In this section:
The criminal threat environment refers to the extent and nature of ML/TF and the relevant predicate crimes in an industry sector. The superannuation sector is faced with a variety of criminal threats ranging from opportunistic offences to complex crimes using sophisticated tactics and methods. Intelligence agencies have determined that organised crime groups are targeting the superannuation sector in Australia – a view shared by the superannuation funds and industry experts engaged for this risk assessment. Many funds reported significant organised crime attacks in recent years, triggering the need to enhance detection and mitigation strategies. Some funds believed that organised crime groups were moving through the sector to target funds with weak AML/CTF systems and controls.
Superannuation fund trustees reported a variety of suspected criminal offences in their SMRs during the two-year sample period. These have been grouped into three broad categories in the chart below.
Superannuation fund accounts offer a means for criminals to attempt to legitimise the proceeds of crime and integrate this money into the financial system. One fund noted that patient criminals would be willing to ‘park’ the proceeds of crime into their funds to secure long-term capital gains.
In the two-year sample period, 26 SMRs (nine per cent) nominated money laundering or proceeds of crime as the most likely offence. Some common themes included:
- large contributions into superannuation accounts, followed soon after by benefit withdrawal requests
- unusually large and/or regular contributions that did not match the financial profile of the member
- members making a series of structured contributions or withdrawals under $10,000 in an attempt to avoid detection.
One fund was aware that the proceeds of corruption had been deposited into a member account. The fund was cooperating with the relevant authorities in relation to the matter.
Terrorism financing is a small but emerging and serious threat for the superannuation sector, particularly in relation to FTFs. Individuals seeking to travel to a conflict zone as an FTF often use their own money and resources to finance their travel, equipment and activities.
Self-funding can include attempts to access superannuation savings early. There is evidence that some FTFs have rolled over payments from APRA-regulated superannuation funds to SMSFs, with the money ultimately being used for terrorism financing. Fighters may also be supported by family or others in their community who are accessing their superannuation savings legitimately.
In the two-year sample period, 19 SMRs (six per cent) related to potential terrorism financing. These reports were submitted by nine superannuation funds, in relation to amounts worth $259,790 in total. While small in number, some of these SMRs were assessed by AUSTRAC as highly likely to be related to terrorism financing, and referred to law enforcement and national security agencies for further investigation.
Terrorism financing SMRs were most frequently reported as a result of a member’s name appearing in media reports of Australian FTFs or in relation to counter-terrorism operations. In addition to detailing assets currently held (and frozen), some SMRs provided a useful narrative of events which showed attempts to access superannuation by claiming financial hardship provisions.
SMRs from superannuation fund trustees in relation to terrorism financing and FTFs are of significant intelligence value to AUSTRAC and national security partner agencies.
A range of predicate offences for ML/TF were reported by the superannuation sector, accounting for 249 of the SMRs (85 per cent) submitted during the sample period. By far the most significant predicate offence is fraud, (2) including cybercrimes, illegal early releases and falsifying documents. A range of other suspicious matters, including potential tax evasion, unusual account activity, unusually large transfers and unauthorised account transactions, were also reported.
Fraud and cybercrime
Many suspected offences reported by superannuation funds to AUSTRAC – particularly fraud cases – involve some form of cybercrime. Most funds consulted by AUSTRAC saw cybercrime as the single biggest threat they faced, with many funds noticing regular – even daily – hacking attempts. Hacking provides criminals with the data they need to breach the defences that superannuation providers have in place. One large fund noted that cyber-enabled fraud attempts often started with small-scale attempts to find weaknesses in a fund’s procedures and systems. Once a weakness was established, the fund was subject to ‘mass waves of attack’ from a number of fraudsters.
It is AUSTRAC’s assessment that organised crime groups are conducting sophisticated online attacks on superannuation funds, and are likely to continue seeking out weaknesses and vulnerabilities in the sector. Although most criminal activity in the superannuation sector is based domestically, there has been involvement by foreign criminal entities in the cyber domain.
Criminals engaged in cybercrime activities in the superannuation sector use a range of methods and techniques, including:
- accessing members’ emails and social media accounts to obtain personal information to satisfy identity checks and access members’ superannuation accounts
- hacking into members’ superannuation accounts to change contact and payment details, then waiting before trying to move money, to avoid detection by the fund
- using social media to determine when a member leaves the country (and is therefore unlikely to be monitoring their account) to make changes to a member’s superannuation account
- using the bank account of an unwitting third party to transfer money stolen from a member’s superannuation fund into the hands of overseas-based criminals.
Complex criminal activity targeting a superannuation account
The following example was provided by a superannuation fund that experienced a significant cyber enabled fraud attack on a post-preservation account.
An overseas-based organised crime group hacked into a fund member’s home computer and had access to all personal details, emails, banking details, travel plans and other information. It also monitored transactions from the individual’s superannuation fund.
When the member went overseas for a holiday, the crime group made an online request from the member’s email address for a variation of payment, and diverted the member’s Australian phone number to an overseas number. The request was made soon after the fund had created a new online functionality for members to change their payment amounts and the frequency of payments.
The online request triggered the fund’s ‘member call back’ control mechanism to verify that the member had made the request. When the fund’s call centre staff called the member, the phone displayed the member’s Australian home telephone, so they did not realise that they had called an overseas phone number.
The fraudster was able to impersonate the member and pass the customer verification procedures. The fraudster made changes to the payment amount stating that they required a one-off lump sum payment and would then revert to the normal pattern of payments. The one-off lump sum payment was subsequently made to the member’s bank account.
Before the criminal group could arrange for the money to be sent offshore, the member became aware of unusual transactions and changes to their bank account and called the superannuation fund. Fortunately, the lump sum payment was frozen in their bank account and the member did not lose their savings. The fund worked closely with the state police on the investigation of the attempted theft.
Fraud - illegal early release
Attempts to gain illegal early release (3) of superannuation was commonly cited by funds in discussion with AUSTRAC as a significant threat, and was one of the most common issues described in SMRs from the sector. Many funds reported receiving requests to rollover funds into SMSFs to secure illegal early release.
Many SMRs related to members attempting to make multiple claims of financial hardship, in violation of provisions that limit the amount that can be released before preservation age to $10,000 per annum. Funds observed members withdrawing the maximum amount from their fund, then rolling over the remaining balance into a new fund and submitting a new request for early release. The requirement to action rollover requests within three days adds an additional vulnerability, as it limits the extent to which funds can identify potentially suspicious behaviour.
Further information on illegal early release and illegal superannuation schemes can be found on the ATO website.
Many SMRs were in relation to falsified or altered documentation, either by a member to support a fraudulent claim, or by an agent attempting to gain unlawful access to member accounts.
Some common tactics observed in cases of falsified documents included:
- falsified or altered letters purportedly from the Department of Human Services (DHS) in support of financial hardship claims
- falsified birth certificates in attempts to gain early access to superannuation
- falsified death certificates in attempts to illegally gain access to superannuation
- use of the same Justice of the Peace to certify false documents for different members, suggesting the involvement of a scheme promoter.
Some SMRs described criminals’ use of falsified identity documents – including fake certification details – to satisfy proof of identity. The criminal would then change the contact details for the member (such as their email address), and request a withdrawal. In several cases, the fund only learned of the fraud after being contacted by the member when they enquired about the withdrawal. Investigation proved these identity documents were forgeries.
One fund observed that when they receive a potentially fraudulent application form for a new member, there are often anomalies with how the applicant established the account. For example, over a brief period they may apply to create several accounts, often with the same or similar name and date of birth details.
Based on SMRs submitted to AUSTRAC, superannuation funds do not appear to be a significant vehicle for tax evasion. Nineteen SMRs (six per cent) in the sample period were submitted relating to suspected tax evasion offences, with some relating to money laundering offences.
The most common grounds for suspicion in these reports were:
- a member was conducting business activities that they were not reporting to the ATO
- unusual account activity, such as a member making large deposits over a short period, suggesting tax avoidance
- members and/or their agents attempting to misrepresent information, such as evidence of their date of birth, to gain a tax advantage.
- Many predicate offences create proceeds of crime. When proceeds of crime are transferred to or from a member’s account, the criminal is effectively engaging in money laundering. Reporting entities often report the predicate crime in the SMR rather than ML, which is appropriate. This is likely to partially explain the smaller number of SMRs that specify ML as the primary suspected offence.
- Superannuation can only be released before preservation age in limited circumstances, including financial hardship, compassionate grounds, death benefit payments, total and permanent disablement, income protection and trauma payments.