Data breaches are becoming more common. Where they involve personal information, data breaches increase the risk of identity crime, fraud and cyber-enabled crime.

We have released guidance to help you:

• understand your anti-money laundering and counter-terrorism financing (AML/CTF) obligations when it comes to data breaches 
• protect your business and customers from the heightened money laundering and terrorism financing (ML/TF) risks that can arise from data breaches
• identify potential indicators of identity crime, fraud and cyber-enabled crime.

The guidance applies to you if your business has been:

• directly subject to a data breach
• impacted by an external data breach that affects your customers or services.

Read the data breach guidance

This guidance highlights the importance of:

• reviewing your risk assessment and systems and controls to make sure they reflect the ML/TF risks arising from a data breach
• identifying, mitigating and managing your ongoing customer risks, paying particular attention to potential indicators for identity crime, fraud and cyber-enabled crime
• reporting any data breach appropriately. 

We encourage all reporting entities to:

• read the guidance
• make sure you are taking all necessary steps to protect your business and the broader community from the impacts of data breaches.