The Australian Transaction Reports and Analysis Centre (AUSTRAC) has released guidance for AUSTRAC-regulated entities directly affected by a data breach or impacted by an external data breach that affects their services or customers.
Austrrac says that a data breach may require a review of customers’ risk assessments and systems and controls.
Austrac notes that data breaches may increase the ML/TF risks a business faces. This includes the risk of identity crime, fraud and cyber-enabled crime for example, by criminals using personal information or credentials obtained via a data breach incident to gain access to an account, system or network.
AUSTRAC encourages reporting entities to proactively identify data breaches that may affect them. They may do this by:
- using details of publicly known data breaches to determine if new or existing customers have had their personal information compromised
- hearing about a data breach directly from an affected organisation, publically available materials or through registering with the ASD’s Alert Service.
Austrac recommends systems and controls could include monitoring for:
- changes to customer details (such as their mobile number) prior to large transaction requests that are inconsistent with the customer’s profile
- when customers change their telephone, email and address all at once or in quick succession
- new customers who use the same identification numbers and/or name and date of birth as an existing customer when you on-board them.
If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.
Author: David Jacobson
Principal, Bright Corporate Law
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.