June 18 (Reuters) – HSBC’s Australia unit has admitted to serious failures in protecting customers from scams and could face an A$35 million ($24.59 million) penalty pending court approval, Australia’s corporate regulator said on Thursday.
The Australian Securities and Investments Commission (ASIC) and HSBC will jointly seek the Federal Court’s approval of the proposed penalty.
The ASIC said its investigation found that HSBC failed to maintain adequate controls over its internal transfer systems between May 2023 and May 2024, exposing customers to a heightened risk of unauthorised transactions.
The bank was also aware as early as May 2021 of a growing threat from impersonation scams in which fraudsters posed as HSBC representatives, ASIC said.
“This is one of the first cases of its kind globally and sends a clear message that protecting customers from scams is a core responsibility of banks,” ASIC Chair Sarah Court said.
The regulator added HSBC breached its financial services licence obligations by failing to adequately prevent scams and by taking an average of 144 days to investigate customer reports.
The bank also had insufficient systems to help customers regain access to accounts that had been locked after scam incidents, ASIC said.
“(We) have reached an agreement to resolve the proceedings with ASIC, which recognises our customer redress program and the significant enhancements made to our fraud and scam prevention, detection and response,” an HSBC spokesperson said in an emailed response to Reuters.
The proposed settlement remains subject to approval by the Federal Court, which will determine whether the penalty and other orders are appropriate.
($1 = 1.4235 Australian dollars)
(Reporting by Anjali Singh, additional reporting by Rajasik Mukherjee in Bengaluru; Editing by Subhranshu Sahu and Rashmi Aich)
Comments