Scam Victim Alliance (SVA) is a not-for-profit organisation of survivors with lived experience of scams and cyber-enabled fraud. We welcome the opportunity to provide feedback on the Second Exposure Draft of the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025. The reforms proposed are a significant step forward in strengthening Australia’s AML/CTF regulatory regime.

The aim of this submission is to:

Stop scam and fraud victims bearing the financial cost of the $2+ billion lost to scams, the majority of which involve money laundering in Australia.

Increase the trust of the Australian public in the Australian financial system and AUSTRAC in particular through increased transparency.

The draft rules do not yet go far enough to address critical gaps in consumer protection, institutional accountability, and regulatory transparency. The AML/CTF framework must not only detect and deter crime, but also protect victims and hold negligent institutions accountable.

In relation to the proposed AML/CTF changes, the SVA:

• Supports mandatory reimbursement of victims where financial institutions failed in their AML/CTF obligations. We recommend amending the AML/CTF Rules to require mandatory reimbursement where a financial institution’s breach of AML obligations materially enabled the commission of a financial crime;

• Supports enforceable and public penalties for institutions facilitating or enabling financial crime. We recommend introducing a structured penalty regime and require AUSTRAC to publicly list all enforcement actions with plain-English summaries of the breach and penalties issued;

• Supports greater transparency by AUSTRAC regarding AML/CTF breaches, investigations, and penalties. We recommend AUSTRAC being subject to legislated requirements to release annual data on suspicious reports, breaches, investigations, and penalties, including sectoral risk trends and redacted breach summaries to support public oversight;

• Supports penalties for entities providing designated financial services without being registered with AUSTRAC. We recommend that the AML/CTF Rules be amended to clearly empower AUSTRAC to:

• Investigate and fine entities offering designated services without registration;

• Publish enforcement outcomes;

• Proactively monitor for compliance breaches by non-registered operators.

• Supports tightening registration standards for Remittance and Virtual Asset Service Providers. Registration alone is not enough. In fact, in some cases, registration can give false legitimacy to scam operations, especially among Remittance Service Providers (RSPs) and Virtual Asset Service Providers (VASPs).

It is important that we strengthen systemic risks and consumer safety at a structural level.

AUSTRAC’s updates in the Second Exposure Draft mark commendable progress. However, to strengthen Australia’s AML/CTF framework further, AUSTRAC must:

• Enhanced Suspicious Matter Reporting (SMR) tailored to scams;

• Prioritise victim protection;

• Enforce accountability and transparency;

• Provide public transparency of AML/CTF Enforcement and Reporting;

• Actively and transparently penalise unregistered and negligent actors, including reimbursement for scam victims;

• Proactively Monitor Unregistered Entities; and

• Enact stronger enforcement and information sharing.

Case study: money laundering happens regularly in Australian banks

O’Brien v Supercheap Security Demonstrates the lack of protection against money laundering and financial crimes for Australians within the Australian financial system. It also shows the lack of transparency for victims of crime in regard to money laundering.

In the case of O’Brien v Supercheap Security, 13 Australian victims collectively lost $1.36 million to a fake AMP term deposit scam. The funds were transferred into a NAB mule account under the name “Supercheap Security.” Public evidence tendered to the Supreme Court of NSW and ABC-TV later revealed that this NAB business account had been compromised before any deposits were made, with login credentials sold to overseas-based scammers.

Victims believed they were transferring money into secure term deposit accounts opened in their own names. In reality, the funds were funneled into a fraudulent NAB Supercheap Security account, then rapidly moved offshore to British-controlled shell companies. While the victims secured a court judgment against the mule account holder, Hassan Mehdi, bankruptcy proceedings have made actual recovery of funds impossible.

Despite these facts, the Supercheap victims have been unable to successfully resolve complaints through AFCA because NAB - the receiving bank - has no direct relationship to the victims and therefore no obligation to disclose how and where the funds were transferred after arriving in the Supercheap Security account. NAB cited privacy and confidentiality rules, effectively shielding itself from scrutiny. The victims, lacking access to the full transaction trail, are unable to establish liability nor hold NAB accountable for its failure to detect and prevent criminal money laundering activity on its own platforms.

SVA believes AUSTRAC is integral to the public maintaining trust in the financial system

Implementing the above recommendations will align Australia’s AML system with international best practices, improve compliance, and restore public confidence in the financial system’s integrity.

SVA‘s detailed response continues over the page. We welcome the opportunity for ongoing open dialogue and look forward to constructive changes to reduce the harm Australian scam victims currently experience.

Yours faithfully,

Harriet Spring

President

Scam Victim Alliance’s detailed response to proposed AML/CTF changes

1. Reimbursement for Victims where AML/CTF Obligations were breached

Proposed Inclusion:

Introduce rules requiring that when a reporting entity breaches AML/CTF obligations and that breach contributes to customer harm from financial crime, the institution must reimburse the victim.

Justification:

Victims should not bear the cost of scams or money laundering enabled by institutional failure.

In ASIC v RI Advice Group Pty Ltd (2022), the Federal Court found that poor cyber-risk controls breached financial obligations.

View ruling

The UK Contingent Reimbursement Model Code (CRM) requires reimbursement for victims of APP scams when banks fall short of expected due diligence.

The EU PSD2 and EBA Guidelines mandate redress for fraud resulting from institutional non-compliance.

Aligns with ASIC’s broader shift toward a "fairness to customer" standard under DDO and the Financial Accountability Regime.

SVA recommendation:

Amend the AML/CTF Rules to require mandatory reimbursement where a financial institution’s breach of AML obligations materially enabled the commission of a financial crime.

2. Public and Tiered Penalties for Non-Compliant Institutions

Proposed Inclusion:

Require that AML/CTF breaches result in tiered penalties based on severity, harm, and institutional size — and that these penalties are published publicly by AUSTRAC.

Justification:

Public penalties serve as a deterrent and increase trust in regulatory oversight.

AUSTRAC has previously issued large fines, including:

Westpac – $1.3 billion (2020)

CBA – $700 million (2018)

FinCEN (USA) fined Capital One $390 million for AML failings tied to a check-cashing business.

The UK FCA fined NatWest £264 million and published ongoing AML actions in a searchable registry.

SVA Recommendation:

Introduce a structured penalty regime and require AUSTRAC to publicly list all enforcement actions with plain-English summaries of the breach and penalties issued.

3. Public Transparency of AML/CTF Enforcement and Reporting

Proposed Inclusion:

Require AUSTRAC to publish a Quarterly Enforcement and Intelligence Report detailing the AML/CTF enforcement landscape.

Justification:

Agencies such as FinCEN and the UK National Crime Agency publish detailed reports to inform law enforcement, regulators, and the public.

AUSTRAC currently publishes limited summary stats, but no transparent listing of SMR outcomes, breaches, or fines.

Transparency would aid industry benchmarking and support public trust in AML regulation.

SVA Recommendation:

Legislate a requirement for AUSTRAC to release quarterly data on suspicious reports, breaches, investigations, and penalties. Include sectoral risk trends and redacted breach summaries to support public oversight.

4. Enforce Penalties for Unregistered Entities Operating Financial Services

Proposed Inclusion:

AUSTRAC should be empowered and obligated to penalise unregistered financial service providers who operate in breach of the AML/CTF Act by failing to enrol or register.

Justification:

Operating without registration violates the AML/CTF Act and undermines systemic oversight.

AUSTRAC has taken some action — e.g., deregistering iSignthis Ltd — but such enforcement is infrequent and delayed.

UK FCA and US FinCEN maintain real-time public registries and penalise unregistered actors.

Lack of enforcement enables grey-market operators and risks regulatory arbitrage.

SVA Recommendation:

Amend the AML/CTF Rules to clearly empower AUSTRAC to:

Investigate and fine entities offering designated services without registration;

Publish enforcement outcomes;

Proactively monitor for compliance breaches by non-registered operators.

5. Tighten Registration Standards for Remittance and Virtual Asset Service Providers

Proposed Inclusion:

Revise AUSTRAC’s registration process to:

Require independent vetting of business models, beneficial owners, and executive history;

Mandate ongoing monitoring, not just a one-off registration;

Publish a warning list of registered RSPs/VASPs under investigation or with compliance concerns.

Justification:

Registration ≠ credibility: Scammers often use AUSTRAC registration as a badge of legitimacy to convince victims they are regulated and safe. AUSTRAC’s current checks are mostly administrative.

Examples of abuse:

In 2023, several crypto Ponzi schemes and forex trading scams operating in Australia cited their AUSTRAC registration to build trust — despite having no legitimate operations.

Shell companies are frequently used to register remittance services, with nominee directors and no genuine compliance infrastructure.

Weak vetting process: Currently, registration does not require full background checks, prior business conduct scrutiny, or robust business model review. This creates a low barrier for entry that scammers exploit.

Comparative international approaches:

The UK FCA has refused dozens of crypto-related applicants due to AML failings — and regularly publishes registrations revoked or denied.

MAS (Singapore) requires crypto businesses to pass AML audits before being licensed.

FinCEN (US) shares alerts with the public about scam-linked registrants and shell exchanges.

SVA Recommendation:

Amend the AML/CTF Rules and registration regime to:

Require a fit-and-proper test for beneficial owners, including checks against prior fraud, insolvency, or AML breaches;

Publish a compliance rating or risk flag beside RSPs/VASPs in AUSTRAC’s public registry;

Enable AUSTRAC to suspend promotion of “registered” status by an entity under investigation;

Introduce tiered scrutiny levels — e.g., stricter review for VASPs and international remitters.

Scam Victim Alliance (SVA) is a not-for-profit organisation of survivors with lived experience of scams and cyber-enabled fraud. We welcome the opportunity to provide this submission to the Australian Financial Complaints Authority’s (AFCA’s) call for submissions to expand AFCA’s jurisdiction over receiving banks in scams.

In relation to the proposed AFCA changes the SVA:

• Supports AFCA’s proposed 2025 rule changes, particularly to help scam complaints where names and account numbers didn’t match, and less than 10% of funds were recovered and money laundering, fraud and other crimes are alleged.

• Urges AFCA to enforce its Rule A.9 to Rule A.14 by requiring member firms - and potentially non-member firms -  to provide all relevant information in scam cases.

• Urges Treasury and regulators to step in to address the complex liability and transparency gaps between AFCA member and non-member firms, ensuring all receiving financial institutions are held accountable for their role placing and layering scammed funds, and enabling more effective recovery of scammed funds back to sending financial institutions.

• Suggests urgent government and regulatory action is needed to stamp out identity theft, account takeovers and rampant ‘renting’ mule bank accounts on Australian payment, telco and social media platforms. In addition to muling, spoofing and impersonation are other issues that fuel successful scams.

We support AFCA’s proposed rule changes, especially the overdue inclusion of complaints against receiving financial institutions. Receiving financial institutions often enable scams by hosting money mule accounts that facilitate fraud, deception, and money laundering—criminal acts that are currently overlooked in AFCA’s dispute resolution process.

New legislation updating AFCA’s authorisation and the Scam Prevention Framework are positive, but scam-related complaints usually involve criminal conduct and are not simple contractual disputes. Many scams are caused or worsened by failures at the receiving financial institution, such as not verifying account names, account takeovers, ‘renting’ of accounts, failure of KYC and facilitating further placement and layering to obscure the ability of financial institutions to recover scammed money. AFCA’s laboured, confusing and sometimes ill-considered EDR processes add to the harm scam victims experience.

To be effective in its new authorisation condition, AFCA must:

• Ensure complaints against receiving financial institutions fall within the six-year window from the scam date; or the time the victim first becomes aware that the receiving financial institutions accepted their funds in connection to a scam transaction.

• Recognise the overlap between criminal and civil aspects of scams and fraud, and be able to compel meaningful evidence from member firms. Ideally this can extend to non-member firms, potentially with help and collaboration from state and federal law enforcement agencies.

• Include in-scope all scam complaints against receiving financial institutions and any/all subsequent transfers into other member or non-member mule accounts, particularly where serious financial institution failures or crimes have occurred.

• Look at the learnings of a UK precedent from 2014, when a scam victim recovered funds after the receiving financial institutions, TSB, acted on police evidence - without any ombudsman involvement, to deliver full recovery to a scam victim. This shows the value of criminal evidence, KYC checks, and direct financial institution (FI) accountability at resolving external disputes without lengthy and complex ombudsman processes.

• AFCA must not weaken existing legal protections (e.g. ASIC Act, ePayments Code, Banking Code of Practice, Banking Law, ACL) and must apply consistent standards across all financial institutions, whether they are large or small, or AFCA members or not.

Too often, scam victims are denied access to critical evidence in their dispute. AFCA must actively help complainants navigate complex scams, as required under Rule A.2.1(ii), and assist complainants in understanding how and why their scam happened.

We recommend AFCA create a dedicated scam team that collaborates with law enforcement and victims with lived experience to better track emerging scam typologies and ensure victims receive fair outcomes based on all available evidence.

SVA advocates also for additional actions as outlined in Attachment A. Our detailed response continues over the page. I welcome the opportunity for ongoing open dialogue and look forward to constructive changes to reduce the harm Australian scam victims currently experience.

Yours faithfully,

Harriet Spring

Scam Victim Alliance President

Scam Victim Alliance’s detailed response to proposed AFCA changes

In relation to the proposed AFCA changes, the SVA’s submission is as follows:

CONSULTATION POINT 1: Provide AFCA with jurisdiction to deal with complaints involving a receiving bank and/or mule account

We welcome AFCA’s proposed rule changes, particularly the move to allow complaints against receiving financial institutions - a long-overdue step toward accountability. 

The receiving financial institution’s money mule accounts usually facilitate impersonation, deception, fraud and  money laundering - and are crimes under most state (and some Commonwealth) laws across Australia. These criminal violations are currently ignored in AFCA’s dispute resolution process. We believe the new legislation changing AFCA’s authorisation condition is a good first step to start addressing the ‘criminal’ problems with scams that currently are being ‘heard’ by an ombudsman and external dispute resolution service instead of in a court of law. Many scams are enabled by failures at the receiving financial institutions - such as not verifying account names, ignoring red flags or failing to detect account takeovers or other money mule activity. AFCA must ensure that complaints against receiving financial institutions can be raised within the six-year window from the date of the scam and/or the date the complainant first became aware of the receiving financial institutions that accepted their funds connected to a scam transaction. This often involves an extensive number of financial institutions - not only banks, but new payment platforms like Manoova or Cuscal or crypto or digital foreign currency platforms, too. 

Case study: UK precedent demonstrates importance of criminal evidence and the role of the receiving bank in scam cases   

A UK scam victim was defrauded £3,400 in 2014. The money was paid into a TSB receiving bank account and a police report validated this. The police report was then supplied directly to TSB, who successfully resolved the case with no need for Ombudsman resources. This important case shows:

1. The power of evidence in quickly resolving complex scam cases before EDR.

2. The importance of KYC documentation from receiving banks.

3. The overlap between criminal and civil evidence and justice processes required in scam cases.

For the oversight of receiving banks to be meaningful, AFCA should be able to meaningfully examine a variety of evidence, as well as compel member firms to supply it. TSB subsequently became the first UK bank to voluntarily refund scam victims. 

Scam complaints that relate to mule accounts must be within AFCA’s EDR scope across all financial institutions, not only member firms. For scam complaints to be effectively resolved through AFCA’s EDR processes, they must examine all subsequent ‘hops’ or transfers into subsequent Australian financial institution accounts (and even non-member firm accounts) - specifically when:

• The sending bank failed to match account names and numbers.

• Less than 10% of funds were recovered, indicating systemic financial institution failures.

• A crime occurred on a member firm's platform, such as fraud, receiving the proceeds of crime or money laundering.

Too often, AFCA complainants in scam cases are denied access to the evidence needed to successfully recover any funds or resolve a dispute. AFCA rule changes must preserve existing rights under the ASIC Act, Banking Code, Corporations Act, Australian Consumer Law, ePayments Code, and common law. The SPF Bill and any new codes must also not override or lower these protections, such as the proposal that smaller financial institutions (or non-member financial institutions) be held to a lower standard.

SVA knows that scam victims regularly face AFCA’s EDR processes without AFCA staff fully embracing rule A.2.1(ii) “AFCA has a duty to ‘help complainants submit a complaint’”. We contend that AFCA staff must work harder with scam victims to help complainants untangle the complex and varied factors that resulted in their financial loss. Many scam victims do not ever find out how or why they were targeted for their scammed loss and this significantly adds to the emotional and financial harm AFCA’s EDR processes force scam victims to endure. We recommend AFCA dispute resolution teams should embrace their duties under rule A.2 to help complainants untangle their scam complaint, and call for evidence from member and non-member firms that can relate to a complex interplay of information and impersonation of trusted organisations like the Australian Tax Office, Australia Post, PEXA, ASIC, Australian Stock Exchange and more.

SVA contends that AFCA has a significant role to play in helping complainants fully understand the factors at play in their scam complaint. We also recommend AFCA scam specialist teams work with law enforcement to help enable a co-operative and collaborative justice approach (just as AFCA member firms do with the Australian Financial Crimes Exchange). By helping scam victims understand how their scam occurred, AFCA and victims can hold the right corporations and regulators to account for the fast-changing scam typologies that will continue to trick people into socially engineered financial losses.

CONSULTATION POINT 2: Introduce the ability for AFCA to name financial firms who do not comply with Determinations.

Financial crime victims in Australia have disproportionately borne financial and legal liability for increasingly sophisticated scams. We recommend AFCA ensure that it enforces its own A.14 Rule and its Operational Guidelines, and use its power to require financial firms to provide all documents, information, and responses relevant to a complaint. SVA further recommends a fully transparent information-sharing process akin to the ‘discovery’ process that happens in civil court cases to compel evidence and document-sharing across the Australian payments system. We also recommend KYC documentation, AUSTRAC reports and other AML and CTF obligations be owed to the customer, as well as the government, and be supplied as part of the external dispute resolution process. AFCA is reminded such requests are already supposed to be mandatorily complied with under Rule A.9, but in practice often are not. Relevant information documentation is vital for a fair EDR process but member firms often invoke Rule A.9.1. - the need for ‘confidentiality’ - to prevent this. We recommend AFCA play a critical role to obtain vital information and anonymise it for confidentiality, whilst enabling it to form vital evidence in deciding how to resolve a dispute. 

Given AFCA now proposes to have the ability to name financial firms who don’t comply with AFCA’s requests and rulings, the SVA recommends this includes publicly naming those member firms who refuse to provide information (and explain when they use Rule A.9.1 to refuse) when requested for scam cases. We further recommend that if banks and FIs want to publish the dollar amounts of “scam transactions they prevent” to market their fraud prevention, FIs should also publish numbers that explain:

• How many mule accounts they reported to law enforcement (not just the Australian Financial Crimes Exchange).

• What % of scam funds they recovered for their own customers.

• What new real-time technologies and investments FIs make to tackle fast-changing scam typologies.

When AFCA receives a scam complaint, the SVA recommends AFCA automatically request relevant information from all member firms and non-member firms involved in receiving or transferring the stolen funds. Scam transactions often pass through six or more Australian FIs, making it difficult to trace funds and hold parties accountable under AFCA’s current EDR scheme. The growing complexity of the money trail and FI’s reluctance to indemnify each other hinder cooperation and recovering scammed funds for victims. This systemic issue discourages co-operation and fund recovery, leaving victims bearing the loss and harm. AFCA could overcome this systemic barrier to properly assess receiving FIs’ roles in scams by demanding:

1. Full transaction history of all accounts involved for a suggested 28-day period on either side of the scam date (this information can be anonymised to preserve confidentiality and other issues invoked under Rule A.9.1);

2. Evidence of where the initial disputed transaction travelled through the Australian payments system (noting this can be a minimum 3-8 hops from initial mule receiving account).

3. If scammed funds go to a non-AFCA member firm, then the member firm should be accountable for recovering the transaction its staff approved, especially if the transaction originated from a crime, non name matching or less than 10% recovery.

4. Evidence of how the remaining scam funds (if any) were determined for return to the victim (SVA recommends public accountability and transparency around scam recovery, possibly overseen by AFCA or the NASC). It’s reprehensible that financial institutions can recover pitiful amounts like $400 from a $200,000 scam and expect victims to believe “best efforts” were made.

5. Capturing a comprehensive timeline of all transactions undertaken by both transferring and receiving financial institutions to allow complainants a transparent picture of how their money - which was commonly transferred under duress or deception - travelled through the Australian financial system and why funds could not be recalled.

6. SVA and other consumer groups recommend we have the opportunity to be consulted around improving the way relevant information can be used to deliver better outcomes for victims and disrupt fast-changing scam typologies before they ‘take root’ in the system.

Should a member firm refuse to provide information, SVA recommends that AFCA use its power to:

1. mandatorily proceed to determine the complaint without that information;

2. automatically draw ‘fair and reasonable’ inferences from information that is withheld;

3. automatically determine ‘fair and reasonable’ compensation that is in proportion to the scammed loss in addition to forcing recovery for at least 3-5 ‘hops’ from the initial receiving mule account);

4. automatically referring the member firm to ASIC and/or AUSTRAC and/or APRA for regulatory consequences (e.g., breach of license conditions)  

5. Automatically making the member firm financially liable for any transfers to non-member firms where there has been a crime/no name and account matching/less than 10% recovery

Note that SVA recommends ASIC or APRA address the broader problem of financial institutions indemnifying each other to better recover scammed money and ensure the full extent of the scam money trail is traced. Potentially, AFCA should have access to the same AI-enabled fraud detection technologies that financial institutions are using - BioCatch, Quantexa and others - ideally under licence from APRA, Treasury or ASIC - to ensure transparency over financial institutions, who commonly collude against scam victims to deny liability. Scam victims currently experience extreme harm and trauma knowing their life-changing losses are also funding human trafficking, drug running and other nefarious purposes related to forced scam compounds.

CONSULTATION POINT 3: Require the use of appropriate communication channels by paid representatives.

Member firms and paid representatives should use the AFCA secure portal, but scam victims need special consideration around the use of the portal. SVA considers the AFCA secure portal a barrier for victims with English as a second language and literacy issues.  The AFCA secure portal urgently needs to be made mobile-first to ensure complainants do not need their own laptop or desktop computer to adequately navigate it.

CONSULTATION POINT 4: Deal with paid representatives who are not AFCA members.

Generally speaking, SVA has no comment to make on this change, except to enable representatives and agents of all types and backgrounds (i.e. not just ‘lawyers’) to appear before AFCA, particularly in scam cases, where it is helpful to have a trusted agent representing a complainant.

CONSULTATION POINT 5: Remove Section F of the Rules which provided for legacy complaints, as that section ceased to have effect after June 2020.

SVA has no objection to this.

Attachment A 

4 SVA Proposals to mitigate HARM to VICTIMS

1. Do no harm: AFCA must adopt a trauma-informed approach to dealing with scam complaints 

Australian scam victims continue to face significant financial and legal burdens, with very low rates of reimbursement. Despite international examples like the UK and the Netherlands - where implementing Confirmation or Verification of Payee systems led to major reductions in scam losses - Australia has failed to adopt similar safeguards in a timely fashion. Australia will be fifth in the world when it introduces biometric account establishment and Confirmation of Payee in July 2025. As a result, victims receive little compensation: ASIC reports just 1 - 4% of losses are reimbursed, with AFCA-mediated cases only slightly higher at 10 - 15%, which remains unacceptably low.

Furthermore, Confirmation of Payee standards need considerable uplift in Australia, as the existing bank CoP user interfaces are more about customers accepting liability for transactions rather than genuine name-matching to prevent fraud. Europe’s Verification of Payee system has already noted less than 50% of ‘matches’ are accurate and is enhancing its real-time payments system by supporting rich data (up to 4000 characters) to allow for extra verifiers like VAT numbers, making fraud far harder. Australia has a chance to implement this through its New Payments Platform, which uses ISO 20022, the global standard, but financial institutions will only do so if they are compelled or risk bearing financial losses for enabling fraud, scams and crime on their platforms. Right now, scam victims bear this loss.

In addition to financial loss, scam victims face a dispute resolution system that is difficult to navigate, especially for those with limited English. AFCA’s online portal is widely reported as inaccessible, particularly on mobile devices, and lacks clear organisation or user-friendly features. Improving the accessibility of AFCA’s systems and staff communication must be treated as a priority. We urge all scam cases to be presented back to complainants with a clear timeline and understanding of all codes, legislation and crimes that have occurred.

We are concerned that AFCA’s EDR processes have contributed to a culture of minimum reimbursement, reinforcing practices that benefit financial institutions at the expense of victims. SVA welcomes the opportunity to work with AFCA to offer education and training that helps its staff - and those of member firms - better understand the victim experience and improve how scam-related complaints are handled.

2. AFCA Member Firms can help fund trauma-informed counselling as part of EDR in scam cases

Scam prevention measures in Australia currently fail to create any commercial incentive for financial institutions to stop the flow of funds through mule accounts, prevent fraud, or to meaningfully address money laundering - we believe these are key things criminals exploit on Australian payment platforms. While member firms are investing in stronger fraud controls, many FIs still focus on shifting liability onto customers. Furthermore, many complainants are traumatised by their FI treating them as a criminal and then hiding information from them, citing ‘privacy’ and ‘confidentiality’ when the reality is that they are hiding liability.

AFCA member firms are very keen to ensure AFCA’s low reimbursement levels do not become ‘standard banking practice’ that result in reimbursements as low as $500 or $1,000. SVA believes the full legal frameworks of criminal law, banking law and Australian Consumer Law should be invoked to improve EDR outcomes for scam victims.

Modern scams are highly sophisticated. They commonly are orchestrated by transnational crime groups - who also hold legitimate business bank accounts - with willing local money mules recruited openly through Telegram, Facebook, WhatsApp, X and other social media platforms to ‘rent’ their bank account for scams for as little as $50 to $300.

To better support scam victims facing lengthy EDR, we recommend AFCA introduce a $2000 fee for any member firm entering External Dispute Resolution, particularly if crime/no name-matching/less than 10% recovery is a feature of the scam. This fee could fund trauma-informed counselling and support through services such as the Be Unstoppable Foundation, helping victims navigate the emotional and procedural challenges of the AFCA process. Such support is urgently needed in cases like Complaint 12-00-1045764, who still await a determination 20 months after losing $270,000 to a scam involving a NAB mule account. Another Complaint 12-001061026 would similarly benefit, particularly as these complainants’ sending banks are profiting by charging interest on the scammed loss.

 3. Address Information Asymmetry and Crime on Payment Platforms

Under AFCA rule A.2.1(ii), AFCA has a duty to ‘help complainants submit a complaint’ yet in practice does very little to help scam victims:

1. Investigate or understand their scam case.

2. Address the information asymmetry between banks and scam victims.

3. Organise complainants scam documentation into a logical and clear timeline

4. Outline the legislation, code or ‘standard banking practice’ violations in relation to the complainants’ case.

5. Allow complainants to break confidentiality if they choose, and stop member firms gagging complaints that settle with non-disclosure or non-disparagement clauses.

In many cases, AFCA member firms withhold vital information from complainants - for example, in AFCA Case ref: 12-24-120119, the member firm refused to provide CC-TV footage despite several requests. In AFCA Case ref: 12-24-130239, the member firm - who was both the sending and receiving bank - simply had to show AFCA a Jira note that asked its own bank to recover money from the mule account - AFCA failed to ask the bank to make it clear why funds could not be recovered or returned to the complainant. This complainant was effectively robbed by his own bank. His bank offered no public accountability as to why all funds could not be recovered.

Determination 12-24-174973 is a common example of ‘debanking’ disputes that come before AFCA and commonly relate to crypto, scams and fraud. In this case, the complainant was trading crypto and claims fraudsters reported him to his financial institution as part of a fraud he became the victim of. This ‘black box’ problem of Australian payments transfers between member and non-member firms results in substantial misinformation that no ombudsman service could ever hope to resolve in a satisfactory or timely way - only shared information with law enforcement, financial institutions, AFCA and regulators could resolve this. The victim in this case claims losses of more than $150,000.

We believe AFCA often makes preliminary assessments and determinations based on minimal and inadequate information from its member firms. This harm is further amplified when there is no clear understanding of how the scam occurred (e.g. was it an infostealer malware-related attack or does it relate to breached data from large-scale data breaches such as Optus). To redress this, AFCA needs to use its powers and work with regulators to report systemic problems so that:

a. Legislative frameworks can be strengthened 

AFCA must use its legislated mandate to ensure systemic problems and adequate legislative and regulatory frameworks can effectively prevent and resolve scam-related complaints. This includes urgently updating the ePayments Code, strengthening the Scams Protection Framework (SPF), and increasing AFCA’s current compensation cap, which is capped at only half the value of the scam losses it reviews. Without reforming the rules that govern AFCA’s decision-making, meaningful change will remain out of reach, and the system risks becoming further bogged down in its own limitations.

Additionally, the current AFCA complaint process unfairly places the burden on complainants to initiate and substantiate their claims. We propose requiring financial firms to submit the initial statement in scam-related disputes. We further propose AFCA dispute resolution specialists aim to create an objective timeline and summary of a scam complaint and allow complainants full access to all information across the Australian payments system to arrive at an agreed statement of facts.

This would be a fairer, more trauma-informed approach and better reflect the realities faced by victims. It’s also vital that AFCA staff refrain from putting complainants in poor negotiating positions, for example by forcing complainants to outright ‘reject’ offers from member firms - risking $0 reimbursement - as is happening with AFCACase 12-25-191200 as part of the negotiation process where a complainant wants a higher offer from the member firm. AFCA staff also regularly demand that complainants ‘open’ conciliation calls to outline their case (and, remember, most scam victims find this very difficult to do) while senior bank lawyers then demolish the complainant’s case in three quick sentences (because they have intimate knowledge of previous AFCA determinations, banking law and other codes and regulations).

b. Provide a valid, free-of-charge discovery process

In most scam cases, victims unknowingly transfer funds from their financial institution or FI - the “sending bank”  - to what turns out to be a mule account at another AFCA member firm  - the “receiving bank.” Once the money is moved, receiving FI frequently refuses to disclose its onward path, citing privacy and confidentiality rules (and likely internal legal difficulties around FIs indemnifying each other to exchange information). This lack of transparency makes it impossible for victims to understand what happened or to hold parties accountable. We contend AFCA must be able to see beyond this black box to satisfactorily resolve scam disputes.

Bank insiders confirm that FIs can typically trace scam transactions for at least three to five movements beyond the initial receiving account. This "money trail" is essential evidence for accurately assessing complaints and determining liability. Yet, AFCA is often unable to access this information, rendering many of its determinations incomplete or ineffective. SVA contends that modern fraud technologies enable FIs full visibility of the money trail and they must be compelled to share this information with AFCA and complainants.

To address this, AFCA must be empowered to compel both sending and receiving FIs to provide full, transparent evidence of fund flows, including transaction histories, account activity, and fraud monitoring processes. Victims must also be given access to this discovery process at no cost. Expecting them to spend tens of thousands of dollars on court proceedings just to access basic information is deeply unjust and places an unacceptable burden on those already harmed. 

SVA further recommends that  Know Your Customer (KYC) and AML and CTF reporting to AUSTRAC is vital and important documentation that should be provided in AFCA dispute resolution. AFCA  Determination 651819 states “The bank’s AML obligations are not owed to the complainant. AFCA does not, and cannot, review whether the bank met its obligations under AML legislation. This is because the bank owes those obligations to the government, not the complainant. If the bank breached any obligations under AML laws, it would be a matter for the government to pursue”. We believe this is problematic for scam complaints, as these obligations should be owed to scam victims to mitigate the harm and worry they have that their money is funding illicit criminal activity. Given the fast-rise of transnational crime, it should be an urgent Government and AFCA priority to stop the flow of scammed funds to overseas crime organisations.

Offering a valid, free-of-charge discovery process as part of AFCA’s EDR would not only strengthen AFCA’s ability to resolve scam complaints quickly and fairly, but would also demonstrate that FIs are genuinely committed to supporting scam victims and improving accountability across the system.

Case study: O’Brien v Supercheap Security  - demonstrates a clear need for Compelled Discovery, which AFCA could help facilitate

In the case of O’Brien v Supercheap Security, 13 Australian victims collectively lost $1.36 million to a fake AMP term deposit scam. The funds were transferred into a NAB mule account under the name “Supercheap Security.” Public evidence tendered to the Supreme Court of NSW and ABC-TV later revealed that this NAB business account had been compromised before any deposits were made, with login credentials sold to overseas-based scammers. The creator of the muled Supercheap Security NAB account has been held liable to repay victims, but has not repaid one cent. This scammer - Hassan Mehdi - also holds a bank account with Commonwealth Bank, which received the payment for his role creating the fraudulent Supercheap Security account. Hassan Mehdi has not had to answer for any crime, and continues operating a legitimate business under the name Click Security in Melbourne today. 

This case highlights why an AFCA-led free and compulsory discovery process is essential. Without it, scam victims are left powerless, forced to spend tens of thousands in court just to uncover basic facts—while financial institutions avoid liability by spending hundreds of thousands of dollars engaging the best barristers to ensure their role is summarily dismissed from proceedings. Financial institutions also try to force their costs on to victims who take this type of court action. A transparent, no-cost discovery mechanism would have enabled the Supercheap Security victims to access the transaction history, demonstrate systemic bank account transfer failures, and enable redress.

c. AFCA to hold FIs accountable to Customers - not just AUSTRAC - for Duty of Care regarding Money Laundering

Money laundering plays a central role in enabling most modern scams, yet AFCA currently overlooks these associated crimes in its complaint assessments, especially money laundering. Typically, victims transfer funds from their FI - the “sending bank” - to what they believe is a legitimate account in their name at another AFCA member institution - the “receiving bank” - only to discover it’s a mule account under someone else’s name. The stolen money is then quickly “placed and layered” through multiple mule accounts, often passing through payment platforms like Cuscal or Manoova, foreign currency exchanges or cryptocurrency platforms.

Despite this, member FIs routinely withhold critical information about the movement of these funds, citing privacy and confidentiality as justification. This lack of transparency prevents victims from understanding where their money has gone and whether the bank has fulfilled its responsibilities.

SVA understands AFCA will take on a bigger dispute resolution role that will strain its existing capability and expertise:

1. Review of receiving FIs - including investigations into scams from the past six years - will significantly increase its workload.

2. Taking on responsibility for disputes involving telcos, social media platforms, and other sectors will also place substantial demands on AFCA resources.

3. Acting as the adjudicator under the SPF, especially with differentiated security obligations for large versus small FIs, will complicate AFCA’s role and increase case numbers.

With fast-evolving fraud typologies, the number of scam victims is expected to surge dramatically, further overwhelming AFCA. AFCA is likely to be overwhelmed by this influx of cases, without sufficient capacity to train staff or scale operations effectively. Current caseload limits versus future demands need urgent review. Victims are already being charged interest payments on cases that take more than a year to resolve, as is happening in AFCA Cases 1061026 and 12-00-1045764.

To address this, the burden of proof and evidence collection should urgently shift to the FIs. When a scam complaint is lodged, both the sending and receiving FIs should be automatically required to provide a standard set of information. This reversal of onus would streamline processes, reduce AFCA’s caseload, and ensure faster, fairer outcomes for victims who are currently disproportionately held to blame.

d. Assess Scam Cases Differently

AFCA acknowledges that scam complaints are fundamentally different from other types of disputes, such as insurance claims, where parties typically cooperate and willingly share information. In contrast, obtaining information from member organisations in scam cases is often extremely difficult - like pulling teeth - hindering fair and timely resolution. Therefore, AFCA must adopt a tailored approach that reflects the unique challenges of scam disputes, including stronger powers to compel evidence and a more victim-centered process.

e. Allow Complainants To Choose Whether To Keep Their Complaint Confidential Or Not

SVA fundamentally believes EDR should be a confidential process to protect complainants, but when injustice prevails, a complainant’s only hope is to invoke their right to publicly discuss their case. The common practice of member firms gagging complainants with non-disclosure agreements and non-disparagement clauses must end. ‘Sunlight is the best disinfectant’ and transparency could enable scam complaints to “self-solve” without the extreme harm or resource-intensive management of AFCA staff intervention. 

4. AFCA should hold banks accountable to customers - not just AUSTRAC - for their duty of care regarding money laundering

Money laundering plays a central role in enabling most modern scams, yet AFCA currently overlooks these associated crimes in its complaint assessments, especially money laundering. Typically, victims transfer funds from their bank - the “sending bank” - to what they believe is a legitimate account at another AFCA member institution - the “receiving bank” - only to discover it’s a mule account under someone else’s name. The stolen money is then quickly “placed and layered” through multiple mule accounts, often passing through foreign currency exchanges or cryptocurrency platforms.

Despite this, member banks routinely withhold critical information about the movement of these funds, citing privacy and confidentiality as justification. This lack of transparency prevents victims from understanding where their money has gone and whether the bank has fulfilled its responsibilities.

This transparency would offer victims peace of mind that their loss has not contributed to further criminal activity beyond the immediate financial damage. AFCA must extend banks’ duty of care to customers in matters of money laundering to ensure accountability and justice.

Item #1:  Ensure all banking payment transactions are visible and transparent to an independent third party

Commitments SVA would like to see:

• Fast track accountability for the banking and payments sector to be be transparent about money transfers and laundering in the global payments system - no transferring and receiving institution to be exempt.

• Capture the difference between money going into ‘crypto’ or digital foreign currency exchanges versus money being laundered through shell companies and money mules.

• Ensure 3-5 ‘hops’ are captured in the system and revealed to an independent body.

• Addresses extreme information asymmetry and enables Victim recourse, ideally without victims spending $20-$30K on “discovery” in civil legal action.

• Positive use of the data collected by government to assist victims - currently no support for victims in any system.

• Ensures all victims have confidence their financial institution is not lying when they partially  ‘recover’ funds but not the entire amount.

• Accountability for financial industry and other scam enablers.

• Give victims assurance the government is looking out for them.

• Demonstrates that enablers can demonstrate they have nothing to hide.

Political Imperative

• Cyber-enabled fraud can be stopped with transparent processes

• Scam Enablers seek to profit by charging interest on financial crime losses for customers

• Scam Enablers hide behind rules of confidentiality to continue enabling industrial-scale fraud from which they benefit

• If you have a bank account, you are a potential victim

• If you have ever transferred money online, you are a  potential victim

• If you have ever emailed your licence, passport or identity documents, you are a potential victim

• If you have a mobile phone, you are a potential victim

Item #2: When names and account numbers aren’t an exact match in the payments network, financial institutions must be considered ‘on notice’ of fraud AND it must be considered a ‘mistaken payment’ under the ePayments code

Commitments SVA would like to see:

• All Payee Confirmation Victim losses failures, (exempting gross negligence only) to be 100% reimbursed if financial institutions fail to check, including if they allow customers to override name checks.

• All Payee Confirmation Scam Frauds (also called APP fraud) should be prevented or reimbursed.

• Banks, telcos and big tech must be transparent about businesses and individuals committing fraud on their platforms (mule bank accounts, fake online profiles, SIM fraud etc) and share this information with police and victims as a matter of urgency.

Political Imperative

• Banks continue to say they do ‘all they can’ but fail to have robust processes in place to prevent misnamed transactions, allowing fraud to flourish so Australians become unfairly targeted

• Since 2011, the Government has failed to act or take sufficient responsibility for shared risks across banks, telcos, tech, and regulators that would have prevented extreme financial hardship, mental health harms & the loss of $10b out of our economy. 

• Every Australian has already suffered indirect scam losses through $4b ($150/person) Australian Tax Office frauds - Operation Protego, MyGov fraud and bushfire and flood relief have all been defrauded due to inadequate cybercrime and scam laws. 

• How much more do constituents have to lose before effective  action is taken?

Item #3: Electronic bank transfers need to be slowed down - over usual daily limits. Especially home payment transfers, term deposit transfers and other high-harm transactions.

Commitments SVA would like to see:

• Slow all large electronic bank transfers to 48 hours - at least to new recipients

• From a consumer perspective there should be minimal impact

• Banks stand to gain from interest earnt on held moneys

• Allows opportunity for scams to be caught

Political Imperative

• Scams thrive in the immediacy and pressure of people being duped into a transaction

• Even Russia has slowed down transactions to 48 hours to stop scammers

Item #4: Receiving banks must be accountable through AFCA for their role in scam mule accounts  

• Burden of proof needs to be low (IE - bank must offer evidence when asked by AFCA)

• 6 -8 year time limit

• AFCA need to be able to compel evidence perhaps by co-operation with AUSTRAC, The Financial Crimes Exchange or Fintel Alliance.

• Scam victims loss amount needs to go up to $2.5-$5 million given the extreme harm that’s been happening recently

• Victims need to see an anonymised evidence trail that the money leaves the mule account and we want to see the platforms that accept the money fro the next 3-5 hops

• Banking Code must support the SPF and the Government failure to stop scams in 2019 with confirmation of payee

Stop banks supporting mule accounts and money laundering

Commitments SVA would like to see

• Customers should be reimbursed unless they are grossly negligent.

• A reimbursement formula to be applied, rather than at the discretion of banks.

• Scam Enablers to establish a Retrospective and Future Fraud Accountability Fund (similar to insurance payout model), capped at a level to fully reimburse 90% of Scam Fraud claim  amounts, provided there has not been gross negligence by the customer.

• The reimbursement fund could be financed from the prosecutions of laundering. AUSTRAC prosecutes banks for not monitoring laundering but does not currently prosecute on behalf of victims or provide restitution to victims.

• Ensure allows for retrospective claims pre-dating legislation/fund establishment

• Incentivises all Scam Enabler services to improve their fraud prevention systems - the better their protections, the less they pay out. This is simply good business.

• Ensures those best placed to manage the risk own the risk. Instead of Scam Enablers spending on public relations and advertising campaigns  claiming their security is “Safe as”, they invest in financial systems to actually make their systems “Safe as”.

• Cost of Reimbursement Fund shared by all users of Scam Enabler systems - sharing the real costs of doing business instead of an unlucky few paying for all systemic failures.

• A Retrospective and Future Fraud Accountability Fund captures and redresses wrongs against historical victims who have been forgotten, ignored, and shamed by successive Governments and Finance Industry who are liable for the past 25 years, having collectively overseen the greatest ever erosion of and failure in Consumer Protection in Australia’s history.

• A Retrospective and Future Fraud Accountability Fund dis-incentivises scammers since they know they are up against the power of the banks, rather than unsuspecting victims.

DISTRIBUTION OF SCAM COMPLAINTS

• 995 had $1-$1000

• 1959 had $1000 to $5000

• 1538 had $5000 to $20000

• 765 had $20000 to $50000

• 328 had $50000 to $100000

• 236 had $100000 to $250000

• 141 had $250000 and $1m

• 22 had $1m plus

TOP 10 FINANCIAL FIRMS WHO HAD COMPLAINTS AGAINST AFCA

CBA - 4595 - $126.4m

NAB - 2343 - $83.1m

ANZ - 2064 - $73.6m

WBC - 1708 - $74.5m

Bendigo Adelaide Bank - 818 - $26.4m

Citigroup - 770 - $9.5m

ING - 537 - $12m

St George - 478 - $16m

Suncorp - $12.9m

Bank of WA - $10.8m

• Big tech, telcos and banks are profiting from Australia’s cybercrime and consumer protection gaps that traumatise victims, endanger social cohesion and perpetuate generational inequality.  

• The trauma of this crime is under-estimated by the community, and some financial redress is needed in the immediate loss stage to remediate the harm

• Cost of known Scam Fraud  exceeds 0.1% of the Australian Gross Domestic Product annually and is known to be far more than this

• With AI, Scam Fraud is accelerating exponentially. Australia’s weak laws and relative wealth have made us an international target and honeypot

• If the Federal government had adopted Treasury’s and  the ACCC’s recommendations in February 2011, and if they had followed the overwhelming evidence from the UK and other countries, then Confirmation of Payee and a Contingent Reimbursement Model would have been adopted. 

• Bank transfer victims would have had the same protection as for credit card fraud.

• Many victims have suffered enormous losses. AFCA statistics for the second half of 2023 show that 17 victims lost more than $1 million, and none were reimbursed. 

• Such  funds  have been established for the Robodebt  Victims, Victims of Child sexual abuse, the Victims of the Catholic Church etc, why not for this other Government failure? Why should victims pay because the government and banks did not put in protections?

• Preventing fraud is a shared responsibility - customers are expected to take reasonable precautions (protecting passwords & awareness of common scams), whilst financial institutions should provide a secure environment for transactions. Blaming scam victims, particularly by financial institutions, is unfair and counterproductive to preventing financial crime.

  Item #5: Abolish the ePayments Code’s ‘unauthorised transaction’ versus ‘authorised’ - Stop the ePayments Code being used against victims

Commitment SVA would like to see:

• Repeal the ePayments Code as it applies to Scam Fraud and establish a consumer-centric ScamFraud Code to ensure criminal and civil rules of fraud and money laundering can be appropriately applied.

• Ensure ease of dispute resolution for consumer similar to how insurance industry manages claims.

• Fraud victims never ‘authorise’ their own crime - this is akin to shaming and blaming sexual assault victims.

• Will  require extensive liaison with consumers and Scam Enablers,taking a consumer-centric approach rather than preferencing powerful lobbyists.

Political Imperative

• AFCA has asked the Parliament to remove this framework in its submission to the Senate about SPF

• Cybercrime is the third largest economy in the world after the USA and China, according to the World Economic Forum

• Scam Fraud is known to fund international crime, terrorism (including recent anti-semitic attacks in Australia), human trafficking, drugs, war crimes etc

• Scam Fraud allows motivated foreign criminals, including governments, to fund illegal and nefarious activities 

Item #6: Single regulatory body to take responsibility for Scam Prevention Framework and accountability to victims

Commitments SVA would like to see:

• Regulator bodies are given jurisdiction to investigate Scam Fraud based on all the information, including the ability to compel Scam Enablers to provide all evidence

• Consolidate the regulator body into one Scam Fraud fighting regulator.

• The regulatory framework should be revisited. There are many anomalies like AUSTRAC not prosecuting money laundering when it is known. It would be better to establish a Payment Systems Regulator as in the UK.

•  AFCA should be an Ombudsman funded by the government rather than banks. The clear lack of independence of AFCA from the banks they supposedly regulate is a major problem.

• A payment systems regulator would also improve the collection of data which is currently leading to underreporting of scams and fraud.  

• Scam Enablers will be compelled to actually be doing “all that they can” instead of just saying they are

• Will repair reputational damage of Government and Financial Institutions who have lost community trust

• Demonstrates that Scam Enablers walk the talk -  ie demonstrate they have nothing to hide

• Reduces the future need food banking Royal Commissions

Political Imperative

• Consolidating Scam Fraud matters under one agency, can improve efforts to focus on ScamFraud, resulting in better coordination, and reduction in the administrative overheads spread between multiple agencies currently (AFCA, ACCC, ASIC, Scamwatch, ID Care, National Anti-scam Centre,  Austrac etc)

• Simply the current system which confuses consumers without providing any useful assistance to help Victims recover funds 

• Allow proven Victims to access the volumes of Intellectual Property collected from them to assist to build a legal case and/or recover funds.

Item #7:  Education, action plan, law enforcement training, awareness, CPD points and 6-monthly reviews

Commitments SVA would like to see:

• In the new consumer-centric Scam Fraud Code, include a money mule and money laundering action plan that places stricter requirements on establishing and monitoring bank accounts 

• Penalties enforced for Banks who miss clear red flags in account behaviour

• Longer terms (currently maximum 12 months) and requirements for perpetrators to work with Victims of their crimes to  provide Victims with closure

• Will stop the rampant growth of the illegal “on-line bank account sales market”

• Will require Scam Facilitators to monitor for  mule behaviour (advertising, account transfers etc)

• Victim-centric reparations 

Political Imperative

• Singapore has laws that allow the banks to stop transactions they know are fraud

• Banks currently have the power to (and already do) withdraw moneys Banks have mistakenly transferred to and actively exercise these rights when the mistake is theirs - the extension of these powers to freeze or stop APP mistaken transactions should be straightforward 

Australia  is one of the biggest targets in the world for scams and fraud, losing over $5,200 per minute to criminals through scams reported in 2023.

Consumers are losing

600,000+ Australians reported being scammed in 2022-23, with criminals increasingly using ‘social engineering’ to trick people into handing over details of their personal transaction accounts, a weak link in Australia’s ecosystem which causes trauma, extreme financial loss and loss of trust in governments and banks. 

Sophisticated international crime syndicates use scams to launder money relying on ‘mule accounts’ in Australian banks. AUSTRAC says Australian banks face “ongoing risks of exploitation by criminals”.

Policy Initiatives - The Do Now’s:

1. Enforce industry transparency and correct information asymmetry

2. Introduce the SPF now with the following changes:

• Retrospective and future reimbursement - Make those best placed to manage the risk. Incentivise Scam Enablers by making them responsible for reimbursement caused by their own systemic failures.

• Payee Confirmation now - place the onus of “how” back onto industry who have access to information

• 48 hour delay to all new large electronic payments such as house-buying transfers and term deposit transfers.

Policy Initiatives - The Do Soon’s:

• Create a new legislation specific to Scam Fraud, removing the  ePayments code applications

• Establish a single Government Body to manage Scam Fraud with its own Scam Fraud Commissioner or similar.

  Policy Initiatives - The Do in Near Future’s:

• Scam Fraud Commissioner to work on emerging Scam Fraud issues as fast-changing crime typologies evolve.

• Scam Fraud Commissioner to create a money mule, money laundering action plan or fraud strategy or National Fraud Initiative strategy similar to the UK to help guide best government response.