This product has already been purchased.
Scams and fraud are no longer peripheral risks for organisations. They are now a constant feature of the Australian business environment, evolving in sophistication, scale and impact, and demanding sustained attention at board level.
Presented by BDO
Advances in technology, global connectivity and social engineering tactics have transformed how financial crime (fincrime) occurs. Once episodic events are now persistent operational risks, capable of material financial loss and rapid reputational damage.
Australia’s regulatory response has evolved accordingly. A Scams Prevention Framework (SPF) and an enhanced anti‑money‑laundering regime will come into force this year, while the privacy regulator has intensified enforcement activity with stronger penalties.
For directors, the challenge extends beyond preventing financial loss. The central question is whether organisations can identify emerging risks early, respond decisively, and contain issues before they escalate into regulatory, reputational or governance failures.
Fincrime is evolving, so must your approach
Recent analysis by BDO’s Forensic Services team reinforces that fincrime remains an evolving organisational risk. Increasingly, incidents do not stem from isolated wrongdoing or external system breaches. Instead, they are emerging through perversion of legitimate business processes and core operations, exposing boards to financial, regulatory and reputational consequences. Fincrime is also becoming easier to perpetrate, particularly with the increasing use of AI.
“We’re seeing scams embedded within routine processes like payments, procurement, payroll and other people‑related workflows,” says Conor McGarrity, Partner, Forensic Services at BDO in Australia. These are areas already subject to board oversight, raising governance implications if controls fail.
Many breaches aren’t sophisticated. They exploit human judgement by leveraging perceived authority, familiarity and time pressure to prompt quick decisions that bypass established controls, closely mirroring behavioural tactics seen in internal fraud.
AI is further blurring the boundaries between scam activity and traditional fraud risk. Deepfake impersonations, voice cloning and AI‑generated phishing emails are increasing the scale, speed and perceived credibility of attacks.
Increased threat sophistication plus heightened regulatory scrutiny, means directors must understand if controls exist and are effective in practice.
.jpg)
Fincrime is a board-level risk
Fincrime risks increasingly arise in areas already subject to board oversight. The issue now is whether governance settings, reporting and escalation mechanisms provide sufficient visibility before the impact becomes irrecoverable.
McGarrity says this raises several key governance questions for boards:
- Do responsible teams have sufficient time and resources to respond to an evolving, AI‑enabled risk landscape?
- Do internal capabilities across finance, HR, IT and risk functions have the skills and judgement to manage these risks?
Are employees empowered to challenge unusual requests, even if appearing to come from leadership?- Does the board have visibility over attempted frauds, near‑misses and emerging patterns?
Viewed this way, fincrime awareness becomes a marker of organisational risk maturity and effective governance, rather than a siloed compliance issue.
From awareness to action
Board awareness of this heightened risk environment must be treated as a business imperative. Organisations should ensure their approach to fincrime risk is proportionate to their operating model, risk profile and regulatory obligations. This is particularly relevant for financial services organisations, which face a wave of new regulatory requirements this year.
Practical guidance is available, but its effectiveness depends on active board endorsement and reinforcement.
“ASIC’s Stop. Check. Protect. framework provides a useful reference point,” says McGarrity, “but its impact depends on how well it is embedded into organisational culture.”
Boards should ensure their organisations use the framework to:
- Stop. Give employees permission to slow down decision making if something doesn’t feel right.
- Check. Apply practical, independent and consistent verification processes.
- Protect. Ensure employees know how and where to escalate concerns quickly when fincrime is suspected.
The challenge for directors is ensuring these behaviours are supported, even when they introduce friction into fast‑moving or customer‑focused environments. This requires a clear tone from the top and reporting that enables boards to monitor emerging risks, not just historical losses.
To learn more about how BDO can support your organisation in managing fincrime risk, contact one of our forensic experts.
Latest news
Already a member?
Login to view this content