Scam Victim Alliance (SVA) is a not-for-profit organisation of survivors with lived experience of scams and cyber-enabled fraud. We welcome the opportunity to provide this submission to the Australian Financial Complaints Authority’s (AFCA’s) call for submissions to expand AFCA’s jurisdiction over receiving banks in scams.

In relation to the proposed AFCA changes the SVA:

• Supports AFCA’s proposed 2025 rule changes, particularly to help scam complaints where names and account numbers didn’t match, and less than 10% of funds were recovered and money laundering, fraud and other crimes are alleged.

• Urges AFCA to enforce its Rule A.9 to Rule A.14 by requiring member firms - and potentially non-member firms -  to provide all relevant information in scam cases.

• Urges Treasury and regulators to step in to address the complex liability and transparency gaps between AFCA member and non-member firms, ensuring all receiving financial institutions are held accountable for their role placing and layering scammed funds, and enabling more effective recovery of scammed funds back to sending financial institutions.

• Suggests urgent government and regulatory action is needed to stamp out identity theft, account takeovers and rampant ‘renting’ mule bank accounts on Australian payment, telco and social media platforms. In addition to muling, spoofing and impersonation are other issues that fuel successful scams.

We support AFCA’s proposed rule changes, especially the overdue inclusion of complaints against receiving financial institutions. Receiving financial institutions often enable scams by hosting money mule accounts that facilitate fraud, deception, and money laundering—criminal acts that are currently overlooked in AFCA’s dispute resolution process.

New legislation updating AFCA’s authorisation and the Scam Prevention Framework are positive, but scam-related complaints usually involve criminal conduct and are not simple contractual disputes. Many scams are caused or worsened by failures at the receiving financial institution, such as not verifying account names, account takeovers, ‘renting’ of accounts, failure of KYC and facilitating further placement and layering to obscure the ability of financial institutions to recover scammed money. AFCA’s laboured, confusing and sometimes ill-considered EDR processes add to the harm scam victims experience.

To be effective in its new authorisation condition, AFCA must:

• Ensure complaints against receiving financial institutions fall within the six-year window from the scam date; or the time the victim first becomes aware that the receiving financial institutions accepted their funds in connection to a scam transaction.

• Recognise the overlap between criminal and civil aspects of scams and fraud, and be able to compel meaningful evidence from member firms. Ideally this can extend to non-member firms, potentially with help and collaboration from state and federal law enforcement agencies.

• Include in-scope all scam complaints against receiving financial institutions and any/all subsequent transfers into other member or non-member mule accounts, particularly where serious financial institution failures or crimes have occurred.

• Look at the learnings of a UK precedent from 2014, when a scam victim recovered funds after the receiving financial institutions, TSB, acted on police evidence - without any ombudsman involvement, to deliver full recovery to a scam victim. This shows the value of criminal evidence, KYC checks, and direct financial institution (FI) accountability at resolving external disputes without lengthy and complex ombudsman processes.

• AFCA must not weaken existing legal protections (e.g. ASIC Act, ePayments Code, Banking Code of Practice, Banking Law, ACL) and must apply consistent standards across all financial institutions, whether they are large or small, or AFCA members or not.

Too often, scam victims are denied access to critical evidence in their dispute. AFCA must actively help complainants navigate complex scams, as required under Rule A.2.1(ii), and assist complainants in understanding how and why their scam happened.

We recommend AFCA create a dedicated scam team that collaborates with law enforcement and victims with lived experience to better track emerging scam typologies and ensure victims receive fair outcomes based on all available evidence.

SVA advocates also for additional actions as outlined in Attachment A. Our detailed response continues over the page. I welcome the opportunity for ongoing open dialogue and look forward to constructive changes to reduce the harm Australian scam victims currently experience.

Yours faithfully,

Harriet Spring

Scam Victim Alliance President

Scam Victim Alliance’s detailed response to proposed AFCA changes

In relation to the proposed AFCA changes, the SVA’s submission is as follows:

CONSULTATION POINT 1: Provide AFCA with jurisdiction to deal with complaints involving a receiving bank and/or mule account

We welcome AFCA’s proposed rule changes, particularly the move to allow complaints against receiving financial institutions - a long-overdue step toward accountability. 

The receiving financial institution’s money mule accounts usually facilitate impersonation, deception, fraud and  money laundering - and are crimes under most state (and some Commonwealth) laws across Australia. These criminal violations are currently ignored in AFCA’s dispute resolution process. We believe the new legislation changing AFCA’s authorisation condition is a good first step to start addressing the ‘criminal’ problems with scams that currently are being ‘heard’ by an ombudsman and external dispute resolution service instead of in a court of law. Many scams are enabled by failures at the receiving financial institutions - such as not verifying account names, ignoring red flags or failing to detect account takeovers or other money mule activity. AFCA must ensure that complaints against receiving financial institutions can be raised within the six-year window from the date of the scam and/or the date the complainant first became aware of the receiving financial institutions that accepted their funds connected to a scam transaction. This often involves an extensive number of financial institutions - not only banks, but new payment platforms like Manoova or Cuscal or crypto or digital foreign currency platforms, too. 

Case study: UK precedent demonstrates importance of criminal evidence and the role of the receiving bank in scam cases   

A UK scam victim was defrauded £3,400 in 2014. The money was paid into a TSB receiving bank account and a police report validated this. The police report was then supplied directly to TSB, who successfully resolved the case with no need for Ombudsman resources. This important case shows:

1. The power of evidence in quickly resolving complex scam cases before EDR.

2. The importance of KYC documentation from receiving banks.

3. The overlap between criminal and civil evidence and justice processes required in scam cases.

For the oversight of receiving banks to be meaningful, AFCA should be able to meaningfully examine a variety of evidence, as well as compel member firms to supply it. TSB subsequently became the first UK bank to voluntarily refund scam victims. 

Scam complaints that relate to mule accounts must be within AFCA’s EDR scope across all financial institutions, not only member firms. For scam complaints to be effectively resolved through AFCA’s EDR processes, they must examine all subsequent ‘hops’ or transfers into subsequent Australian financial institution accounts (and even non-member firm accounts) - specifically when:

• The sending bank failed to match account names and numbers.

• Less than 10% of funds were recovered, indicating systemic financial institution failures.

• A crime occurred on a member firm's platform, such as fraud, receiving the proceeds of crime or money laundering.

Too often, AFCA complainants in scam cases are denied access to the evidence needed to successfully recover any funds or resolve a dispute. AFCA rule changes must preserve existing rights under the ASIC Act, Banking Code, Corporations Act, Australian Consumer Law, ePayments Code, and common law. The SPF Bill and any new codes must also not override or lower these protections, such as the proposal that smaller financial institutions (or non-member financial institutions) be held to a lower standard.

SVA knows that scam victims regularly face AFCA’s EDR processes without AFCA staff fully embracing rule A.2.1(ii) “AFCA has a duty to ‘help complainants submit a complaint’”. We contend that AFCA staff must work harder with scam victims to help complainants untangle the complex and varied factors that resulted in their financial loss. Many scam victims do not ever find out how or why they were targeted for their scammed loss and this significantly adds to the emotional and financial harm AFCA’s EDR processes force scam victims to endure. We recommend AFCA dispute resolution teams should embrace their duties under rule A.2 to help complainants untangle their scam complaint, and call for evidence from member and non-member firms that can relate to a complex interplay of information and impersonation of trusted organisations like the Australian Tax Office, Australia Post, PEXA, ASIC, Australian Stock Exchange and more.

SVA contends that AFCA has a significant role to play in helping complainants fully understand the factors at play in their scam complaint. We also recommend AFCA scam specialist teams work with law enforcement to help enable a co-operative and collaborative justice approach (just as AFCA member firms do with the Australian Financial Crimes Exchange). By helping scam victims understand how their scam occurred, AFCA and victims can hold the right corporations and regulators to account for the fast-changing scam typologies that will continue to trick people into socially engineered financial losses.

CONSULTATION POINT 2: Introduce the ability for AFCA to name financial firms who do not comply with Determinations.

Financial crime victims in Australia have disproportionately borne financial and legal liability for increasingly sophisticated scams. We recommend AFCA ensure that it enforces its own A.14 Rule and its Operational Guidelines, and use its power to require financial firms to provide all documents, information, and responses relevant to a complaint. SVA further recommends a fully transparent information-sharing process akin to the ‘discovery’ process that happens in civil court cases to compel evidence and document-sharing across the Australian payments system. We also recommend KYC documentation, AUSTRAC reports and other AML and CTF obligations be owed to the customer, as well as the government, and be supplied as part of the external dispute resolution process. AFCA is reminded such requests are already supposed to be mandatorily complied with under Rule A.9, but in practice often are not. Relevant information documentation is vital for a fair EDR process but member firms often invoke Rule A.9.1. - the need for ‘confidentiality’ - to prevent this. We recommend AFCA play a critical role to obtain vital information and anonymise it for confidentiality, whilst enabling it to form vital evidence in deciding how to resolve a dispute. 

Given AFCA now proposes to have the ability to name financial firms who don’t comply with AFCA’s requests and rulings, the SVA recommends this includes publicly naming those member firms who refuse to provide information (and explain when they use Rule A.9.1 to refuse) when requested for scam cases. We further recommend that if banks and FIs want to publish the dollar amounts of “scam transactions they prevent” to market their fraud prevention, FIs should also publish numbers that explain:

• How many mule accounts they reported to law enforcement (not just the Australian Financial Crimes Exchange).

• What % of scam funds they recovered for their own customers.

• What new real-time technologies and investments FIs make to tackle fast-changing scam typologies.

When AFCA receives a scam complaint, the SVA recommends AFCA automatically request relevant information from all member firms and non-member firms involved in receiving or transferring the stolen funds. Scam transactions often pass through six or more Australian FIs, making it difficult to trace funds and hold parties accountable under AFCA’s current EDR scheme. The growing complexity of the money trail and FI’s reluctance to indemnify each other hinder cooperation and recovering scammed funds for victims. This systemic issue discourages co-operation and fund recovery, leaving victims bearing the loss and harm. AFCA could overcome this systemic barrier to properly assess receiving FIs’ roles in scams by demanding:

1. Full transaction history of all accounts involved for a suggested 28-day period on either side of the scam date (this information can be anonymised to preserve confidentiality and other issues invoked under Rule A.9.1);

2. Evidence of where the initial disputed transaction travelled through the Australian payments system (noting this can be a minimum 3-8 hops from initial mule receiving account).

3. If scammed funds go to a non-AFCA member firm, then the member firm should be accountable for recovering the transaction its staff approved, especially if the transaction originated from a crime, non name matching or less than 10% recovery.

4. Evidence of how the remaining scam funds (if any) were determined for return to the victim (SVA recommends public accountability and transparency around scam recovery, possibly overseen by AFCA or the NASC). It’s reprehensible that financial institutions can recover pitiful amounts like $400 from a $200,000 scam and expect victims to believe “best efforts” were made.

5. Capturing a comprehensive timeline of all transactions undertaken by both transferring and receiving financial institutions to allow complainants a transparent picture of how their money - which was commonly transferred under duress or deception - travelled through the Australian financial system and why funds could not be recalled.

6. SVA and other consumer groups recommend we have the opportunity to be consulted around improving the way relevant information can be used to deliver better outcomes for victims and disrupt fast-changing scam typologies before they ‘take root’ in the system.

Should a member firm refuse to provide information, SVA recommends that AFCA use its power to:

1. mandatorily proceed to determine the complaint without that information;

2. automatically draw ‘fair and reasonable’ inferences from information that is withheld;

3. automatically determine ‘fair and reasonable’ compensation that is in proportion to the scammed loss in addition to forcing recovery for at least 3-5 ‘hops’ from the initial receiving mule account);

4. automatically referring the member firm to ASIC and/or AUSTRAC and/or APRA for regulatory consequences (e.g., breach of license conditions)  

5. Automatically making the member firm financially liable for any transfers to non-member firms where there has been a crime/no name and account matching/less than 10% recovery

Note that SVA recommends ASIC or APRA address the broader problem of financial institutions indemnifying each other to better recover scammed money and ensure the full extent of the scam money trail is traced. Potentially, AFCA should have access to the same AI-enabled fraud detection technologies that financial institutions are using - BioCatch, Quantexa and others - ideally under licence from APRA, Treasury or ASIC - to ensure transparency over financial institutions, who commonly collude against scam victims to deny liability. Scam victims currently experience extreme harm and trauma knowing their life-changing losses are also funding human trafficking, drug running and other nefarious purposes related to forced scam compounds.

CONSULTATION POINT 3: Require the use of appropriate communication channels by paid representatives.

Member firms and paid representatives should use the AFCA secure portal, but scam victims need special consideration around the use of the portal. SVA considers the AFCA secure portal a barrier for victims with English as a second language and literacy issues.  The AFCA secure portal urgently needs to be made mobile-first to ensure complainants do not need their own laptop or desktop computer to adequately navigate it.

CONSULTATION POINT 4: Deal with paid representatives who are not AFCA members.

Generally speaking, SVA has no comment to make on this change, except to enable representatives and agents of all types and backgrounds (i.e. not just ‘lawyers’) to appear before AFCA, particularly in scam cases, where it is helpful to have a trusted agent representing a complainant.

CONSULTATION POINT 5: Remove Section F of the Rules which provided for legacy complaints, as that section ceased to have effect after June 2020.

SVA has no objection to this.

Attachment A 

4 SVA Proposals to mitigate HARM to VICTIMS

1. Do no harm: AFCA must adopt a trauma-informed approach to dealing with scam complaints 

Australian scam victims continue to face significant financial and legal burdens, with very low rates of reimbursement. Despite international examples like the UK and the Netherlands - where implementing Confirmation or Verification of Payee systems led to major reductions in scam losses - Australia has failed to adopt similar safeguards in a timely fashion. Australia will be fifth in the world when it introduces biometric account establishment and Confirmation of Payee in July 2025. As a result, victims receive little compensation: ASIC reports just 1 - 4% of losses are reimbursed, with AFCA-mediated cases only slightly higher at 10 - 15%, which remains unacceptably low.

Furthermore, Confirmation of Payee standards need considerable uplift in Australia, as the existing bank CoP user interfaces are more about customers accepting liability for transactions rather than genuine name-matching to prevent fraud. Europe’s Verification of Payee system has already noted less than 50% of ‘matches’ are accurate and is enhancing its real-time payments system by supporting rich data (up to 4000 characters) to allow for extra verifiers like VAT numbers, making fraud far harder. Australia has a chance to implement this through its New Payments Platform, which uses ISO 20022, the global standard, but financial institutions will only do so if they are compelled or risk bearing financial losses for enabling fraud, scams and crime on their platforms. Right now, scam victims bear this loss.

In addition to financial loss, scam victims face a dispute resolution system that is difficult to navigate, especially for those with limited English. AFCA’s online portal is widely reported as inaccessible, particularly on mobile devices, and lacks clear organisation or user-friendly features. Improving the accessibility of AFCA’s systems and staff communication must be treated as a priority. We urge all scam cases to be presented back to complainants with a clear timeline and understanding of all codes, legislation and crimes that have occurred.

We are concerned that AFCA’s EDR processes have contributed to a culture of minimum reimbursement, reinforcing practices that benefit financial institutions at the expense of victims. SVA welcomes the opportunity to work with AFCA to offer education and training that helps its staff - and those of member firms - better understand the victim experience and improve how scam-related complaints are handled.

2. AFCA Member Firms can help fund trauma-informed counselling as part of EDR in scam cases

Scam prevention measures in Australia currently fail to create any commercial incentive for financial institutions to stop the flow of funds through mule accounts, prevent fraud, or to meaningfully address money laundering - we believe these are key things criminals exploit on Australian payment platforms. While member firms are investing in stronger fraud controls, many FIs still focus on shifting liability onto customers. Furthermore, many complainants are traumatised by their FI treating them as a criminal and then hiding information from them, citing ‘privacy’ and ‘confidentiality’ when the reality is that they are hiding liability.

AFCA member firms are very keen to ensure AFCA’s low reimbursement levels do not become ‘standard banking practice’ that result in reimbursements as low as $500 or $1,000. SVA believes the full legal frameworks of criminal law, banking law and Australian Consumer Law should be invoked to improve EDR outcomes for scam victims.

Modern scams are highly sophisticated. They commonly are orchestrated by transnational crime groups - who also hold legitimate business bank accounts - with willing local money mules recruited openly through Telegram, Facebook, WhatsApp, X and other social media platforms to ‘rent’ their bank account for scams for as little as $50 to $300.

To better support scam victims facing lengthy EDR, we recommend AFCA introduce a $2000 fee for any member firm entering External Dispute Resolution, particularly if crime/no name-matching/less than 10% recovery is a feature of the scam. This fee could fund trauma-informed counselling and support through services such as the Be Unstoppable Foundation, helping victims navigate the emotional and procedural challenges of the AFCA process. Such support is urgently needed in cases like Complaint 12-00-1045764, who still await a determination 20 months after losing $270,000 to a scam involving a NAB mule account. Another Complaint 12-001061026 would similarly benefit, particularly as these complainants’ sending banks are profiting by charging interest on the scammed loss.

 3. Address Information Asymmetry and Crime on Payment Platforms

Under AFCA rule A.2.1(ii), AFCA has a duty to ‘help complainants submit a complaint’ yet in practice does very little to help scam victims:

1. Investigate or understand their scam case.

2. Address the information asymmetry between banks and scam victims.

3. Organise complainants scam documentation into a logical and clear timeline

4. Outline the legislation, code or ‘standard banking practice’ violations in relation to the complainants’ case.

5. Allow complainants to break confidentiality if they choose, and stop member firms gagging complaints that settle with non-disclosure or non-disparagement clauses.

In many cases, AFCA member firms withhold vital information from complainants - for example, in AFCA Case ref: 12-24-120119, the member firm refused to provide CC-TV footage despite several requests. In AFCA Case ref: 12-24-130239, the member firm - who was both the sending and receiving bank - simply had to show AFCA a Jira note that asked its own bank to recover money from the mule account - AFCA failed to ask the bank to make it clear why funds could not be recovered or returned to the complainant. This complainant was effectively robbed by his own bank. His bank offered no public accountability as to why all funds could not be recovered.

Determination 12-24-174973 is a common example of ‘debanking’ disputes that come before AFCA and commonly relate to crypto, scams and fraud. In this case, the complainant was trading crypto and claims fraudsters reported him to his financial institution as part of a fraud he became the victim of. This ‘black box’ problem of Australian payments transfers between member and non-member firms results in substantial misinformation that no ombudsman service could ever hope to resolve in a satisfactory or timely way - only shared information with law enforcement, financial institutions, AFCA and regulators could resolve this. The victim in this case claims losses of more than $150,000.

We believe AFCA often makes preliminary assessments and determinations based on minimal and inadequate information from its member firms. This harm is further amplified when there is no clear understanding of how the scam occurred (e.g. was it an infostealer malware-related attack or does it relate to breached data from large-scale data breaches such as Optus). To redress this, AFCA needs to use its powers and work with regulators to report systemic problems so that:

a. Legislative frameworks can be strengthened 

AFCA must use its legislated mandate to ensure systemic problems and adequate legislative and regulatory frameworks can effectively prevent and resolve scam-related complaints. This includes urgently updating the ePayments Code, strengthening the Scams Protection Framework (SPF), and increasing AFCA’s current compensation cap, which is capped at only half the value of the scam losses it reviews. Without reforming the rules that govern AFCA’s decision-making, meaningful change will remain out of reach, and the system risks becoming further bogged down in its own limitations.

Additionally, the current AFCA complaint process unfairly places the burden on complainants to initiate and substantiate their claims. We propose requiring financial firms to submit the initial statement in scam-related disputes. We further propose AFCA dispute resolution specialists aim to create an objective timeline and summary of a scam complaint and allow complainants full access to all information across the Australian payments system to arrive at an agreed statement of facts.

This would be a fairer, more trauma-informed approach and better reflect the realities faced by victims. It’s also vital that AFCA staff refrain from putting complainants in poor negotiating positions, for example by forcing complainants to outright ‘reject’ offers from member firms - risking $0 reimbursement - as is happening with AFCACase 12-25-191200 as part of the negotiation process where a complainant wants a higher offer from the member firm. AFCA staff also regularly demand that complainants ‘open’ conciliation calls to outline their case (and, remember, most scam victims find this very difficult to do) while senior bank lawyers then demolish the complainant’s case in three quick sentences (because they have intimate knowledge of previous AFCA determinations, banking law and other codes and regulations).

b. Provide a valid, free-of-charge discovery process

In most scam cases, victims unknowingly transfer funds from their financial institution or FI - the “sending bank”  - to what turns out to be a mule account at another AFCA member firm  - the “receiving bank.” Once the money is moved, receiving FI frequently refuses to disclose its onward path, citing privacy and confidentiality rules (and likely internal legal difficulties around FIs indemnifying each other to exchange information). This lack of transparency makes it impossible for victims to understand what happened or to hold parties accountable. We contend AFCA must be able to see beyond this black box to satisfactorily resolve scam disputes.

Bank insiders confirm that FIs can typically trace scam transactions for at least three to five movements beyond the initial receiving account. This "money trail" is essential evidence for accurately assessing complaints and determining liability. Yet, AFCA is often unable to access this information, rendering many of its determinations incomplete or ineffective. SVA contends that modern fraud technologies enable FIs full visibility of the money trail and they must be compelled to share this information with AFCA and complainants.

To address this, AFCA must be empowered to compel both sending and receiving FIs to provide full, transparent evidence of fund flows, including transaction histories, account activity, and fraud monitoring processes. Victims must also be given access to this discovery process at no cost. Expecting them to spend tens of thousands of dollars on court proceedings just to access basic information is deeply unjust and places an unacceptable burden on those already harmed. 

SVA further recommends that  Know Your Customer (KYC) and AML and CTF reporting to AUSTRAC is vital and important documentation that should be provided in AFCA dispute resolution. AFCA  Determination 651819 states “The bank’s AML obligations are not owed to the complainant. AFCA does not, and cannot, review whether the bank met its obligations under AML legislation. This is because the bank owes those obligations to the government, not the complainant. If the bank breached any obligations under AML laws, it would be a matter for the government to pursue”. We believe this is problematic for scam complaints, as these obligations should be owed to scam victims to mitigate the harm and worry they have that their money is funding illicit criminal activity. Given the fast-rise of transnational crime, it should be an urgent Government and AFCA priority to stop the flow of scammed funds to overseas crime organisations.

Offering a valid, free-of-charge discovery process as part of AFCA’s EDR would not only strengthen AFCA’s ability to resolve scam complaints quickly and fairly, but would also demonstrate that FIs are genuinely committed to supporting scam victims and improving accountability across the system.

Case study: O’Brien v Supercheap Security  - demonstrates a clear need for Compelled Discovery, which AFCA could help facilitate

In the case of O’Brien v Supercheap Security, 13 Australian victims collectively lost $1.36 million to a fake AMP term deposit scam. The funds were transferred into a NAB mule account under the name “Supercheap Security.” Public evidence tendered to the Supreme Court of NSW and ABC-TV later revealed that this NAB business account had been compromised before any deposits were made, with login credentials sold to overseas-based scammers. The creator of the muled Supercheap Security NAB account has been held liable to repay victims, but has not repaid one cent. This scammer - Hassan Mehdi - also holds a bank account with Commonwealth Bank, which received the payment for his role creating the fraudulent Supercheap Security account. Hassan Mehdi has not had to answer for any crime, and continues operating a legitimate business under the name Click Security in Melbourne today. 

This case highlights why an AFCA-led free and compulsory discovery process is essential. Without it, scam victims are left powerless, forced to spend tens of thousands in court just to uncover basic facts—while financial institutions avoid liability by spending hundreds of thousands of dollars engaging the best barristers to ensure their role is summarily dismissed from proceedings. Financial institutions also try to force their costs on to victims who take this type of court action. A transparent, no-cost discovery mechanism would have enabled the Supercheap Security victims to access the transaction history, demonstrate systemic bank account transfer failures, and enable redress.

c. AFCA to hold FIs accountable to Customers - not just AUSTRAC - for Duty of Care regarding Money Laundering

Money laundering plays a central role in enabling most modern scams, yet AFCA currently overlooks these associated crimes in its complaint assessments, especially money laundering. Typically, victims transfer funds from their FI - the “sending bank” - to what they believe is a legitimate account in their name at another AFCA member institution - the “receiving bank” - only to discover it’s a mule account under someone else’s name. The stolen money is then quickly “placed and layered” through multiple mule accounts, often passing through payment platforms like Cuscal or Manoova, foreign currency exchanges or cryptocurrency platforms.

Despite this, member FIs routinely withhold critical information about the movement of these funds, citing privacy and confidentiality as justification. This lack of transparency prevents victims from understanding where their money has gone and whether the bank has fulfilled its responsibilities.

SVA understands AFCA will take on a bigger dispute resolution role that will strain its existing capability and expertise:

1. Review of receiving FIs - including investigations into scams from the past six years - will significantly increase its workload.

2. Taking on responsibility for disputes involving telcos, social media platforms, and other sectors will also place substantial demands on AFCA resources.

3. Acting as the adjudicator under the SPF, especially with differentiated security obligations for large versus small FIs, will complicate AFCA’s role and increase case numbers.

With fast-evolving fraud typologies, the number of scam victims is expected to surge dramatically, further overwhelming AFCA. AFCA is likely to be overwhelmed by this influx of cases, without sufficient capacity to train staff or scale operations effectively. Current caseload limits versus future demands need urgent review. Victims are already being charged interest payments on cases that take more than a year to resolve, as is happening in AFCA Cases 1061026 and 12-00-1045764.

To address this, the burden of proof and evidence collection should urgently shift to the FIs. When a scam complaint is lodged, both the sending and receiving FIs should be automatically required to provide a standard set of information. This reversal of onus would streamline processes, reduce AFCA’s caseload, and ensure faster, fairer outcomes for victims who are currently disproportionately held to blame.

d. Assess Scam Cases Differently

AFCA acknowledges that scam complaints are fundamentally different from other types of disputes, such as insurance claims, where parties typically cooperate and willingly share information. In contrast, obtaining information from member organisations in scam cases is often extremely difficult - like pulling teeth - hindering fair and timely resolution. Therefore, AFCA must adopt a tailored approach that reflects the unique challenges of scam disputes, including stronger powers to compel evidence and a more victim-centered process.

e. Allow Complainants To Choose Whether To Keep Their Complaint Confidential Or Not

SVA fundamentally believes EDR should be a confidential process to protect complainants, but when injustice prevails, a complainant’s only hope is to invoke their right to publicly discuss their case. The common practice of member firms gagging complainants with non-disclosure agreements and non-disparagement clauses must end. ‘Sunlight is the best disinfectant’ and transparency could enable scam complaints to “self-solve” without the extreme harm or resource-intensive management of AFCA staff intervention. 

4. AFCA should hold banks accountable to customers - not just AUSTRAC - for their duty of care regarding money laundering

Money laundering plays a central role in enabling most modern scams, yet AFCA currently overlooks these associated crimes in its complaint assessments, especially money laundering. Typically, victims transfer funds from their bank - the “sending bank” - to what they believe is a legitimate account at another AFCA member institution - the “receiving bank” - only to discover it’s a mule account under someone else’s name. The stolen money is then quickly “placed and layered” through multiple mule accounts, often passing through foreign currency exchanges or cryptocurrency platforms.

Despite this, member banks routinely withhold critical information about the movement of these funds, citing privacy and confidentiality as justification. This lack of transparency prevents victims from understanding where their money has gone and whether the bank has fulfilled its responsibilities.

This transparency would offer victims peace of mind that their loss has not contributed to further criminal activity beyond the immediate financial damage. AFCA must extend banks’ duty of care to customers in matters of money laundering to ensure accountability and justice.