Criminal threat environment
In this section:
AUSTRAC assesses that there is a medium threat of criminal exploitation to Australia’s financial planning sector. The sector is facing a variety of criminal threats, with criminals employing a range of sophisticated tactics and methods. Intelligence agencies have observed instances of organised crime groups using financial planners to help navigate the financial sector. Moreover, entities consulted for this risk assessment have observed that criminals are deliberately seeking out financial planners who have weak AML/CTF controls, or who turn a blind eye to suspicious behaviour.
Suspicious matter reporting to AUSTRAC identified six main offence types in the financial planning sector. Suspected money laundering accounted for a significant portion; while terrorism financing was the subject of only three reports. The most reported suspected offence was cyber-enabled fraud. Other fraud-related offences included scams, the use of false documents, as well as cases of fraud conducted by financial planners. There were a small number of reports regarding tax evasion and welfare fraud.
These offences can occur at any stage of the cycle in which a customer engages a financial planner. Some potential indicators that financial planners should look for are detailed in the following graphic. Such ‘red flags’ should prompt a financial planner to investigate the matter further and potentially submit an SMR.
Click on the image below to enlarge
AUSTRAC SMR data indicates that the financial planning sector is being exploited to launder money and conceal the proceeds of crime. Reporting entities submitted 57 SMRs relating to suspected money laundering during the sample period, representing 21 per cent of the total. These SMRs generally had higher monetary values than SMRs related to other suspected offences; of the twenty SMRs in the sample period with the highest values, fourteen related to suspected money laundering.
Reporting entities nominated a variety of reasons for suspicion when submitting SMRs relating to money laundering (see diagram below).
25 of the money laundering SMRs identified customers as the suspicious party. Some examples of these suspicious matters were:
- A financial planner was approached by a prospective customer, who had accumulated cash savings well in excess of their annual income from running their own business
- A foreign national used a financial planner to invest a large sum of money – however, this was inconsistent with the customer’s profile and the source of the funds was unclear
- A financial planner received a phone enquiry from an individual who was seeking advice, and that individual was known to be the subject of a corruption investigation.
A further 32 SMRs in this offence category related to cases in which a financial planner was suspected of being involved in a suspicious activity. Most of these involved structured cash deposits into financial planners’ accounts. Some specific examples of SMRs include:
- A bank observed that a financial planner received a number of cash deposits of less than $10,000 made by several different individuals at different bank branches, in an apparent attempt to avoid detection
- A bank received a request by a financial planner to transfer very large sums of money between numerous bank accounts held by the planner’s customer, in what the bank suspected was an attempt to obscure the source of the funds.
In the two-year sample period for this risk assessment, there were three SMRs regarding suspected terrorism financing.
In one SMR, a financial planner reported a matter where their customer appeared to either be the victim of, or complicit in, an internet scam. The customer intended to transfer a sum of money for investment purposes from their overseas bank account into their Australian account; however, the funds had been stopped by the originating bank. The financial planner investigated the matter further and found that the name of one of the overseas consultants advising the customer was listed on a crime list for suspected terrorist financing.
Another report came from a financial institution regarding a self-managed superannuation fund (SMSF). Shortly after making an initial rollover into the SMSF, the customer requested a large funds transfer to a high-risk jurisdiction for terrorism financing. The bank conducted enquiries with the customer’s financial planner, which revealed inconsistencies around the purpose of the customer’s request and prompted suspicion that the transfer would constitute an illegal use of SMSF funds and potentially involve terrorism financing.
In another case, a news article alerted the financial institution that one of their customers – who had been introduced by a financial planner – was involved in a counter-terrorism investigation.
Useful reporting for combating terrorism financing
There was one additional SMR reported by a financial planner outside the sample period of this risk assessment, which is an excellent example of positive reporting behaviour.
This SMR related to a customer who was transferring money overseas to a high-risk jurisdiction associated with terrorism financing. In the SMR, the financial planner noted they did not have detailed information directly linking the customer to terrorism, but still reported it to AUSTRAC due to the risk associated with the jurisdiction. Such information can be invaluable to AUSTRAC and law enforcement agencies, as it may contribute to current or future investigations (8).
Other key indicators of terrorism financing can be found in the AUSTRAC report Terrorism Financing in Australia 2014.
The most frequently reported suspected crime type in the financial planning sector was cyber-enabled fraud (9), which accounted for 138 SMRs (51 per cent) in the sample period (10). Reporting entities consulted for this assessment concurred that cyber-enabled fraud was one of the most significant issues for the sector. Although this threat has been apparent in the sector for several years, it has been growing in scale and sophistication.
Financial planners are particularly vulnerable to cyber-enabled fraud attacks when acting as a gateway between customers and financial institutions or product issuers. There were many reported cases in which a third party hacked a customer’s email and used it to instruct the financial planner to make a withdrawal or transfer of funds, often into intermediary, or ‘mule’, bank accounts. There were also cases in which a financial planner’s email was hacked and used to email the product issuer to request a funds transfer, purportedly at the request of the customer.
Other sophisticated incidents have involved third parties:
- diverting a customer’s phone number, in an attempt to circumvent callback controls
- accessing a customer’s email history (including attachments, drafts and sent items) to more accurately impersonate the customer (for example, by referencing personal situations such as home renovations)
- using social media (either by hacking the account or relying on publicly available information) to gather information about the customer
- creating a new email account using the customer’s name in order to impersonate the customer
- hacking an email account, and then creating an automatic forwarding rule so that emails from the financial institution are deleted
- hacking a customer’s computer to compromise online banking accounts.
Many of the cyber-related SMRs reported by banks referenced the constructive role that financial planners played in resolving cases, as financial planners were often well-positioned to recognise anomalous behaviour. Some reporting entities had policies to ensure that financial planners personally called customers to verify transaction requests received by email. This had proved to be a critical mitigation technique.
Identifying potential cyber-enabled fraud attacks
Financial planners described a number of indicators used to detect instances of cyber-enabled fraud, including:
- customer’s email has different tone/language to customer’s usual communications
- customer’s email has poor grammar, spelling mistakes or uncommon terminology
- customer usually contacts the financial planner by telephone, then suddenly makes contact by email
- customer changes bank details soon after changing other details such as contact address or phone number
- customer emails express urgency – for example, claiming the customer is travelling overseas, attending a funeral, or purchasing a property
- requests for the financial planner to complete application forms on the customer’s behalf, then to send back to customer for signing
- email requests to send funds overseas.
There were 55 SMRs in the sample period relating to types of fraud other than cyber-enabled fraud. In some of these cases, financial planners were concerned about the identity of customers or suspected that customers were using false documents. These SMRs included forms with signatures that did not match, superannuation clients providing identification with differing dates of birth, and customers who quickly withdrew their request for a financial service when asked to provide identification. Reporting entities also reported seeing cases of fake bank statements being provided to authenticate change of bank detail requests.
There were also cases relating to suspected scams. The most common forms of scams were: online dating and romance scams (11), overseas investment schemes, requests to make large transfers to overseas accounts, and fake bank or legal letters convincing customers to make payments. In most cases, it was a financial planner who had detected that a customer was falling victim to a scam. In other cases, a customer was concerned about a potential scam and contacted their financial planner for advice. A small number of SMRs were from financial planners who suspected that their customer was operating a scam.
AUSTRAC also received SMRs indicating that financial planners were suspected of promoting scams to their customers, particularly international investment schemes (12). For example, one bank reported that, based on the advice of a financial planner, a customer was investing their superannuation funds into a highly unusual derivatives product overseas. Another SMR related to suspected embezzlement of customer funds by a financial planner for personal use.
Banks and other financial institutions also reported other types of suspected fraud by financial planners. Some SMRs related to financial planners enabling customers to illegally access their superannuation before they had reached retirement age, particularly through SMSFs. More seriously, AUSTRAC also received an SMR where a financial planner transferred money out of a customer’s SMSF without the customer’s knowledge.
There were also reports of suspected fraud in which the motive of the financial planner was unclear, for example: forging customer signatures in documents; calling financial institutions impersonating the customer; or fraudulently providing employment letters for customers. Some cases involved financial planners having third party authority or power of attorney on customer accounts.
In a concerning trend, criminal intelligence agencies have observed that serious and organised crime groups may be either legally obtaining an AFSL, or claiming to hold one, and using this to promote investment schemes to unwary customers.
There was a low number of reports submitted in relation to suspicions of tax evasion in the financial planning sector, with only 14 SMRs in the sample period. The transaction values reported in SMRs relating to suspected tax evasion were, on average, higher than the values reported in other SMRs.
Although financial planners may not see conclusive evidence of tax evasion, they generally receive a significant amount of financial and personal information about their customers which, in some circumstances, may be sufficient to form a suspicion that the customers are engaged in tax evasion. In such cases, financial planners are required to submit an SMR.
While customers often ask legitimate questions about tax minimisation strategies, financial planners may also see indicators of potential tax evasion; for example, undeclared cash and foreign income, evidence of excessive tax deductions, or suspicious property ownership arrangements. Financial planners should ensure that their services are not being used to facilitate tax evasion, and should be alert to potential high-risk characteristics such as customers that are complex offshore entities, have several layers of corporate and/or nominee shareholders and directors, or are based in offshore jurisdictions.
There were six SMRs in the sample period regarding customers potentially carrying out fraud against the welfare system. These included cases of not declaring income to Centrelink, or continuing to claim a spouse pension after the end of a relationship. This type of detailed personal and financial information is often revealed to financial planners at the initial stages of onboarding a customer.
Financial planners told AUSTRAC that they often informed customers of the need to declare income and change of circumstances to Centrelink; however, financial planners are reminded that suspected welfare fraud by their customers – as an offence against a law of the Commonwealth – should be reported in an SMR to AUSTRAC.
- When completing the SMR form, reporting entities should select ‘Financing of terrorism’ in the suspected offence type field if they suspect any link to terrorism financing, to ensure that the SMR is detected and escalated for priority action.
- ‘Cyber-enabled fraud’ refers to crimes where computers or ICT are an integral part of an offence, such as online identity theft.
- Reporting entities are required to submit SMRs under Section 41(1)(d) when they suspect that the ‘customer’ of a designated service is not the real customer. This may occur when a customer has been the subject of a cyber-enabled fraud, such as email hacking or account hacking.
- Where a fraudster, usually based overseas, pretends to be a prospective companion for a victim in order to receive gifts, money or personal information about the victim.
- Schemes where promoters call or approach potential investors in order to peddle speculative or fraudulent investment opportunities. Often the promoter will use high-pressure tactics and be persistent to promote the scam.