Good morning everyone,
And thank you for the opportunity to open this conference for the Financial Integrity Hub.
It’s wonderful seeing these many leaders from across banking, fintech, academia, law enforcement, and major industry gathered in one place.
Let me start with the reality we’re dealing with in Australia.
Financial crime is not a peripheral issue. It is not abstract. And it is not static.
It is a multi-billion-dollar threat to our economy, to our institutions, and to our national security.
Whether it’s money laundering, fraud, scams, exploitation, or serious organised crime — these harms are enabled by the movement of illicit funds.
And those funds move through systems that all of us in this room help to design, operate, regulate, or study.
That’s an uncomfortable truth.
Another uncomfortable truth is how many people benefit from illicit funds. Take illegal tobacco trade. Certainly, organised crime benefits, but so do hundreds of landlords renting their stores, utility companies that are taking their bills, even soft drink companies that are selling their goods out of these stores. They are all profiting indirectly from crime and often turning a blind eye to it. That should concern us all.
But what’s changed, and what is continuing to change, is the nature of the threat.
Criminal networks today are highly adaptive, entrepreneurial, and increasingly technologically capable.
They are not waiting for us to catch up.
They are innovating in real time.
Take, for example, the rapid emergence of crypto ATMs.
A few years ago, they were almost non-existent in Australia.
Today, they represent a growing channel for moving value.
They pose a major risk in combining the factors of cash, digital currency and the ability to move money internationally immediately.
We are seeing criminal exploitation of these systems, particularly in scams and fraud,
where victims are directed to convert funds quickly and irreversibly.
I recall one example of an elderly man in a rural Australian town, instructed by a scammer from southeast Asia, not only on how much to deposit, but which streets to walk down in his town to get to the machine and then which buttons to press.
The speed of adoption and integration by criminals of this technology into their business models has been remarkable.
But it shouldn’t surprise us.
Criminals don’t debate emerging technology.
They test it and if it works, they scale it.
Or consider the illicit tobacco market.
This is not a niche issue — it is a rapidly expanding criminal economy.
Organised crime groups have identified the opportunity: high demand, relatively low
perceived risk, and strong profit margins.
They have moved quickly to establish supply chains, distribution networks, and laundering mechanisms.
And importantly, they are reinvesting those profits into other forms of serious criminal activity.
Again, a change in crime, this is different to narcotic trafficking, as it has a public
distribution store on seemingly every second street.
Again, a business opportunity, seen, seized and exploited rapidly and at scale by organised crime.
And this points to a broader shift we’re seeing.
Criminal activity is becoming more networked, more transnational, and more service based.
Money laundering is no longer just something criminals do to clean their own proceeds.
It is a business in itself.
It is increasingly offered as a service, it’s regional and globally networked.
We are seeing specialised networks that provide laundering capabilities moving
funds across jurisdictions, across asset classes, and across platforms.
They are professionalised.
They are scalable.
And they are highly resilient.
Disrupt one node, and another emerges.
It’s all supporting organised crime. These networks operate across borders with ease.
They exploit differences in regulation.
They exploit gaps in visibility.
And they exploit the fact that our systems — both public and private — are often designed within national or institutional silos.
So, the challenge in front of us is not just one of scale.
It is one of alignment.
Are we aligned to where the risk actually is?
Are we aligned across sectors?
And are we aligned in how we respond, public, private, regulation and law enforcement?
This is where I want to be very clear.
A rules-based, checklist-driven approach to regulation is not going to meet this challenge.
It is too slow.
It is too rigid.
And it is too easy to game.
We need to be truly risk-based.
Not in principle — but in practice.
That means focusing our collective effort on the areas of greatest harm.
It means being willing to shift resources quickly as risks evolve.
And it means being honest about what is and is not delivering impact.
Being risk-based also means accepting that we cannot eliminate all risk.
But we can be much more precise in how we manage it.
We can make it harder for criminals to operate at scale.
We can increase the cost of doing business for organised crime.
And we can reduce the harm that flows from illicit activity.
We need to place as much importance on disruption and prevention as we do prosecuting and seizure.
To do that, we need to think end-to-end.
Too often, our response to financial crime is fragmented.
Prevention sits in one place.
Detection in another.
Investigation somewhere else.
And prosecution and confiscation further downstream.
Each part matters. But if they are not connected, we lose effectiveness.
An end-to-end approach means valuing prevention as much as enforcement.
It means designing systems that make it harder for illicit funds to enter in the first place.
It means disrupting flows early before they scale.
And yes, it means continuing to pursue prosecution and confiscation, because accountability matters.
But we cannot rely on enforcement alone.
By the time we are prosecuting, the harm has often already occurred.
Let me give you a practical example.
Recently, AUSTRAC engaged directly with major banks regarding the risks associated with illicit tobacco.
We didn’t just issue guidance.
We didn’t just update typologies.
We asked for partnership.
We asked institutions to look at their data, their customers, their transaction patterns and help identify where this activity might be occurring and identify what more can be done to interrupt it.
And the response was strong, fast and innovative.
Because when you connect regulatory and intelligence insight with industry capability, you get a multiplier effect.
You move faster.
You see more.
And you act earlier.
That is the model we need to build on.
Leveraging the strength of our financial system — not just to facilitate legitimate activity, but to actively mitigate illicit activity.
And this brings me to what I see as one of the most critical enablers of success: public-private partnership.
We’ve done well in Australia.
But we need to go much further.
Partnership is not just about information sharing after the fact.
It is about joint problem-solving.
It is about co-designing responses.
And increasingly, it is about joint analytics.
The reality is this:
Government holds some of the data.
Industry holds some of the data.
And criminals operate across all of it.
If we are not connecting those datasets — securely, lawfully, and intelligently — we are leaving insight on the table.
And that is an advantage we are giving to criminal networks.
We need to move toward models where data can be combined, analysed, and acted on in near real time.
Where insights are shared quickly.
And where there is a clear line of sight from intelligence to disruption.
At the same time, we are entering a period of profound technological change.
Artificial intelligence is accelerating rapidly, just look at Mythos and its potential in this area.
New financial products are emerging.
Digital assets continue to evolve.
And we are seeing the early stages of what could become truly frictionless financial systems operated by agents rather than customers.
Now, that presents enormous commercial opportunity.
But it also raises serious questions for all of us.
What happens to traditional KYC models in a world without people and decentralised identity?
What happens to transaction monitoring when transactions are instant, automated, and embedded across platforms?
What happens when financial services are no longer delivered by traditional institutions at all?
If we are not actively testing our AML/CTF controls against these future states, we will fall behind.
This is where partnership again becomes critical.
We need safe environments to test controls.
To challenge assumptions.
To simulate how criminal actors might exploit new technologies.
It’s where we need to test iterate and implement with public private partnerships,
moving beyond intelligence sharing to control development.
And this is where the role of academia, and initiatives like the Financial Integrity Hub, is so important.
Because this is not just an operational challenge.
It is an intellectual one.
We need research.
We need experimentation.
And we need independent challenge.
We need to ask difficult questions.
Are our current frameworks fit for purpose?
Where are the blind spots?
And how do we design systems that are resilient not just to today’s risks — but to tomorrow’s?
Now, I want to emphasise something.
While the challenges are significant, so too is our collective capability.
Australia has a strong financial system.
We have sophisticated institutions.
We have a robust regulatory framework.
And importantly, we have a track record of collaboration that many other jurisdictions look to.
But we cannot be complacent.
Because the same strengths that make our system attractive for legitimate business can also make it attractive for illicit activity.
These are advantages — but they must be actively safeguarded.
So where to from here?
We need to get sharper in how we identify and prioritise risk.
Better use of data.
Better use of intelligence.
And a willingness to move away from low-value activity.
We need to integrate.
Breaking down silos — within organisations, across sectors, and between public and private.
Connecting the dots faster.
And ensuring that insight leads to action.
We need to innovate.
Not just adopting new technology — but using it intelligently.
Testing controls.
Learning quickly.
And staying ahead of the curve.
Because if we don’t innovate, criminal networks will.
And they won’t wait for approval.
Let me close with this.
Every system we design…
Every control we implement…
Every partnership we build…
It all contributes to one outcome:
Whether we make it easier or harder for criminals to operate.
We have a choice.
We can respond incrementally.
Or we can act collectively — and shift the system.
In this room, there is enough expertise, data, and capability to make a real difference.
Not just at the margins.
But at scale.
So my challenge to you over the course of this conference is simple:
Be practical.
Be ambitious.
And be open to doing things differently.
Because financial crime is evolving.
And so must we.
Thank you and I look forward to the conversations ahead.