The Australian Transaction Reports and Analysis Centre (AUSTRAC) published guidance for regulated businesses on insider threats, describing how employees, contractors or board members can misuse legitimate access to systems, people and information to facilitate illegal activity, including money laundering, and setting out practical controls to reduce that risk. The guidance distinguishes malicious, compromised and negligent insiders, noting that authorised staff including AML/CTF compliance officers may be targeted for know your customer (KYC) data or financial details. AUSTRAC highlights banking examples where insiders may accept fake documents to open accounts, alter daily transaction thresholds, change customer contact details or order additional bank cards, and recommends stronger personnel management processes including ML/TF-focused screening, periodic or role-change re-screening for higher-risk roles, mandatory disclosure of changed circumstances or conflicts of interest, and consistent consequence management. Where concerning behaviour is identified, businesses should investigate and consider filing a suspicious matter report, notifying police or other authorities, and reviewing internal controls and access permissions; banks are also directed to consider the Australian Banking Association’s Conduct Background Check Protocol.
Australian Transaction Reports and Analysis Centre (AUSTRAC) 2025-12-15
Australian Transaction Reports and Analysis Centre issues guidance on managing insider threats that can undermine AML and CTF controls
AUSTRAC issued guidance for regulated businesses on mitigating insider threats, detailing how employees, contractors, or board members might misuse access for illegal activities like money laundering. It recommends enhanced personnel management, including ML/TF-focused screening, periodic re-screening for high-risk roles, and consistent consequence management, urging businesses to investigate suspicious behavior and consider filing reports or notifying authorities.