From Reactive to Proactive: What the Scams Prevention Framework signals about Australia’s Regulatory Future

In a world-first move, Australian Parliament passed the Scam Prevention Framework Act 2025 (Scams Act) on 25 February 2025 - a landmark piece of legislation designed to make Australia the hardest target for scammers. 

The Scams Act operates by way of a new section in the Australian Consumer Law – aligning the new scam preventions with existing consumer protection mechanisms. 

There are two main reasons why you need to understand what this legislation means: 

1. If your business is a “regulated entity” – with new mandatory reporting obligations (i.e. to take ‘reasonable steps’ to report, disrupt and respond to scams and attempted scams in your business)?
2. If your business is not regulated by the new Scams Act, what protections are in place to safeguard you (or your small business) as a consumer of the digital economy?

State of play: why was this law needed?

In the first five months of 2025, the National Anti-Scam Centre (NASC) published an astounding figures, including that Australians reported losses of approximately $119 million due to approximately 72,000 scams. Of these figures, Western Australians, alone, reported over 7,000 scams amounting to losses of $17 million!

And while the monetary losses are staggering, so is the significant emotional and psychological toll suffered by victims of scammers.

Current protections against scams have been inconsistent and patchy, with industry initiatives lacking a coordinated cross-sector approach. Some sectors, like telecommunications, introduced their own mandatory industry codes (Reducing Scam Calls and Scam Short Messages) with enforcement by the Australian Communications and Media Authority (ACMA). 

Other industries have taken minimal voluntary steps, with little to no enforcement or consequences.

Several banks, telcos, and digital platforms participate in the AFCX - a voluntary, industry-led platform for sharing information on suspicious transactions. In 2023, it expanded to include a Fraud Reporting Exchange, enabling near real-time alerts to help stop scam-related transactions. However, because it's not backed by legislation, participants have faced legal barriers when sharing personal information, and its reach is limited to those who choose to join and invest in the system. 

For some time, the NASC has been urging businesses to take a more active role in combating scams. The NASC have emphasised the importance of cross-sector collaboration, including data sharing and joint initiatives, to effectively disrupt scam activities before they reach consumers. Businesses are encouraged to partner with NASC by sharing intelligence and participating in coordinated efforts to protect consumers from increasingly sophisticated scams. This can be done by reporting a scam to NASC’s ScamWatch service here.

Legislative backing: Scams Framework

The current voluntary piece meal approach has proven inconsistent and slow relative to the sharp increase in scam activity. The government’s response is the Scams Act and the Scam Prevention Framework (Framework). 

The Framework, initially applying to banks, telecommunications providers and certain digital platforms, is a coordinated, enforceable approach that requires regulated entities to proactively detect, prevent, disrupt, and report scam activity that occurs on or through their services.

The operational work of the NASC is being further bolstered by the Framework. By adopting a whole-of-ecosystem approach, the Framework requires regulated entities to take proactive steps to prevent, detect, disrupt and respond to scams in accordance with the following over-arching principles:

Building on these principles, the Australian Government has pledged to introduce sector-specific codes that will impose tailored obligations designed to address the distinct risks associated with each industry.

No empty threats

Both critics and supporters of the new law have noted the significance of its multi-regulator approach: the ACCC will oversee enforcement of the Scams Framework, while ASIC and ACMA will be responsible for administering sector-specific codes.

Importantly, the Scams Act enables consumers to seek compensation where businesses have not met their obligations, and a consumer has suffered a loss as a result. Clear and accessible pathways will be available for consumers to report scams or lodge complaints with the relevant business.

Suffice to say, the Framework is reflective of the Government’s attitude of toughing Australia’s stance against scams. Failure to adhere to will expose regulated entities to significant fines of up to $50 million.

Investigation report and direction to comply – VoiceHub Pty Ltd

While the Scams Framework has been introduced to create a more cohesive and cross-sector approach, industry specific requirements remain critical, and can be enforceable. 

As previously mentioned, the telecommunications industry is already governed by a mandatory code - the “Reducing Scam Calls and Scam Short Messages” (Telco Code) - developed under the Telecommunications Act 1997. For the telecommunications sector, the Scams Framework and the Telco Code share common goals and have been designed to complement each other. 

The Telco Code sets out specific and enforceable obligations for telecommunications providers to detect and block scam calls and text messages. 

In fact, in May 2025, the ACMA concluded an investigation into VoiceHub Pty Ltd (VoiceHub), a telecommunications provider, which revealed multiple breaches of the Telco Code. As a consequence, amongst other things, ACMA found VoiceHub:

• failed to take the required timely action to block confirmed scam calls on its network;
• did not adequately share information about the origin and transit path of confirmed scam calls with the ACMA;
• failed to submit mandatory quarterly reports detailing the number of scam calls and SMS it had blocked from July 2022 to June 2024.

ACMA issued a formal direction to VoiceHub to comply with the Telco Code, in which a failure to comply could result in penalties of up to $250,000. This enforcement further underscores the Australian Government’s expectation that telecommunications providers must actively participating in scam prevention measures, including taking prompt action against scam communications and continuous adherence to reporting and information-sharing obligations. 

Why should non-regulated businesses care?

Even if your business is not regulated by the Scams Framework (yet), the Scams Framework is a game changer for the entire business community. 

Here is why: 

1. More sectors may be regulated in future: The Framework is designed to be expanded. If your business model creates a channel scammers could exploit - whether through messaging, financial services, online marketplaces, advertising, e-commerce, or customer accounts - you may be next.[ET1]
2. Market expectations are shifting: Consumers will start expecting businesses to take visible steps to protect them from scams. The Australian Government is no longer tolerant of businesses that fail to protect customers from scams - especially when those scams involve impersonation, data leaks, or compromised transactions.
3. Taking action now is a strategic opportunity: Early action on scams is not just risk management – it is a chance to lead. Businesses that voluntarily adopt scam prevention measures will be better positioned to earn and keep consumer trust, differentiate themselves from lagging competitors and avoid downstream liability if scams do occur. You don’t need to wait for a legal obligation to be proactive.

Ultimately, the era of passive scam response is over. Under both regulatory pressure and legislative obligation, regulated businesses must now actively detect, prevent and disrupt scammers - or risk severe reputational and financial consequences. 

Beyond industries regulated by the Framework, all businesses have the opportunity to prevent scams and operate responsibility in the digital age.  So, whether you are required to step up (as a regulated entity) or you see value in voluntarily taking part in the scam prevention ecosystem – contact us for practical commercial advice. 

----

 [ET1]The government has flagged other sectors - I mentioned in my power point notes - I think superannuation was one?