Are you keeping abreast of threats relevant to the superannuation industry?
In addition to the current criminal threats facing the industry, superannuation funds should be aware of emerging threats, so that they can implement appropriate controls to mitigate associated risks. Emerging threats facing the superannuation industry are outlined in the diagram below.
The rise in cyber-enabled superannuation fraud
The AUSTRAC threat update highlights cybercrime as a common threat enabler in the superannuation industry. Specifically, bad actors can use cybercrime to engage in criminal activity involving the illegal early release of funds, identity fraud, scams and the use of staging accounts1 as a layering mechanism to launder money (by obscuring the true source and ownership of funds).
Cybercrime is particularly attractive to criminals due to the speed with which criminal activities can be performed and the relatively low level of operating costs required to perform such activities.
The superannuation industry has become an attractive target for cybercriminals, especially due to the digitisation of many superannuation services, which allows fund members to perform a range of activities without face-to-face contact, including:
- amending account details;
- applying for withdrawals; and
- electronically certifying documents.
Considerations for superannuation funds
Superannuation funds should consider adopting the following actions in order to protect themselves against the increasingly complex type of threats facing the industry.
- Promote member education and awareness, such as through timely and regular communication to members. The information disseminated to members should highlight the threat environment faced by the industry and the fund's commitment to promoting a safe environment for member investments. Member vigilance should also be encouraged to promote the timely self-identification of compromised accounts.
- Strengthen fraud mitigation systems and controls, for example by undertaking regular reviews or audits of current fraud frameworks, conducting risk assessments of the evolving threats faced by the industry and performing periodic testing to ensure fraud controls are operating effectively. Where deficiencies in existing controls are uncovered or control gaps are identified, these should be addressed as a matter of priority.
- Ensure there are appropriate procedures in place to identify suspicious matters and lodge suspicious matter reports (SMRs). In particular, superannuation funds should ensure that they have appropriate procedures in place to lodge suspicious matters to AUSTRAC within required timeframes, in the required format and with a sufficient level of detail. SMRs provide valuable intelligence to AUSTRAC and law enforcement agencies which can assist in the fight against financial crime.
- Implement an ongoing, proactive communication strategy with AUSTRAC. In addition to an ongoing, proactive communication strategy, superannuation funds should ensure they are keeping abreast of latest regulatory guidance and trends, whilst making appropriate and timely adjustments to their financial crime compliance frameworks.
Why being vigilant over emerging threats faced by the superannuation industry is more important now than ever before
Superannuation funds should remain cognisant of the evolving threats faced by the industry, given an absence of appropriate controls could result in substantial repercussions. Examples of repercussions that superannuation funds could face in response to control deficiencies or gaps are listed below.
- An increased risk of facilitating crimes (such as fraud, money laundering and terrorism financing).
- Monetary costs due to a failure to comply with legal obligations (anti-money laundering/counter-terrorism financing [AML/CTF] obligations, privacy obligations, etc.). Specifically, breaches of legal obligations could lead to fines and penalties, compensation costs (e.g. to members) and increased costs of compliance (relating to a need to invest in fixing deficient compliance frameworks). Notably, AUSTRAC's recent enforcement actions against various reporting entities (across the banking, gaming and casino industries) demonstrates the costly consequences of non-compliance with AML/CTF obligations, with penalties ranging from AUD
45,000 to AUD 1.3 billion.
Unfavourable effects on members such as member data being compromised and a reduction in member confidence in the superannuation fund. The adverse effects of compromised customer data can be far-reaching and severe, as highlighted in a recent, high-profile data breach case in Australia.
The repercussions listed above can lead to long-lasting reputational and financial damage for superannuation funds. Superannuation funds should therefore be proactive in implementing appropriate controls to mitigate financial crime risks, in order to protect the best interests of its members, and ultimately the fund.
For more information on AUSTRAC's superannuation sector threat update, please click here.
For more information on AUSTRAC's 2016 superannuation sector risk assessment, please click here.
Authors: Philip Hardy, Partner; Kieran Francis, Director; and Justine Tan, Specialist.
1. Staging accounts are accounts established for the purpose of consolidating or moving funds, with the end goal being to either transfer the funds to a different account, or to withdraw them from the superannuation system.
Key Contacts
We bring together lawyers of the highest calibre with the technical knowledge, industry experience and regional know-how to provide the incisive advice our clients need.
Keep up to date
Sign up to receive the latest legal developments, insights and news from Ashurst. By signing up, you agree to receive commercial messages from us. You may unsubscribe at any time.
Sign upThis publication is a joint publication from Ashurst Australia, Ashurst Boardroom Advisory Pty Ltd and Ashurst Risk Advisory Pty Ltd, all part of the Ashurst Group.
The Ashurst Group is global, and comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.
Ashurst Boardroom Advisory Pty Ltd (ABN 41 635 686 805) and Ashurst Risk Advisory Pty Ltd (ABN 74 996 309 133) provide services under the Ashurst Risk Advisory brand. The services provided by Ashurst Boardroom Advisory Pty Ltd and Ashurst Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services.
For more information about the Ashurst Group and the services offered, please visit www.ashurst.com.
This material is current as at 8 November 2022 but does not take into account any developments after that date. It is not intended to be a comprehensive review of all developments in practice, or to cover all aspects of those referred to, and does not constitute professional advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.
