The Australian Securities and Investments Commission (ASIC) announced on June 18 that it is seeking up to A$35 million in penalties over serious failings by HSBC (0005) Australia’s branch in anti-fraud protections. HSBC has fully admitted three major core violations, and by June had already paid A$21.5 million in compensation to affected customers, adding that it will maintain “constructive cooperation” with ASIC.
ASIC Announces It Is Seeking a A$35 Million Penalty Against HSBC Australia
According to ASIC’s case summary, this action focuses on HSBC Australia’s failure to meet its regulatory obligations to protect customers from scams over a period of more than four years (from January 2020 to August 2024). During this time, around 950 complaints involving unauthorized payments and transactions were filed, with customers’ total losses of approximately A$23 million.
Three Core Violations: Risk-Control Gaps, Average Investigation Time of 145 Days, and Missing Proactive Screening Mechanisms
The three core violations HSBC has admitted are as follows:
A Major Vulnerability in the Fund Transfer Risk-Control System: For Australia’s mainstream instant payment channel IAT, HSBC failed to build sufficient monitoring rules to identify and block transfers involved in impersonation bank fraud scams.
Serious Overrunning of Scam Complaint Investigation Timelines: HSBC’s average investigation time was as long as 145 days. In some cases, victims’ accounts were frozen for up to 542 days before access was restored, far exceeding the statutory regulatory time limits.
Lack of Customer Compensation and Risk Screening Mechanisms: During the period when scams concentratedly surged, HSBC did not proactively screen affected customers, only waiting passively for users to file complaints.
As of June, HSBC Has Paid A$21.5 Million in Compensation
After the investigation began, HSBC launched a special compensation program. As of June 2026, it has already paid A$21.5 million to affected customers. ASIC Deputy Chair Sarah Court said the case reflects HSBC Australia’s long-term, widespread systemic failures, noting that the bank knew fraud risks were spreading but did not take effective protective measures.
FAQ
What is the legal basis for ASIC to seek penalties against HSBC Australia?
According to an HK01 report, ASIC’s allegations are based on HSBC Australia branch’s long-term systemic failings in handling unauthorized transactions and scam complaints, and HSBC has admitted the three core violations. The penalty amount ASIC seeks is A$35 million. The final penalty will be determined by the court, and a final judgment has not yet been reached.
What is the gap between HSBC Australia’s A$21.5 million compensation and customers’ total losses of A$23 million?
According to ASIC’s case summary, customers’ total losses are approximately A$23 million. As of June 2026, HSBC has paid A$21.5 million in compensation, leaving a gap of about A$1.5 million. The specific reasons for the gap, remaining compensation arrangements, and completion timelines are not explained further in the existing reporting.
Why were losses from October 2023 to March 2024 especially concentrated?
According to ASIC’s case summary, out of the customers’ total losses of A$23 million, nearly A$16 million (about 70%) were concentrated in the roughly five-month period from October 2023 to March 2024. This indicates that scam activities concentratedly surged during that timeframe, while HSBC’s risk-control and complaint-handling mechanisms failed to respond in time. The specific scam methods and background are not explained further in the report.
