Back

Super scams and fraud: Trustees to act now

Posted by Natalie Cambrell on 23 April 2025
Australian Securities & Investment Commission
ASIC
ASFA
Association of Superannuation Funds of Australia
FCPI
Financial Crime Protection Initiative
KHQ Lawyers - Super scams and fraud: Trustees to act now

The Australian Securities and Investments Commission (ASIC) has put superannuation trustees on notice of its expectations for improvement in preventing, detecting and responding to scams and fraud against members.   

In an open letter dated 29 January 2025, signed by Commissioner Simone Constant, ASIC detailed its observations of “weak trustee practices relating to scams and fraud” and issued a call to action to trustees to increase their anti-scam and anti-fraud capabilities or “risk becoming a soft target”.1 

Call to action 

ASIC requested that trustees: 

  • conduct a preliminary assessment of their anti-scam and anti-fraud measures – including services provided by external administrators – to identify any areas for improvement; 
  • read REP 761 (a report released on 20 April 2023 by ASIC analysing its review of the current scam related activities of the four major Australian banks2) and REP 790 (a report released on 20 August 2024 by ASIC analysing its review of anti-scam practices of banks outside the four major banks3) and address the baseline measures that ASIC have set out; 
  • consider whether it is appropriate to allocate the scam (and fraud) management key function to one of the trustee’s accountable persons as they prepare for the incoming Financial Accountability Regime (FAR); and 
  • leverage industry bodies and bilateral relationships to share information and promote improvements across the industry.4 

Review findings 

The Commissioner’s letter follows an ASIC review of 15 superannuation trustees’ practices in preventing, detecting and responding to scams.  The review distinguished between fraud (or unauthorised transactions) and scams.  In the case of a scam, a member has been tricked into either: 

  • transferring funds out of their superannuation account to a scammer, or 
  • aiding a scammer to make a transfer (e.g. by providing a scammer who may be impersonating the superannuation fund with a one-time password).5 

As previously stated, the review identified several areas of weak trustee practices, including that: 

  • trustees were overly reliant on anti-fraud measures and had limited focus on the specific risks and harms associated with scams (ASIC gives an example where trustees focused on confirming that the person requesting a transfer was the member rather than looking for flags that the member may have been tricked); 
  • trustees did not have sufficient oversight of their external administrators’ anti-scam and anti-fraud practices; 
  • trustees lacked many of the foundational anti-scam practices identified in REP 761 and REP 790 such as a scams strategy, dedicated reporting on scams and reviewing their scam prevention, detection and response capabilities; and 
  • trustees generally reported that they had not seen many, if any, instances of scams impacting their members and that this was the reason for their limited focus on scams.6 

ASIC observed “that the low number of detected scams could be driven by the high proportion of Australians in the accumulation phase…A lack of visibility of where stolen funds are sent may also play a role.  However, the low number could also be due to shortcomings in trustee’ processes for detecting scams and the lack of focus on scams as a subcategory of fraud.  This could lead to trustees missing reports of scams.”7  

ASFA pushes back 

In response to the letter, on 30 January 2025, the Association of Superannuation Funds of Australia (ASFA) issued a statement pushing back, stating that ASIC had ignored the “significant steps the sector has taken to effectively protect super savings”.8 

AFSA CEO Mary Delahunty said, “ASIC appears to have come to the confusing conclusion that no evidence of scams existing or increasing means that the scammers are winning – instead of the other more reasonable conclusion, that the work of super funds and their services providers is effective.”9 

ASFA sought to distinguish superannuation funds from banks and other financial institutions by arguing that superannuation funds are “unique because an individual’s money is held in a trust and is preserved and protected until that individual reaches retirement age or meets a condition of release”.10  ASFA noted that the only way to move super monies out of the super system is through the banking system, and banks already have rich data and systems to help identify scams and fraud (a point also noted by ASIC in its letter).11   

ASFA provides a pointed reminder of the super sector’s “proactive measures” to tackle these “rare super scams” which include: 

  • launching the ASFA Financial Crime Protection Initiative (FCPI) in September 2024, a coordinated effort of ASFA members designed to bolster the superannuation sector’s defences against the growing threats of all forms of financial crime;12 
  • supporting Treasury’s Scams Prevention Framework Bill 2024;13  
  • supporting the Government’s Cyber Security Legislative Package 2024;14 and 
  • plans to call on the Government to boost funding for the Moneysmart website to help educate consumers on how to recognise and avoid scams related to their super savings.15 

Is ASIC’s letter unexpected? 

In short, no.  Disrupting investment scams in the broader financial services landscape is a priority for ASIC and has been on the regulator’s radar for some time now.  In 2023 and 2024 ASIC reviewed and published reports (REP 761 and REP 790) on the anti-scam practices of the four major banks and smaller banks.  On 7 November 2024, the Scams Prevention Framework Bill 2024 (Cth) was introduced to the House of Representatives (this Bill was recently passed on 13 February 2025 and establishes a scams prevention framework which requires service providers in selected areas, initially banks, telcos and social media companies, to take a variety of actions to combat scams).16  In December 2024, ASIC commenced its first scam related enforcement proceeding against HSBC Bank Australia Limited.17  On 28 January 2025, Treasury announced that it would be drafting mandatory service standards and enforceable service standards for all large APRA-regulated superannuation funds.18  The new standards will initially target areas where complaints data shows the greatest need for improvement, such as handling death benefits, processing insurance claims and member communication.  However, with the reforms aimed at “strengthening the superannuation system by improving member outcomes”19 we should expect the standards to delve deeper into systems, processes and practices to ensure delivery of financial security for retirement.  And lastly, (if another reason was needed to evidence that this letter comes as no surprise), in ASIC’s Key Issues Outlook for 2025, several of its most significant current, ongoing and emerging issues within its regulatory remit are relevant to the superannuation industry and specifically, relate to scams and fraud.  These include: 

  • changing dynamics between public and private markets; 
  • superannuation members being let down by their fund and trustee; 
  • consumer losses through fraud and scams; 
  • unsuitable superannuation advice resulting in adverse consumer outcomes; 
  • cyber attacks, data breaches, and internal system failures undermining market confidence and causing financial loss; and 
  • poor quality climate-related financial disclosures leading to misinformed investment decisions.20 

What next? 

These priorities and regulatory matters reflect ASIC’s ongoing focus on superannuation trustees and its view that “trustees are the gatekeepers of their members’ money and cannot outsource their obligations to third parties when it comes to protecting their members from scams”.21  

As part of considering ASIC’s request contained in its letter, it would be prudent for trustees to critically examine its agreements with outsourced service providers, such as administrators, and assess whether they are appropriate having regard to the regulatory focus and expectations and duties imposed on directors.  

Trustees should also consider whether the complaints and claims handling processes can be enhanced (which may also have the effect of assisting the trustee in improving its anti-scam and anti-fraud practices).  Particular points to highlight are ASIC’s findings with respect to reporting on scams, having an organisation-wide scams strategy and focussing more on the risks and harms associated with scams.  

Another point to consider is what data is being captured and recorded with respect to scam attempts so that trustees have the necessary data to properly assess the real risk of scams to members.   

Consumer awareness and education on how to recognise and avoid scams related to super is also key to strengthening anti-scam and anti-fraud practices.  This is something that all stakeholders – superannuation funds, regulators, government, industry advisers – can work together on collaboratively to protect super savings from financial crime activities.  

This article first appeared in the LexisNexis Australian Superannuation Law Bulletin (2025, Vol 5, No 5) published 11 April 2025. 

Want Superannuation & Financial Services updates delivered straight to your inbox? Click here to subscribe. 

AUTHORS

Subscribe: