ASIC warns super funds must improve scam protection as losses rise
The biggest long-term story in Australia’s financial system is the rapid rise of superannuation: a $4.5 trillion asset pool that will rival the size of our banks by the end of this decade.
While far from perfect, this massive pool of savings is shaking up capital markets, changing power dynamics in the corporate world, and most importantly, providing millions of people with a more comfortable retirement.
But with so much growth, it’s no surprise that scammers and fraudsters are also eyeing so much money.
Over the past year, the super industry has been reminded that this is not an abstract risk; Approximately half a million dollars were stolen in cyber attacks on funds. The corporate watchdog says the super industry lost nearly $22 million due to fraud last year.
The funds say they have made significant efforts to protect their members against this terrible threat. However, two key observers of super funds have recently made clear that they see room for improvement.
Australian Securities and Investments Commission (ASIC) commissioner Simone Constant has been warning super funds about the risk of fraud for more than a year. Last week was a stark reminder to the industry that more needs to be done on this issue.
Constant stated that by 2030, the super pool is estimated to approach $6 trillion, which is roughly the level where banks are today. While there is a super boom, regulators are concerned that the sector is a “soft target” for fraudsters for many reasons.
Large amounts of money in retirement, as well as the fact that other parts of finance (such as banks) are tightening their defenses against fraud, can also push fraudsters to look elsewhere for opportunities.
Most of us also rarely check our super balances, unlike our bank balances, which means we’re less likely to notice anything untoward. People in retirement stages (a group that is growing larger as the population ages) also tend to be more attractive to fraudsters because this group can access super much more easily than those saving for retirement.
By voicing the risk, ASIC is trying to raise funds to prevent the threat. So how do funds deal with the dangers of scammers? In some respects at least, ASIC thinks many funds should get out of the game.
There is no doubt that last year’s cyberattacks led funds to tighten their security; In some cases, measures such as two-factor authentication have been introduced. But this is only part of the fight against scammers.
Funds also need to talk to members about these risks and how to avoid them and be prepared to help them if they are defrauded. But ASIC last week warned of “significant gaps” in how funds communicated with members about fraud after reviewing the websites of 47 super funds and comparing them with major banks.
The study found that many super funds had limited or low-quality information about scams and only a third of websites provided members with “actionable information” to prevent or report scams and fraud.
It also found that only one in five superfund websites had a dedicated telephone or email link for members to report potential scams or scams.
Now, the lack of email addresses or phone numbers might not seem like a big deal in the grand scheme of things. But for a scam victim, this can be crucial. If someone realizes with horror that they have been scammed out of thousands of dollars, one of the first things they will want to do is call the fraud hotline at their financial institution to try to stop it.
In response to ASIC’s report, the Australian Superannuation Association wrote to members recommending better wording of the material on their website and promised to work with the watchdog to provide more detail on what funds should do.
The group added that funds are strengthening identity verification and monitoring of unusual activity and said it would work with the government on “the potential for tighter oversight of high-risk transactions.”
But the website’s poor content wasn’t Constant’s only concern. It also provided an early update on ASIC’s review of how superfund trustees used customer complaints to identify where whey might thrive. Emphasizing that the results were mixed across the industry, Constant seemed surprised by what some funds found (or rather, didn’t find).
“Amazingly, five of the 10 trustees we examined in depth did not identify a single systemic problem in their analysis of complaint data during our review period,” he said.
“This board of trustees has received thousands of complaints, but they tell us that through regular review of complaint data, they have not identified a single systemic problem? Really?”
Data on complaints may not seem very exciting, but it’s an important way for companies to find out what’s bothering their customers and therefore how they can improve.
Constant, a former bank executive, said the importance of listening to customer complaints was one of the key lessons of the 2018 banking royal commission into financial misconduct.
“If the organizations that actually failed and were found to be very inadequate at the royal commission had paid more attention to their complaints, they could have seen the data showing where the problems were – where customers were failing,” Constant said.
As well as ASIC, Margaret Cole, deputy chair of the Australian Prudential Regulation Authority, also sent a message to funds last week that it was time to lift their game on fraud protection. Speaking alongside Constant, Cole described the super sector’s losses in last year’s cyber attacks as a “serious wake-up call”, coming six years after the regulator introduced obligations on IT security.
And it’s not just fraud protection that has faced harsh criticism from some major super funds recently. There have also been high-profile lawsuits filed against Cbus and AustralianSuper over delays in the payment of death benefits, while HESTA was slapped with an outage in late 2025 that left members unable to access their accounts for nearly six weeks.
Granted, funds have taken steps to solve these problems, including hiring more staff rather than relying on outsourcing. ASIC’s outgoing chairman, Joe Longo, said last month that funds had gotten the message about the need to improve member services but thought it would take time.
Even so, APRA and ASIC’s recent warnings about fraud protections are the latest signs that one of the super sector’s biggest tests in the coming years may be not to accumulate assets; So far this is a pretty good thing.
Instead, as more people begin to take advantage of their super credit, the big challenges are likely to arise in serving customers, and this includes tackling fraudsters trying to get a slice of the super pie.
The Market Summary newsletter is a summary of the day’s transactions. Let’s each take ittoday afternoon.
Clancy Yeates is deputy business editor. He covered banking and financial services and was previously a national business correspondent in the Canberra bureau.Connect with: X or email.
