Senior financial crime leaders warn that while threats are increasingly global and sophisticated, domestic regulatory frameworks and information-sharing mechanisms are failing to keep pace.

Australian financial crime executives have expressed concerns that they are being left to fight a rising tide of sophisticated, offshore-originated financial crime with one hand tied behind their backs, citing slow regulatory reform, a lack of clear guidance, and persistent hurdles to effective information sharing.

At a private executive breakfast roundtable in Sydney hosted by Regulation Asia and NICE Actimize, senior leaders from domestic and foreign banks in Australia painted a picture of an industry grappling with threats that are increasingly structured and orchestrated beyond Australia’s borders.

The discussion revealed a deep frustration that while the nature of risk has fundamentally changed, the domestic response remains fragmented and slow. Participants described a landscape where transaction-level monitoring is no longer sufficient to combat cross-border scam ecosystems, organised mule networks, and complex sanctions evasion schemes.

The consensus was that while the industry possesses a strong will to collaborate, it is being hampered by a regulatory environment that is creating uncertainty and holding institutions accountable for risks they cannot effectively mitigate alone.

The scams conundrum

A dominant theme of the discussion was the escalating challenge of authorised push payment (APP) fraud and the industry’s apprehension about the forthcoming Scams Prevention Framework (SPF).

A senior fraud risk executive from a major bank described the sheer volume of scam-related cases and alerts as a primary challenge, questioning the industry's ability to "consistently apply the level of compliance, investigation, and assessment" required.

There was sharp criticism of the government’s proposed sequencing for the new framework. A head of fraud risk management at another bank labelled the approach "absolutely the wrong way around", pointing out that the most critical part of the ecosystem approach – placing obligations on digital platforms and telcos where scams often originate – is proposed to be delayed until late 2027.

"The banks are going to take the entire exposure," the executive stated, explaining that from March, a recipient bank could be "on the hook for 100% of it". This was described as a "very unsatisfactory position" when the primary goal should be prevention at the source.

The role of the Australian Financial Complaints Authority (AFCA) was also highlighted as a point of concern. One participant argued that AFCA might be "under-prepared" for the surge in cases expected under the new rules and has a history of "regulatory drift" with a very broad scope in determining cases.

While there was praise for the industry’s collegiality in the fraud and scams space, a representative from a smaller bank highlighted the challenge of competing on a level playing field.

"For small banks, especially, and in the regulatory environment that's coming, it's nearly impossible to compete," she said, noting the immense cost of implementing the multiple layers of control needed to combat automated, AI-driven scam ecosystems. She argued that this creates a competitive disadvantage and a concentration of risk among smaller players.

Information sharing impasse

The discussion repeatedly returned to the critical issue of information sharing. While participants welcomed recent legislative changes intended to permit greater sharing of suspicious matter information between institutions, some expressed frustration at the lack of progress in making it operational.

"The government has been so slow," said a senior AML/CTF executive from a major domestic bank. "We've asked AUSTRAC for this... [but] we haven't got anything drafted for the regulations about how it's meant to be operated, or the guardrails," she said, describing the delay as "so disappointing" and a significant roadblock to building a united front against global criminal syndicates.

Another senior leader warned that the lack of clear guidance could lead to the effort being "legalised into the ground", with different legal interpretations across institutions creating an unstable and unusable infrastructure.

"Even if we did come up with an interbank mechanism for sharing on the AML side... you're going to get four different legal views," he said. "And that's why we need the regulator in there."

The challenge is particularly acute for foreign bank branches operating in Australia. A chief compliance officer from an international bank explained the difficulty of justifying investment in new systems to a head office when the local rules are unclear.

"The goalpost keeps on moving," he said. "If the law is there, then yes, absolutely... but it's not there yet." This regulatory uncertainty makes it difficult to secure resources and adapt to the Australian context, especially when head offices question why "only Australia" needs a particular system change.

Himanshu Upadhyaya, Head of Sales APAC  for NICE Actimize, framed collaboration as a key global driver in financial crime prevention, highlighting the need for effective partnerships between financial institutions, government agencies, and telcos.

The roundtable participants suggested that in Australia, the legislative foundation for this collaboration remains a framework without a functional structure.

Convergence and capability

Another recurring point raised during the discussion was the convergence of financial crime typologies. One senior executive from a major domestic bank stated, "You cannot tackle things now just thinking, 'I'm going to deal with fraud, I'm going to deal with AML'... It doesn't work that way. You have to move back to the originating signal."

This convergence is testing the limits of legacy systems and siloed operational teams. Sanctions circumvention was raised as a prime example of an "upstream" threat that requires a more sophisticated response.

A head of financial crime risk explained that the focus is shifting from simple screening to detecting sanctions evasion typologies, which requires visibility into customers' supply chains to identify dual-use goods ending up in conflict zones.

Mule activity was identified as a key risk sitting at the intersection of fraud and AML, often orchestrated by persistent, professional networks operating across borders.

In this environment, technology like AI is seen as a double-edged sword. While criminals are leveraging AI to automate and scale their attacks, banks are finding adoption to be a complex journey.

"AI is not going to solve for the immediate problem," said a fraud executive. He estimated that it could be five years before AI can handle the majority of investigation and assessment tasks.

In addition, implementing advanced AI does not simply reduce workload; it changes it. An executive with experience implementing dynamic customer assessment at a global bank explained that while AI reduced simple transaction alerts by 60%, it increased the number of complex investigations requiring higher-skilled analysts.

"You're losing your lower-value operators but you have to invest in your higher-value investigators," he said, adding that there are "only so many good, high-quality investigators in the market."

Institutional and non-bank risks

While much of the public and regulatory focus has been on retail scams, participants warned that significant risks lie in the institutional and non-bank sectors. One participant cautioned that business email compromise (BEC) is a major, under-discussed threat.

Under the new AFCA framework, a corporate client could pursue both the sending and receiving banks for losses, which can be substantial.

The discussion also highlighted deep-seated vulnerabilities in the Designated Non-Financial Businesses and Professions (DNFBP) sector. A compliance head from a registered clubs group described a culture where basic AML concepts are poorly understood.

He spoke of educating board members on the basics of enterprise risk management and seeing vanilla, ineffective compliance programmes in place. While his firm banks with major financial institutions, he said there is little scrutiny or compliance support cascading down from the banks to the clubs sector, which he described as a "hot spot" for financial crime and a place where large amounts of cash are processed daily.

He added that this illustrates a critical gap in Australia’s financial crime framework, where banks have limited ability to enforce standards on customers who may be entry points for illicit funds.

Despite the significant regulatory, operational, and technological challenges facing Australia’s financial crime ecosystem, the discussion made clear that the industry is united in its commitment to protecting customers and strengthen national resilience.

The growing collaboration between banks, government agencies, and technology partners signals a maturing landscape – one where shared intelligence, modernised frameworks, and emerging capabilities like advanced analytics and AI will increasingly shift the balance back in favour of defenders.

While the path ahead requires clearer regulation and more cohesive structures, the collective expertise, innovation, and determination displayed across the sector offer genuine hope that Australia can build a more secure, connected, and future‑ready financial crime prevention framework.

 --

Disclosure: This roundtable and article were produced by Regulation Asia in collaboration with NICE Actimize, a global provider of financial crime, risk, and compliance solutions for regional and global financial institutions, as well as regulators.