Stephen Jones (Whitlam, Australian Labor Party, Assistant Treasurer) Share this | Hansard source

I thank the member for Petrie and the shadow minister for what I took to be his qualified good wishes, and I thank him for the indication of broad support for the legislation. I'll address some of the issues that he's raised. It's not uncommon in matters such as this and, in fact, not uncommon in the structure of Australian competition and consumer law, where broad principles with penalties and obligations are established in the primary law and subsidiary instruments fill out some of the details, and that's the way we have approached this task in this legislation. There will be an obligation, a principal obligation to prevent, detect, disrupt and ensure that consumers are protected and that scam threats across the infrastructure of banks, telecommunications companies and social media companies are lifted up to ensure it protects their consumers.

We are asked why so much of the force of those principles will be filled out in industry codes. The answer is simple. There are two reasons. The first is that the things that will be required of a social media company will be different from those required of a telecommunications company and different from what we'll require of a bank. There will be commonality—there's no doubt about that—but there will be different obligations based on the technology inherent in the platforms we are approaching. That is the first reason. The second reason is the need to move and change and to change rapidly over time. As threats across those vectors change, and change rapidly, with the best will in the world, two houses of parliament are not necessarily going to be the way to enable us to nimbly respond to those sorts of threats, which is why a subsidiary delegated legislation, the mandatory codes, is the best means on which to deal with that—to give us flexibility to move quickly as and when we need. Of course, there is still the regular parliamentary scrutiny available to all members and, in particular, senators in relation to disallowable instruments.

I am asked by the honourable member if work has started on the code. Of course, there have been initial discussions with industry both between my office and Treasury officials. That's not the same as drafting the codes, but that doesn't mean no work has been done. For example, as members have alluded to in this debate, the banking sector is well advanced. They have the Scam-Safe Accord, which has been in operation for close to 18 months. The telecommunications industry has a statutory code of practice in place. The social media platforms are not currently brought within an enforceable code framework, but this bill will change that.

The other point—and it's a matter of great frustration as a minister in this place—is that there is fierce competition for the resources of the Public Service. Because there are scarce resources and unlimited demands upon them, the department won't start work on drafting the codes until they know there's going to be a bill through the parliament to ensure that they are enforceable.

In terms of the regulatory compliance costs, I've got to say to the honourable member that I've had this raised with me a lot of times. The simple answer to, 'How was this data put together?' is that there was a consultation process from Treasury with all those sectors that are likely to be designated. The question put to them was, 'What is the uplift cost likely to be?' The numbers in the regulatory impact statement reflect what was told to us by the banks, the telcos and the social media platforms. Can I say in relation to that that it's about the additionality—what additional resources are any of these institutions going to have to put in place to comply with the measures within this code? That might raise suspicions in the minds of some, but can I simply make this point: any one of the major banks has probably got more resources dedicated to this particular task today than the entirety of the Commonwealth government. Any one of the banks will have, in their criminal fraud and financial crimes protection sections, more resources dedicated to this task. And so they should, because it's customers' money at stake. Hopefully, that explains some of that. I'm advised, and on the basis of that information I inform the House, that the regulatory impact statement, through the Office of Impact Analysis, complies with all the obligations.

See this speech in context