HSBC Australia Sued by ASIC for Alleged Lapses in Protecting Customers from Scams

The Australian Securities and Investments Commission (ASIC) has accused HSBC Australia of failing to have adequate controls to prevent and detect unauthorized payments, leaving customers vulnerable to scams that have resulted in millions of dollars in losses. The company has also been accused of not fulfilling its obligations to investigate customer reports of unauthorized transactions within required timeframes and to promptly reinstate banking services.

ASIC alleges that there was a significant increase in reports of unauthorized transactions by HSBC Australia customers from mid-2023, often occurring after scammers impersonated the company’s staff to gain access to customers’ accounts. Between January 2020 and August 2024, HSBC received approximately 950 reports of unauthorized transactions, leading to customer losses of about $23 million. Notably, nearly $16 million of these losses occurred in just six months from October 2023 to March 2024.

ASIC Deputy Chair Sarah Court said, “We allege that from at least January 2023, HSBC Australia was aware of the risks of unauthorized transactions occurring and that there were gaps in their fraud controls. This resulted in some customers getting scammed out of $90,000 or more.”

ASIC further claimed that HSBC Australia failed its customers by taking an average of 145 days to investigate reports of scams and an average of 95 days to restore full access to accounts. In one extreme case, a customer did not have full access restored for 542 days.

“We know scammers are constantly looking for new ways to exploit people. Customers can lose their life savings in an instant. Scammers do not discriminate,” Ms Court said, adding, “All banks need to pull their weight in the fight against scams. We will not hesitate to take court action where we consider banks fail to comply with their obligations to protect their customers.”