A Major Shift in Australia’s Scam Prevention Landscape
Australia is entering a new phase in the fight against scams, and this time, the regulatory expectations are shifting for every organisation that plays a role in protecting consumers. Treasury has released its latest consultation on the industry codes and rules that will sit under the new Scams Prevention Framework (SPF), marking one of the most significant changes to scam-prevention obligations in the country.
For SMB and mid-market banks and telcos, this is a moment to take notice. The consultation period is short, but the if you miss out on having your say impact could be long-lasting.
Why this consultation matters
The latest Treasury consultation marks a critical stage in shaping how the Scams Prevention Framework (SPF) will function across banking, telecommunications, and digital-platform sectors. Unlike prior high-level SPF announcements, this consultation drills into the operational details, specifically, the draft designation instruments that determine:
• Which entities will be regulated under the SPF
• How each sector is defined
• Where exclusions or thresholds should apply
• How dispute resolution will operate during the transition
For banks and telcos, these questions directly influence the scope of your future compliance obligations. Treasury is seeking industry feedback on:
• Whether the banking and telecommunications sector definitions are correctly framed and aligned to the objectives of the SPF
• Whether any products, services, or entity types should be excluded from designation - including restricted ADIs for banks and certain telecommunications services
• How to manage cross-sector risk by ensuring designations capture the services most exposed to scams, without over-reaching into areas that pose minimal threat
• How AFCA’s role as the external dispute resolution body should be structured, including whether special conditions are necessary and how the transition from IDR to EDR should be managed
What it means for smaller tier banks and telcos
While large institutions often have established anti-fraud and cybercrime teams, many SMB and mid-market organisations do not have the same depth of resources. Yet under the SPF, all designated entities will need to demonstrate:
- Proactive detection mechanisms for scam and phishing activity
- Clear governance and reporting obligations
- Cooperation across sectors (e.g., telcos, banks, and digital platforms sharing intelligence)
- Faster, more transparent responses to scam complaints
These expectations will vary by industry, but the message from government is clear: every organisation has a role to play, regardless of size.
How Unphish supports organisations preparing for the SPF
At Unphish, we work with banks, telcos, and digital platforms of all sizes to combat scams through intelligence-led detection, disruption, and takedown operations. Our experience across sectors gives us a unique vantage point on what “reasonable steps” look like in practice.
We are already working with several institutions to:
- Interpret their SPF obligations and identify gaps in current controls
- Prepare submission responses to Treasury that reflect operational realities
- Prioritise investments in detection, response, and brand protection technologies
- Build scalable, intelligence-driven processes suited to smaller teams and budgets
With phishing, impersonation, and scam infrastructure growing rapidly, the SPF represents both a compliance challenge and an opportunity to uplift your scam prevention capability in a way that materially reduces risk.
What you should do next
Review the consultation materials and understand how the proposed rules could affect your organisation.
Identify gaps in your current scam prevention processes, tools, and governance.
Consider submitting feedback – especially if you’re a mid-tier organisation whose needs differ from large industry players.
Engage early, as codes will be introduced progressively across 2026.
We’re here to support your SPF journey
The Scams Prevention Framework is a major shift, but it doesn’t need to be overwhelming. Clear guidance, smart controls, and the right intelligence can put SMB and mid-market organisations in a strong position from day one.
If you’d like a tailored briefing for your executive team or a consultation on your organisation’s SPF obligations, reach out to us at unphish.com or contact info@unphish.com.
Together, we can build a safer digital environment for Australian consumers and the businesses that serve them.
About brandsec
Brandsec is a team of domain management and brand protection specialists. We secure corporate domains and enforce against phishing, impersonation, and scams. Powered by Unphish, our takedown platform, we detect and remove malicious sites and fake profiles fast. Trusted by leading brands, we deliver technology-driven protection across industries to safeguard customers and reputation.
