Australia is overhauling its anti-money laundering framework as the Commonwealth Bank of Australia (CBA) refers a suspected $1 billion in potentially fraudulently obtained home loans to authorities, raising concerns across the financial sector about the growing threat of artificial intelligence-enabled loan fraud.
From July 1, 2026, sweeping reforms to the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act will bring new high-risk sectors under the oversight of the Australian Transaction Reports and Analysis Centre (AUSTRAC). The changes, described in a report by Gallagher, introduce an outcomes-focused, risk-based regulatory approach aligned with global standards.
Among the key changes is the expansion of regulated services to include real estate professionals, lawyers, and accountants – sectors previously outside the AML/CTF regime. The reforms also modernise rules governing digital currencies and virtual asset payment technologies.
The CBA case, first raised through the bank’s whistleblower platform in February 2025, involves multiple loans allegedly supported by forged income documents, fabricated tax returns, shell-company structures, and AI-generated payslips and financial statements, according to the Gallagher report.
Dominic Tayco, principal at Thaddeus Martin Consulting, a firm specialising in compliance and governance advisory services for the financial sector, said the incident exposed systemic weaknesses extending beyond a single institution.
“The CBA situation isn’t a single-institution failure,” Tayco said. “It’s a stress test of the entire industry’s verification architecture. We’ve been verifying documents when we should have been verifying people.”
Tayco also warned that non-bank lenders and brokers face heightened exposure under the reformed framework.
“Non-bank lenders and brokers need to understand that AUSTRAC’s data notices to the major lenders will inevitably produce downstream scrutiny of the broker channel,” he said.
“If a fraudulent loan originated through your referral pipeline, the question will be whether your compliance program was designed to detect it. Under the reformed AML/CTF framework, liability extends beyond the front-line entity to anyone with practical influence over a reporting entity, which means holding companies, aggregators, and group structures are now directly in scope.”
He further noted that directors’ and officers’ policies typically exclude cover for fines and penalties arising from regulatory breaches, and that insurers are increasingly likely to scrutinise whether lenders maintain a compliant AML/CTF program.
The Gallagher report drew on guidance published by AUSTRAC on April 2 and April 28, 2026.
In 2025, an alleged organised financial crime group known as the Penthouse Syndicate reportedly defrauded another major lender, National Australia Bank (NAB), of around $150 million. An investigation of the syndicate has since reportedly expanded to include Westpac and ANZ.
