Financial crime in Superannuation: the risk is real

Share

Superannuation is a long-term investment and has strict restrictions on when funds can be accessed. Therefore, the risk of crime in the superannuation industry has historically been considered low. However, an amplified criminal threat, increased activity and a considerable number of vulnerabilities have required the industry to start thinking “outside the box” to manage the risk of financial crime. 

Over the last few years, the superannuation industry has become an attractive and lucrative target for both individual and organised crime groups. Criminals have started to target the superannuation industry not just to obtain members’ monies, but also to obtain personal information that they can then use to commit other crimes, such as selling an identity. 

Some of the factors contributing to the heightened risk that the super industry is facing include: 

  • High value of assets and low member engagement. 
  • Member accounts are generally opened by employers, and sometimes, super funds are provided with limited or inaccurate information at account set-up.  
  • In most cases, unlimited access to funds is granted once a condition of release is met. 
  • Low capability to respond to cyber-attacks. 

There is a range of methods and techniques used by criminals targeting the superannuation sector, such as identity theft, account compromise/takeover/staging accounts, fraudulent financial hardship or fraudulent insurance claims, collusion, early release scams and phishing/smishing/vishing attacks on members and employees.

Criminal attacks are becoming more sophisticated, and we are seeing identity and account takeovers happening over a longer period in an attempt to avoid detection. They will commonly use a combination of channels, such as online, paper, phone and email, to avoid raising any red flags, and to test which channels may be more vulnerable than others. Once the member’s account has been taken over, funds can be fraudulently accessed and additional information about the member gathered. 

There is no failsafe method to prevent financial crime; however, it is imperative to work collaboratively with other likeminded organisations in the industry to protect our members and the wider Australian community. This way we can be on the front foot of emerging crime trends.  

Some of the trends to be aware of are: 

  Phishing messages are becoming more sophisticated and realistic. Criminals are using bots and machine learning capabilities to carry out attacks so they are harder to detect. Messages are often tailored to be contextually relevant to the target, making them more believable. 
  Ransomware attacks are now not just targeted at organisations but also at individuals. Commonly, the criminal will email a member or employee guessing the login details of that person’s superannuation fund, usually being correct, and extort money or information from them. 
  There has also been an upward trend in scams involving fake news via SMS, email and social media. These tend to exploit emotions rather than rationale, rendering people less sceptical and therefore more likely to buy into the scam. 
  Hacking of email accounts and emails sent out pretending to be the account holder is also on the increase. This has seen cases of criminals requesting instructions from banks and superannuation funds for transfer of funds to their bank accounts. 

There can be devastating financial and emotional consequences for people affected by financial crime. The recent Optus, Medibank and other cyber security breaches has shown us some of the implications of what criminals can achieve with compromised personal information.  It is therefore crucial that the industry works collaboratively to detect, prevent and respond to criminal activity.  

The Australian Transaction Reports and Analysis Centre (AUSTRAC) is the Australian Government agency responsible for detecting, deterring and disrupting criminal abuse of the financial system. AUSTRAC has recently released a Super Sector Threat Update, which notes a significant change in offending behaviour from targeting member money to targeting the data held by superannuation Trustees. AUSTRAC considers the following to be the key fraud risks that are emerging in the superannuation industry, calling out that these are enabled by technological and legislative changes: 

  • Data as a commodity 
  • Family fraud 
  • Elder abuse 
  • Domestic violence 
  • Merger activity  
  • Stapling 

The superannuation industry continues to work with AUSTRAC and other industry bodies to sustainably address the current and emerging financial crime risks. The risk of financial crime in superannuation is here to stay and expected to fluctuate and evolve over time. As such, the management of this risk needs to be dynamic, adaptable and through the lens of the changing threat landscape.  

The risk is certainly real!

——

Marlene Sadhai is a Certified Fraud Examiner and member of the Association of Certified Fraud Examiners (ACFE) with over 25 years of experience in financial services. She is actively involved with other organisations in the superannuation industry in leading financial crime disruption and is currently the Fraud and AML Officer at Aware Super.