AUSTRAC's superannuation sector money laundering and terrorism financing threat update

Are you keeping abreast of threats relevant to the superannuation industry?

Overview

The Australian Transaction Reports and Analysis Centre (AUSTRAC) has released a superannuation sector threat update (the AUSTRAC threat update). 

The aim of the AUSTRAC threat update is to provide superannuation funds with the latest insights regarding money laundering and terrorism financing (ML/TF) risks. Specifically, the AUSTRAC threat update highlights the threats and vulnerabilities that are new to the superannuation industry, or have changed since the 2016 superannuation sector risk assessment (the 2016 assessment) published by AUSTRAC. 

What you need to know - key threats

Consistent with the 2016 assessment, AUSTRAC have assessed the risk of criminal threats (which comprise the nature and extent of ML/TF and other predicate offences) facing the superannuation industry to be medium. The AUSTRAC threat update emphasises that whilst the threats and vulnerabilities facing the industry remain similar to those outlined in the 2016 assessment, the sophistication of activities associated with some offences has increased in recent years.

The diagram below outlines the main criminal threats currently faced by the superannuation industry. 

In addition to the current criminal threats facing the industry, superannuation funds should be aware of emerging threats, so that they can implement appropriate controls to mitigate associated risks. Emerging threats facing the superannuation industry are outlined in the diagram below.

The rise in cyber-enabled superannuation fraud

The AUSTRAC threat update highlights cybercrime as a common threat enabler in the superannuation industry. Specifically, bad actors can use cybercrime to engage in criminal activity involving the illegal early release of funds, identity fraud, scams and the use of staging accounts¹ as a layering mechanism to launder money (by obscuring the true source and ownership of funds).

Cybercrime is particularly attractive to criminals due to the speed with which criminal activities can be performed and the relatively low level of operating costs required to perform such activities.

The superannuation industry has become an attractive target for cybercriminals, especially due to the digitisation of many superannuation services, which allows fund members to perform a range of activities without face-to-face contact, including:

• amending account details;
• applying for withdrawals; and
• electronically certifying documents.

^{1. Staging accounts are accounts established for the purpose of consolidating or moving funds, with the end goal being to either transfer the funds to a different account, or to withdraw them from the superannuation system.}

Considerations for superannuation funds

Superannuation funds should consider adopting the following actions in order to protect themselves against the increasingly complex type of threats facing the industry.

• Promote member education and awareness, such as through timely and regular communication to members. The information disseminated to members should highlight the threat environment faced by the industry and the fund's commitment to promoting a safe environment for member investments. Member vigilance should also be encouraged to promote the timely self-identification of compromised accounts.
• Strengthen fraud mitigation systems and controls, for example by undertaking regular reviews or audits of current fraud frameworks, conducting risk assessments of the evolving threats faced by the industry and performing periodic testing to ensure fraud controls are operating effectively. Where deficiencies in existing controls are uncovered or control gaps are identified, these should be addressed as a matter of priority.
• Ensure there are appropriate procedures in place to identify suspicious matters and lodge suspicious matter reports (SMRs). In particular, superannuation funds should ensure that they have appropriate procedures in place to lodge suspicious matters to AUSTRAC within required timeframes, in the required format and with a sufficient level of detail. SMRs provide valuable intelligence to AUSTRAC and law enforcement agencies which can assist in the fight against financial crime.
• Implement an ongoing, proactive communication strategy with AUSTRAC. In addition to an ongoing, proactive communication strategy, superannuation funds should ensure they are keeping abreast of latest regulatory guidance and trends, whilst making appropriate and timely adjustments to their financial crime compliance frameworks.

Why being vigilant over emerging threats faced by the superannuation industry is more important now than ever before

Superannuation funds should remain cognisant of the evolving threats faced by the industry, given an absence of appropriate controls could result in substantial repercussions. Examples of repercussions that superannuation funds could face in response to control deficiencies or gaps are listed below.

• An increased risk of facilitating crimes (such as fraud, money laundering and terrorism financing).
• Monetary costs due to a failure to comply with legal obligations (anti-money laundering/counter-terrorism financing [AML/CTF] obligations, privacy obligations, etc.). Specifically, breaches of legal obligations could lead to fines and penalties, compensation costs (e.g. to members) and increased costs of compliance (relating to a need to invest in fixing deficient compliance frameworks). Notably, AUSTRAC's recent enforcement actions against various reporting entities (across the banking, gaming and casino industries) demonstrates the costly consequences of non-compliance with AML/CTF obligations, with penalties ranging from AUD 45,000 to AUD 1.3 billion.
• Unfavourable effects on members such as member data being compromised and a reduction in member confidence in the superannuation fund. The adverse effects of compromised customer data can be far-reaching and severe, as highlighted in a recent, high-profile data breach case in Australia.

The repercussions listed above can lead to long-lasting reputational and financial damage for superannuation funds. Superannuation funds should therefore be proactive in implementing appropriate controls to mitigate financial crime risks, in order to protect the best interests of its members, and ultimately the fund.

For more information see AUSTRAC's 2022 superannuation sector - money laundering and terrorism financing threat update

For more information see AUSTRAC's 2016 superannuation sector - money laundering and terrorism financing risk assessment

Authors: Philip Hardy, Partner, Risk Advisory; Kieran Francis, Director, Risk Advisory; and Justine Tan, Executive, Risk Advisory