Australia's banking sector is confronting an evolving fraud issue of significant scale.

Over the past twelve months, numerous banks have been impacted by mortgage and lending fraud potentially extending into the hundreds of millions of dollars. In one publicly reported case, the NSW Crime Commission recently seized $60 million in property, cars, and luxury goods linked to alleged perpetrators.

In addition to law enforcement, the Australian Securities and Investments Commission (ASIC) and the Australian Transaction Reports and Analysis Centre (AUSTRAC) are also investigating, with ASIC Chair Joe Longo linking mortgage fraud as a predicate crime with the downstream issue of money laundering, describing it as 'a real emerging issue' for banks. The scale and sophistication, and the apparent utilisation of artificial intelligence (AI) demands attention.

How the frauds were reportedly perpetrated

Across reported cases, those involved employed several overlapping techniques, often in combination, including:

• Use of stolen identities and shell company structures.
• Ghost assets, where loans were applied for to purchase luxury vehicles that did not exist.
• Involvement of complicit accountants and brokers who received referral commissions.
• Facilitation by a malicious insider, helping perpetrators circumvent review and approval processes.
• AI-generated and digitally altered documents, including loan applications containing fabricated pay slips, income statements and tax returns with inflated figures.

All publicly reported cases deal with fraud, and although there is commonality in modus operandi, the end goal for perpetrators can diverge significantly between secured and unsecured lending. In the former, loans are typically obtained for real estate, providing money launderers with a 'widely-exploited asset type… due to the market stability and value appreciation’. In these cases, it's possible to see substantial deposits along with debt being serviced in a timely and unobtrusive fashion. In this regard, unidentified money launders give the perception of being good customers.

By contrast, unsecured loans are more susceptible to theft and direct financial loss. Funds are secured and in time perpetrators vanish leaving a trail of stolen identify credentials and loan defaults.

How the frauds were reportedly identified

How respective cases were uncovered is critical for banks in determining the extent to which they may have similar issues, along with how to better insulate their processes from exploitation in future. As is common with most fraud types, identification is reported as having occurred through a combination of methods which may have proved insufficient in isolation:

• Whistleblowers, reinforcing the importance of providing mechanisms for employees to speak up which are perceived as secure and effective. Recent cases indicate disclosures were made directly to regulators and law enforcement in addition to those made via internal reporting mechanisms.
• Internal reviews or "deep dives" of respective loan books, which have proved to be an invaluable, systematic approach. A key feature of reviews has been looking for patterns, outliers and potential red flags which vary based on whether loans have been originated in house or via brokers or introducers.
• Ongoing detection activities leveraging multifaceted data inputs and increasingly sophisticated analytical methodologies.

What banks are doing now

Banks should continue to consider the following activities in assessing whether similar issues exist within their portfolios:

• Conduct an insider risk assessment, examining access rights, approval patterns, and relationships between lending staff and third parties.
• Commission a targeted loan book review, with priority given to loans originated through fast-track or reduced-scrutiny approval pathways, loans introduced via third-party brokers or introducers, and applications where income documentation is inconsistent with other financial data.
• Analyse default and arrears patterns for clustering by broker, introducer, postcode, or employer – a cluster of defaults sharing common characteristics may indicate coordinated activity via a syndicate.
• Review whistleblower reports. Confirm that internal reporting channels are active and accessible, and also review any complaints received in recent months touching on broker conduct, document verification, or serviceability.
• Assess whether existing documentation verification tools are capable of detecting AI-generated or digitally altered submissions.

What banks can do to reduce risk going forward

The increased spate of mortgage fraud impacting Australia's banking sector is unlikely to represent a series of isolated incidents, so industry collaboration will be critical in mitigating the risk. In addition to ongoing engagement with AUSTRAC, some key areas to focus investment, resources and systemic uplift include:

• Being fully compliant with the expanded anti-money laundering and counter-terrorism financing (AML/CTF) reforms that place greater emphasis on risk assessment and managing for high-risk customers and products that are susceptible to money laundering.
• Reassess whether current incentive and governance frameworks for bankers appropriately weight compliance relative to commercial performance and imbed necessary checks and balances to deter exploitation.
• Overhaul third party oversight including greater due diligence, review and audit as part of ongoing monitoring of brokers and introducers to ensure governance breakdowns within external networks carry the same legal and reputational consequences as failures within a bank's own workforce.
• Strengthening document verification technology, including tools capable of interrogating AI-generated content including visual design, underlying metadata and cross referencing with other applications and trusted data sources. Loan documents that show signs of tampering and fabrication will continue to rise.
• Continue to invest in intelligence sharing initiatives through existing groups such as AUSTRAC's Fintel Alliance and around evolving reporting requirements for scams.

Recent frauds have shown the impact of a malicious insider can be significant, but implementation of an effective insider threat program takes time, coordination and care. Banks should ensure relevant functions including human resources, technology, cyber, investigations and risk and compliance are working together in a targeted fashion. A stronger defence will undoubtedly stem from a coordinated team effort.

Reach out at any time to discuss how we can support your organisation in responding to these risks.