AUSTRAC has released the following statement to help entities that have anti-money laundering obligations understand and manage potential heightened money laundering, terrorism financing and other serious crime risks as a result of the Optus data breach. 

Read the statement: 'Optus data breach – working with our reporting entities' 

What reporting entities need to do

Businesses regulated by AUSTRAC should remain vigilant to the impacts of the data breach when undertaking electronic verification of a customer’s identity. They should consider implementing controls to respond to the increased risk of identity theft, including when accepting new customers and monitoring for existing customers who may have had their personal data compromised.

Reporting entities must submit a suspicious matter report (SMR) to AUSTRAC if they suspect a customer or transaction may be relevant to the investigation of a crime, including where they reasonably suspect a person is not who they claim to be or is the victim of a crime (including fraudulent or stolen documents).

When submitting SMRs and other reports to AUSTRAC related to the data breach, AUSTRAC requests that reporting entities include the reference ‘FA43407’.

If you have any questions, contact AUSTRAC at contact@austrac.gov.au.