Overview
- In mid-June 2026 HSBC and the Australian Securities and Investments Commission jointly asked the Federal Court to approve a proposed AU$35 million penalty after the bank admitted it failed to protect customers from a prolonged impersonation scam.
- ASIC's court filings say HSBC received more than 1,000 reports of unauthorised or impersonation transactions between 2020 and 2024, with those reports totaling about AU$34.6 million and an average case resolution time of roughly 144 days.
- Court documents and HSBC admissions show the bank was aware of impersonation risks from 2021 but did not deploy key online fraud-prevention tools, including BioCatch and ThreatMetrix, for all online channels until June 2024.
- HSBC has run a remediation programme that has paid about AU$21.5 million in compensation and recovered about AU$6.5 million, while AFCA decisions and other reimbursements total roughly AU$8.67 million and many victims continue to seek full repayment and a public apology.
- The Federal Court will decide whether the proposed AU$35 million fine is appropriate and the outcome could set a legal precedent for how Australian banks are held accountable for scam-related customer losses.