Annual Review 2023-24
Contents
- About this Annual Review
- Year at a glance
- Board Chair message
- Chief Executive Officer and Chief Ombudsman message
- Organisational overview
- Complaints
- Who complained to AFCA in 2023–24?
- AFCA Engagement with First Nations peoples
- Overview of complaints
- Open cases
- Closed cases
- Banking and finance complaints
- Buy now pay later
- Scam complaints
- Financial difficulty complaints
- Small business complaints
- General insurance complaints
- Significant events
- Life insurance complaints
- Superannuation complaints
- Investments and advice complaints
- Cryptocurrency
- Complaints lodged by consumer advocates and financial counsellors
- Complaints outside AFCA’s Rules
- Systemic issues
- AFCA’s Code compliance and monitoring function
- Engagement, awareness and accessibility
- Corporate information
- AFCA General Purpose Financial Report
- Glossary
About cryptocurrency
Cryptocurrency is an electronic internet-based virtual currency. As cryptocurrency is not regulated as a financial product under the Corporations Act 2001, providers of cryptocurrency or digital assets are generally not required to be AFCA members. However, some have joined voluntarily, or as a condition of membership of an industry association.
Cryptocurrency complaints received
Cryptocurrency complaints closed
Stage at which cryptocurrency complaints closed
|
Stage |
2023-24 |
|---|---|
|
Registration and referral |
55 |
|
Case management |
63 |
|
Rules review |
68 |
|
Decision |
22 |
Top five cryptocurrency complaints issues (received)
|
Issue |
2023-24 |
|---|---|
|
Unauthorised transactions |
63 |
|
Other type of scam |
49 |
|
Interpretation of product terms and conditions |
31 |
|
Failure to follow instructions /agreement |
14 |
|
Service quality |
13 |
Time taken to close cryptocurrency complaints
|
Time |
2023-24 |
|---|---|
|
Closed in 0-30 days |
31 |
|
Closed in 31-60 days |
40 |
|
Closed in 61-180 days |
49 |
|
Closed in 181-365 days |
37 |
|
Closed in more than 365 days |
51 |
Key complaint and industry trends
Complaints still low but may grow
AFCA received a low number (205) of cryptocurrency complaints in 2023-24. This is consistent with previous years. However, as cryptocurrency adoption grows, AFCA expects an increase in complaints. However, better regulations should reduce fraud and security issues, improving overall consumer protection.
Need for stronger regulation of Digital Asset Platforms (DAPs)
AFCA supports the requirement for DAPs to obtain an AFS licence to ensure these platforms meet enforceable standards and improve consumer protection. It is important there are clear regulatory rules for digital asset transactions to reduce scams and ensure consumer safety.
Case study – Compromised cryptocurrency account: The importance of robust verification
Background
The complainant had an account with a financial firm that operates an execution-only cryptocurrency exchange platform. An unauthorised third party gained access to the complainant’s account, likely through hacking or porting the complainant’s mobile phone. The third party reset the account password, accessed the complainant’s personal email, and completed two-factor authentication. Confirmation of these actions was sent to the complainant.
On the same day, the third party began transferring cryptocurrency out of the account. Although the financial firm’s system flagged these transactions, the verification method used was inadequate.
The firm called the complainant’s mobile phone to confirm the transactions. The person who answered, who was the unauthorised third party, verified the transactions based solely on transaction amounts. The financial firm authorised the transfer of AUD $72,791.05.
Complaint
The complainant alleged that the financial firm failed to adequately protect their account and properly verify transactions, leading to the loss of funds.
Outcome
An AFCA Panel found several critical issues with the financial firm’s handling of the complainant’s case. While there was no indication that the firm’s online platform security had been compromised, the firm’s system had flagged the complainant’s account multiple times, highlighting the transactions as suspicious.
When it came to verifying these transactions, the firm fell short. Although they did call the complainant’s mobile phone to confirm the transactions, their approach lacked a standardised protocol for identity verification. The firm relied solely on the transaction amounts for verification, which proved to be inadequate.
The Panel concluded that the financial firm did not exercise the required care and skill in verifying the caller’s identity. This lapse led to the approval of fraudulent transactions and ultimately resulted in a loss for the complainant.
The Panel ordered the financial firm to compensate the complainant for the total amount of AUD $72,754.06.
