An insider threat refers to more than cybersecurity. It’s when your employee, contractor or board member uses their access to workplace systems, people and information for illegal activities. Insider threats can be malicious, compromised or negligent, but the consequences can be dire, including fraud, theft, espionage or money laundering. 

Individuals involved in insider threats may fall into one of the following categories:

• Malicious Insider: intentionally causes harm for personal motivations.
• Compromised Insider: knowingly, or unknowingly, causes harm (including introducing vulnerabilities) on behalf/direction of an external entity.
• Negligent Insider: inadvertently or accidentally causes harm due to lack of awareness or disregard of policy, protocols and processes.

Insider activity seriously undermines your anti-money laundering and counter-terrorism financing (AML/CTF) program and places your organisation and the broader community at risk. 

Why insider threats matter

Organisations hold large amounts of sensitive customer information that authorised personnel can access. This includes managers, front-line staff and even AML/CTF compliance officers. Malicious and compromised insiders, including criminal networks, may target these personnel to obtain know your customer (KYC) data or financial details, and in some cases employees may sell customer information on the black market. 

For example, in the banking sector insiders can help criminals by accepting fake documents to open new accounts, alter daily transaction thresholds, change customer contact details or order additional bank cards. 

Most people do not join an organisation intending to cause harm and may have no criminal history. But personal circumstances, work-related stressors or other vulnerabilities can change an individual’s risk profile over time. Without strong detection systems, these shifts can go unnoticed. 

AUSTRAC’s Deputy CEO for Regulation Katie Miller emphasises that insider threats often stem from serious governance issues:

“Many insider threats are opportunistic. A person gets into a difficult situation, bends the rules and is not detected. Undetected small breaches lead to larger, more significant breaches. Early intervention is vital.”

All businesses are vulnerable. That’s why it’s important to understand changes to individual risk profiles over time and intervene when needed to address concerning behaviour. 

Strengthen your defences

You can reduce insider threat risks by ensuring your personnel management processes are robust and consistently applied. Make sure you:

• have strong upfront screening criteria that address money laundering and terrorism financing (ML/TF) risks for potential employees and contractors
• include re-screening, either periodically for high-risk roles, or when roles change
• require employees to report changes to their circumstances or any conflicts of interest that may call into question their integrity, for example outside interests and affiliations
• have clear policies on consequence management and enforce them in a consistent manner.

What to do if you identify concerning behaviour

If you observe indicators of insider threat activity, you’ll need to investigate and determine whether to:

• submit a suspicious matter report
• notify police or other appropriate authorities
• review internal control and access permissions. 

Banks may wish to also consider the Australian Banking Association’s Conduct Background Check Protocol to help future employers identify past misconduct if the individual seeks employment elsewhere in the sector.

We have resources to help you strengthen your approach to managing insider threats. See our guidance on:

• personnel due diligence
• outsourcing AML/CTF functions
• AML/CTF risk awareness training