Banks knew their systems were flawed but refused to act, leaving scam victims to bear the cost, writes DrKim Sawyer.

ON 12 MARCH 2024, former Assistant TreasurerStephen Jonesgave aninterviewon scams.

Jones expressed what many scam victims have expressed:

In the same interview, Jones reflected on the failure of banks to adopt confirmation of payee.

The Minister highlighted what scam victims have been saying for the last two years: that the failure to roll out confirmation of payee was a major flaw in banks' online systems. The banks knew of its importance. They knew what scam victims have come to understand.

As scam losses in Australia reach $8 billion, pressure mounts on the Government to hold banks accountable and launch a fresh royal commission.

Authorised push payment (APP) scams had been identified nearly ten years earlier in Europe. APP scammers induce bank customers to transfer money from their accounts to mule accounts for laundering. There was a simple remedy, confirmation of payee, where the customer sees the name on the payees accounts to which they are transferring their money.

Confirmation of payee hadreduced fraudin the Netherlands by 81 per cent and in the UK by 35 per cent, and had become mandatory in the UK in March 2020. It was recommended by theAustralian Competition and Consumer Commission (ACCC) in 2020 and 2022 and suggested by theAustralian Securities and Investments Commission (ASIC) as early as 2011.

However, the banks were resistant. They failed to act in the best interests of their customers. They exposed customers to risk. Their failure led to hundreds of thousands of Australians scammed, billions of dollars lost.

Confirmation of payee is now being rolled out at a cost of only $100 million to all the banks, when combined bank profits exceed $40 billion. But it could have been done five years ago. Banks were forcing customers to go online when they knew they had a fault in their systems. Banks were exposing customers to unnecessary risk.

Let us return to the words liability should apply but it should be where responsibility lies. When a car manufacturer recognises that there is a fault in one of their models, there is a recall. They recognise that they are liable. In 2024, Hondarecalled 16,000 carsciting a potential fault with the vehicle's electronic power steering system. They recognised that they were at fault. The one who is responsible is the one who is liable; the one liable is the one who should pay.

If banks are responsible for a fault, they are liable and, if liable, they should reimburse victims. However, they are not reimbursing victims; they are allowed to deny liability for a fault they knew to be a fault, that the ACCC knew to be a fault, that the Government knew to be a fault. They are also allowed to deny liability for not monitoring laundering from mule accounts.

What many have not appreciated is that the scam problem that emerged in the last five years in Australia is analogous to theBritish Post Office scandal. The Post Office was found liable for installing the faultyHorizon system, both contractually and through its abusive actions.

Behind every scam that robs Australians blind is a system that protects the banks, ignores the victims and enables the crime.

A 2019 High Court ruling confirmed that the Horizon IT system had bugs, errors and defects that caused financial shortfalls wrongly blamed on sub-postmasters. The court determined the Post Office had imposed an unreasonable burden of liability on sub-postmasters, ruined lives and covered up the system's problems. The Post Office was at fault and was deemed liable.

The scam problem is analogous, but most do not understand. The banks had a fault in their systems, knew of the fault, knew it would mean that many customers would lose money as they had in Europe before confirmation of payee and knew customers could not mitigate the risk, yet resisted introducing confirmation of payee until 2025, at minimal cost to the banks. And the Government allowed them.

The Government has allowed banks to deny their liability and to shift liability onto the victims. The Government knew of the fault in 2022 but gave in to theAustralian Banking Associationrather than listen to the advice of the ACCC in 2020 and 2022, and the best practice overseas. The Government failed to regulate what should have been regulated.

That failure justifies a second royal commission.

In delivering hisfinal reportin April 2019, Royal Commissioner JusticeKenneth Hayneobserved that:

Justice Hayne observed that banks are the central artery of the economy. Everyone wants the banks to be strong; everyone also wants the banks to protect customers from unnecessary risk.

Scam victims are being compelled to pursue legal processes at great cost and risk to themselves, an uneven contest of the powerless against the powerful. A royal commission is like a discovery process where misconduct is exposed and not rewarded; where faults are revealed. A royal commission would be vindication that the victims were not the only ones to blame.

DrKim Sawyeris a retired Associate Professor,University of Melbourne.

Related Articles

• Calls grow for new banking royal commission amid $8 billion scam losses
• Banks, mules and government fools let scammers run free in Australia
• Why new scam laws might actually bite
• Australian victims on their own in 'honey pot' for scammers
• Pillow scams, AI and the Russians