Behind every scam that robs Australians blind is a system that protects the banks, ignores the victims and enables the crime, writes Dr Kim Sawyer.
SCAMS ARE the perfect crime, at least in Australia. It is only when you are the subject of a large scam that you begin to understand the unaccountability of scammers and their accessories.
The structure of an authorised push payment (APP) scam is like a pyramid in a mafia company. At the top is the scam centre, criminals who mastermind the scam, one stage below the middleman who sets up a company for money laundering. And at the bottom are the mules paid for the use of their accounts for money laundering.
Scam centres are everywhere: Moscow, Tel Aviv, Karachi, but particularly in Southeast Asia. A UN News investigation last year found that scam farms are proliferating in the region. A Philippines scam farm shut down by authorities in March 2024 was found to have housed 700 workers fenced off from the outside world, according to Benedikt Hofmann from the UN agency to combat drugs and crime.
Hoffman commented:
“All their daily necessities are met. There are restaurants, dormitories, barbershops and even a karaoke bar. So, people don’t actually have to leave and can stay here for months. Escaping was a near-impossible task and came at a hefty price. Some have been tortured and been subjected to unimaginable violence on a daily basis as punishment for wanting to leave or for failing to reach their daily quota in terms of money scammed from victims.”
Australia has been a soft target due to retirees with superannuation. Australia has also been a soft target because regulators were too slow to act and banks were unwilling to share liability. All that the international crime syndicates needed were middlemen within Australia to set up companies to launder the money and mules with accounts to be used for money laundering, and a system that protected them.
Middlemen sometimes have a criminal history, yet can set up a company without ASIC checking the history, just as mules set up accounts without identity checks. In the scam to which we were subjected, the company was set up a week before and the mule accounts soon after. When we last checked, the money laundering company had still not been deregistered by ASIC.
Mules are often destitute; sometimes they are international students about to leave the country, sometimes they are prisoners. Mules are paid hundreds of dollars for the use of their accounts. Fraud detection company BioCatch estimates 2 million mule accounts globally, but it is the tip of a large, unreported iceberg. Money laundering is one of the world’s biggest industries.
Victims of large scams in Australia submit a report to the Australian Cyber Security Centre. The matter is then referred to the state police, who are often underresourced and underfunded. The police are restricted to prosecuting the mules, not the principals higher up in the pyramid.
Only the mules are subject to prosecution; most often, they don’t attend court and if they do, they are given a community service order. The police understand the problem better than most.
Transactions in an APP scam have four steps:
- mule accounts are established;
- the victim releases funds from their accounts;
- the funds are transferred to mule accounts instead of accounts the victim specifies; and
- the money is laundered from the mule accounts.
Each of the steps is essential to the scam; remove any of the steps and the scam will collapse. The liability for a scam depends on the liability for each step, so why should the victims be liable for the mule accounts and the money laundering for which they have no knowledge?
Logically, banks that allow mule accounts and money laundering should have some liability. But not in Australia, where victims are held liable for mule accounts and money laundering. Logically, banks should be reimbursing a minimum of 50%.
In the second half of 2023, the Australian Financial Complaints Authority (AFCA) received complaints from 17 victims with losses exceeding $1 million. They were reimbursed nothing. The reimbursement rate in Australia for APP scams is less than 5%, far below that of UK and U.S. large banks, where reimbursement averages 75%.
The Scam Prevention Framework (SPF) legislated by the Government before the recent election is silent on the issue of reimbursement. The Government has consistently opposed reimbursement, or any formula for reimbursement. Reimbursement is at the discretion of the banks and the banks can discriminate as they choose.
The banks have captured the regulators. In 2020 and 2022, the Australian Consumer and Competition Commission (ACCC) recommended that a Confirmation of Payee system be adopted, which would have stopped many transfers to mule accounts. The system was not adopted because the Australian Banking Association (ABA) lobbied politicians not to adopt it, at great cost to the scam victims in the last five years.
There were other regulatory failures. ASIC has allowed companies that engage in money laundering to be established without checks on the history of the company or its principals. ASIC administers the ePayments Code for regulating electronic payments. The code is a voluntary code of practice to which banks subscribe, has been valid since June 2022 and is used to determine the liability in scams, yet the 42-page code mentions scams just once.
In its review of the ePayments Code in 2022, ASIC acknowledged that the ePayments Code was not intended to cover scams. Scam victims were not surprised by the findings of a 2024 Senate Committee that recommended that the Australian Government should recognise that ASIC has comprehensively failed to fulfil its regulatory remit.
The regulatory failure does not end there. The Anti-Money Laundering Act of 2006 requires AUSTRAC to prosecute banks for not monitoring money laundering. In 2018, the Commonwealth Bank of Australia (CBA) was penalised $700 million for serious breaches of anti-money laundering laws because it did not monitor effectively over 50,000 transactions.
In 2020, Westpac was fined $1.3 billion for breaching the laws, with an admission that it had failed to properly report over 19.6 million international transfers amounting to over $11 billion. In both cases, there was no specific proof of money laundering, yet in APP scams, where there is proof of money laundering, AUSTRAC will not prosecute and the police cannot prosecute.
With few exceptions, politicians have decided that the banks are too big to fail; that they are to be protected at all costs; and that the bank shareholders and institutions have the highest priority. Banks are accessories in financial crime, but unlike other accessories, they are being protected.
A mule cannot be a mule without a bank. A company cannot be a company without ASIC. Money laundering may not occur so often if AUSTRAC prosecuted specific money laundering. The Government is the regulator. The Government should regulate.
Dr Kim Sawyer is a senior fellow in the School of Historical and Philosophical Studies at the University of Melbourne.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Australia License
Support independent journalism Subscribe to IA.
Related Articles
- Why new scam laws might actually bite
- Australian victims on their own in 'honey pot' for scammers
- Pillow scams, AI and the Russians
