We’ve created suspicious activity indicators for non-bank lenders and financiers to help you identify potential money laundering, terrorism financing, proliferation financing and other serious criminal activities.

On this page

These indicators can inform your transaction monitoring alerts that trigger further review. To complement these indicators, you must also ensure your transaction monitoring systems alert you to unusual, large or complex transactions or patterns of transactions. 

This indicators list isn’t exhaustive. You should consider other indicators specific to your business’s individual risk profile and circumstances. 

Customer identification and behaviour

Read our list of suspicious activity indicators for customer identification and behaviour.

Customer identification indicators

A customer:

  • whose identification document cannot be authenticated
  • provides identification information that’s false, misleading, vague or cannot be verified
  • refuses or is reluctant to provide identification information or documents
  • has inconsistencies in information across different identification documents
  • has sources of wealth or sources of funds that are unexplained or inconsistent with their profile
  • is overly secretive about their source of wealth or funds or has difficulty providing evidence of their source of wealth or funds
  • appears to be known to law enforcement or associates with criminals, based on open-source information.

Customer behaviour indicators

A customer:

  • makes an unusual enquiry to staff about whether they report to government authorities. For example, AUSTRAC, the Australian Taxation Office or law enforcement agencies
  • requests that their transaction isn’t reported to AUSTRAC
  • appears nervous, overly defensive when asked questions, evasive or leaves without the service being provided. For example, they don’t want to proceed if they have to provide ID
  • is the subject of law enforcement enquiries, or their activity is
  • appears nervous, overly defensive or evasive when questioned
  • appears to be directed by a third party, or makes a transaction in a branch while accompanied, overseen or directed by a third party.

Money laundering

Read our list of suspicious activity indicators for money laundering. 

 

Money laundering indicators

A customer:

  • has unusual transaction patterns or frequency of transactions. For example, multiple payers make loan repayments, or payments are sent to or received from foreign jurisdictions to which the customer doesn’t have an obvious link (for example, no known family, friends or business relationships)
  • applies for loans, or makes early loan payouts or large value loan repayments, that are inconsistent with their profile, or with no reason provided
  • makes rapid transactions in and out of offset or loan accounts
  • transfers goods or funds internationally without a clear reason
  • has incoming payments that are inconsistent with their profile
  • makes large value deposits into their account over a short period
  • uses cash repayment options excessively or unexpectedly, inconsistent with their profile. For example, an individual customer changes from direct debit to frequent small cash repayments, or a small business customer changes from electronic payments to large cash repayments
  • makes regular or frequent structured cash payments
  • makes or receives rapid transfers to or from third parties
  • receives deposits from unknown parties, foreign jurisdictions, different domestic locations or via cheques in the name of unrelated parties.

Actions and controls 

You should:

  • implement transaction monitoring rules which identify changes in customer transaction patterns or activities that may be inconsistent with a customer’s risk profile
  • review the customer’s know your customer (KYC) information and conduct screening on a regular and ongoing basis
  • establish and verify customer business relationships and source of funds or wealth
  • conduct enhanced customer due diligence on high-risk customers and to query unusual activity
  • consider refusing to continue providing designated services where the risk is deemed in excess of your business’ established risk appetite
  • restrict the extent of cash deposits to repay loans.

Tax crimes, fraud and scams

TRead our suspicious activity indicators for tax crimes, fraud and scams.

Tax evasion indicators 

A customer:

  • is unable to provide sufficient documentation to verify information provided in their applications
  • whose business appears to be running at a loss but is potentially concealing cash income
  • provides information on their application that indicates they work full time for cash payments, but they also receive government benefits
  • claims to have no or very limited expenditure for living expenses and works cash-in-hand jobs.

Actions and controls 

You should:

  • apply transaction monitoring rules to customer accounts and transactions that trigger further reviews of unusual activity
  • undertake credit checks and review loan and financial history
  • collect customer occupation and payslips at onboarding, then undertake open-source checks to understand their occupation’s typical financial profile
  • request and assess additional information regarding business or asset structures, registration, financial status and links to overseas contacts.

Identity and loan fraud indicators 

A customer:

  • provides identification or loan supporting documents that appear to be falsified. For example, the company or employer listed doesn’t exist, or there is unusual or missing letterhead, inconsistent use of fonts etc.
  • applies for multiple loans, credit cards, or finance products within a short period of time
  • whose first payment defaults
  • has inconsistent or invalid personal details. For example, disconnected mobile numbers or multiple IP addresses
  • immediately transfers funds from a newly-opened account to cryptocurrency exchanges, particularly to peer-to-peer cryptocurrency networks.

Other indicators include:

  • multiple customers use common details across numerous applications. For example, ID numbers, address, phone number, other contact details, IP address, customer photograph, etc.
  • brokers or third-party providers have a significant increase in the number of customer applications.

Actions and controls 

You should:

  • monitor or prevent the creation of customer profiles with existing customer details. A new customer attempting to do this should be required to visit a branch or third-party broker to conduct identity verification. This prevents fraudsters from creating multiple profiles with a single set of identity details.
  • implement processes to verify customer information. For example, by contacting the customer’s employer or using open-source information to verify the legitimacy of the employer. Consider implementing procedures such as:
    • electronic verification of identity documents
    • verification of supporting documents
    • verification of contact details
    • video call authentication of the customer.
  • conduct inhouse customer identification and verification processes where customers have been referred via a third party or broker
  • implement appropriate procedures to conduct additional due diligence where unusual broker activity has been identified
  • implement alerts to detect frequent changes to contact details, blacklisted identification and similarities to previous fraudulent applications.

Welfare fraud indicators

A customer:

  • has transactions that are inconsistent with the typical profile of someone receiving government benefits. For example, higher volume or higher amount of transactions
  • provides information on the loan application that’s inconsistent with the corresponding government benefit income statement. For example, income, marital status, home ownership, rental payments, employment status, number of dependants, etc.
  • receives government benefits without withdrawing the funds, possibly indicating they may have access to other undeclared sources of income
  • is subject to enquiries from Australian Government departments responsible for social welfare and human services activities. 

Actions and controls 

You should:

  • request government benefit income statements to support loan applications
  • conduct transaction monitoring to identify changes in customer transaction patterns. For example, activities that may indicate possible undeclared income or unusual activity
  • request and assess additional information where account activity is inconsistent with the customer profile.  This includes receipt of welfare support, links to unidentified third parties or rapid transactions.

Scam indicators

A customer:

  • changes their details immediately following loan, credit card or financing approval. For example, change of residential address, frequent changes to customer phone number
  • has online activity that’s inconsistent with their history or profile. For example, rapid change in customer’s geographic location, registration of new devices, deregistration of previous device, deposits or withdrawals in different jurisdictions
  • reports that they’re a victim of a scam, or there’s a notification of scam activity on the customer’s account, such as from another financial institution.

Actions and controls 

You should:

  • conduct re-identification and re-verification to confirm the identity of loan applicants where their activity is inconsistent with the customer profile, or following notification of potential scam activity
  • suspend the business relationship or close accounts related to reported scams
  • request and assess additional information where account activity is inconsistent with the customer profile. For example, links to unidentified third parties, deposits from unexpected foreign jurisdictions or domestic locations or use of multiple currencies.

Terrorism, national security and international crime

Read our suspicious activity indicators for terrorism, national security and international crime.

Terrorism financing indicators

A customer:

  • uses loan drawdown facilities for small amounts citing the reason for withdrawal as ‘support payments’
  • makes donations to small charities linked to extremist ideologies.

Open-source information indicates a customer:

  • has links to terrorist groups or terrorism activities
  • displays extremist ideologies. For example, social, political, environmental etc.

Actions and controls 

You should:

  • conduct searches for open-source information on customers, their associates or organisations to determine any associations or affiliations to terrorism. This may include reviewing social media accounts held by the customer
  • screen customers against the Department of Foreign Affairs and Trade (DFAT) Consolidated List for known terrorists and sanctioned entities, the Terrorist Organisations list on the Australian National Security website, or other watch lists available from commercial providers
  • be aware of entities, regions and countries known to be at high-risk of terrorism activities.

Proliferation financing indicators

Proliferation financing is when a person makes available an asset, provides a financial service or conducts a financial transaction that’s intended to facilitate the proliferation of weapons of mass destruction, regardless of whether the activity occurs or is attempted. 

A customer:

  • is matched through screening against an Australian or international sanctions list
  • transacts through countries of proliferation financing concern
  • enquires about due diligence processes when transacting with individuals, networks, companies or countries of proliferation concern
  • uses complex company or trust structures to obscure the source and beneficial ownership of funds
  • conducts business in dual use goods (goods suitable for both civilian and military purposes) listed on the Defence and Strategic Goods List
  • trades in goods which are labelled with incorrect Australian Harmonized Export Commodity Classification (AHECC) code, exports classifications or description
  • undertakes trade using unusual routes or transhipment points
  • trades in dual use goods without a clear end use or end user
  • is connected to industries with higher proliferation financing risks. This includes but is not limited to those identified in Australia’s proliferation financing national risk assessments and the Australian Sanctions Office advisory note on sanctions and proliferation financing.

Corporations:

  • share directors and management, addresses, emails, phone numbers and financial infrastructure with other entities in their networks
  • obscure their identities and activities by:
    • using aliases and using alternate spellings or versions of company names
    • using subsidiaries or branches
    • using third-country nationals in corporate ownership structures
    • registering in jurisdictions with opaque corporate registers where information on ultimate beneficial ownership isn’t easily accessible.

Actions and controls 

You should:

  • screen customers against the DFAT Consolidated List for known terrorists and sanctioned entities
  • train staff on proliferation financing indicators and how to escalate matters
  • conduct further identification and verification processes in relation to customers who are corporations, including cross-checking for corporations sharing details with other entities. 

Suspicious matter reporting

If you suspect on reasonable grounds that a customer or a transaction involving your customer is linked to a crime, submit a suspicious matter report (SMR) to us within the required timeframes. This includes where you suspect on reasonable grounds that a person:

  • is committing a crime
  • isn’t who they claim to be
  • could be the victim of a crime.

On their own, one of these indicators may not suggest suspicious activity. If you’re unsure whether there are reasonable grounds for a suspicion, you should conduct further monitoring and examination. This may include applying enhanced customer due diligence (ECDD) measures. 

For more information on complying with your reporting obligations, see our suspicious matter reporting reference guide and suspicious matter reporting checklist.

This guidance sets out how we interpret the Act, along with associated Rules and regulations. Australian courts are ultimately responsible for interpreting these laws and determining if any provisions of these laws are contravened. 

The examples and scenarios in this guidance are meant to help explain our interpretation of these laws. They’re not exhaustive or meant to cover every possible scenario.

This guidance provides general information and isn't a substitute for legal advice. This guidance avoids legal language wherever possible and it might include generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances must be taken into account when determining how the law applies to you.

Last updated: 5 Feb 2026
Page ID: 1107

Was this page helpful?

Please note that feedback you provide here will be used only for the purpose of improving our website. If you have a specific question about your AML/CTF obligations, please contact us.