which the operator may charge (or cause to be charged) a fee under the scheme;
(ii) the time for paying such a fee;
(iii) giving notice of, or publicising, such a fee or matters about such a fee;
(g) provisions about any other matters that the provisions of this Part provide may be specified, or otherwise dealt with, in the scheme.
Referring contraventions, failures and systemic issues
(1) If the operator of an SPF EDR scheme for a regulated sector becomes aware that:
(a) a serious contravention of any law may have occurred in connection with a complaint under the scheme; or
(b) a party to a complaint under the scheme may have failed to give effect to a determination by the operator relating to the complaint; or
(c) there is a systemic issue arising from the consideration of complaints under the scheme;
the operator must give particulars of the contravention, failure or issue to the SPF general regulator and to the SPF sector regulator for the sector.
Referring settled complaints
(2) If:
(a) the parties to a complaint made under an SPF EDR scheme for a regulated sector agree to a settlement of the complaint; and
(b) the operator of the scheme thinks the settlement may require investigation;
the operator may give particulars of the settlement to the SPF general regulator and to the SPF sector regulator for the sector.
De‑identifying any SPF personal information
(3) If any SPF personal information is to be given under subsection (1) or (2) by the operator of the scheme, the operator must de‑identify the information unless the operator reasonably believes that doing so would not achieve the object of this Part.
(1) An SPF regulator may disclose information to the operator of an SPF EDR scheme for the purposes of enabling or assisting the operator to perform any of the operator’s functions or powers.
(2) The SPF regulator may impose conditions to be complied with by the operator in relation to the information.
(3) If an SPF regulator is to disclose SPF personal information under subsection (1), the SPF regulator must de‑identify the information unless the SPF regulator reasonably believes that doing so would not achieve the object of this Part.
The Commission is the regulator (the SPF general regulator) of most aspects of the Scams Prevention Framework, in particular of the overarching principles of the Framework.
Other Commonwealth entities may be selected to be regulators (SPF sector regulators) of each of the SPF codes.
The SPF general regulator must enter into arrangements with the SPF sector regulators about the regulation and enforcement of the Framework. These regulators may disclose relevant information and documents to each other for this purpose.
(1) The Commission is the SPF general regulator for all SPF provisions apart from the provisions of SPF codes.
(2) The functions and powers of the SPF general regulator include:
(a) reviewing, and advising the Minister about, the operation of the SPF provisions; and
(b) the Commission’s functions and powers under section 155 to the extent that section 155 relates to:
(i) the SPF provisions, other than the provisions of SPF codes; or
(ii) a designated scams prevention framework matter (within the meaning of that section), other than the performance of a function, or the exercise of a power, conferred by or under an SPF code; and
(c) developing and publishing non‑binding guidance material relating to the SPF provisions, other than the provisions of SPF codes; and
(d) the functions and powers of the SPF general regulator conferred by any other SPF provisions.
Note: Paragraph (d) includes the SPF general regulator’s powers under the Regulatory Powers Act that are referred to in Division 6.
(1) The Commission may, by resolution, delegate any of:
(a) the Commission’s functions and powers (as the SPF general regulator) under an SPF provision; or
(b) the Commission’s functions and powers under section 155 as described in paragraph 58EB(2)(b);
to a person to whom subsection (3) applies.
(2) A member of the Commission may, by writing, delegate any of the member’s functions and powers under section 155 to the extent that section 155 relates to:
(a) the SPF provisions, other than the provisions of SPF codes; or
(b) a designated scams prevention framework matter (within the meaning of that section), other than the performance of a function, or the exercise of a power, conferred by or under an SPF code;
to a person to whom any of paragraphs (3)(b) to (e) applies.
(3) This subsection applies to the following persons:
(a) a member of the Commission;
(b) person who is an employee of the Commission who:
(i) is an SES employee or acting SES employee; or
(ii) holds or performs the duties of an Executive Level 1 or 2 position;
and who the Commission is satisfied has appropriate qualifications, training, skills or experience to perform the functions or exercise the powers;
(c) an SPF sector regulator;
(d) a member (if any) of an SPF sector regulator;
(e) an employee of an SPF sector regulator who holds or performs the duties of a position that is equivalent to a position mentioned in subparagraph (b)(i) or (ii).
(4) A delegation of functions or powers must not be made under subsection (1) or (2) to a person to whom paragraph (3)(c), (d) or (e) applies unless the relevant SPF sector regulator:
(a) has agreed to the delegation in writing; and
(b) in the case of a person to whom paragraph (3)(e) applies—is satisfied that the person has appropriate qualifications, training, skills or experience to perform the functions or exercise the powers.
(5) In performing any functions or exercising any powers under a delegation under subsection (1) or (2), the delegate must comply with any directions of the delegator.
(1) The Minister may, by legislative instrument, designate an entity that:
(a) is a Commonwealth entity (within the meaning of the Public Governance, Performance and Accountability Act 2013); and
(b) is already conferred functions by or under a law;
to be the SPF sector regulator for a regulated sector.
(2) The Commission is the SPF sector regulator for a regulated sector if (and while) no instrument under subsection (1) is in force for the sector.
Note: The Commission could also be designated under subsection (1) to be the SPF sector regulator for a regulated sector.
(3) The functions and powers of the SPF sector regulator for a regulated sector include those conferred:
(a) by the SPF code for the sector; or
(b) by any other SPF provisions; or
(c) if the SPF sector regulator is the Commission—the Commission’s functions and powers under section 155 to the extent that section 155 relates to:
(i) the provisions of the SPF code for the sector; or
(ii) a designated scams prevention framework matter (within the meaning of that section) involving the performance of a function, or the exercise of a power, conferred by or under the SPF code for the sector.
Note: The functions and powers of SPF regulators other than the Commission include the monitoring and investigating functions and powers referred to in Division 6 (see paragraph (b) of this subsection).
(4) The Minister may, in writing, delegate the Minister’s power under subsection (1) to another Minister.
Note: Sections 34AA to 34A of the Acts Interpretation Act 1901 contain provisions relating to delegations.
(1) An SPF sector regulator may, by writing, delegate any of the SPF sector regulator’s functions and powers under:
(a) an SPF provision, other than a provision of the Regulatory Powers Act; or
(b) if the SPF sector regulator is the Commission—the Commission’s functions and powers under section 155 as described in paragraph 58ED(3)(c);
to a person to whom subsection (3) applies.
Note: A function or power of the SPF sector regulator under a provision of the Regulatory Powers Act may be able to be delegated under the Subdivision of Division 6 of this Part that refers to that provision of that Act (for example, see subsection 58FE(5) of this Act).
(2) If an SPF sector regulator is the Commission, a member of the Commission may, by writing, delegate any of the member’s functions and powers under section 155 to the extent that section 155 relates to:
(a) the provisions of the SPF code for the sector; or
(b) a designated scams prevention framework matter (within the meaning of that section) involving the performance of a function, or the exercise of a power, conferred by or under the SPF code for the sector;
to a person to whom paragraph (3)(b) applies.
(3) This subsection applies to the following persons:
(a) a member (if any) of the SPF sector regulator;
(b) person who is an employee of the SPF sector regulator who:
(i) is an SES employee or acting SES employee; or
(ii) holds or performs the duties of an Executive Level 1 or 2 position; or
(iii) holds or performs the duties of a position that is equivalent to a position mentioned in subparagraph (i) or (ii);
and who the SPF sector regulator is satisfied has appropriate qualifications, training, skills or experience to perform the functions or exercise the powers.
(4) In performing any functions or exercising any powers under a delegation under subsection (1) or (2), the delegate must comply with any directions of the delegator.
(1) The SPF general regulator, and each SPF sector regulator, must enter into an arrangement relating to the regulation and enforcement of the SPF provisions.
(2) The SPF general regulator may choose to comply with subsection (1) by entering into:
(a) a single arrangement with all, or one or more, SPF sector regulators; or
(b) a separate arrangement with each SPF sector regulator.
However, subsection (1) does not apply to the extent that the Commission is an SPF sector regulator.
(3) The arrangement must include provisions relating to the matters (if any) prescribed by the SPF rules.
Note: For example, the SPF rules could require an SPF regulator that requests a scam report under subsection 58BS(1) to:
(a) notify each other SPF regulator of the request; and
(b) give a copy of the scam report to any of those other SPF regulators that asks for one.
(4) Each SPF regulator that is a party to such an arrangement must publish the arrangement on its website.
(5) A failure to comply with this section does not invalidate the performance or exercise of a function or power by an SPF regulator.
(1) The SPF general regulator must publish a statement on its website summarising, in general terms, the roles and responsibilities of:
(a) each SPF regulator; and
(b) each operator of an SPF EDR scheme; and
(c) any other entity the SPF general regulator considers appropriate;
with respect to the regulation, enforcement and administration of the SPF provisions.
Note: The purpose of the statement is to explain these matters at a high level.
(2) Before publishing the statement, the SPF general regulator must consult the entities mentioned in subsection (1).
(3) The statement is not a legislative instrument.
(1) An SPF regulator may disclose to another SPF regulator:
(a) particular information or documents; or
(b) information or documents of a particular kind;
held by the first‑mentioned SPF regulator that are relevant to the operation (including enforcement) of the SPF provisions.
(2) An SPF regulator may make a disclosure under subsection (1) on request or on its own initiative.
Note: This section means such a disclosure is permitted by provisions like:
(a) paragraph 155AAA(1)(b); and
(b) section 59DB of the Australian Communications and Media Authority Act 2005; and
(c) subsection 127(2) of the Australian Securities and Investments Commission Act 2001.
Similarly, the exception in paragraph 6.2(b) of Australian Privacy Principle 6 will apply to such a disclosure.
(3) SPF personal information may be disclosed under subsection (1).
An SPF regulator must have regard to the object of this Part when deciding whether to make a disclosure under this Subdivision.
Note: Arrangements made under section 58EF between SPF regulators could deal with when disclosures should be made (see subsection 58EF(3) in particular).
An SPF regulator need not notify any person that the SPF regulator:
(a) has collected SPF personal information under this Part; or
(b) plans to make a disclosure of information or documents under this Part; or
(c) has made such a disclosure under this Part; or
(d) plans to use information or documents disclosed under this Part; or
(e) has used such information or documents under this Part.
Nothing in this Part requires an SPF regulator to disclose information or documents that:
(a) concern the internal administrative functioning of that regulator; or
(b) disclose a matter in respect of which that regulator or any other person has claimed legal professional privilege; or
(c) are of a kind prescribed by the SPF rules.
The Commission, in its role as the SPF general regulator or an SPF sector regulator, may use its powers under this Act (including section 155) to monitor and investigate compliance with the aspects of the Scams Prevention Framework that are relevant for that role.
If the ACMA or ASIC is an SPF sector regulator, it must use powers in its own legislation to monitor and investigate compliance with an SPF code for the sector. Other SPF sector regulators may monitor and investigate compliance with an SPF code either using the powers in Subdivision B or, with the Minister’s permission, powers in their own legislation.
The maximum penalties for contraventions of the civil penalty provisions of the Scams Prevention Framework are set out in Subdivision C.
Other remedies for contraventions of the Framework are set out in later Subdivisions of this Division, and include:
(a) infringement notices; and
(b) enforceable undertakings; and
(c) injunctions; and
(d) actions for damages; and
(e) public warning notices; and
(f) remedial directions; and
(g) adverse publicity orders; and
(h) other punitive and non‑punitive orders.
Some of these remedies may also be available against a person involved in a contravention of the Framework by a regulated entity, such as a senior officer of the regulated entity (for example, see subsection 58FW(1)).
Note: Sections 58GA to 58GC extend the meaning of person for partnerships, unincorporated associations and trusts.
(1) An SPF regulator may, in writing, appoint a person who is one of the following to be an inspector of that regulator for the purposes of one or more Subdivisions of this Division:
(a) a person who is an employee of that regulator who:
(i) is an SES employee or acting SES employee; or
(ii) holds or performs the duties of an Executive Level 1 or 2 position; or
(iii) holds or performs the duties of a position that is equivalent to a position mentioned in subparagraph (i) or (ii);
(b) a member or special member of the Australian Federal Police.
(2) However, the SPF regulator must not appoint a person as an inspector unless the SPF regulator is satisfied that the person has appropriate qualifications, training, skills or experience to exercise the powers of an inspector.
(3) A person must, in exercising powers as an inspector of an SPF regulator, comply with any directions of the SPF regulator that are of an administrative character.
(4) If (and while) no appointments under subsection (1) by an SPF regulator are in force for the purposes of a Subdivision of this Division, the SPF regulator is an inspector of the SPF regulator for the purposes of that Subdivision.
Subject to section 58FM (about civil penalties), a provision of this Division does not limit a court’s powers under any other provision of this Act or of any other Act.
If a court considers that:
(a) it is appropriate to order a person (the defendant) to pay a pecuniary penalty under an SPF civil penalty order in relation to a contravention or conduct; and
(b) it is appropriate to order under Subdivision G the defendant to pay compensation to a person who has suffered loss or damage as result of that contravention or conduct; and
(c) the defendant does not have sufficient financial resources to pay both the pecuniary penalty and the compensation;
the court must give preference to making an order for compensation.
No alternative monitoring powers apply
(1) This section applies for the SPF code for a regulated sector unless:
(a) the ACMA, ASIC or the Commission is the SPF sector regulator for the sector; or
(b) a declaration is in force under subsection 58FI(2) declaring that provisions that include monitoring powers of the kind mentioned in subparagraph 58FI(1)(a)(i) apply in relation to provisions of the SPF code.
Provisions subject to monitoring
(2) Each provision of the SPF code is subject to monitoring under Part 2 of the Regulatory Powers Act.
Note: Part 2 of the Regulatory Powers Act creates a framework for monitoring whether these provisions have been complied with. That Part includes powers of entry and inspection.
Information subject to monitoring
(3) Information given in compliance or purported compliance with the SPF code is subject to monitoring under Part 2 of the Regulatory Powers Act.
Note: Part 2 of the Regulatory Powers Act creates a framework for monitoring whether the information is correct. It includes powers of entry and inspection.
Related provisions, authorised applicant, authorised person, issuing officer, relevant chief executive and relevant court
(4) For the purposes of Part 2 of the Regulatory Powers Act, as that Part applies in relation to the provisions mentioned in subsection (2) and the information mentioned in subsection (3):
(a) there are no related provisions; and
(b) an inspector of the SPF sector regulator is an authorised applicant; and
(c) an inspector of the SPF sector regulator is an authorised person; and
(d) a magistrate is an issuing officer; and
(e) the SPF sector regulator is the relevant chief executive; and
(f) each of the following courts is a relevant court:
(i) the Federal Court;
(ii) the Federal Circuit and Family Court of Australia (Division 2);
(iii) a court of a State or Territory that has jurisdiction in relation to the matter.
(5) The relevant chief executive may, in writing, delegate the powers and functions mentioned in subsection (6) to:
(a) an SES employee, or acting SES employee, of the SPF sector regulator; or
(b) an employee of the SPF sector regulator who holds or performs the duties of a position that is equivalent to an SES employee;
if the relevant chief executive is satisfied that the employee has appropriate qualifications, training, skills or experience to exercise the powers and perform the functions.
(6) The powers and functions that may be delegated are:
(a) powers and functions under Part 2 of the Regulatory Powers Act in relation to the provisions mentioned in subsection (2) and the information mentioned in subsection (3); and
(b) powers and functions under the Regulatory Powers Act that are incidental to a power or function mentioned in paragraph (a) of this subsection.
(7) A person exercising powers or performing functions under a delegation under subsection (5) must comply with any directions of the relevant chief executive.
Person assisting
(8) An authorised person may be assisted by other persons in exercising powers or performing functions or duties under Part 2 of the Regulatory Powers Act in relation to the provisions mentioned in subsection (2) and the information mentioned in subsection (3).
No alternative investigation powers apply
(1) This section applies for the SPF code for a regulated sector unless:
(a) the ACMA, ASIC or the Commission is the SPF sector regulator for the sector; or
(b) a declaration is in force under subsection 58FI(2) declaring that provisions that include investigation powers of the kind mentioned in subparagraph 58FI(1)(a)(ii) apply in relation to provisions of the SPF code.
Provisions subject to investigation
(2) Each civil penalty provision of the SPF code is subject to investigation under Part 3 of the Regulatory Powers Act.
Note: Part 3 of the Regulatory Powers Act creates a framework for investigating whether a provision has been contravened. It includes powers of entry, search and seizure.
Related provisions, authorised applicant, authorised person, issuing officer, relevant chief executive and relevant court
(3) For the purposes of Part 3 of the Regulatory Powers Act, as that Part applies in relation to evidential material that relates to a provision mentioned in subsection (2):
(a) there are no related provisions; and
(b) an inspector of the SPF sector regulator is an authorised applicant; and
(c) an inspector of the SPF sector regulator is an authorised person; and
(d) a magistrate is an issuing officer; and
(e) the SPF sector regulator is the relevant chief executive; and
(f) each of the following courts is a relevant court:
(i) the Federal Court;
(ii) the Federal Circuit and Family Court of Australia (Division 2);
(iii) a court of a State or Territory that has jurisdiction in relation to the matter.
(4) The relevant chief executive may, in writing, delegate the powers and functions mentioned in subsection (5) to:
(a) an SES employee, or acting SES employee, of the SPF sector regulator; or
(b) an employee of the SPF sector regulator who holds or performs the duties of a position that is equivalent to an SES employee.
if the relevant chief executive is satisfied that the employee has appropriate qualifications, training, skills or experience to exercise the powers and perform the functions.
(5) The powers and functions that may be delegated are:
(a) powers and functions under Part 3 of the Regulatory Powers Act in relation to evidential material that relates to a provision mentioned in subsection (2); and
(b) powers and functions under the Regulatory Powers Act that are incidental to a power or function mentioned in paragraph (a).
(6) A person exercising powers or performing functions under a delegation under subsection (4) must comply with any directions of the relevant chief executive.
Person assisting
(7) An authorised person may be assisted by other persons in exercising powers or performing functions or duties under Part 3 of the Regulatory Powers Act in relation to evidential material that relates to a provision mentioned in subsection (2).
(1) This section applies if the ACMA is the SPF sector regulator for a regulated sector.
(2) Part 26 of the Telecommunications Act 1997 also applies:
(a) to the ACMA in the ACMA’s capacity as the SPF sector regulator; and
(b) in relation to a contravention of the SPF code for the sector in a corresponding way to the way that Part applies in relation to a contravention of that Act that does not relate to the content of a content service.
(3) Part 27 of the Telecommunications Act 1997 also applies:
(a) to the ACMA in the ACMA’s capacity as the SPF sector regulator; and
(b) in relation to the performance of any of the ACMA’s functions under the SPF code for the sector in a corresponding way to the way that Part applies in relation to the performance of any of the ACMA’s telecommunications functions; and
(c) in relation to the exercise of any of the ACMA’s powers under the SPF code for the sector in a corresponding way to the way that Part applies in relation to the exercise of any of the ACMA’s telecommunications powers.
(3) For the purposes of this additional application of Parts 26 and 27 of the Telecommunications Act 1997, the Minister may, by legislative instrument, specify modifications of one or more provisions of those Parts to remove any doubt about how those provisions apply in such a corresponding way in relation to the SPF code.
Note: The modifications are for this additional application of those Parts, and are not modifications of those Parts as they ordinarily apply.
(4) The instrument has effect accordingly.
(5) In this section:
ACMA’s telecommunications functions has the same meaning as in the Telecommunications Act 1997.
ACMA’s telecommunications powers has the same meaning as in the Telecommunications Act 1997.
content service has the same meaning as in the Telecommunications Act 1997.
(1) This section applies if ASIC is the SPF sector regulator for a regulated sector.
(2) ASIC’s alternative power provisions also apply:
(a) to ASIC in ASIC’s capacity as the SPF sector regulator; and
(b) in relation to the provisions of the SPF code for the sector in a corresponding way to the way:
(i) ASIC’s alternative power provisions (other than those mentioned in subparagraph (ii)) apply in relation to the corporations legislation (other than the excluded provisions); and
(ii) sections 28, 30, 31 to 39, 39B and 39C and subsection 67(2) of the ASIC Act apply in relation to the corporations legislation.
(3) For the purposes of this additional application of ASIC’s alternative power provisions, the Minister may, by legislative instrument, specify modifications of one or more of those provisions to remove any doubt about how those provisions apply in such a corresponding way in relation to the provisions of the SPF code.
Note: The modifications are for this additional application of ASIC’s alternative power provisions, and are not modifications of those provisions as they ordinarily apply.
(4) The instrument has effect accordingly.
(5) In this section:
ASIC Act means the Australian Securities and Investments Commission Act 2001.
ASIC’s alternative power provisions means Divisions 1, 2, 3 (other than sections 30A, 30B and 39A), 7, 9 and 10 of Part 3 of the ASIC Act.
corporations legislation has the same meaning as in the ASIC Act.
excluded provisions has the same meaning as in the ASIC Act.
(1) This section applies if provisions of another law (the alternative power provisions):
(a) provide an entity with powers to:
(i) monitor compliance or purported compliance with provisions of a law (the alternative regulatory provisions); or
(ii) investigate provisions of a law (also the alternative regulatory provisions); or
(b) enable the effective operation and enforcement of such powers.
Note: Paragraph (b) covers, for example, a provision making it an offence to fail to appear to answer questions in relation to an investigation.
(2) The Minister may, by legislative instrument, declare that specified alternative power provisions (that relate to a specified entity and specified alternative regulatory provisions) also apply:
(a) to the entity in the entity’s capacity as the SPF sector regulator for a regulated sector; and
(b) in relation to specified provisions of the SPF code for the sector in a corresponding way to the way the alternative power provisions apply in relation to the alternative regulatory provisions.
(3) For the purposes of this additional application of the alternative power provisions, the instrument may specify modifications of one or more of those provisions to remove any doubt about how those provisions apply in such a corresponding way in relation to the specified provisions of the SPF code.
Note: The modifications are for this additional application of the alternative power provisions, and are not modifications of those provisions as they ordinarily apply.
(4) The instrument has effect accordingly.
Enforcing civil penalty provisions
(1) Each of the following is enforceable under Part 4 of the Regulatory Powers Act:
(a) a civil penalty provision of an SPF principle;
(b) a civil penalty provision of an SPF code.
Note: Part 4 of the Regulatory Powers Act allows a civil penalty provision to be enforced by obtaining an order for a person to pay a pecuniary penalty for the contravention of the provision.
Authorised applicant
(2) For the purposes of Part 4 of the Regulatory Powers Act:
(a) the SPF general regulator is an authorised applicant in relation to each civil penalty provision of an SPF principle; and
(b) the SPF sector regulator for a regulated sector is an authorised applicant in relation to each civil penalty provision of the SPF code for the sector.
Relevant court
(3) For the purposes of Part 4 of the Regulatory Powers Act, each of the following courts is a relevant court in relation to each provision referred to in subsection (1):
(a) the Federal Court;
(b) the Federal Circuit and Family Court of Australia (Division 2);
(c) a court of a State or Territory that has jurisdiction in relation to the matter.
(1) Despite subsection 82(5) of the Regulatory Powers Act, the pecuniary penalty payable by a person:
(a) under an SPF civil penalty order; and
(b) for a contravention of a civil penalty provision of an SPF principle in any of Subdivisions C, D, F or G of Division 2 of this Part;
must not be more than the maximum penalty amount worked out under this section for such a contravention by the person.
Maximum amount of civil penalty for bodies corporate
(2) For the purposes of subsection (1), the maximum penalty amount for such a contravention by a body corporate is the greater of the following:
(a) 159,745 penalty units;
(b) if the relevant court (see subsection 58FJ(3)) can determine the total value of the benefit that:
(i) the body corporate; and
(ii) any body corporate related to the body corporate;
have obtained directly or indirectly and that is reasonably attributable to the contravention—3 times that total value;
(c) if that court cannot determine that total value—30% of the adjusted turnover of the body corporate during the breach turnover period for the contravention.
Maximum amount of civil penalty for other persons
(3) For the purposes of subsection (1), the maximum penalty amount for such a contravention by a person other than a body corporate is 7,990 penalty units.
(1) Despite subsection 82(5) of the Regulatory Powers Act, the pecuniary penalty payable by a person:
(a) under an SPF civil penalty order; and
(b) for a contravention of:
(i) a civil penalty provision of an SPF principle in Subdivision B or E of Division 2 of this Part; or
(ii) a civil penalty provision of an SPF code;
must not be more than the maximum penalty amount worked out under this section for such a contravention by the person.
Maximum amount of civil penalty for bodies corporate
(2) For the purposes of subsection (1), the maximum penalty amount for such a contravention by a body corporate is the greater of the following:
(a) 31,950 penalty units;
(b) if the relevant court (see subsection 58FJ(3)) can determine the total value of the benefit that:
(i) the body corporate; and
(ii) any body corporate related to the body corporate;
have obtained directly or indirectly and that is reasonably attributable to the contravention—3 times that total value;
(c) if that court cannot determine that total value—10% of the adjusted turnover of the body corporate during the breach turnover period for the contravention.
Maximum amount of civil penalty for other persons
(3) For the purposes of subsection (1), the maximum penalty amount for such a contravention by a person other than a body corporate is 1,600 penalty units.
If a person is ordered under an SPF civil penalty order to pay a pecuniary penalty in respect of particular conduct, the person is not liable to:
(a) a pecuniary penalty for contravening another civil penalty provision of an SPF principle or of an SPF code; or
(b) a pecuniary penalty under some other provision of a law of the Commonwealth;
in respect of that conduct.
Note: A court may make other kinds of orders under this Division, for example under section 58FZC (actions for damages), in relation to particular conduct even if the court has made an SPF civil penalty order in relation to that conduct.
(1) The purpose of this Subdivision is to provide for the issue of an infringement notice to a person for an alleged contravention of:
(a) a civil penalty provision of an SPF principle in Subdivision B or E of Division 2 of this Part; or
(b) a civil penalty provision of an SPF code;
as an alternative to proceedings for an SPF civil penalty order.
(2) This Subdivision does not:
(a) require an SPF infringement notice to be issued for an alleged contravention of such a civil penalty provision; or
(b) affect a person’s liability to proceedings for an SPF civil penalty order in relation to an alleged contravention of a civil penalty provision if:
(i) an SPF infringement notice is not issued to the person for the contravention; or
(ii) an SPF infringement notice issued to the person for the contravention is withdrawn under section 58FU; or
(c) prevent a court from imposing a higher penalty than the penalty specified in the SPF infringement notice if the person does not comply with the notice.
Notices for contraventions of certain SPF principles
(1) If an inspector of the SPF general regulator reasonably believes that a person has contravened a civil penalty provision of an SPF principle in Subdivision B or E of Division 2 of this Part, the inspector may issue a notice (an SPF infringement notice) to the person.
Notices for contraventions of SPF codes
(2) If an inspector of the SPF sector regulator for a regulated sector reasonably believes that a person has contravened a civil penalty provision of the SPF code for the sector, the inspector may issue a notice (an SPF infringement notice) to the person.
Only one notice for each contravention
(3) Inspectors for an SPF regulator must not issue more than one SPF infringement notice to the person for the same alleged contravention of a civil penalty provision.
When notices do not have any effect
(4) An SPF infringement notice does not have any effect if the notice:
(a) is issued more than 12 months after the day that the relevant contravention is alleged to have occurred; or
(b) relates to more than one alleged contravention of a civil penalty provision by the person.
An SPF infringement notice must:
(a) be identified by a unique number; and
(b) state the day on which it is issued; and
(c) state the name of the person to whom it is issued; and
(d) state the name of the inspector who issued the notice, that the inspector is an inspector of the applicable SPF regulator, and how that SPF regulator may be contacted; and
(e) give details of the alleged contravention, including:
(i) the day of the alleged contravention; and
(ii) the civil penalty provision that was allegedly contravened; and
(f) state the maximum pecuniary penalty that a court could order the person to pay if the court were to make an SPF civil penalty order for the alleged contravention; and
(g) specify the penalty that is payable in relation to the alleged contravention; and
(h) state that the penalty is payable within the infringement notice compliance period for the notice; and
(i) state that the penalty is payable to the SPF regulator on behalf of the Commonwealth; and
(j) explain how payment of the penalty is to be made; and
(k) explain the effect of sections 58FR to 58FU.
The penalty to be specified in an SPF infringement notice that is to be issued to a person must be equal to the following amount:
(a) if the person is a body corporate—60 penalty units;
(b) otherwise—12 penalty units.
(1) This section applies if:
(a) an SPF infringement notice for an alleged contravention of a civil penalty provision is issued to a person; and
(b) the person pays the penalty specified in the notice within the infringement notice compliance period and in accordance with the notice; and
(c) the notice is not withdrawn under section 58FU.
(2) The person is not, merely because of the payment, regarded as having contravened the civil penalty provision.
(3) No proceedings (whether criminal or civil) may be started or continued against the person, by or on behalf of the Commonwealth, in relation to the alleged contravention of the civil penalty provision.
If:
(a) an SPF infringement notice for an alleged contravention of a civil penalty provision is issued to a person; and
(b) the person fails to pay the penalty specified in the notice within the infringement notice compliance period and in accordance with the notice; and
(c) the notice is not withdrawn under section 58FU;
the person is liable to proceedings for an SPF civil penalty order in relation to the alleged contravention of the civil penalty provision.
(1) Subject to this section, the infringement notice compliance period, for an SPF infringement notice issued to a person, is the period of 28 days beginning on the day after the day that the notice is so issued by an inspector of an SPF regulator.
(2) The SPF regulator may, by giving written notice to the person, extend that infringement notice compliance period if the SPF regulator is satisfied that it is appropriate to do so.
(3) Only one extension may be given and the extension must not be for longer than 28 days.
(4) A failure to give the person written notice of the extension does not affect the validity of the extension.
(5) If an infringement notice compliance period for an SPF infringement notice is extended under this section, a reference in this Subdivision to the infringement notice compliance period is taken to be a reference to that period as so extended.
Representations to the SPF regulator
(1) A person to whom an SPF infringement notice has been issued:
(a) by an inspector of an SPF regulator; and
(b) for an alleged contravention of a civil penalty provision;
may make written representations to the SPF regulator seeking the withdrawal of the notice.
(2) Evidence or information that:
(a) the person; or
(b) a representative of the person;
gives to the SPF regulator in the course of making representations under subsection (1) is not admissible in evidence against the person or representative in any proceedings (other than proceedings for an offence based on the evidence or information given being false or misleading).
Withdrawal by the SPF regulator
(3) If an inspector of an SPF regulator issues an SPF infringement notice to a person, the SPF regulator may, by giving written notice (a withdrawal notice) to the person, withdraw the SPF infringement notice if the SPF regulator is satisfied that it is appropriate to do so.
(4) Subsection (3) applies whether or not the person has made representations seeking the withdrawal.
Content of withdrawal notices
(5) The withdrawal notice must state:
(a) the name and address of the person; and
(b) the day on which the SPF infringement notice was issued to the person; and
(c) that the SPF infringement notice is withdrawn; and
(d) that proceedings for an SPF civil penalty order may be started or continued against the person in relation to the alleged contravention of the civil penalty provision.
Time limit for giving withdrawal notices
(6) To be effective, the withdrawal notice must be given to the person within the infringement notice compliance period for the SPF infringement notice.
Refunds
(7) If an SPF regulator withdraws an SPF infringement notice given to a person after the person has paid the penalty specified in the SPF infringement notice, the SPF regulator must refund to the person an amount equal to the amount paid.
Accepting an undertaking
(1) The SPF general regulator may accept a written undertaking given by a person for the purposes of this section in connection with compliance with a provision of the SPF principles.
(2) The SPF sector regulator for a regulated sector may accept a written undertaking given by a person for the purposes of this section in connection with compliance with a provision of the SPF code for the sector.
Withdrawing or varying the undertaking
(3) The person who gave the undertaking may withdraw or vary it at any time, but only with the consent of the SPF regulator who accepted it.
Orders for enforcing the undertaking
(4) If an SPF regulator considers that the person who gave the SPF regulator an undertaking has breached any of its terms, the SPF regulator may apply to the Court for an order under subsection (5).
(5) If the Court is satisfied that the person has breached a term of the undertaking, the Court may make all or any of the following orders:
(a) an order directing the person to comply with that term of the undertaking;
(b) an order directing the person to pay to the Commonwealth an amount up to the amount of any financial benefit that the person has obtained directly or indirectly and that is reasonably attributable to the breach;
(c) any order that the Court considers appropriate directing the person to compensate any other person who has suffered loss or damage as a result of the breach;
(d) any other order that the Court considers appropriate.
Definitions
(6) In this section:
Court, in relation to a matter, means any court having jurisdiction in the matter.
(1) The Court may, on application, grant an injunction in such terms as the Court considers appropriate if the Court is satisfied that a person has engaged, or is proposing to engage, in conduct that constitutes or would constitute:
(a) a contravention of:
(i) a civil penalty provision of an SPF principle; or
(ii) a civil penalty provision of an SPF code; or
(b) attempting to contravene such a provision; or
(c) aiding, abetting, counselling or procuring a person to contravene such a provision; or
(d) inducing, or attempting to induce, whether by threats, promises or otherwise, a person to contravene such a provision; or
(e) being in any way, directly or indirectly, knowingly concerned in, or party to, the contravention by a person of such a provision; or
(f) conspiring with others to contravene such a provision.
(2) In this Subdivision:
Court, in relation to a matter, means any court having jurisdiction in the matter.
(1) The Court may grant an injunction under section 58FW restraining a person from engaging in conduct:
(a) whether or not it appears to the Court that the person intends to engage again, or to continue to engage, in conduct of that kind; and
(b) whether or not the person has previously engaged in conduct of that kind; and
(c) whether or not there is an imminent danger of substantial damage to any person if the first‑mentioned person engages in conduct of that kind.
(2) The Court may grant an injunction under section 58FW requiring a person to do an act or thing:
(a) whether or not it appears to the Court that the person intends to refuse or fail again, or to continue to refuse or fail, to do that act or thing; and
(b) whether or not the person has previously refused or failed to do that act or thing; and
(c) whether or not there is an imminent danger of substantial damage to any person if the first‑mentioned person refuses or fails to do that act or thing.
(3) The Court may grant an injunction under section 58FW by consent of all the parties to the proceedings whether or not the Court is satisfied that a person has engaged, or is proposing to engage, in conduct of a kind mentioned in that section.
The Court may, if in the opinion of the Court it is desirable to do so, grant an interim injunction pending determination of an application for an injunction under section 58FW.
The Court may rescind or vary an injunction granted under this Subdivision.
(1) An application for an injunction under this Subdivision may be made by an SPF regulator or any other person.
(2) If an SPF regulator applies for such an injunction, the Court must not require the applicant or any other person, as a condition of granting an interim injunction, to give any undertakings as to damages.
(3) If:
(a) a person other than an SPF regulator:
(i) applies for such an injunction; and
(ii) apart from this subsection, would be required by the Court to give an undertaking as to damages or costs; and
(b) an SPF regulator gives the undertaking;
the Court must accept the undertaking by the SPF regulator and must not require a further undertaking from any other person.
The powers conferred on the Court by this Subdivision are in addition to, and not instead of, any other powers of the Court, whether conferred by this Act or otherwise.
(1) A person (the victim) who suffers loss or damage by conduct of another person that was done in contravention of:
(a) a civil penalty provision of an SPF principle; or
(b) a civil penalty provision of an SPF code;
may recover the amount of the loss or damage by action against that other person.
(2) An SPF regulator may make a claim under subsection (1) on behalf of the victim if the SPF regulator has the victim’s written consent to do so.
(3) A claim under subsection (1) may be made at any time within 6 years after the day the cause of action that relates to the conduct accrued.
(4) However, this section applies subject to sections 58FZD to 58FZK (about proportionate liability for concurrent wrongdoers).
Note: See subsection 58FZF(1) in particular.
(1) In this Subdivision, a concurrent wrongdoer, in relation to a claim under subsection 58FZC(1), is a person who is one of 2 or more persons:
(a) who each contravened a civil penalty provision of an SPF principle or a civil penalty provision of an SPF code (whether or not the same civil penalty provision); and
(b) whose contraventions caused, independently of each other or jointly, the loss or damage that is the subject of the claim.
(2) For the purposes of this Subdivision, a person can be a concurrent wrongdoer if the person is insolvent, is being wound up or has ceased to exist or died.
(1) Nothing in this Subdivision operates to exclude the liability of a concurrent wrongdoer (an excluded concurrent wrongdoer) in proceedings involving a claim under subsection 58FZC(1) to recover an amount of loss or damage if:
(a) the concurrent wrongdoer intended to cause the loss or damage; or
(b) the concurrent wrongdoer fraudulently caused the loss or damage.
(2) The liability of an excluded concurrent wrongdoer is to be determined in accordance with the legal rules (if any) that (apart from sections 58FZD to 58FZK) are relevant.
(3) The liability of any other concurrent wrongdoer who is not an excluded concurrent wrongdoer is to be determined in accordance with the other provisions of this Subdivision.
(1) In any proceedings involving a claim under subsection 58FZC(1) to recover an amount of loss or damage:
(a) the liability of a defendant who is a concurrent wrongdoer in relation to the claim is limited to an amount reflecting that proportion of the loss or damage that the court considers just having regard to the extent of the defendant’s responsibility for the loss or damage; and
(b) the court may give judgment against the defendant for not more than that amount.
(2) If the proceedings also involve another claim that is not a claim under subsection 58FZC(1), liability for the other claim is to be determined in accordance with the legal rules, if any, that (apart from this Subdivision) are relevant.
(3) In apportioning responsibility between defendants in the proceedings:
(a) the court is to exclude that proportion of the loss or damage in relation to which the victim is contributorily negligent under any relevant law; and
(b) the court may have regard to the comparative responsibility of any concurrent wrongdoer who is not a party to the proceedings.
(4) This section applies in proceedings whether or not all concurrent wrongdoers are parties to the proceedings.
(5) A reference in this Subdivision to a defendant in proceedings includes any person joined as a defendant or other party in the proceedings (except as a plaintiff) whether joined under this Subdivision, under rules of court or otherwise.
(1) If:
(a) a defendant in proceedings involving a claim under subsection 58FZC(1) has reasonable grounds to believe that a particular person (the other person) may be a concurrent wrongdoer in relation to the claim; and
(b) the defendant fails to give the plaintiff, as soon as practicable, written notice of the information that the defendant has about:
(i) the identity of the other person; and
(ii) the circumstances that may make the other person a concurrent wrongdoer in relation to the claim; and
(c) the plaintiff unnecessarily incurs costs in the proceedings because the plaintiff was not aware that the other person may be a concurrent wrongdoer in relation to the claim;
the court hearing the proceedings may order that the defendant pay all or any of those costs of the plaintiff.
Note: The plaintiff is the victim or an SPF regulator (see subsections 58FZC(1) and (2)).
(2) The court may order that the costs to be paid by the defendant be assessed on an indemnity basis or otherwise.
A defendant against whom judgment is given under this Subdivision as a concurrent wrongdoer in relation to a claim under subsection 58FZC(1):
(a) cannot be required to contribute to any damages or contribution recovered from another concurrent wrongdoer in respect of the claim (whether or not the damages or contribution are recovered in the same proceedings in which judgment is given against the defendant); and
(b) cannot be required to indemnify any such wrongdoer.
(1) For a claim under subsection 58FZC(1), nothing in this Subdivision or any other law prevents a plaintiff (or a victim) who has previously recovered judgment against a concurrent wrongdoer for an apportionable part of any loss or damage from bringing another action against any other concurrent wrongdoer for that loss or damage.
(2) However, in any proceedings in respect of any such action, an amount of damages cannot be recovered by or for the victim that, having regard to any damages previously recovered by or for the victim in respect of the loss or damage, would result in the victim receiving compensation for loss or damage that is greater than the loss or damage actually sustained by the victim.
(1) The court may give leave for any one or more persons to be joined as defendants in proceedings involving a claim under subsection 58FZC(1).
(2) The court is not to give leave for the joinder of any person who was a party to any previously concluded proceedings in respect of the claim.
Nothing in this Subdivision:
(a) prevents a person being held vicariously liable for a proportion of a claim under subsection 58FZC(1) for which another person is liable; or
(b) prevents a person from being held severally liable with another person for that proportion of a claim under subsection 58FZC(1) for which the other person is liable; or
(c) affects the operation of any other provision of this Act or of any other Act to the extent that the provision imposes several liability on any person in respect of what would otherwise be a claim under subsection 58FZC(1).
Suspected contraventions of a provision of the SPF principles
(1) The SPF general regulator may issue to the public a written notice containing a warning about the conduct of a person if the SPF general regulator:
(a) reasonably suspects that the person’s conduct may constitute a contravention of a specified provision of the SPF principles; and
(b) is satisfied that one or more persons has suffered, or is likely to suffer, detriment as a result of the conduct; and
(c) is satisfied that it is in the public interest to issue the notice.
Suspected contraventions of a provision of an SPF code
(2) The SPF sector regulator for a regulated sector may issue to the public a written notice containing a warning about the conduct of a person if the SPF sector regulator:
(a) reasonably suspects that the person’s conduct may constitute a contravention of a specified provision of the SPF code for the sector; and
(b) is satisfied that one or more persons has suffered, or is likely to suffer, detriment as a result of the conduct; and
(c) is satisfied that it is in the public interest to issue the notice.
Related matters
(3) An SPF regulator that issues a notice under subsection (1) or (2) must publish the notice on the SPF regulator’s website.
(4) A notice under subsection (1) or (2) is not a legislative instrument.
Giving directions—to comply with an SPF principle
(1) If the SPF general regulator reasonably suspects that a regulated entity:
(a) is failing to comply with an SPF principle; or
(b) will fail to comply with an SPF principle;
the SPF general regulator may, by written notice given to the entity, direct the entity to take specified action to comply with that SPF principle.
Giving directions—to comply with an SPF code
(2) If the SPF sector regulator for a regulated sector reasonably suspects that a regulated entity for the sector:
(a) is failing to comply with a provision of the SPF code for the sector; or
(b) will fail to comply with such a provision;
the SPF sector regulator may, by written notice given to the entity, direct the entity to take specified action to comply with that provision of the SPF code.
Complying with a direction
(3) A regulated entity given a direction under subsection (1) or (2) must comply with the direction.
(a) within the time specified in the direction, which must be a reasonable time; or
(b) if the direction does not specify a reasonable time—within a reasonable time.
(4) Subsection (3) is a civil penalty provision.
Note: To work out how sections 58FJ to 58FL (about civil penalties) apply to subsection (3), see the definitions of civil penalty provision of an SPF principle, and civil penalty provision of an SPF code in subsection 4(1).
Extending the time for complying with a direction
(5) The SPF regulator who gives a direction under subsection (1) or (2) to an entity may extend the time for complying with the direction by written notice given to the entity.
Before giving a direction
(6) Before an SPF regulator gives an entity a direction under subsection (1) or (2), the SPF regulator must give the entity an opportunity to make submissions to the SPF regulator on the matter.
Varying and revoking directions
(7) An SPF regulator may vary or revoke a direction given by the SPF regulator under subsection (1) or (2) in like manner and subject to like conditions.
Publishing directions
(8) As soon as practicable after an SPF regulator gives, varies or revokes a direction under subsection (1) or (2), the SPF regulator must publish a notice of its action on its website.
Making adverse publicity orders
(1) The Court may, on application, make an adverse publicity order against a person who has been ordered to pay a pecuniary penalty under an SPF civil penalty order.
(2) Such an order may require the person to:
(a) disclose, in the way and to the persons specified in the order, specified information that the person has possession of or access to; and
(b) publish, at the person’s expense and in in a specified way, an advertisement in the terms specified in, or determined in accordance with, the order.
Applying for adverse publicity orders
(3) An application for such an order may be made by:
(a) if the SPF civil penalty order was for a contravention of a civil penalty provision of an SPF principle—the SPF general regulator; or
(b) if the SPF civil penalty order was for a contravention of a civil penalty provision of an SPF code for a regulated sector—the SPF sector regulator for the sector.
Definitions
(4) In this section:
Court, in relation to a matter, means any court having jurisdiction in the matter.
Making non‑punitive orders
(1) The Court may, on application, make one or more of the following orders in relation to a person who has engaged in conduct contravening an SPF principle or a provision of an SPF code:
(a) a community service order;
(b) a probation order for a period of no longer than 3 years;
(c) an order requiring the person to disclose, in the way and to the persons specified in the order, specified information that the person has possession of or access to;
(d) an order requiring the person to publish, at the person’s expense and in a specified way, an advertisement in the terms specified in, or determined in accordance with, the order.
Applying for non‑punitive orders
(2) An application for such an order may be made by:
(a) for conduct contravening an SPF principle—the SPF general regulator; or
(b) for conduct contravening a provision of the SPF code for a regulated sector—the SPF sector regulator for the sector.
Definitions
(3) For the purposes of this section, a probation order is an order made to ensure that a person does not engage in:
(a) the conduct that resulted in the order; or
(b) similar conduct or related conduct;
during the period of the order.
(4) Without limiting subsection (3), a probation order includes:
(a) an order directing a person to establish a compliance program, or an education and training program, that:
(i) is for employees or other persons involved in the person’s business; and
(ii) is designed to ensure awareness of responsibilities and obligations relating to conduct covered by paragraph (3)(a) or (b); and
(b) an order directing a person to revise the internal operations of the person’s business that lead to conduct covered by paragraph (3)(a) or (b).
(5) In this section:
community service order means an order directing a person to perform a service that:
(a) is specified in the order; and
(b) is or relates to the conduct that resulted in the order;
for the benefit of the community or a section of the community.
contravening: conduct contravening an SPF principle or a provision of an SPF code includes conduct that constitutes being involved in such a contravention.
Note: For the meaning of involved, see subsection 4(1).
Court, in relation to a matter, means any court having jurisdiction in the matter.
Making orders
(1) The Court may, on application, make such orders (other than an award of damages) as the Court thinks appropriate against a person who:
(a) engaged in conduct (the contravening conduct) contravening a civil penalty provision of an SPF principle or a civil penalty provision of an SPF code; or
(b) is involved in the contravening conduct;
if the contravening conduct caused, or is likely to cause, a class of persons (the victims) to suffer loss or damage.
Note 1: The orders that the court may make include all or any of the orders set out in section 58FZQ.
Note 2: For the meaning of involved, see subsection 4(1).
(2) Subsection (1) applies whether or not the victims include persons (non‑parties) who are not, or have not been, parties to a proceeding (an enforcement proceeding) instituted under another provision in or referred to in this Division in relation to the contravening conduct.
(3) The Court must not make such an order unless the Court considers that the order will:
(a) redress, in whole or in part, the loss or damage suffered by the victims in relation to the contravening conduct; or
(b) prevent or reduce the loss or damage suffered, or likely to be suffered, by the victims in relation to the contravening conduct.
Applying for orders
(4) An application for such an order may be made:
(a) by the following:
(i) if the contravening conduct contravened a civil penalty provision of an SPF principle—the SPF general regulator;
(ii) if the contravening conduct contravened a civil penalty provision of an SPF code for a regulated sector—the SPF sector regulator for the sector; and
(b) even if an enforcement proceeding in relation to the contravening conduct has not been instituted; and
(c) at any time within 6 years after the day on which the cause of action that relates to the contravening conduct accrues.
Working out whether to make an order
(5) In working out whether to make such an order against a person referred to in paragraph (1)(a) or (b), the Court may have regard to the conduct of:
(a) the person; and
(b) the victims;
in relation to the contravening conduct since the contravention occurred.
(6) However, the Court need not make a finding about either of the following matters:
(a) which persons are victims in relation to the contravening conduct;
(b) the nature of the loss or damage suffered, or likely to be suffered, by such persons.
When a non‑party victim is bound by an order etc.
(7) If all of the following happen:
(a) such an order is made against a person;
(b) the loss or damage suffered, or likely to be suffered, by a non‑party victim in relation to the contravening conduct has been redressed, prevented or reduced in accordance with the order;
(c) the non‑party victim has accepted the redress, prevention or reduction;
then:
(d) the non‑party victim is bound by the order; and
(e) any other order made under subsection (1) relating to that loss or damage has no effect in relation to the non‑party victim; and
(f) despite any other provision of this Act or any other law of the Commonwealth, or a State or Territory, no claim, action or demand may be made or taken against the person by the non‑party victim in relation to that loss or damage.
Definitions
(8) In this section:
Court, in relation to a matter, means any court having jurisdiction in the matter.
(1) Without limiting subsection 58FZP(1), the orders that the Court may make under that subsection against a person (the respondent) include all or any of the following:
(a) an order declaring the whole or any part of a contract made between the respondent and a victim referred to in that subsection, or a collateral arrangement relating to such a contract:
(i) to be void; and
(ii) if the Court thinks fit—to have been void ab initio or void at all times on and after such date as is specified in the order (which may be a date that is before the date on which the order is made);
(b) an order:
(i) varying such a contract or arrangement in such manner as is specified in the order; and
(ii) if the Court thinks fit—declaring the contract or arrangement to have had effect as so varied on and after such date as is specified in the order (which may be a date that is before the date on which the order is made);
(c) an order refusing to enforce any or all of the provisions of such a contract or arrangement;
(d) an order directing the respondent to refund money or return property to a victim referred to in that subsection;
(e) an order directing the respondent, at the respondent’s own expense, to repair, or provide parts for, goods that have been supplied under the contract or arrangement to a victim referred to in that subsection;
(f) an order directing the respondent, at the respondent’s own expense, to supply specified services to a victim referred to in that subsection;
(g) an order, in relation to an instrument creating or transferring an interest in land, directing the respondent to execute an instrument that:
(i) varies, or has the effect of varying, the first‑mentioned instrument; or
(ii) terminates or otherwise affects, or has the effect of terminating or otherwise affecting, the operation or effect of the first‑mentioned instrument.
(2) In this section:
interest, in land, means:
(a) a legal or equitable estate or interest in the land; or
(b) a right of occupancy of the land, or of a building or part of a building erected on the land, arising by virtue of the holding of shares, or by virtue of a contract to purchase shares, in an incorporated company that owns the land or building; or
(c) a right, power or privilege over, or in connection with, the land.
(1) The SPF provisions apply to a partnership as if it were a person, but with the changes set out in this section.
(2) An obligation that would otherwise be imposed on the partnership by an SPF provision is imposed on each partner instead, but may be discharged by any of the partners.
(3) If an SPF provision would otherwise permit something to be done by the partnership, the thing may be done by one or more of the partners on behalf of the partnership.
(4) For the purposes of the SPF provisions, a change in the composition of a partnership does not affect the continuity of the partnership.
(1) The SPF provisions apply to an unincorporated association as if it were a person, but with the changes set out in this section.
(2) An obligation that would otherwise be imposed on the association by an SPF provision is imposed on each member of the association’s committee of management instead, but may be discharged by any of the members.
(3) If an SPF provision would otherwise permit something to be done by the unincorporated association, the thing may be done by one or more of the members of the association’s committee of management on behalf of the association.
(1) The SPF provisions apply to a trust as if it were a person, but with the changes set out in this section.
Trusts with a single trustee
(2) If the trust has a single trustee:
(a) an obligation that would otherwise be imposed on the trust by an SPF provision is imposed on the trustee instead; and
(b) if an SPF provision would otherwise permit something to be done by the trust, the thing may be done by the trustee.
Trusts with multiple trustees
(3) If the trust has 2 or more trustees:
(a) an obligation that would otherwise be imposed on the trust by an SPF provision is imposed on each trustee instead, but may be discharged by any of the trustees; and
(b) if an SPF provision would otherwise permit something to be done by the trust, the thing may be done by any of the trustees.
(1) This section applies if the operation of the SPF provisions would result in an acquisition of property (within the meaning of paragraph 51(xxxi) of the Constitution) from a person otherwise than on just terms (within the meaning of that paragraph).
(2) The person who acquires the property is liable to pay a reasonable amount of compensation to the first‑mentioned person.
(3) If the 2 persons do not agree on the amount of the compensation, the person to whom compensation is payable may institute proceedings in:
(a) the Federal Court; or
(b) the Supreme Court of a State or Territory;
for the recovery from the other person of such reasonable amount of compensation as the Court determines.
(1) The Minister may, by legislative instrument, make rules (the SPF rules) prescribing matters:
(a) required or permitted by this Part to be prescribed by the SPF rules; or
(b) necessary or convenient to be prescribed for carrying out or giving effect to this Part.
Note: A matter may be prescribed by the SPF rules by class (see subsection 13(3) of the Legislation Act 2003). For example, a specific regulated entity or a class of regulated entities may be able to be prescribed in some cases.
(2) The Minister may, in writing, delegate the Minister’s power to make SPF rules to another Minister or to an SPF regulator.
(3) To avoid doubt, the SPF rules may not do the following:
(a) create an offence or civil penalty;
(b) provide powers of:
(i) arrest or detention; or
(ii) entry, search or seizure;
(c) impose a tax;
(d) set an amount to be appropriated from the Consolidated Revenue Fund under an appropriation in this Act;
(e) directly amend the text of this Act.
(1) The Minister must cause a review to be conducted of the operation of the SPF provisions.
(2) The review must be conducted as soon as practicable after the end of the 3‑year period starting on the day the first SPF code is made under section 58CB.
(3) The persons who conduct the review must give the Minister a written report of the review.
(4) The Minister must cause a copy of the report of the review to be tabled in each House of the Parliament within 15 sitting days of that House after the Minister receives the report.
2 At the end of paragraph 8(1)(j)
Add:
; or (vii) the SPF provisions (within the meaning of the Competition and Consumer Act 2010) if the ACMA is designated as a SPF sector regulator under subsection 58ED(1) of that Act;
3 After section 59DA
Insert:
An ACMA official authorised by the Chair, in writing, for the purposes of this section may disclose authorised disclosure information if the disclosure:
(a) is to:
(i) an SPF regulator (within the meaning of the Competition and Consumer Act 2010); or
(ii) the operator of an SPF EDR scheme (within the meaning of that Act); and
(b) is for the purposes of the operation (including enforcement) of the SPF provisions (within the meaning of that Act).
4 At the end of subsection 12A(1)
Add:
; (o) the SPF provisions (within the meaning of the Competition and Consumer Act 2010).
5 Subsection 4(1)
Insert:
ACMA means the Australian Communications and Media Authority.
actionable scam intelligence has the meaning given by section 58AI.
associate, of an SPF consumer, means an associate (within the meaning of section 318 of the Income Tax Assessment Act 1936) of the SPF consumer who is:
(a) a natural person who is in Australia or is ordinarily resident in Australia; or
(b) a person who carries on a business having a principal place of business in Australia;
civil penalty provision of an SPF code means:
(a) a provision of an SPF code (see Division 3 of Part IVF) that is a civil penalty provision (within the meaning of the Regulatory Powers Act); or
(b) subsection 58FZM(3) in relation to compliance with a direction given under subsection 58FZM(2).
civil penalty provision of an SPF principle means:
(a) a provision of Division 2 of Part IVF (about the Scams Prevention Framework) that is a civil penalty provision (within the meaning of the Regulatory Powers Act); or
(b) subsection 58FZM(3) in relation to compliance with a direction given under subsection 58FZM(1).
de‑identified: information is de‑identified if the information is no longer about an identifiable individual or an individual who is reasonably identifiable.
infringement notice compliance period for an SPF infringement notice: see section 58FT.
inspector, of an SPF regulator, has the meaning given by section 58FB.
involved, in a contravention of a civil penalty provision of an SPF principle or of a civil penalty provision of an SPF code, means:
(a) aiding, abetting, counselling or procuring a contravention of the provision; or
(b) inducing, whether by threats or promises or otherwise, such a contravention; or
(c) being in any way, directly or indirectly, knowingly concerned in, or party to, such a contravention; or
(d) conspiring with others to effect such a contravention.
reasonable steps, for the purposes of Division 2 of Part IVF (about overarching principles of the Scams Prevention Framework), has a meaning affected by section 58BB.
regulated entity has the meaning given by section 58AD.
regulated sector has the meaning given by subsection 58AC(1).
regulated service has the meaning given by section 58AD.
scam has the meaning given by section 58AG.
senior officer, of a regulated entity, means:
(a) an officer (within the meaning of the Corporations Act 2001) of the entity; or
(b) a senior manager (within the meaning of that Act) of the entity.
SPF civil penalty order means a civil penalty order under Part 4 of Regulatory Powers Act (as that Part applies because of section 58FJ of this Act).
SPF code has the meaning given by section 58CB.
SPF consumer has the meaning given by section 58AH.
SPF EDR scheme, for a regulated sector, means an external dispute resolution scheme authorised under subsection 58DB(1) for the sector.
SPF general regulator has the meaning given by section 58EB.
SPF governance policies, procedures, metrics and targets, for a regulated entity for a regulated sector, means the entity’s:
(a) policies and procedures required under paragraph 58BD(1)(a) for the sector; and
(b) performance metrics and targets required under paragraph 58BD(1)(c) for those policies and procedures.
SPF infringement notice means an infringement notice issued under subsection 58FO(1) or (2).
SPF personal information means:
(a) personal information; or
(b) information relating to a person that may be used (whether alone or in conjunction with other information) to access:
(i) a service or an account; or
(ii) funds, credit or other financial benefits.
SPF principles means the provisions in Subdivisions B to G of Division 2 of Part IVF (about the Scams Prevention Framework).
SPF provisions has the meaning given by section 58AJ.
SPF regulator means:
(a) the SPF general regulator; or
(b) the SPF sector regulator for a regulated sector.
SPF rules means rules made under section 58GE.
SPF sector regulator has the meaning given by section 58ED.
6 Section 52A (definition of ACMA)
Repeal the definition.
7 Section 151AB (definition of ACMA)
Repeal the definition.
8 Section 152AC (definition of ACMA)
Repeal the definition.
9 At the end of paragraph 155(2)(a)
Add:
(v) an SPF code; or
10 After subparagraph 155(2)(b)(ib)
Insert:
(ic) a designated scams prevention framework matter (as defined by subsection (9AC) of this section); or
11 After subsection 155(9AB)
Insert:
(9AC) A reference in this section to a designated scams prevention framework matter is a reference to the performance of a function, or the exercise of a power, conferred on the Commission (as an SPF regulator) by or under:
(a) Part IVF; or
(b) a legislative instrument (such as an SPF code) made under that Part; or
(c) the Regulatory Powers Act to the extent that it applies in relation to a provision of that Part.
12 Paragraph 155AAA(12)(b)
Omit “Australian Communications and Media Authority”, substitute “ACMA”.
13 At the end of subsection 1051(2)
Add:
Note: A law, instrument or condition referred to in paragraph (a) that requires entities to be members of the scheme need not be a law, instrument or condition regulating providers of financial products or services. The constitutional basis for that law, instrument or condition would need to support the scheme’s application to such entities.
14 At the end of section 1052A
Add:
Note: This power to issue regulatory requirements extends to any application of the AFCA scheme in relation to members of the scheme that are not providers of financial products or services.
15 Subsection 1052B(1) (note)
Omit “Note”, substitute “Note 1”.
16 At the end of subsection 1052B(1)
Add:
Note 2: This power to give directions extends to any application of the AFCA scheme in relation to members of the scheme that are not providers of financial products or services.
17 At the end of subsections 1052BA(1) and 1052C(1)
Add:
Note: This power to give directions extends to any application of the AFCA scheme in relation to members of the scheme that are not providers of financial products or services.
18 Subsection 1052D(1) (note)
Omit “Note”, substitute “Note 1”.
19 At the end of subsection 1052D(1)
Add:
Note 2: This right to make requests extends to any application of the AFCA scheme in relation to members of the scheme that are not providers of financial products or services.
20 At the end of subsection 1052E(1)
Add:
Note: This subsection extends to any application of the AFCA scheme in relation to members of the scheme that are not providers of financial products or services.
[Minister’s second reading speech made in—
House of Representatives on 7 November 2024
Senate on 11 February 2025]
(135/24)