Luke Howarth (Petrie, Liberal Party, Shadow Assistant Treasurer) Share this | Link to this | Hansard source

I rise to speak in consideration in detail. The coalition supports the actions of the government when it comes to preventing scams. We feel that it is very important legislation, so I have some questions for the minister regarding the Scams Prevention Framework Bill 2024. I know that this is an important bill for the minister, and I want to acknowledge the work that the minister and his staff have done. With his recent announcement about finishing up at the next election, I would—through you, Mr Speaker—just say to the minister: well done; we wish you well, and thank you for the work that you've done for Australians. We'll give you more time to speak on this, because we know that you love it and that you want lots of questions, so we've got a fair few questions to ask you.

There are some concerns that have been raised about whether the bill will achieve its objectives for consumers. It has been described by some as a bit rushed, complex and unclear, and stacked against consumers. Through you, Mr Speaker: Minister, this framework relies heavily on leaving matters to be determined in future delegated legislation, which has not been made available or consulted upon alongside this bill. These include sector designation instruments, mandatory sector codes and other operational rules and guidelines.

First, given that significant matters, including the prescriptive obligations in the codes, will be in this delegated legislation, why has it not been made publicly available alongside the bill? Second, have these instruments been developed or drafted already? Third, if not, why has this work, which is the substance and scope of the framework, not been done after 31 months of the Albanese government? Fourth, is this work being actively progressed by your department, and when will it be consulted on? I note that this policy work can be progressed and consulted on before the bill passes. Fifth, why are stakeholders and the parliament being expected to pass the bill through this enabling legislation when so much of the detail is not yet available?

They're the initial questions. I also have some questions on regulation. The regulation impact analysis for this bill, which was tabled as part of the explanatory memorandum, uses costing assumptions that appear to significantly understate the regulatory compliance costs. For example, it makes assumptions, including 1.1 full-time equivalent staff required for a major bank to uplift anti-scam activity and governments' improvements; a $40,000 initial technology investment required for a major bank to comply with the info-sharing and reporting obligations and $20,000 ongoing; a $40,000 initial investment in staff for a COBA member bank to administer anti-scam activity and governments' improvements and $10,000 ongoing; and a $100,000 initial investment for a major telco to uplift anti-scam activity in governments and $50,000 ongoing.

Minister, you have said this framework will not be the bare minimum. Can you explain how that statement is compatible with the costing assumptions? Do you stand by the findings of the regulation impact analysis conducted? And has this regulation impact analysis been signed off as compliant by the Office of Impact Analysis? Minister, if you agree that the costings require correction, will you ask the department to do further consultation to get it right and then table a replacement explanatory memorandum?

Stephen Jones (Whitlam, Australian Labor Party, Assistant Treasurer) Share this | Link to this | Hansard source

I thank the member for Petrie and the shadow minister for what I took to be his qualified good wishes, and I thank him for the indication of broad support for the legislation. I'll address some of the issues that he's raised. It's not uncommon in matters such as this and, in fact, not uncommon in the structure of Australian competition and consumer law, where broad principles with penalties and obligations are established in the primary law and subsidiary instruments fill out some of the details, and that's the way we have approached this task in this legislation. There will be an obligation, a principal obligation to prevent, detect, disrupt and ensure that consumers are protected and that scam threats across the infrastructure of banks, telecommunications companies and social media companies are lifted up to ensure it protects their consumers.

We are asked why so much of the force of those principles will be filled out in industry codes. The answer is simple. There are two reasons. The first is that the things that will be required of a social media company will be different from those required of a telecommunications company and different from what we'll require of a bank. There will be commonality—there's no doubt about that—but there will be different obligations based on the technology inherent in the platforms we are approaching. That is the first reason. The second reason is the need to move and change and to change rapidly over time. As threats across those vectors change, and change rapidly, with the best will in the world, two houses of parliament are not necessarily going to be the way to enable us to nimbly respond to those sorts of threats, which is why a subsidiary delegated legislation, the mandatory codes, is the best means on which to deal with that—to give us flexibility to move quickly as and when we need. Of course, there is still the regular parliamentary scrutiny available to all members and, in particular, senators in relation to disallowable instruments.

I am asked by the honourable member if work has started on the code. Of course, there have been initial discussions with industry both between my office and Treasury officials. That's not the same as drafting the codes, but that doesn't mean no work has been done. For example, as members have alluded to in this debate, the banking sector is well advanced. They have the Scam-Safe Accord, which has been in operation for close to 18 months. The telecommunications industry has a statutory code of practice in place. The social media platforms are not currently brought within an enforceable code framework, but this bill will change that.

The other point—and it's a matter of great frustration as a minister in this place—is that there is fierce competition for the resources of the Public Service. Because there are scarce resources and unlimited demands upon them, the department won't start work on drafting the codes until they know there's going to be a bill through the parliament to ensure that they are enforceable.

In terms of the regulatory compliance costs, I've got to say to the honourable member that I've had this raised with me a lot of times. The simple answer to, 'How was this data put together?' is that there was a consultation process from Treasury with all those sectors that are likely to be designated. The question put to them was, 'What is the uplift cost likely to be?' The numbers in the regulatory impact statement reflect what was told to us by the banks, the telcos and the social media platforms. Can I say in relation to that that it's about the additionality—what additional resources are any of these institutions going to have to put in place to comply with the measures within this code? That might raise suspicions in the minds of some, but can I simply make this point: any one of the major banks has probably got more resources dedicated to this particular task today than the entirety of the Commonwealth government. Any one of the banks will have, in their criminal fraud and financial crimes protection sections, more resources dedicated to this task. And so they should, because it's customers' money at stake. Hopefully, that explains some of that. I'm advised, and on the basis of that information I inform the House, that the regulatory impact statement, through the Office of Impact Analysis, complies with all the obligations.

Luke Howarth (Petrie, Liberal Party, Shadow Assistant Treasurer) Share this | Link to this | Hansard source

I have just a few more questions for the minister, and I thank him for his answers. Feedback from both industry and consumer advocates on the draft bill pointed to the complexity arising from the lack of clear liability rules and an apportionment mechanism for situations where multiple entities across different sectors are involved in a scam. How have these concerns been addressed in the final bill? Will AFCA have carte blanche to make decisions on apportionment of liability for each regulated entity? If regulated entities disagree with an apportionment decision, will they be able to litigate to overturn that decision? Do you anticipate these disputes will delay consumer redress? Have you estimated the potential costs and delays arising from litigation relating to these disputes, including for scam victims?

In addition, I note that the Competition and Consumer Act, at section 51AE, already has a regulation-making power for the minister to prescribe enforceable mandatory codes to provide a set of rules or minimum standards for an industry, including the relationship between industry participants and their customers. Was it open to the government to use this existing power to make codes without having to enact new primary legislation? Could using the existing code-making power have meant mandatory codes were developed and made earlier than the 31 months and counting of the Albanese government that we have been waiting for the Scams Prevention Code? If it was open to the minister, why did you choose to delay action on scams by coming up with a much more complex approach? This is an approach which has been criticised by most stakeholders, who have asked for this framework to be focused on the codes. Did you choose this approach so that you could draw this out and have another announcement?

You have previously mentioned that you had difficulty getting legislation drafted. We are still waiting for these industry codes. When would we see these draft codes now? I do note you just addressed that—you're saying the department wouldn't start until this legislation was done—but how long would you expect the draft codes to take from here?

I have some questions about concerns raised about the draft bill and how they've been addressed in this final bill. I make the point again that the government took a long time to come up with this and then ran a shortened three-week consultation period on the draft legislation. This bill was then turned around for introduction just four weeks later, with little of the consultation feedback incorporated as a result. It is important legislation that will impact all Australians. These aren't minor amendments that should be rammed through without scrutiny and without the bare minimum of consultation. Most regulated sector stakeholders, including the ABA and the Communications Alliance, have raised concerns about the double liability issues that arise as a result of the private right of action set out in section 58 of the bill.

Given the whole-of-ecosystem external dispute resolution and the substantial civil penalties, is this additional private right of action necessary? Does the minister anticipate it will be useful or accessible for individual consumers? Many stakeholders, including the Customer Owned Banking Association, have raised concerns about the breadth of actual scam intelligence that might need to be reported and the regulatory burden that this would create. COBA have said: 'The sheer volume of data and information being contemplated by this definition means that what is expected from the obligations may not be reasonably achievable.' So have any changes been made to the final bill to address these concerns? If so, what are these? How will the burden of this data reporting be minimised?

Stephen Jones (Whitlam, Australian Labor Party, Assistant Treasurer) Share this | Link to this | Hansard source

I note that the questions that have been asked by the shadow minister are in almost identical form to the issues that have been raised in the Senate legislative inquiry and have been answered in the report on that inquiry, and I refer the minister to the answers contained there within.

Andrew Wilkie (Clark, Independent) Share this | Link to this | Hansard source

WILKIE () (): Can the minister please explain to my community and the thousands of Australians across the country who are targeted by scammers each year exactly why the government won't rebalance the power in scam compensation and is choosing instead not to impose a UK style presumption of reimbursement by banks and other responsible parties?

Stephen Jones (Whitlam, Australian Labor Party, Assistant Treasurer) Share this | Link to this | Hansard source

I thank the member for his question, and I addressed some of the issues related to this in my address-in-reply. Can I simply say this: we believe in attaching liability to fault. It's a fairly rudimentary process, known well to any lawyer in this place. If you're at fault, then you should be liable for the damages or other harm associated with that fault. The problem we have at the moment is there is no standard to which people are held accountable. There's no standard for banks, no standard for telcos and no standard for social media platforms. That changes when this bill is enacted.

I'm asked why we haven't gone down the UK approach. The answer, quite simply, is we do not think it will work, because it is not focused on preventing scams and it has nothing to say about the major vector of scams, which is social media platforms. It beggars belief—I gave some examples here in my address-in-reply—that we should hold the Broken Hill building society, a mutual bank, accountable for a Facebook puppy scam that the members of that bank and the owners of that bank could have no knowledge of or no control over. We would hold the members of that bank accountable for the losses of that Facebook puppy scam, yet the biggest company in the world—or one of the biggest companies in the world—which actually made money out of advertising that scam, is not held liable. That just beggars belief in my mind. I understand why there is a simple attraction to it, but when you dig down into what we are trying to do here—that is, to prevent the scam in the first place—we believe that our approach is the better approach. I think the proof in the pudding of this is that our scam losses are dropping quicker than those in the UK, and there is intense interest from the United Kingdom and other countries around the world in the approach that the Australian government is taking because they think it is a stronger framework.

Andrew Wilkie (Clark, Independent) Share this | Link to this | Hansard source

Following up on my earlier question, I simply asked the minister: does he concede that, in recent years, it has not been uncommon for that fault to have been attributed quite reasonably to different financial institutions who have not taken reasonable steps to protect customers and have failed to intervene when transactions have been patently out of order?

Stephen Jones (Whitlam, Australian Labor Party, Assistant Treasurer) Share this | Link to this | Hansard source

I can think of one example where that was the case at scale, and that was the UBS scam. It affected members of my electorate; I assume it affected his as well. There was an agreement between the bank in that instance and the plaintiffs before the Australian Financial Complaints Authority that those were unauthorised transactions. Therefore, the rights and responsibilities that are available under the ePayments Code were enacted, and compensation under the ePayments Code was available. The problem with the vast majority of scams is that they are authorised transactions, so the ePayments Code is not enlivened. It's why we need the new obligations that will be established by these laws to hold banks and others accountable to a standard and liable when they don't meet it.

Luke Howarth (Petrie, Liberal Party, Shadow Assistant Treasurer) Share this | Link to this | Hansard source

I have a few final questions. This is the minister's bill, so I'm giving him plenty of opportunity to talk on it, and I appreciate what he's done. Stakeholders have raised concerns about the significant civil penalties that apply in relation to the framework. Can the minister outline how the penalty regime will operate? What are tier 1 and tier 2 penalties? What are the maximum penalties? How will a civil penalty be determined using the various calculation methods? Does the minister think the maximum civil penalties are proportionate? Has the minister considered stakeholder recommendations that civil penalties only apply to serious or systematic breaches? What are the other consequences for a breach? What other enforcement tools are available to the ACCC? How will the Scams Prevention Framework and external dispute resolution interact with the existing ePayments Code rules in relation to unauthorised payments? Which code will have priority? What will the transitional period be for compliance and being subject to a civil penalty once a sector designation is made? Will there be a time limit for making a complaint to AFCA?

Stephen Jones (Whitlam, Australian Labor Party, Assistant Treasurer) Share this | Link to this | Hansard source

I again refer the member to the details within the explanatory memorandum, which answers many of these questions, together with the government response to the Senate legislative inquiry. The regulator will have the powers that the regulator has under the competition and consumer laws. It is not the role of parliament to determine what the penalty will be—that's the role of a court. It's the role of parliament to determine what the maximum penalty may be for a breach under these laws, and that is the normal course of events in these things.

Zali Steggall (Warringah, Independent) Share this | Link to this | Hansard source

by leave—I move amendments (1) and (2), as circulated in my name, together:

(1) Schedule 1, item 1, page 28 (before line 4), before the paragraph beginning "When undertaking such internal dispute resolution" in section 58BZB, insert:

When undertaking such internal dispute resolution about a complaint, the entity must give a statement, relevant to the complaint, about whether it has complied with its obligations.

(2) Schedule 1, item 1, page 29 (after line 16), after section 58BZD, insert:

58BZDA Giving a statement of compliance — civil penalty provision

(1) A regulated entity contravenes this subsection if the entity:

(a) is undertaking internal dispute resolution in dealing with a person's complaint of a kind described in paragraph 58BZD(1)(a) or (b); and

(b) does not give the person a statement of compliance in accordance with subsection (2).

Note: This subsection only applies to the entity when the SPF rules prescribe matters for paragraphs (2)(b), (d) and (e) that are relevant to the complaint.

(2) For the purposes of paragraph (1)(b), the statement of compliance must:

(a) include a statement by the regulated entity about whether, based on information reasonably available to the entity at the time of making the statement, it has complied with its obligations under the SPF provisions that are relevant to the complaint; and

(b) contain the kinds of information prescribed by the SPF rules that are relevant to the complaint; and

(c) not contain the kinds of information (if any) prescribed by the SPF rules that are relevant to the complaint; and

(d) be in writing and signed by a person who is an authorised representative of the entity of a kind prescribed by the SPF rules; and

(e) be given in accordance with the timeframes, and in the manner and form, prescribed by the SPF rules.

(3) Subsection (1) is a civil penalty provision.

Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).

(4) A statement of compliance given by the entity under this section is admissible, in any proceeding that:

(a) relates to the complaint; and

(b) is under or relates to an SPF EDR scheme;

as prima facie evidence of the entity's position, at the time of making the statement, on the matters in the statement.

(5) Nothing in this section limits or affects the admissibility in a proceeding of any other statement or evidence.

As many have discussed in relation to this legislation, there is a David and Goliath battle when it comes to victims and banks, financial institutions and the large telcos and social media platforms, which are all too often part of scams reaching consumers. Under the current proposed legislation, to bring forward a claim for compensation, a victim will need to gather information from companies—the banks and the telcos—to establish whether or not the companies have complied with the code. That is simply not realistic. I've raised this with the minister. Understanding that David and Goliath battle is important. The information is not readily available, and there is no requirement for the companies to hand it over willingly. I think it's fair to assume that getting to that information, with the scale of these organisations, would just be impossible for the victims of scams. It's a David and Goliath battle.

My amendments go some way to bringing power back to consumers by at least reversing the onus of proof when it comes to accessing dispute resolution. They require the companies and the banks, financial institutions and telcos involved in a scam, as a party to the scam, to provide the victims with a statement of compliance with the Scams Prevention Framework to then access that internal dispute resolution. Associated with that needs to be what that Scams Prevention Framework ultimately looks like, I appreciate, and I have some questions in that respect.

What this means is that it's not just for the victim to have to establish the case from scratch that they are entitled to dispute resolution and thus compensation. There is a reversal of onus, which is important. It strengthens the integrity of the framework and will ensure that vulnerable customers will be able to have a better chance of access at dispute resolution and, ultimately, compensation from the regulated entities.

These amendments improve the internal dispute resolution process to require businesses to provide this statement of certification that they have complied with their obligation under the bill, and there will be a civil penalty provision that carries with this, and these certificates will be admissible in later proceedings. I ask the minister to make sure, though, that the explanatory memorandum includes details relating to the specificity requirements that will be placed in the rules, to ensure customers have enough details to satisfy their compliance with their obligations. It might be by providing details that at a specific time the customer confirmed the name of the account to receive the funds through a confirmation of payee mechanism. Another example might be a social media platform providing specific details of when they became aware of the scam activity and what steps they took to respond. It's important that everyone involved in this matrix takes some responsibility.

We've had discussions around whether it should be, for example, an automatic presumption of compensation against the financial institutions. I accept that there are often three elements to scams. We have the victim, who has unwittingly consented to authorising a payment. We have financial institutions that have access to who that payment is ultimately going to, so they bear a responsibility in introducing friction and in ensuring people are generally aware of what they are authorising. Then we have the telcos. I accept this. The telcos are a major player, especially when I look at social media and Facebook and Meta entities, in assisting in delivering scams to the victims. They are facilitating that, so they also bear that responsibility. But, of course, getting behind the wall of information in those kinds of organisations is simply impossible for victims.

I do thank the government, I understand, for accepting that this reversal of onus is necessary, when it comes to that compilation of information and that certificate of compliance, so that access to dispute resolution can operate. I think it's important, though, for the government to continue being vigilant, to make sure fair compensation is occurring. I urge all consumers and victims out there to absolutely report scams. They profit and thrive with secrecy, with shame or anxiety about reporting. So reporting and exposing scams is the most important thing that people can do.

Stephen Jones (Whitlam, Australian Labor Party, Assistant Treasurer) Share this | Link to this | Hansard source

I thank the member. The government will be agreeing to the amendments, which we agree improve the bill, and I can inform the member that an amended explanatory memorandum will be tabled.

Question agreed to.

Sophie Scamps (Mackellar, Independent) Share this | Link to this | Hansard source

by leave—I move amendments (1) to (4) as revised, as circulated in my name, together:

(1) Schedule 1, item 1, page 10 (after line 1), after section 58AH, insert:

58AHA Meaning of vulnerable consumer

A vulnerable consumer, of a regulated service, is an SPF consumer who is at risk, or is likely to be at risk, of being targeted by a scam.

(2) Schedule 1, item 1, page 13 (after line 14), after paragraph (d), insert:

(da) whether the consumers of those services include vulnerable consumers; and

(3) Schedule 1, item 1, page 17 (lines 14 to 18), omit all the words from and including "sector to:" to the end of paragraph (2)(b), substitute "sector to identify its vulnerable consumers; or".

(4) Schedule 1, item 1, page 17 (line 21), omit "an SPF consumer described in subparagraph (b)(i) or (ii)", substitute "those vulnerable consumers".

The amendments I'm introducing today are an attempt to provide vulnerable customers with a higher level of protection from scams than this bill currently affords them. They are simple amendments, easy to implement and, in circumstances where this bill is weighted in the favour of banks, telcos and social media companies instead of consumers, very necessary. Let me explain what I mean by the assertion that this bill is weighted in favour of those firms.

As I set out in detail in my speech in the second reading debate, it is unfortunate that the government has missed the opportunity to introduce a consumer-centric reimbursement model of scams prevention, a model where consumers are quickly reimbursed—except, of course, in cases of gross negligence on the part of the consumer—and limited up to a capped amount. Under the reimbursement model, such as that in the UK, the burden moves to firms to work out how the liability should be apportioned between financial institutions, telcos and social media platforms. Instead, the government has chosen to put the burden of fighting to get their money back on the consumer, and, in doing so, has protected the banks, telcos and social media companies over individual customers.

It is a heavy burden. In circumstances where a person may have lost their entire life savings, having to fight perhaps several institutions, including financial, telco and social media, at the one time is possibly the most uneven playing field imaginable. Given that, I consider that perhaps the government might have some appetite to better protect at least the most vulnerable of consumers. My amendments define a vulnerable customer as one who is at risk or is likely to be at risk of being targeted by a scam. This might include elderly people, people with hearing difficulties or people in financial distress. Data shows that scammers are targeting elderly people, who are likely to have large savings and are looking to protect or invest this large nest egg.

The bill requires regulated entities to take reasonable steps to prevent, detect, report, disrupt and respond to scams. In determining whether the firms are taking reasonable steps to do those things, my amendments would (a) require them to identify vulnerable customers, (b) consider whether the consumers of the particular services in question are vulnerable customers and (c) give vulnerable customers more information about scams that the firms have already identified—not too difficult.

Unfortunately, the government has indicated that it's not inclined to make the bill more consumer friendly, even in this small way. Nevertheless, I commend the amendments to the House.

Question negatived.

Allegra Spender (Wentworth, Independent) Share this | Link to this | Hansard source

by leave—I move amendments (1) and (2), as circulated in my name, together:

(1) Schedule 1, item 1, page 13 (after line 24), after the paragraph beginning "The entity must keep" in section 58BC, insert:

The entity must publish information about scams detected, reported and responded to.

(2) Schedule 1, item 1, page 16 (after line 4), after section 58BG, insert:

58BGA Publishing information about scams detected, reported and responded to — civil penalty provision

(1) A regulated entity for a regulated sector contravenes this subsection if the entity fails to publish the following information on a publicly available website:

(a) the prevention, detection and disruption of scams over the last 3 month period (the reporting period);

(b) the response to scams over the last 3 month period (the reporting period);

(c) reports relating to scams over the last 3 month period (the reporting period);

within the period provided under subsection (2) and in accordance with the requirements under subsection (3).

(2) For the purposes of subsection (1), the period is within 30 days of the end of the reporting period.

(3) For the purposes of subsection (1), the information must:

(a) be in the form required by the SPF rules; and

(b) contain the details required by the SPF rules.

(4) Subsection (1) is a civil penalty provision.

Note: This means subsection (1) is a civil penalty provision of an SPF principle for the purposes of section 58FJ (about civil penalties).

As I mentioned in my speech in the second reading debate, I'm extremely doubtful that the Scams Prevention Framework Bill 2024 will be enough to incentivise businesses, including banks, telcos and social media companies, to properly address scams. I believe they will do as they have done, trusting the process to be delayed and slowed down and requiring individuals to pursue these actions in lengthy procedures over months and years. They can win the war by attrition.

I acknowledge that the companies are investing. I acknowledge that the companies hate to see these scams as well. There's no sense of bad faith, but I think the truth is that they have not done enough and I don't believe this bill drives them to do enough yet. The impact statement of the explanatory memorandum states that the regulatory cost between the SPF and the status quo is an initial investment of $100 million and ongoing investments of $31 million. However, the impact analysis estimates that 70 per cent of this cost is already accounted for by non-affiliated banks, with the four major banks expected to increase their funding by only $6.2 million on initial investments. This is despite ASIC finding that the scam strategy and governance of the four major banks is less mature than expected. Similar admissions are present in the sections covering telcos and social media companies.

Page 153 of the explanatory memorandum states that, under the SPF, 'there are unlikely to be significant additional costs for telecommunications providers who are compliant with current obligations'. The EM acknowledges that self-regulation has not worked, yet this bill will introduce minimal additional provisions on top of what these industries are already promising to implement. In perhaps the most overused quote, attributed to Charlie Munger, 'Show me the incentive and I'll show you the outcome.' This bill will not change the outcome, because it does not change the incentive. My amendments are pretty simple. I've spoken to bank CEOs on this topic, and they don't have a problem with it either. They say: 'Publish scam data. Publish the number of scams that different banks are dealing with.' We should publish the numbers—scams detected, reported and responded to, as well as the amounts lost and the amounts reimbursed—for all regulated entities quarterly, not when the regulator publishes aggregated information once a year, buried in the back of a financial model. The fundamental point I'm trying to make here is that without this separation of details, without this information at different levels, the banks will not have the strongest incentive to invest in scam prevention.

The only way to protect Australian consumers is to strongly incentivise banks to do it. A code can do this, but codes are always playing catch-up with the technology in place. I don't believe, honestly, that the federal government or the regulators are innovating at the pace required to understand where the technology can go. I think the private sector needs strong incentives to make the innovation that is required in this space. You can do that through reimbursement models or you can do it through publishing, at a bank level, data saying, 'It's this many scams; this is the percentage of losses; this is the reimbursement,' so consumers can make the right choices. And consumers can show, via their wallet, whether they want to support a bank that is protecting them from scams or whether they don't.

This is about putting the power to protect themselves from scams back in the hands of Australian consumers. We know that scams are so sophisticated these days. We know that these scams are run by organised international criminal cartels. It is incredibly hard for individuals to protect themselves from these scams, even savvy consumers who are doing a really good job of protecting themselves. They can't do it alone. If the Deputy Chair of ASIC can be scammed, anyone in this country can be scammed, whatever personal protections they are putting in place. So the question then goes to how they can protect themselves. This legislation is helpful, but the best way for people to protect themselves is for us to make sure that banks, telcos and social media companies are innovating—that they're putting their best minds to work on how to protect their consumers—and the best way to drive that investment in innovation isn't just regulation; it's actually transparency.

Shine a light on who's doing a good job and who's doing a bad job, and then you might get change. It's then that we might see real change in the Australian market, which is what we haven't seen. Since 2017, Europe has had some of the innovations that are just coming into place in Australia. Why haven't we had them? Because the incentives haven't been there. Let's stop playing catch-up.

Milton Dick (Speaker) Share this | Link to this | Hansard source

The question before the House is that the amendments standing in the name of the member for Wentworth be agreed to.