The regulatory imperative
ASIC’s recent directive to superannuation trustees represents more than regulatory oversight – it signals a fundamental shift in expectations for an industry custodian of $4.3 trillion in Australian retirement savings. While the regulator’s February 2026 review focused on scam prevention, it exposed a broader truth: superannuation trustees must urgently strengthen their entire financial crime framework with members losing $22 million to super-related scams in 2025 alone.
ASIC Commissioner Simone Constant’s warning extends beyond scams: “As banks, telecommunications providers and other financial service businesses increase their anti-scam and anti- fraud capabilities, superannuation trustees must do the same or risk becoming a soft target.”
At PX Partners, our work across financial crime risk management reveals that successful prevention requires understanding the interconnected ecosystem of predicate crimes, money laundering, fraud, scams, and downstream threats like terrorism financing.
Understanding the financial crime ecosystem
Financial crime is not a series of isolated threats but an interconnected system where each element fuels and enables the others. Money laundering sits at the centre, serving as the mechanism that allows criminals to enjoy proceeds from predicate crimes – ranging from fraud and cybercrime to corruption and human trafficking.

Fraud – Scam – ML relationship
It is important to understand the concepts at play and the interrelationship between them:
- Fraud is deception for personal gain or to cause loss to another. As a predicate crime, it generates proceeds requiring laundering;
- Scams are a fraud subset and involve manipulating victims through social engineering (often using digital channels) to fraudulently transfer funds. A familiar example is pig-butchering which combines romance fraud, investment scams, cybercrime, and often human trafficking, with proceeds laundered through cryptocurrency; and
- Money laundering is the process of obscuring the criminal origin of proceeds through placement, layering, and integration into the legitimate financial system.
What ASIC found?
ASIC’s recent review of 47 superannuation trustees focussed on the availability, quality and actionability of anti-scams and fraud content, including by checking the website content for clarity and relevance, prominence on the website and readability. The review found that banks scored positively in over 80% of criteria assessed, whereas most super funds scored positively against just 40–60% of the same criteria. This was a narrow review focussed on public facing content but may be viewed by the Regulator as an indicator of broader weaknesses in the financial crime framework.
Previous ASIC reviews have called out other gaps in the financial services industry that has immediate relevance for Superannuation Trustees:
1. Strategic Gaps: No organisation-wide scams OR fraud strategy. Inadequate integration with broader financial crime frameworks.
2. Operational Weaknesses: Over-reliance on identity verification while missing manipulation indicators. Limited transaction monitoring for scam typologies. No distinction between unauthorised fraud (identity theft) vs authorised fraud (scams where members are manipulated) where different approaches are required to manage the risk.
3. Governance Blind Spots: Insufficient oversight of administrators’ controls. Weak connection between cyber incidents and financial crime response. Limited board reporting on financial crime holistically.
An integrated financial crime framework
Drawing from ASIC’s REP 761 & 790, APRA’s SPG 223, AUSTRAC guidance, and our implementationexperience, we recommend an integrated three-pillars approach to managing this risk:

Third-Party Risk:Map third-party controls across the spectrum: transaction monitoring, cyber defences, fraud analytics, and scam detection. Ensure visibility into administrator capabilities and regular testing.
Pillar 2: Prevention and detection
Cyber as Predicate: Recognise cyber incidents as predicates to fraud / scams. Implement enhanced monitoring post-breach. Link IT security with financial crime teams.
Integrated Detection: Deploy scam-specific rules identifying manipulation (urgency, inconsistent requests, new beneficiaries). Complement traditional fraud detection (unauthorised access) with authorised fraud indicators.
Friction Points: Cooling-off periods for high-risk transactions. Multi-channel verification. Real-time alerts on unusual patterns. Enhanced due diligence for sudden behavioural changes.
Pillar 3: Member communications and victim support
Transformed Communications: Prominent scam/fraud warnings. Clear examples of common typologies (early release scams, pig-butchering, invoice fraud). Dedicated reporting channels (only 20% of funds provide this). Demographic-specific education.
Victim Support: Streamlined reporting processes. Trauma-informed victim support. Clear escalation paths. Integration with AFCA and law enforcement.
Where do I start?
If you are starting from a low level of maturity, it is important to do a risk-based prioritisation – you can’t do it all at once! Where you’ve already established a financial crime operating model, it’ll be targeted uplift to meet the upcoming reforms by 31 March 2026.
| 0-3 months | Conduct gap analysis across full financial crime spectrum. Review website content for scams and fraud. Establish reporting channels. Appoint senior owner. |
| 3-6 months | Document integrated financial crime strategy. Map administrator controls. Implement transaction friction. Deploy awareness campaign. |
| 6-12 months | Develop detection rules spanning fraud, scams, and ML typologies. Enhance training on financial crime ecosystem. Establish integrated board reporting. |
Ensure that existing frameworks are leveraged as much as possible. We see successful entities:
- designating financial crime (not just scams) as FAR key responsibility.
- mapping scam/fraud risks into CPS 230 operational risk assessments.
- integrate with AML/CTF programs as scams and fraud are predicate crimes for money laundering.
The path forward
Scams don’t exist in isolation – they’re part of a continuum spanning predicate crimes, money laundering, and downstream threats.
ASIC’s scam focus is the catalyst, but the solution must be comprehensive. Trustees who understand the fraud – scam – ML relationship and implement an integrated approach will not only meet regulatory expectations but genuinely protect members from an evolving threat landscape.
At PX Partners, we’ve supported financial services organisations in developing holistic financial crime solutions that connect AML/CTF, fraud prevention, scam detection, and cyber resilience. Our experience implementing integrated frameworks positions us to help trustees navigate this complex challenge and transform member protection from compliance obligation to competitive advantage.
The time to act is now. Trustees who embrace this integrated approach demonstrate a true desire to protect the wellbeing of their members in their role as fiduciaries and further strengthen protections against financial crime.