Determination
Case number | 12-00-1016692 |
Financial firm | HSBC Bank Australia Limited |
Case number: 12-00-1016692 22 August 2024
The complainant (Mr T) holds an offset account (account) with the financial firm (bank).
This complaint is about an unauthorised transaction for $47,178.54 (disputed transaction) from the account and who should be responsible for it.
On 13 June 2023, the complainant received an SMS purporting to be from the bank that:
The complainant had not made, or attempted to make, the Amazon transaction so he called the 1300 phone number in the SMS. The complainant spoke to a third party, who later was found out to be a scammer. The scammer caused the complainant to disclose two six-digit passcodes, which ultimately enabled the scammer to make the disputed transaction.
This determination deals with whether the complainant voluntarily disclosed the passcodes to the scammer and is therefore liable for the disputed transaction. The determination also considers whether the complainant is entitled to non-financial loss compensation for the bank’s actions after he reported the scam to it and whether the bank is required to contribute to the complainant’s legal costs.
Both parties accept the disputed transaction is unauthorised because it was made by the scammer without the complainant’s knowledge or consent. As the disputed transaction is unauthorised, liability must be decided in accordance with the ePayments Code (Code). Under the Code, the complainant will be liable for the disputed transaction if he voluntarily disclosed the passcodes to the scammer.
For the reasons detailed in section 2.2 below, the panel is of the view the complainant did not voluntarily disclose the passcodes to the scammer. The panel is satisfied the scammer’s manipulative tactics resulted in a degree of coercion that impacted the complainant’s free will and choice, so the complainant felt compelled to disclose the passcodes. In forming its view, the panel has taken matters of fairness and reasonableness into account. The panel is satisfied the scammer created a sense the complainant needed to act urgently to prevent the loss of his funds, and the overall impression he was dealing with the bank, and it would therefore not be fair in all the circumstances to find the disclosure of the passcodes was voluntary.
The complainant is not liable for the disputed transaction, except for the limited liability set out in the Code.
The complainant is entitled to compensation for the disputed transaction, lost interest that would have been applied to the home loan, non-financial loss and a contribution to the legal costs he has incurred. The compensation is explained in further detail in section 2.4.
The panel is satisfied the outcome is fair because, although the complainant disclosed the passcodes to the scammer, the disclosure was not voluntary for the reasons set out in section 2. In particular, the scammer’s manipulation of the complainant meant his free will and choice were impacted and the panel is satisfied he did not voluntarily disclose the passcodes.
It is also fair the bank pay the complainant non-financial loss compensation and contribute to the legal costs he incurred. This is because the bank’s conduct once it was notified of the scam did not meet the standards set out in the Banking Code of Practice (Banking Code) and its adversarial position meant it was reasonable for the complainant to engage a lawyer to assist in this complaint.
This determination is in favour of the complainant. Within 14 days of the date the complainant accepts this determination, the bank must pay the complainant:
Both parties accept the disputed transaction is unauthorised because it was made by the scammer without the complainant’s knowledge or consent. As the disputed transaction is unauthorised, liability must be decided in accordance with the Code. Under the Code, the complainant will be liable for the disputed transaction if he voluntarily disclosed the passcodes to the scammer.
The complainant is the victim of a sophisticated bank impersonation scam
In recent years, there has been an increase in the number of reports of bank impersonation scams[1]. Scammers, who often operate as part of organised criminal syndicates, use technology to trick victims into believing they are from their financial firm, which ultimately results in funds being stolen. This may occur by making a telephone call appear to come from the financial firm’s legitimate telephone number, or by sending a text message that appears in the existing thread of text messages received from the financial firm.
Certain circumstances of this complaint are not in dispute. Notably, both parties agree the complainant is the victim of a sophisticated bank impersonation scam. Here, the
13 June 2023 SMS appeared in an existing thread of text messages the complainant had previously received from the bank. In addition, when the complainant called the 1300 number in the text message:
During the telephone call, the scammer asked the complainant to verify his identity by disclosing two passcodes. The scammer told the complainant he would stop the Amazon transaction once the passcodes were disclosed. The complainant, believing he was dealing with the bank, disclosed the passcodes. In fact, the two passcodes allowed the scammer to:
There is some disagreement between the parties about precisely what occurred on
13 June 2023 in relation to the two passcodes generated by the complainant (and disclosed to the scammer). This is discussed further below.
What is clear, however, is the disputed transaction was unauthorised because it was made by the scammer without the complainant’s knowledge and consent.
Having established the disputed transaction is unauthorised, the next matter for the panel to consider is who should be liable for it.
In Australia, the Code regulates electronic payments. The Code is a voluntary code of practice that is administered by ASIC. The bank is a subscriber to the Code.
Amongst other matters, the Code sets out rules for allocating liability for loss arising from unauthorised transactions, such as the disputed transaction. In assessing who bears liability for the disputed transaction, it is necessary to decide if the complainant has breached the passcode security requirements in clause 12 of the Code.
Clause 12 of the Code states:
12.2 A user must not:
(a) voluntarily disclose one or more passcodes to anyone, including a family member or friend.
In circumstances where an unauthorised transaction is made using a passcode, but it cannot be shown a user voluntarily disclosed the passcode, clause 11.7(a) of the Code limits a user’s liability for the unauthorised transaction to $150. This clause states:
Other Situations – Limited Liability
11.7 Where a passcode was required to perform an unauthorised transaction, and clauses 11.2 – 11.6 do not apply, the holder is liable for the least of:
(a) $150, or a lower figure determined by the subscriber…
The bank says the complainant breached the terms and conditions
In its submissions, the bank has referred to clause 5 of the account terms and conditions. That clause states:
You must also act reasonably to prevent misuse of your account by keeping your account payment devices and security details safe.
The clause sets out the consequences of failing to act reasonably which include the customer may be liable for unauthorised payments. The terms and conditions cannot impose any liability and responsibility on a customer that exceeds those under the Code (see clause 4.2 of the Code).
The panel does not accept the complainant acted unreasonably given the circumstances (discussed in detail below). Accordingly, the complainant is not liable for the disputed transaction under clause 5.
The complainant has been consistent and transparent in what happened during the call with the scammer on 13 June 2023. In summary, the complainant says he believed he was talking to the bank and has
… admitted he provided two passcodes during the call with the scammer.
Both passcodes were one-time passcodes (OTPs) that were generated using the bank’s digital secure key (DSK). The DSK is a unique second factor authentication method embedded in the bank’s mobile banking application. It is one of the measures the bank promotes as ensuring its customer’s financial information is safe and secure. Each customer can only have one DSK that can be loaded onto one registered device (such as a mobile telephone).
The DSK enables a bank customer to generate security codes to access all online banking services without the need to actually login to the mobile banking application. When using the DSK, a customer is prompted to “Choose the security code to create”. The options for a customer to select are either a:
The central question for the panel to determine in this complaint is whether, the complainant voluntarily disclosed the passcodes to the scammer, thereby breaching the passcode security requirements as set out in clause 12 of the Code.
The panel is of the view the complainant did not voluntarily disclose the passcodes to the scammer. The panel is satisfied the scammer’s manipulative tactics resulted in a degree of coercion that impacted the complainant’s free will and choice, so the complainant felt compelled to disclose the passcodes. In forming its view, the panel has taken matters of fairness and reasonableness into account. The panel is satisfied the scammer created a sense the complainant needed to act urgently to prevent the loss of his funds, and the overall impression he was dealing with the bank, and it would therefore not be fair in all the circumstances to find the disclosure of the passcodes was voluntary.
The complainant is not liable for the disputed transaction, except for the limited liability set out in the Code.
There is no dispute the complainant disclosed the passcodes – it was the complainant’s action. However, it is not enough the complainant disclosed the passcodes to the scammer to find him liable for the disputed transaction. If that were the case, clause 12.2(a) of the Code would have simply started with the word “disclose” and not included the word “voluntarily”.
Rather, the disclosure of the passcodes to the scammer must have been made “voluntarily”. The Code does not define what it means by “voluntarily” in clause 12.2(a).
The bank’s position is the complainant voluntarily disclosed the passcodes to the scammer and is therefore liable for the disputed transaction. When asked for the passcodes by the scammer, the bank says the complainant responded of his own free will and without compulsion.
On the other hand, in acknowledging he disclosed two passcodes to the scammer, the complainant says such disclosure was not voluntarily made. The complainant says he thought he was dealing with the bank, and not a scammer, and that if he did not act, the Amazon transaction would be debited from the account.
As discussed above, the scammer created an environment of urgency, fear, and control where the complainant thought his funds were at risk of being lost and he had no choice but to follow the bank’s instructions. It was on this basis he disclosed the passcodes to the scammer.
In support of his position that his disclosure was not voluntary, the complainant has referred to Australian case law where the concepts of “voluntariness” and “compulsion” have been considered in commercial settings. In particular, the complainant’s lawyer refers to the following passage[2]
This involves consideration of what the law regards as voluntary, or its opposite; for in life, including the life of commerce and finance, many acts are done under pressure, sometimes overwhelming pressure, so that one can say that the actor had no choice but to act. Absence of choice in this sense does not negate consent in law; for this the pressure must be one of a kind which the law does not regard as legitimate. Thus, out of the various means by which consent may be obtained – advice, persuasion, influence, inducement, representation, commercial pressure – the law has come to select some of which it will not accept as a reason for voluntary action; fraud, abuse of relation of confidence, undue influence, duress or coercion.
As noted, the term “voluntarily” (or “voluntary”) is not defined in the Code. The Macquarie Dictionary defines “voluntary” as:
Acting of one’s own will or choice, relating to or depending on voluntary action…” and “acting or done without compulsion”.
The word “voluntary” has a natural and easy meaning, at least in many situations. However, the law recognises that sometimes an action, while undertaken by the relevant person, was not undertaken voluntarily. The case law considered by the panel has been set out in section 3 below.
In most situations that is where the person’s will was so overborne or undermined that they cannot help but undertake the relevant act. The clearest illustration is if that person is subject to a physical threat if they do not something. But the need for a physical threat is not always required. Controlling behaviour can occur in other scenarios, where the control is so powerful that the target person acts in an involuntary manner. The panel accepts a threat that a consumer may lose money if they do not act in a certain way may result in that person’s will being so overborne that they act in an involuntary manner.
Taking into account the case law, the panel is of the view the term “voluntarily”, as it used in the Code, encompasses situations where a person has disclosed a passcode through the exercise of free choice, and where that person’s will has not been overborne by pressure, duress, inducement or other factors.
Rule A.14.2 of AFCA’s Rules requires that when making a determination, an AFCA Decision Maker (which includes a Panel) must do what is fair in all the circumstances, having regard to:
Previous AFCA decisions dealing with unauthorised transactions in the context of bank impersonation scams have found that disclosure of passcodes was not voluntary because the complainant in those complaints held an “honest and reasonable” belief they were dealing with their financial firm when they disclosed passcodes to scammers.
Given the changing landscape of scams and new technologies that emerge, AFCA is constantly evolving its approach to various scam types. We consider the appropriate approach to considering whether disclosure of a passcode is voluntary involves assessing whether in all the circumstances the disclosure was made with the complainant’s free will.
The panel has carefully considered what is meant by “voluntarily” in clause 12.2(a) of the Code. In doing so, the panel has taken both parties’ submissions into account and has also considered:
An interpretation of voluntary that considers a person’s state of mind is expressly supported by ASIC, the administrator of the Code. ASIC is required to review the Code every five years. In May 2021, ASIC issued Consultation Paper 341, “Review of the ePayments Code: Further Consultation”[3] (Report 341) which sought consultation on proposals to amend the Code. In March 2022, ASIC issued Report 718[4] which identified the outcome of that consultation.
In Report 341, ASIC sought feedback from stakeholders around a proposal to amend the words of the Code to clarify the passcode security requirements mean that consumers are unable to disclose their passcode to anyone (subject to exceptions in clauses 12.8 and 12.9 of the Code). In response to this request for feedback, ASIC received submissions from many groups. Report 718 contains ASIC’s response to these submissions and says:
Consumer groups argue that there should be exceptions to the rule against disclosure of a pass code in situations where a person is experiencing vulnerability such as financial abuse, elder abuse or domestic violence. …
With regards to consumer groups’ desire for exceptions to the disclosure prohibition in situations of vulnerability, again, we consider it a complex and inappropriate task to include within the Code a range of exceptional situations, which will need to be considered on a case-by-case basis. …
We anticipate that, in circumstances where a consumer has disclosed their pass code because of financial abuse, duress or other unconscionable conduct, AFCA may continue to consider matters of reasonableness and fairness in appropriate cases in accordance with its terms of reference.
Simply put, ASIC recognised there may be circumstances in which a consumer has disclosed their passcode due to the type of conduct envisaged by ASIC, in which case AFCA may consider matters of reasonableness and fairness in determining whether a passcode has been disclosed in breach of the security requirements of the Code.
This means the panel may identify circumstances where a consumer, who has disclosed a passcode (as here) may not be liable for an unauthorised transaction taking into account matters of reasonableness and fairness (as permitted by AFCA’s Rules).
It is well-known that scammers use sophisticated tactics when talking to victims. Those tactics include creating trust and credibility through impersonating a person in a position of authority. This position is further reinforced when the person in authority is a bank officer. Other tactics involve creating a sense of urgency and time pressures which in turn reduces the ability of a person to process and verify information. This may include the imminent threat of losing money if no action is taken. Scammers fabricate scenarios that require immediate action, thereby depriving their victims of exercising their own free will and choice.
In this complaint, and after considering all the information, the panel is satisfied the complainant’s will was impacted to the point it was overborne by:
The question the panel has considered is whether the impact was so significant as to make the complainant’s action of disclosing the passcodes involuntary. In some situations, it may be voluntary if someone disclosed passcodes. However, in the circumstances of this complaint, the panel considers the better view is the complainant thought he had no choice but to disclose the passcodes to the scammer, thinking he was talking to his bank and needed to do so in order to protect his money. The fact the Amazon transaction was $740 does not impact the panel’s view.
In other words, the panel is satisfied the complainant acted involuntarily when he disclosed the passcodes to the scammer. The reasons the panel has formed this view include:
The panel accepts that a person who receives an explicit instruction from their bank to disclose a passcode, may reasonably believe they have no choice but to disclose that passcode.
As noted earlier in this determination, an action will not be voluntary where that person’s will is so overborn by fraud, abuse of a relationship of confidence, undue influence, duress or coercion that is greater than the type of commercial pressure that can occur from time to time. The panel is of the view this is what happened in this instance – that is, the complainant’s will was so overborne by the conduct of the scammer and the situation he created that the complainant did not voluntarily disclose the passcodes.
In addition to the matters referred to above, the panel has also taken into account the following matters:
Your financial information is protected by a combination of unique username and password, trusted device/browser, device PIN, integrated device biometrics (fingerprint, face) as well as Security Codes generated by your [DSK].
Use the code ###-### to verify the identity of your advisor.
The bank has since clarified that it did not send this SMS and that it will never ask its customers to verbally disclose a passcode as part of its verification process. The panel accepts this position. However, this does not change the panel’s ultimate view. The way a financial firm engages with its customer is not static, and will change over time, as best practices evolve and new technology emerges. As this complaint demonstrates, it is difficult, if not impossible, for a consumer to readily identify when they are legitimately dealing with their bank, or when a third-party has intercepted the bank’s communications channels.
In requesting the passcodes, the complainant says the scammer made it clear they were needed to put a hold on the Amazon transaction and confirm the complainant’s identity. The bank says the complainant should have been aware of the purpose of the passcodes. The panel does not consider this advances matters given the explanations given by the scammer.
Never share a security code with anyone and look out for potential scams.
The panel is not persuaded this changes the outcome. Here, the complainant was initially contacted using an SMS bearing the bank’s name and informed of the potential loss of his funds and the scammer created trust through knowing information that should have only been known by the bank. In these circumstances, the panel is of the view that any such warning (if it was read by the complainant) does not change the outcome. The panel understands the bank has now introduced warnings when generating a “Transaction Verification” code that specifically caution a customer not to disclose such a code to anyone and that bank staff will never ask for that particular code.
In forming its view AFCA is also able to take matters of reasonableness and fairness into account. It is not necessary to repeat the reasons here, however, the panel is satisfied that when all the circumstances outlined above are considered cumulatively, it would not be fair to find the complainant voluntarily disclosed the passcodes and breached the passcode security requirements in the Code.
The complainant is entitled to compensation for the disputed transaction, lost interest that would have been applied to the home loan, non-financial loss and a contribution to the legal costs he has incurred.
As the disputed transaction required passcodes, but the complainant did not voluntarily disclose the passcodes, the limited liability provision of the Code (i.e. clause 11.7) applies. The complainant’s liability for the loss is limited to $150. The bank is required to reimburse the balance of the loss, being $47,028.45, to the complainant.
The disputed transaction was made from an offset account. The bank should also reimburse the additional interest that has been charged to the home loan linked to the account, that would otherwise have been saved had the disputed transaction not been made (calculated from 13 June 2023 until the date the payment is made).
The complainant is entitled to non-financial loss compensation
It is undisputed the complainant reported the disputed transaction to the bank on the day that it was made (i.e. 13 June 2023). The complainant says he first reported the disputed transaction by calling the bank at 7.30 pm. He was advised a record of his complaint would be lodged with the bank’s fraud team. At 7.45 pm, the complainant called the fraud team a second time and was told it did not have a record of his earlier call. Cleary, to someone who has contacted their bank following a scam this interaction would cause additional stress.
On 14 June 2023, the complainant emailed the bank about the disputed transaction. From this time, the complainant called the bank frequently seeking an update. The bank told him it would complete its investigation within 21 days.
On 11 July 2023, well after the 21 days, the complainant called the bank seeking an update. The complainant was told that the bank’s fraud team was still investigating the matter, but the bank representative could not provide an update. The representative offered to give the complainant the bank’s fraud team’s contact details, to which the complainant said he had tried several times to call the team, but no one answered the number.
On 14 July 2023, the complainant escalated the matter by emailing the bank’s CEO. On
29 July 2023, the bank provided a substantive response to the complainant saying:
The complainant was dissatisfied with the bank’s response and escalated his concerns, including by engaging a lawyer who sent a letter to the bank (on 9 August 2023) and by lodging this complaint at AFCA (on 6 September 2023).
Part of the complainant’s concerns relate to how the bank responded to his complaint including:
The bank is a member of the Australian Banking Association and a signatory to the Banking Code. The Banking Code is underpinned by a set of guiding principles, including a statement that banks “will deliver high customer service and standards”. Signatory banks also promise to communicate with their customers “in a clear and timely manner”.
In the panel’s view, the way the bank communicated with the complainant after he notified it of the disputed transaction did not meet the overall standards in the Banking Code to deliver high customer service standards nor communicate in a timely manner. In particular:
The panel also notes that on 23 June 2023, the bank was told its recall attempt from the recipient bank (which it raised on 14 June 2023), had been unsuccessful. Despite this, the bank did not notify the complainant of the outcome of this process (despite having other contact with him), until 28 July 2023. This is an unacceptable delay.
AFCA has the power to award non-financial loss compensation for stress or inconvenience caused by an error of a financial firm. The maximum amount of non-financial loss compensation we can award for an error is $5,400 per claim. AFCA takes a conservative approach to awarding compensation for non-financial loss.
Compensation for non-financial loss is only provided where the complainant has suffered an unusual amount of physical inconvenience or the time taken to resolve the situation has been unusually long.
Being a scam victim and having money stolen is a very stressful and impactful experience. Once the complainant notified the bank of the scam, he was entitled to expect it to act promptly and communicate with him in a clear, efficient and timely manner including to provide the outcome of the recall as soon as possible.
The panel is of the view the bank did not meet these standards. The panel is satisfied the bank’s conduct would have exacerbated the complainant’s angst of being a scam victim. In the panel’s view, the complainant is entitled to $1,000 for non-financial loss compensation for how the bank responded once the complainant reported the disputed transaction to it.
In accordance with AFCA Rule D.5, an AFCA decision maker (which includes a panel) may decide that a financial firm is to contribute to the legal costs incurred by a complainant in the course of pursuing a complaint. AFCA’s Operational Guidelines provides guidance on this Rule and states, relevantly:
We provide a free service for Complainants. It is not usually necessary for either party to be legally represented.
…
Although there is no automatic right to legal costs, we can decide that the Financial Firm should contribute to the Complainant’s legal costs… These costs are, however, usually capped at a total of $5,000 per complaint …
When considering whether to require the Financial Firm to make a costs contribution, we take into account the complexity of the complaint and whether the Complainant needed to incur the costs to understand or establish their claim.
The complainant has been represented in this complaint by a lawyer. Given the amount involved, the complexities of the legal issues in dispute and the bank’s adversarial position, the panel is satisfied it was reasonable for the complainant to engage a lawyer and to retain that lawyer during the AFCA process. The arguments in this complaint have been extremely technical and nuanced and have required a thorough analysis of case law, knowledge of an industry code, the principles of statutory interpretation and substantive legal submission by the bank.
The panel is of the view that it is fair and reasonable for the bank to contribute to the legal costs incurred by the complainant since the AFCA claim was lodged in September 2023. The complainant has provided legal invoices that, as of 24 April 2024, totalled $8,442. Only the invoices totalling $5,197.50 relate to the legal costs of dealing with the AFCA complaint. In the circumstances, the panel is of the view the bank should contribute the maximum amount of $5,000 towards the legal costs the complainant has incurred.
The complainant is the victim of a sophisticated bank impersonation scam and had a significant amount of money stolen from his account. Because the disputed transaction is unauthorised, liability has been assessed in accordance with the Code. The complainant’s entitlement to reimbursement of the disputed transaction does not depend on establishing any wrongdoing or breach of obligation by the bank.
The panel is satisfied the outcome is fair because, although the complainant disclosed the passcodes to the scammer, the disclosure was not voluntary for the reasons set out in section 2. In particular, the scammer’s manipulation of the complainant meant his free will and choice were impacted and the panel is satisfied he did not voluntarily disclose the passcodes.
It is also fair the bank pay the complainant non-financial loss compensation and contribute to the legal costs he incurred. This is because the bank’s conduct once it was notified of the scam did not meet the standards set out in the Banking Code and its adversarial position meant it was reasonable for the complainant to engage a lawyer to assist in this complaint.
AFCA has determined this complaint based on what is fair in all the circumstances, having regard to:
The respective parties have completed a full exchange of the relevant information, and each party has had the opportunity to address any issues raised. We have reviewed and considered all of the information the parties have provided.
While the parties have raised a number of issues in their submissions, we have restricted this determination to the issues that are relevant to the outcome.
Due to the nature of this complaint, we referred it to a panel for determination. The panel includes:
AFCA is not a court of law. We do not have the power to take or test evidence on oath, or to require third parties to give evidence.
When we assess complaints, we consider:
We give more weight to documents created at the time the events occurred. If there are no relevant documents, we will decide what most likely occurred based on the available information.
If there are conflicting recollections and these are evenly weighted, we may find that a claim cannot be established.
As noted in this decision, in reaching its views as to what is fair in all the circumstances, the panel considered case law that had considered the term “voluntary”, as well as other similar terms. Some of the relevant cases are discussed below.
In some cases[5], it has been observed the term “voluntary” is a payment that a person “chooses to make”, even if they believe there is no legal basis to make the payment. Such an approach supports a construction of the term “voluntary” as one that a customer consciously undertakes to act.
However, in other cases, the term “voluntary” has been afforded a more nuanced meaning that also examines the person’s state of mind in undertaking the relevant act. For example, in determining whether a statement made by an accused was voluntary, the court considered whether the person’s will was so overborne that they have not exercised free choice. The court [6]observed
… whether the will of the person making the confession has been overborne, or whether he has confessed in the exercise of his free choice.
The panel also notes comments made by the Australian High Court[7] in respect of the rules around the admissibility (or otherwise) of a voluntary statement:
… there seems to be really one rule, the rule that a statement must be voluntary in order to be admissible. Any one of a variety of elements, including a threat or promise by a person in authority, will suffice to deprive it of a voluntary character.
An assessment of the state of mind of the person undertaking an action was also observed in Haber v Walker[8] where it was observed:
… for an act to be regarded as voluntary it is necessary that the actor should have exercised free choice. … But if his choice has been made under substantial pressure created by the wrongful act, his conduct should not ordinarily be regarded as voluntary.
D.5 Costs of pursuing a complaint other than a Superannuation Complaint
D.5.1 An AFCA Decision Maker may decide that the Financial Firm is to contribute to the - legal or other professional costs or travel costs incurred by the Complainant in the course of the complaint.
D.5.2 Unless special circumstances apply, AFCA will not require the Financial Firm to contribute more than $5,000 to these costs.
4.1 A subscriber must prepare clear and unambiguous terms and conditions for facilities.
4.2 The terms and conditions for a facility must:
(a) reflect the requirements of this Code,
(b) not impose liability or responsibilities on users that exceed their liability and responsibilities under this Code, and
(c) warrant that the subscribers will comply with this Code.
[1] https://www.accc.gov.au/media-release/bank-impersonation-scams-robbing-australians-of-their-life-savings
[2] Barton v Armstrong [1973] 2 NSWLR 598
[5] See David Securities Pty Ltd v Commonwealth Bank of Australia (1992) 175 CLR 353 at 373-374
[6] Collins v R (1980) 31 ALR 257 at 307 (see Brennan J)
[7] R v Lee (1950) 82 CLR 133 at 144
[8] [1963] VR 339