Insight,

Unpacking the Scams Prevention Framework: what you need to know

18 September 2024

Our People
AU | EN
Current site :    AU   |   EN
Australia
EN |
Singapore
EN |

In a nutshell

The Government has proposed a comprehensive Scams Prevention Framework (SPF) imposing broad obligations on businesses to protect consumers from being scammed, with tough consequences for non-compliance. 

This alert comprises three sections:

  1. Executive summary of the SPF and the high level issues it raises
  2. Detailed analysis of the SPF and examples of how it may operate in practice
  3. Our insights on the potential issues raised by the SPF for regulated entities and the broader legal implications and considerations

High level summary of the SPF

The SPF is designed to apply to multiple sectors.  The Government initially proposes to designate telco providers, banks and digital platform providers, and will consider other sectors as the regime develops.

If you are a business providing services in a regulated sector, you will need to:

  • proactively take reasonable steps to detect, prevent and disrupt scams
  • comply with additional steps that may be required under sector specific codes to be developed later
  • report to the ACCC about actionable scam intelligence that you have and scam disruption actions you have taken
  • implement detailed governance policies in relation to scams and comply with related reporting requirements. This includes filing an annual compliance certificate in relation to policies and procedures signed by a senior officer  
  • establish internal dispute resolution processes, and join an external dispute resolution (EDR) scheme to resolve customer complaints for scams. The Government has proposed that the Australian Financial Complaints Authority (AFCA) will be the relevant EDR scheme for the telco, banking and digital platform sectors. Banks are already participants in AFCA, but for telcos and digital platform providers this is a significant new requirement.  

If you don’t comply, you may face significant civil penalties.  Civil penalties are proposed to apply on a two-tier basis. The maximum penalty for more serious contraventions starts at $50 million. The maximum penalty for lesser breaches starts at $10 million.

There are also proposed avenues for consumers to seek compensation and other remedies from businesses through the EDR mechanism. Alternatively, consumers (including small businesses of up to 100 employees) can directly commence proceedings for damages for a breach of the SPF – raising a potential source of class actions risk for businesses.

Potential issues for regulated entities

With the current high volume of scam activity in Australia, complying with obligations to disrupt and report on scams may require a significant investment in systems, processes and staff. 

The draft legislation is detailed and complex, and may pose potential issues for regulated entities, such as

  • extensive reporting and compliance certificate obligations
  • additional exposure to significant civil penalties and liabilities – either by way of regulator action or direct consumer or small business action, including class actions
  • uncertainty about whether scams involving a number of SPF consumers are the one scam, or a number of separate scams
  • uncertain extra-territorial application
  • uncertain interaction with other legislation

Draft legislation and consultation

The regime will be implemented through an amendment to the Competition and Consumer Act 2010.  The draft legislation and a draft explanatory memorandum are available at Scams Prevention Framework – exposure draft legislation | Treasury.gov.au.

The draft legislation is subject to a consultation process, and Treasury is accepting comments on the legislation up until 4 October 2024.

Government’s intention is to put a final bill to Parliament this year. The current draft bill does not contain any information as to when the regime would actually become operative.

Because of the far-reaching nature of the draft legislation, many readers of this update will want to seriously consider making a submission.  King & Wood Mallesons would be happy to assist.

Detailed analysis of the SPF

Outline of the regime:

The regime has four main features:

  • a set of overarching scam prevention principles that apply to all regulated entities
  • sector specific codes that will introduce additional or more specific requirements for regulated entities in particular sectors
  • a multi-regulator framework, with the Australian Competition and Consumer Commission (ACCC) as the general regulator. The ACCC may then designate other sector regulators for specific sectors.  For example, it seems likely that ASIC will be designated as the regulator for the banking sector, and that ACMA will be designated as the regulator for the telecommunications sector.
  • internal and external dispute mechanisms in addition to court enforcement.

Key terms

Expand

The regime only applies to regulated entities. You are a regulated entity if you act in the course of, or in relation to, providing a business or service in a regulated sector and:

  • you are a corporation; or
  • you fall under certain other Commonwealth heads of legislative power under the Constitution (for example, a natural person engaged in banking or insurance business, or a natural person engaged in interstate trade or commerce).

The legislation does not currently set out any regulated sectors.  Regulated sectors will be designated by the Minister by legislative instrument. Businesses or services that are part of a regulated sector are regulated services.  

The Government has committed to initially designate telecommunications providers, banks, and digital platform providers relating to social media, paid search engine advertising and direct messaging. It is not yet clear how these sectors will be defined, but some examples exist in relation to the Consumer Data Right, which could be borrowed from.

It is notable that non-bank financial services like superannuation do not appear to be proposed for designation, but this does not prevent them from being designated in the future.

The regime obligations apply to scams.  The legislation defines a scam as a direct or indirect attempt to engage an SPF consumer of a regulated service that:

  • involves deception; and
  • would cause loss or harm. This includes obtaining personal information or a benefit (which is broadly defined) from the SPF consumer or an associate of the SPF consumer.

The attempt involves deception if any of the following alternatives apply:

  • there is a deceptive representation that something is a regulated service – the draft EM gives the example of a scam invitation to invest in an investment product in the banking sector where the product does not in fact exist
  • there is a deceptive impersonation of a regulated entity – the draft EM gives the example of a fake text message that purports to be from a bank
  • the attempt is to deceive an SPF consumer into using a regulated service - the draft EM gives the example of a person who sends money from their bank account through a banking app to an account nominated by the scammer
  • the attempt is made using a regulated service - the draft EM gives the example of text messages of phone calls used to initiate contact between a scammer and an SPF consumer to deceive the consumer

The element of deceit appears to be intended to distinguish scams from other poor conduct in relation to consumers that does not amount to a scam.  The draft EM gives an example of a consumer who responds to an internet advertisement for a trailer being sold by a legitimate business and pays for the trailer using a banking service.  The trailer is not delivered by the agreed time.  The EM regards this as not being a scam because of the lack of deceit – instead this is a regular consumer protection matter dealt with by other consumer protection laws.

For the activity to be a scam, it must involve an attempt to engage an SPF consumer.  An SPF consumer of a regulated service is:

  • a natural person who is in Australia, ordinarily resident in Australia, or an Australian citizen or permitted resident; or
  • a person carrying on a business having less than 100 employees and a principal place of business in Australia,

and who is the person to whom the regulated service is or may be provided or purportedly provided.

The SPF consumer concept is not limited by the definition of ‘consumer’ in the ACL.

Importantly, a person is an SPF consumer in relation to a regulated service whether or not the provider of the service has a contract with the person or knows they are an SPF consumer, and whether the service is provided directly or indirectly.  The intention seems to be that regulated entities need to consider not just their own direct customers, but anyone who may directly or indirectly interact with them in relation to a scam. 

The draft EM gives the example of an individual who makes a payment to a scammer through a banking service when the individual is not a customer of the bank. In that case, the individual is a SPF consumer for that bank, even though they are not a customer of that bank.  This means that the account bank for the destination account of a scam payment has obligations that encompass the people who pay money into that destination account, even though they may not be bank customers.

Another draft EM example is that of an individual receiving a scam text message impersonating the Australian Taxation Office.  The draft EM considers that the individual is an SPF consumer in relation to the sending carriage service provider, the receiving carriage service provider, and any intermediate carriage service providers. If we take the ATO example a step further and imagine that the text message requests the recipient to make a payment online, the same message is also likely to constitute a separate ‘scam’ as defined, with the second scam being directed to the consumer in their capacity as a user of a banking service and constituting an attempt to deceive the consumer into using their banking service.

Accordingly, prevention, detection and disruption activity must take into account not just direct customers of the regulated entity. As SPF consumers may directly claim damages for a contravention of any civil penalty provision, the potential for a broad range of persons to be defined as an SPF consumer means that the risk of class actions is potentially heightened.

SPF principles

The regime sets out a series of general principles that apply to all regulated entities in relation to scams. 

The SPF principles set out various obligations that relate to different aspects of scams, but that are designed to be inter-related and complementary.  The draft EM examples 1.8, 1.9 and 1.10 set out examples of a banking scam, a telecommunications scam and a digital platforms scam, with detailed commentary on the overall approach that the combined principles require.  These examples give a good sense of how the legislation is intended to operate and are recommended reading.  

The following table sets out the obligations under each principle, and the penalty tier that applies. 
OBLIGATIONS
PENALTY
Example uses 2
SPF Principle 1: Governance

Regulated entities must document policies and procedures in relation to scams, must implement those policies and procedures, and must develop and implement performance metrics and targets that measure the effectiveness of those policies and procedures. There are detailed requirements for the content and development of these policies and procedures.

There is an annual compliance regime under which a senior office of the regulated entity must certify compliance within 7 days of the start of each financial year.

There are also various related publishing, record keeping and reporting requirements.

All of these obligations are tier 2 civil penalty provisions.
SPF Principle 2: Prevent

Regulated entities must take reasonable steps to prevent another person from committing a scam relating to a regulated service of the entity.  Reasonable steps requires more than just acting on information provided by another party.

The regulated entity must also make resources available to SPF consumers to assist those consumers to identify scams and minimise the scam risk for those consumers. This includes an obligation to identify classes of consumers who have a higher scam risk and provide warnings to that class.

The draft EM indicates that the “prevent” obligations are directed at stopping scam activity from reaching or impacting customers, rather than stopping or identifying scam activity that is already underway.  The draft EM gives examples of required steps as being educating consumers, educating staff, and introducing processes to prevent scammers from accessing or using the regulated entity’s platform. 

All of these obligations are tier 1 civil penalty provisions.
SPF Principle 3: Detect

Regulated entities must take reasonable steps to detect a scam relating to a regulated service of the regulated entity.  This includes taking reasonable steps to detect scams as they happen or after they happen, and to identify SPF consumers who are impacted by the scam and the nature of that impact.

If the regulated entity has actionable scam intelligence about a suspected scam, the regulated entity must take reasonable steps to identify within a reasonable time each SPF consumer who could be impacted.  Actionable scam intelligence arises where the regulated entity has reasonable grounds to suspect a scam.

All of these obligations are tier 1 civil penalty provisions.
SPF Principle 4: Report

Regulated entities must report any actionable scam intelligence to the ACCC.

The legislation contemplates that time periods and content requirements will be specified by legislative instrument or notifiable instruments.  Duties of confidence owed under a contract or arrangement are of no effect in relation to this reporting obligation.  The ACCC also has a statutory power to share information where it reasonably believes that this will assist with the objects of the scam regime.

This obligation is a tier 2 civil penalty provision.
SPF Principle 5: Disrupt

Regulated entities who have actionable scam intelligence relating to a regulated service of the regulated entity must take reasonable steps to disrupt the scam or suspected scam, and to prevent loss or harm arising from the scam.  The draft EM examples of disruption activity include stopping payments, and blocking phone numbers, bank accounts or content associated with scam activity.

Disruption activity may have significant consequences for customers and other third parties – for example, a blocked payment may result in the payer being in breach of a contract.  To protect regulated entities from liability in this situation, there is a safe harbour protection provision.  A regulated entity that acts to disrupt a suspected scam is not liable in a civil action or civil proceeding for any disruption activity if, amongst other requirements, the regulated entity is acting in good faith and in a reasonably proportionate manner.  This safe harbour period lasts for 28 days or when the entity identifies whether or not the activity is a scam if earlier.  If the activity is identified as not being a scam, the disruption action must be promptly reversed if this is reasonably practicable.

Regulated entities who have actionable scam intelligence about a suspected scam must within a reasonable time disclose to SPF consumers sufficient information to enable those consumers to act in relation to the scam.  There is also an obligation to reporting the ACCC whether or not the entity reasonably believes the relevant activity is a scam, what loss or harm may have arisen, what disruption activity has been carried out, and whether or not any disruption actions have been reversed.

The ACCC has broad powers to share certain information about scams if doing so will assist in achieving the object of the SPF, including to other regulated entities. It is currently unclear what form reports to the ACCC will take, and businesses will need to consider how to ensure any commercial-in-confidence information (such as customer information) is protected in those reports.

These obligations are tier 1 civil penalty provisions.
SPF Principle 6: Respond

Regulated entities must have accessible mechanisms for consumers to report scams, and accessible and transparent internal dispute resolution mechanisms for complaints about scams. 

Regulated entities must also be members of an SPF EDR scheme – that is, an external dispute resolution scheme that is authorised for the relevant regulated sector in relation to scams.  It is envisaged that AFCA will be the SPF EDR in relation to the telco, banking and digital platform sectors.

Many if not all banking sector entities will already be members of AFCA and so this is not a big change for that sector.  For telcos and digital platform providers, this will be a significant change.  

These obligations are tier 1 civil penalty provisions.

 SPF sector specific codes

In addition to the SPF principles, the regime contemplates that the Minister may make specific SPF codes for each regulated sector.  These codes can provide additional provisions relating to regulated entities in that sector, but these must relate to the same topics covered by the SPF principles (other than principle 4: Report).

The draft EM does not indicate any specific measures that are contemplated to be dealt with the SPF codes.  In an interview, the Assistant Treasurer Stephen Jones suggested that some measures might be:

  • Banks confirming the identity of online payees
  • Telcos having strong obligations to block scam messages and calls

SPF codes may include additional civil penalty provisions – these will be tier 2 civil penalty provisions.

Penalties

Breach of many of the above obligations gives rise to civil penalties.

The legislation adopts a generally familiar approach to civil penalties.  For example, corporations are subject to an alternative maximum approach similar to the Corporations Act and the ACL, where the maximum penalty is the higher of a base maximum penalty amount, 3 times any benefit derived from the contravention, or a percentage of turnover. 

Similarly, this proposed legislation adopts an alternative maximum approach for each of the two tiers of penalty: 

  • Tier 1 penalty contraventions, which relate to the Prevent, Detect, Disrupt and Respond SPF principles, sets the maximum penalty as the greater of 159,745 penalty units (currently just over $50,000,000), three times the benefit gained from the conduct and potentially 30% of turnover.
  • Tier 2 penalty contraventions, which relate to the Governance and Report SPF principles and sector code breaches, have a maximum penalty amount of the greater of 31,950 penalty units (currently just over $10,000,000), three times the benefit gained from the conduct and potentially 10% of turnover.

Customer remedies – compensation, damages and injunctions

SPF consumers seeking compensation may use IDR and EDR schemes.  As noted above, the concept of “SPF consumers” is very broad, and extends beyond a regulated entity’s direct customers.

Regulated entities are also subject to damages claims by SPF consumers and injunctions for breaches (which can also be sought by regulators).

This means that customers who have suffered scam losses have the right to sue regulated entities for damages.

This also seems to mean that in the right circumstances, one regulated entity may be able to seek damages or injunctions against another regulated entity.

There is no express provision for proportionate liability between regulated entities, nor any concept of contributory negligence on the part of the SPF consumer.

Other regulatory enforcement tools

The regime also includes other familiar regulatory enforcement tools, including infringement notices, enforceable undertakings, public warning notices, remedial directions and adverse publicity orders.

Multi regulator approach

The regime adopts a multi-regulator approach.  The ACCC is the chief regulator.  The ACCC may then designate other sector regulators for specific sectors.  It seems likely that ASIC will be designated as the regulator for the banking sector, and that ACMA will be designated as the regulator for the telecommunications sector.  The legislation contains a number of provisions detailing how the different regulators will work together, which are designed to promote flexibility.

The framework relies on regulators like the ACCC and sector-specific regulators using their existing powers to monitor and investigate compliance with a SPF Code. For example, the ACCC can use its existing powers under s 155 of the Competition and Consumer Act 2010 (Cth) (CCA) to compulsorily obtain information, documents and evidence from businesses about a potential breach of the SPF.

Therefore, we can expect a high level of regulatory activity coming out of the proposed SPF.

Our insights on potential issues raised by the SPF

The draft legislation is long and complex, and raises many questions.  Some issues that immediately jump out are:

Reporting obligations

In the context of the amount of scam activity in Australia, the reporting obligations seem likely to be extremely time consuming and resource consuming.  It appears that many regulated entities will be required to make large numbers of reports.  The timing requirements are to be set out in the SPF rules, and so the exact nature of the reporting obligations is not yet clear.  However, regulated entities should consider what volume of scams they see and what level of reporting they are likely to have to make, and what systems and staffing requirements will be necessary to comply with reporting obligations. 

It would be helpful if the SPF rules accommodated a concept of periodic batch reporting where appropriate.

What is a scam?

It is unclear what exactly constitutes an individual scam.  The definition of scam refers to engaging an individual SPF consumer of a regulated service.  This appears to have the effect that a single communication to one person may constitute more than one ‘scam’ for the purposes of the legislation.  Other provisions appear to indicate that more than one SPF consumer may be affected by the one scam.

But scam activity may involve multiple individual scam communications, multiple individual SPF consumers, and multiple regulated sectors, but still have sufficient common features such that it might be thought of as one overall course of conduct by the scammer.  Is this one single scam for the purposes of detecting, reporting, and disrupting obligations?  Or does each communication with an SPF consumer represent a separate scam that requires its own individual detection, reporting, and disruption response for each provider of a regulated service?

For example, a scam may involve a number of text messages emanating from different telephone numbers and sent to a number of different SPF consumers.  However, if the messages are all pretending to be from one particular bank, and all contain the same or similar wording, it may be appropriate to treat this as a single scam. 

This is an important issue for determining both the content of the obligations, and the number of contraventions where obligations are not complied with (each of which attracts material civil penalties).  It also affects the volume of reporting obligations, discussed above.

It would be useful if the legislation specifically addressed this issue.  Ideally, regulated entities would be permitted to treat a collection of activities as a single scam where reasonable to do so on the basis of common features.

Extraterritorial application

It is unclear to what extent the regime is intended to apply outside Australia.  Section 58AJ provides that the SPF provisions apply to acts, omissions, matters and thing outside Australia, but the standard Competition and Consumer Act extra-territoriality provisions in section 5 – which limits the operation of the extended jurisdiction to bodies corporate incorporated in or carrying on business in Australia – is not being amended to apply to the SPF provisions. 

The legislation provides that “regulated sectors” are to be designated with respect to the “Australian economy”, but it is not clear how much of a territorial restriction this is intended to be.

On its face, and considering the High Court’s approach to extraterritorial application of legislation in Karpik v Carnival Plc, the legislation is capable of having extensive extraterritorial application.  Depending on how the “regulated sector” instruments are drafted, there may be uncertainty about whether regulated entities can include entities outside Australia who provide services to Australians (whether or not the services are provided in Australia) and whether scams will include scams perpetrated on Australians whether or not the scammer or the victim are acting within Australia.

Given this potential breadth, it would be helpful if the legislation was amended to more specifically set out the intended extraterritorial operation.

Compliance certificate

An individual senior officer of a regulated entity is required to sign an annual certificate that the regulated entity’s policies, procedures, metrics and targets comply.  Senior officers are likely to be reluctant to sign these certificates, and may require extensive sign-offs from external advisors.  External advisors in turn may be reluctant to provide definitive advice on compliance, given the open ended nature of many of the obligations.

Interaction with other legislation

The draft legislation sets up potential conflicts with other legislation.  In particular:

  • The obligations to disrupt scams may conflict with anti-tipping off obligations under the anti-money laundering legislation.
  • The obligations to detect, disrupt and report scams will need to be reflected in contract terms and conditions that give the regulated entities rights against their customers to take necessary action. However, terms that are too overbearing run the risk of breaching the unfair contract terms legislation unless the terms are taken to be required or expressly permitted by law.  This creates complex questions of to what extent the unfair contract terms laws might require that customers be given protections. 
  • How do statutory obligations of due care and skill interact with a zealous approach to scam disruption - should regulated entities err on the side of protecting customers from scams or providing good service to customers? On a larger view, these are the same thing, but at a more micro level conflicts may emerge.
  • To what extent do the various “reasonable steps” obligations require action over and above existing anti-scam measures - for example, those contained in the Reducing Scam Calls and Scam SMs Code?

For example, if a bank suspends or closes a bank account, or a telco blocks or de-lists a mobile phone number because of scam concerns:

  • To what extent is the customer required to be given prior notice out of fairness considerations?
  • To what extent is bank or telco required to engage with the customer to hear the customer’s explanation out of fairness concerns?
  • If the scam fears are unfounded, to what extent is the bank or telco open to charges of failing to provide a service with due care and skill?
  • If the telco has complied with the requirements of the Reducing Scam Calls and Scam SMs Code but a scam call has still been made, has the telco satisfied its Prevent, Detect and Disrupt obligations, or is more required?
  • To what extent might these interactions trigger anti-tipping off rules?

Safe harbour protection for scam disruption activity

The safe harbour protection for scam disruption activity has some practical difficulties.

First, it seems to require a regulated entity to form a definitive view as to whether something is a scam or not – this may be difficult to do.

Second, this determination must be made within 28 days.  It is not clear what happens where a regulated entity has not been able to form a final view on day 28, but still has reasonable suspicions that something is a scam.

Finally, the safe harbour only seems to relate to suspected scams.  If the regulated entity determines that  that something is a scam, there is no longer a safe harbour protection in relation to disruptive action in relation to that scam.  This raises the question of whether the regulated entity needs the same or even stronger safe harbour protection to allow it to deal with confirmed scams.

This issue also affects the actional scam intelligence obligations, which all seem to only apply to suspected scams and not confirmed scams. 

The safe harbour also requires the regulated entity to be acting in good faith and in a reasonably proportionate manner.  If these two criteria are established, there does not seem to be any need for a limited period of application, or for a distinction between suspected and confirmed scams.

Allocating responsibility

The draft EM notes that many scams many involve more than one regulated sector and more than one regulated entity. However, the draft legislation does not seek to apply any concepts of proportionate liability (unlike, for example, the misleading and deceptive conduct proportionate liability rules in Part VIA of the Competition and Consumer Act).  Presumably the courts will take the involvement of other regulated entities into account in assessing civil penalties and damages claims.

The role of AFCA

Many if not all banking sector regulated entities will already be members of AFCA, and so this is not a change.

Telcos may already be members of the Telecommunications Industry Ombudsman (TIO), and so will need to join AFCA as a second EDR scheme.  There may be jurisdictional disputes as to whether a complaint relates to a scam and so is properly an AFCA compliant, or whether the compliant is not scam related and so is properly a TIO compliant. 

Digital platform providers may not be party to any EDR scheme, and so this will be a new requirement for them.  Some digital platform providers are currently party to the voluntary Australian Online Scams Code developed by the industry, which does not contain any internal or external dispute resolution provisions. The development of systems for dispute resolution for scams will be a significant undertaking for regulated entities.

Presumably AFCA’s jurisdiction for telcos and digital platform providers will be limited to complaints relating to scams.

AFCA’s general award compensation powers are currently limited to $631,500 per claim (with some higher amounts applying for particular types of claims).  It is not known what the compensation limit for scam claims will be. 

Given the technology aspects of many scams involving telcos and digital platforms, AFCA will also need to be able to access appropriate technical advice on these matters, which are outside its normal area of operation. 

Finally, AFCA has traditionally considered disputes involving a single service provider.  If a scam complaint involves a bank, a telco and a digital platform provider who have all contributed to the complaint, it is not clear how AFCA would handle a multi-party complaint like this.

Yet another ‘small business’ concept

The draft legislation definition of SPF consumer includes a “small business” concept, as it includes businesses with less than 100 employees.  This adds to the growing number of “small business” tests in legislation and industry codes in Australia, which are all similar but all slightly different.  In particular, the SPF consumer version of the test is different from the unfair contract terms approach to the test.

The SPF consumer test is based on the number of employees, with no distinction between full-time, part-time or casual employees (which is the case for unfair contract terms).  There is usually no way in which a regulated entity can independently verify the number of employees of an entity it is dealing with.  Employee numbers can also fluctuate, which can create difficult problems when an entity has over 100 employees at the beginning of an extended interaction, but drops below 100 employees before the interaction ends. 

These issues will create practical difficulties for regulated entities seeking to apply the SPF principles.

Enforcement issues – proving that a regulated entity failed to take reasonable steps

An SPF consumer who suffers loss as a result of a scam may have difficulty finding out what a regulated entity did or did not do to prevent, detect, disrupt etc the scam.  To bring a claim for damages, the consumer would need to prove that the regulated entity had failed to take a particular step, and that such a step was a reasonable step.  In practical terms, consumers are likely to be reliant on evidence gathered by regulators in the course of an investigation before a lawyer would be in a position to advise on prospects of success of recovering damages.  However, this does not mean that the likelihood of claims for damages is low.  There are numerous other areas of the law that impose obligations to take reasonable steps, and cases have been successful for claims that those laws have been breached – for a recent example in the context of financial services, see ASIC v RM Capital [2024] FCA 151.

Categories

Meet The Authors

Show MoreShow Less
Latest Thinking
Insight
Bendel: Commissioner ‘A loan’ in view that UPE was a loan for Division 7A purposes
The long-awaited High Court decision in Bendel has arrived!

12 June 2026

Insight
Queensland goes all in on critical minerals: Key changes under the SDPWO Amendment Bill 2026
Queensland has fired the legislative starting gun in the race for critical minerals investment.

05 June 2026

Insight
The forfeiture rule and superannuation death benefits: emerging issues for trustees
While the forfeiture rule is a longstanding position in law, its application to superannuation is not always clear.

05 June 2026

Explore Latest Thinking
Our People
Media Centre
About Us
Contact Us
Explore Our Expertise
Explore insights

Advertising and Targeting Cookies