Blog

OCC Spring Risk Perspective: 5 Takeaways on Compliance Risk

Site Logo
Tookitaki
29 July 2020
read
4 min

Despite its general strength, the US federal banking system is apparently susceptible to the ongoing economic weakness caused by the rampant spread of coronavirus. Earlier this month, The US Office of the Comptroller of the Currency (OCC) published its latest Semi-annual Risk Perspective explaining the key issues of the country’s banking system and the impact of the COVID-19 pandemic on the industry.

The Spring report says banks “face weak economic conditions resulting from the economic shutdown”, leading to negative impacts on earnings, credit quality, operations, and capital. It added that record-high unemployment levels and business closings will adversely impact credit risk, while operational risk will be elevated as banks implement new processes and procedures, adapt business continuity plans and respond to pandemic-related fraud and cyber risk.

The OCC also opined that compliance risk is increasing due to a number of reasons including changed operations, remote working, rapidly changing customer service environment, and new assistance programs for consumers and small businesses – such as the CARES Act and the Paycheck Protection Program (PPP). Here we are trying to present certain highlights related to compliance risk in the OCC report and suggest ways to overcome the challenges mentioned there.

1. New Government Relief Programs Adding to Existing Stress

Stimulus measures such as the CARES Act and PPP have increased credit, operational, and compliance risks as banks are required to “act quickly to modify operational processes while also functioning with high levels of employees working at home and absenteeism,” according to the OCC. Banks need to process higher transaction volumes, and at the same time, they need to manage heightened cybersecurity risks, and potential fraud related to stimulus programs.

The high volume of PPP applications and the short processing time frames may complicate Bank Secrecy Act (BSA) and fair lending compliance responsibilities associated with underwriting and opening new accounts, monitoring customer activity, communicating with customers, and timely meeting BSA and Office of Foreign Assets Control (OFAC) reporting requirements, the regulator noted.

2. Reasonable Delays in Meeting BSA Requirements

The OCC reiterated its earlier statement recognizing that there “may be reasonable delays in meeting BSA compliance obligations during the COVID-19 pandemic.” Among other US regulators, the Financial Crimes Enforcement Network (FinCEN) earlier provided regulatory relief under the risk-based approach to BSA compliance, while the OFAC issued a statement recognizing that the pandemic may cause delays in compliance.

The OCC noted that pandemic response measures and programs may affect timely compliance with bank obligations implementing BSA programs and OFAC-administered sanctions such as onboarding processes, customer due diligence updates, suspicious activity alert investigations, and blocking reports.

3. Being Aware of Evolving Typologies

The OCC also encouraged banks to monitor information provided by law enforcement agencies and international anti-money laundering standard-setting organizations regarding the ways that criminals are adapting scams and money laundering techniques to exploit COVID-19-related vulnerabilities. It suggested that the Federal Bureau of Investigation website provides common red flags for identifying COVID-19-related schemes. “Banks should be aware of evolving typologies and ensure their anti-money laundering programs are commensurate with their risk profile,” it said.

4. Implementing Risk-based Adjustments in BSA Systems

The OCC said banks should implement “appropriate risk-based adjustments in their BSA systems to address pandemic-related circumstances and “keep their examiners updated on potential BSA and sanctions compliance issues”, including potential delays in meeting reporting requirements. The watchdog cautioned that any deferred actions and temporary waivers should be tracked so that banks can promptly readjust systems after the operating environment has returned to normal.

The OCC is also adjusting its risk-based approach for BSA compliance examinations and assured that it will consider the impact of COVID-19-related measures on BSA compliance in determining any new supervisory response.

5. Remaining Diligent to Ensure Compliance with Consumer Protection & Fair Lending

The OCC noted that banks should establish change management and compliance risk management processes to identify, measure, monitor, and control the emerging risks associated with COVID-19. As the pandemic may lead to increased customer complaints related to branch closures, reduced operations and communication issues, banks “must remain diligent to ensure compliance with consumer protection, fair lending, and other laws and regulations when dealing with applicants for new or modified loans.”

The regulator added that the increased reliance on remote work may create challenges in maintaining safeguards for protecting consumers’ personal financial information and for monitoring customer interactions for consistency with bank policies and procedures.

Mitigating Compliance Risk with Modern Technology

 The COVID-19 pandemic has significantly altered the compliance scene within banks. There are challenges of maintaining process efficiency amid increased workloads and addressing emerging financial crimes that are well-adapted to the current situation. To remain compliant with regulations, banks need to build futuristic compliance programs which are resilient to internal and external shocks.

Modern technologies like artificial intelligence and machine learning can help banks significantly in making their compliance programs resilient and sustainable. We, at Tookitaki, provide machine learning-powered enterprise solutions to address regulatory compliance problems in the financial services sector. We move beyond static rule-based systems and adopt a new approach to prevent financial and reputation loss.

To address existing challenges in anti-money laundering (AML) compliance, we have developed a robust and innovative platform – the Anti-Money Laundering Suite (AMLS) – which features money laundering pattern sharing mechanisms and automated model learning and evolution.  The next-generation platform combines the efficiency gains and effectiveness of AI in key compliance processes such as transaction monitoring, screening and customer risk assessment while providing complete transparency into our machine learning models and the ability to explain model predictions in a hassle-free manner.

AMLS has the ability to handle complex and ever-changing customer behavior and is adaptable to frequent updates in regulations. The platform has already proven its capability to detect anomalous transaction behavior and to improve process efficiency related to alert triaging, investigation and reporting in banking environments. Book a demo to learn more about our products, their capabilities and benefits.

Read More: A Guide to De-risking AML

 

By submitting the form, you agree that your personal data will be processed to provide the requested content (and for the purposes you agreed to above) in accordance with the Privacy Notice

success icon

We’ve received your details and our team will be in touch shortly.

In the meantime, explore how Tookitaki is transforming financial crime prevention.
Learn More About Us
Oops! Something went wrong while submitting the form.

Ready to Streamline Your Anti-Financial Crime Compliance?

Our Thought Leadership Guides

Blogs
20 Aug 2025
6 min
read

Ferraris, Ghost Cars, and Dirty Money: Inside Australia’s 2025 Barangaroo Laundering Scandal

In July 2025, Sydney’s Barangaroo precinct became the unlikely stage for one of Australia’s most audacious money laundering cases. Beyond the headlines about Ferraris and luxury goods lies a sobering truth: criminals are still exploiting the blind spots in Australia’s financial crime defences.

A Case That Reads Like a Movie Script

On 30 July 2025, Australian police raided properties across Sydney and arrested two men—Bing “Michael” Li, 38, and Yizhe “Tony” He, 34.

Both men were charged with an astonishing 194 fraud-related offences. Li faces 87 charges tied to AUD 12.9 million, while He faces 107 charges tied to about AUD 4 million. Authorities also froze AUD 38 million worth of assets, including Bentleys, Ferraris, designer goods, and property leases.

At the heart of the case was a fraud and laundering scheme that funnelled stolen money into the high-end economy of cars, luxury fashion, and short-term property leases. Investigators dubbed them “ghost cars”—vehicles purchased as a way to obscure illicit funds.

It’s a tale that grabs attention for its glitz, but what really matters is the deeper lesson: Australia still has critical AML blind spots that criminals know how to exploit.

Talk to an Expert

How the Syndicate Operated

The mechanics of the scheme reveal just how calculated it was:

  • Rapid loan cycling: The accused are alleged to have obtained loans, often short-term, which were cycled quickly to create complex repayment patterns. This made tracing the origins of funds difficult.
  • Luxury asset laundering: The money was used to purchase high-value cars (Ferraris, Bentleys, Mercedes) and designer items from brands like Louis Vuitton. Assets of prestige become a laundering tool, integrating dirty money into seemingly legitimate wealth.
  • Property as camouflage: Short-term leases of expensive properties in Barangaroo and other high-end districts provided both a lifestyle cover and another channel to absorb illicit funds.
  • Gatekeeper loopholes: Real estate agents, accountants, and luxury dealers in Australia are not yet fully bound by AML/CTF obligations. This gap created the perfect playground for laundering.

What’s striking is not the creativity of the scheme—it’s the simplicity. By targeting sectors without AML scrutiny, the syndicate turned everyday transactions into a pipeline for cleaning millions.

The Regulatory Gap

This case lands at a critical time. For years, Australia has been under pressure from the Financial Action Task Force (FATF) to extend AML/CTF laws to the so-called “gatekeeper professions”—real estate agents, accountants, lawyers, and dealers in high-value goods.

As of 2025, these obligations are still not fully in place. The expansion is only scheduled to take effect from July 2026. Until then, large swathes of the economy remain outside AUSTRAC’s oversight.

The Barangaroo arrests underscore what critics have long warned: criminals don’t wait for legislation. They are already steps ahead, embedding illicit funds into sectors that regulators have yet to fence off.

For businesses in real estate, luxury retail, and professional services, this case is more than a headline—it’s a wake-up call to prepare now, not later.

ChatGPT Image Aug 19, 2025, 01_54_51 PM

Why This Case Matters for Australia

The Barangaroo case isn’t just about two individuals—it highlights systemic vulnerabilities in the Australian financial ecosystem.

  1. Criminal Adaptation: Syndicates will always pivot to the weakest link. If banks tighten their checks, criminals move to less regulated industries.
  2. Erosion of Trust: When high-value markets become conduits for laundering, it damages Australia’s reputation as a clean, well-regulated financial hub.
  3. Compliance Risk: Businesses in these sectors risk being blindsided by new regulations if they don’t start implementing AML controls now.
  4. Global Implications: With assets like luxury cars and crypto being easy to move or sell internationally, local failures in AML quickly ripple across borders.

This isn’t an isolated story. It’s part of a broader trend where fraud, luxury assets, and regulatory lag intersect to create fertile ground for financial crime.

Lessons for Businesses

For financial institutions, fintechs, and gatekeeper industries, the Barangaroo case offers several practical takeaways:

  • Monitor for rapid loan cycling: Short-term loans repaid unusually fast, or loans tied to sudden high-value purchases, should trigger alerts.
  • Scrutinise asset purchases: Repeated luxury acquisitions, especially where the source of funds is vague, are classic laundering red flags.
  • Don’t rely solely on regulation: Just because AML obligations aren’t mandatory yet doesn’t mean businesses can ignore risk. Voluntary adoption of AML best practices can prevent reputational damage.
  • Collaborate cross-sector: Banks, real estate firms, and luxury dealers must share intelligence. Laundering rarely stays within one sector.
  • Prepare for 2026: When the law expands, regulators will expect not just compliance but also readiness. Being proactive now can avoid penalties later.

How Tookitaki’s FinCense Can Help

The Barangaroo case demonstrates a truth that regulators and compliance teams already know: criminals are fast, and rules often move too slowly.

This is where FinCense, Tookitaki’s AI-powered compliance platform, makes the difference.

  • Scenario-based Monitoring
    FinCense doesn’t just look for generic suspicious behaviour—it monitors for specific typologies like “rapid loan cycling leading to high-value asset purchases.” These scenarios mirror real-world cases, allowing institutions to spot laundering patterns early.
  • Federated Intelligence
    FinCense leverages insights from a global compliance community. A laundering method detected in one country can be quickly shared and simulated in others. If the Barangaroo pattern emerged elsewhere, FinCense could help Australian institutions adapt almost immediately.
  • Agentic AI for Real-Time Detection
    Criminal tactics evolve constantly. FinCense’s Agentic AI ensures models don’t go stale—it adapts to new data, learns continuously, and responds to threats as they arise. That means institutions don’t wait months for rule updates; they act in real time.
  • End-to-End Compliance Coverage
    From customer onboarding to transaction monitoring and investigation, FinCense provides a unified platform. For banks, this means capturing anomalies at multiple points, not just after funds have already flowed into cars and luxury handbags.

The result is a system that doesn’t just tick compliance boxes but actively prevents fraud and laundering—protecting both businesses and Australia’s reputation.

The Bigger Picture: Trust and Reputation

Australia has ambitions to strengthen its role as a regional financial hub. But trust is the currency that underpins global finance.

Cases like Barangaroo remind us that even one high-profile lapse can shake investor and customer confidence. With scams and laundering scandals making headlines globally—from Crown Resorts to major online frauds—Australia cannot afford to be reactive.

For businesses, the message is clear: compliance isn’t just about avoiding fines, it’s about protecting your licence to operate. Customers and partners expect vigilance, transparency, and accountability.

Conclusion: A Warning Shot

The Barangaroo “ghost cars and luxury laundering” saga is more than a crime story—it’s a preview of what happens when regulation lags and businesses underestimate financial crime risk.

With AUSTRAC set to extend AML coverage in 2026, industries like real estate and luxury retail must act now. Waiting until the law forces compliance could mean walking straight into reputational disaster.

For financial institutions and businesses alike, the smarter path is to embrace advanced solutions like Tookitaki’s FinCense, which combine scenario-driven intelligence with adaptive AI.

Because at the end of the day, Ferraris and Bentleys may be glamorous—but when they’re bought with dirty money, they carry a far higher cost.

Ferraris, Ghost Cars, and Dirty Money: Inside Australia’s 2025 Barangaroo Laundering Scandal
Blogs
30 Jul 2025
5 min
read

Cracking Down Under: How Australia Is Fighting Back Against Fraud

Fraud in Australia has moved beyond stolen credit cards, today’s threats are smarter, faster, and often one step ahead.

Australia is facing a new wave of financial fraud—complex scams, cyber-enabled deception, and social engineering techniques that prey on trust. From sophisticated investment frauds to deepfake impersonations, criminals are evolving rapidly. And so must our fraud prevention strategies.

This blog explores how fraud is impacting Australia, what new methods criminals are using, and how financial institutions, businesses, and individuals can stay ahead of the game. Whether you're in compliance, fintech, banking, or just a concerned citizen, fraud prevention is everyone’s business.

The Fraud Landscape in Australia: A Wake-Up Call

In 2024 alone, Australians lost over AUD 2.7 billion to scams, according to data from the Australian Competition and Consumer Commission (ACCC). The Scamwatch program reported an alarming rise in phishing, investment scams, identity theft, and fake billing.

A few alarming trends:

  • Investment scams accounted for over AUD 1.3 billion in losses.
  • Business email compromise (BEC) and invoice fraud targeted SMEs.
  • Romance and remote access scams exploited personal vulnerability.
  • Deepfake scams and AI-generated impersonations are on the rise, particularly targeting executives and finance teams.

The fraud threat has gone digital, cross-border, and real-time. Traditional controls alone are no longer enough.

Talk to an Expert

Why Fraud Prevention Is a National Priority

Fraud isn't just a financial issue—it’s a matter of public trust. When scams go undetected, victims don’t just lose money—they lose faith in financial institutions, government systems, and digital innovation.

Here’s why fraud prevention is now top of mind in Australia:

  • Real-time payments mean real-time risks: With the rise of the New Payments Platform (NPP), funds can move across banks instantly. This has increased the urgency to detect and prevent fraud in milliseconds—not days.
  • Rise in money mule networks: Criminal groups are exploiting students, gig workers, and the elderly to launder stolen funds.
  • Increased regulatory pressure: AUSTRAC and ASIC are putting more pressure on institutions to identify and report suspicious activities more proactively.

Common Fraud Techniques Seen in Australia

Understanding how fraud works is the first step to preventing it. Here are some of the most commonly observed fraud techniques:

a) Business Email Compromise (BEC)

Fraudsters impersonate vendors, CEOs, or finance officers to divert funds through fake invoices or urgent payment requests. This is especially dangerous for SMEs.

b) Investment Scams

Fake trading platforms, crypto Ponzi schemes, and fraudulent real estate investments have tricked thousands. Often, these scams use fake celebrity endorsements or “guaranteed returns” to lure victims.

c) Romance and Sextortion Scams

These scams manipulate victims emotionally, often over weeks or months, before asking for money. Some even involve blackmail using fake or stolen intimate content.

d) Deepfake Impersonation

Using AI-generated voice or video, scammers are impersonating real people to initiate fund transfers or manipulate staff into giving away sensitive information.

e) Synthetic Identity Fraud

Criminals use a blend of real and fake information to create a new, ‘clean’ identity that can bypass onboarding checks at banks and fintechs.

20250730_2107_Cybersecurity Precaution Scene_remix_01k1dzk8hwfd4t9rd8mkhzgr1w

Regulatory Push for Smarter Controls

Regulators in Australia are stepping up their efforts:

  • AUSTRAC has introduced updated guidance for transaction monitoring and suspicious matter reporting, pushing institutions to adopt more adaptive, risk-based approaches.
  • ASIC is cracking down on investment scams and calling for platforms to implement stricter identity and payment verification systems.
  • The ACCC’s National Anti-Scam Centre launched a multi-agency initiative to disrupt scam operations through intelligence sharing and faster response times.

But even regulators acknowledge: compliance alone won't stop fraud. Prevention needs smarter tools, better collaboration, and real-time intelligence.

A New Approach: Proactive, AI-Powered Fraud Prevention

The most forward-thinking banks and fintechs in Australia are moving from reactive to proactive fraud prevention. Here's what the shift looks like:

✅ Real-Time Transaction Monitoring

Instead of relying on static rules, modern systems use machine learning to flag suspicious behaviour—like unusual payment patterns, high-risk geographies, or rapid account-to-account transfers.

✅ Behavioural Analytics

Understanding what ‘normal’ looks like for each user helps detect anomalies fast—like a customer suddenly logging in from a new country or making a large transfer outside business hours.

✅ AI Copilots for Investigators

Tools like AI-powered investigation assistants can help analysts triage alerts faster, recommend next steps, and even generate narrative summaries for suspicious activity reports.

✅ Community Intelligence

Fraudsters often reuse tactics across institutions. Platforms like Tookitaki’s AFC Ecosystem allow banks to share anonymised fraud scenarios and red flags—so everyone can learn and defend together.

✅ Federated Learning Models

These models allow banks to collaborate on fraud detection algorithms without sharing customer data—bringing the power of collective intelligence without compromising privacy.

Fraud Prevention Best Practices for Australian Institutions

Whether you're a Tier-1 bank or a growing fintech, these best practices are critical:

  1. Prioritise real-time fraud detection tools that work across payment channels and digital platforms.
  2. Train your teams—fraudsters are exploiting human error more than technical flaws.
  3. Invest in explainable AI to build trust with regulators and internal stakeholders.
  4. Use layered defences: Combine transaction monitoring, device fingerprinting, behavioural analytics, and biometric verification.
  5. Collaborate across the ecosystem—join industry platforms, share intel, and learn from others.

How Tookitaki Supports Fraud Prevention in Australia

Tookitaki is helping Australian institutions stay ahead of fraud by combining advanced AI with collective intelligence. Our FinCense platform offers:

  • End-to-end fraud and AML detection across transactions, customers, and devices.
  • Federated learning that enables risk detection with insights contributed by a global network of financial crime experts.
  • Smart investigation tools to reduce alert fatigue and speed up response times.

The Role of Public Awareness in Prevention

It’s not just institutions—customers play a key role too. Public campaigns like Scamwatch, educational content from banks, and media coverage of fraud trends all contribute to prevention.

Simple actions like verifying sender details, avoiding suspicious links, and reporting scam attempts can go a long way. In the fight against fraud, awareness is the first line of defence.

Conclusion: Staying Ahead in a Smarter Fraud Era

Fraud prevention in Australia can no longer be treated as an afterthought. The threats are too advanced, too fast, and too costly.

With the right mix of technology, collaboration, and education, Australia can stay ahead of financial criminals—and turn the tide in favour of consumers, businesses, and institutions alike.

Whether it’s adopting AI tools, sharing threat insights, or empowering individuals, fraud prevention is no longer optional. It’s the new frontline of trust.

Cracking Down Under: How Australia Is Fighting Back Against Fraud
Blogs
29 Jul 2025
6 min
read

The CEO Wasn’t Real: Inside Singapore’s $499K Deepfake Video Scam

In March 2025, a finance director at a multinational firm in Singapore authorised a US$499,000 payment during what appeared to be a Zoom call with the company’s senior leadership. There was just one problem: none of the people on the call were real.

What seemed like a routine virtual meeting turned out to be a highly orchestrated deepfake scam, where cybercriminals used artificial intelligence to impersonate the company’s Chief Financial Officer and other top executives. The finance director, believing the request was genuine, wired nearly half a million dollars to a fraudulent account.

The incident has sent shockwaves across the financial and corporate world, underscoring the fast-evolving threat of deepfake technology.

Background of the Scam

According to Singapore police reports, the finance executive received a message from someone posing as the company’s UK-based CFO. The message requested an urgent fund transfer to facilitate a confidential acquisition. To build credibility, the fraudster set up a Zoom call — featuring multiple senior executives, all appearing and sounding authentic.

But the entire video call was fabricated using deepfake technology.

These weren’t just stolen profile photos; they were AI-generated likenesses with synced facial movements and realistic voices, mimicking actual executives. The finance director, seeing what seemed like familiar faces and hearing familiar voices, followed through with the transfer.

Only later did the company realise that the actual executives had never been on the call.

What the Case Revealed

This wasn’t just another phishing email or spoofed WhatsApp message. This was next-level digital deception. Here’s what made it chillingly effective:

  • Multi-party deepfake execution – The fraud involved several synthetic identities, all rendered convincingly in real-time to simulate a legitimate boardroom environment.
  • High-level impersonation – Senior figures like the CFO were cloned with accurate visual and vocal characteristics, heightening the illusion of authority and urgency.
  • Deeply contextual manipulation – The scam leveraged business context (e.g. M&A activity, board-level communications) that suggested insider knowledge.

Singapore’s police reported this as one of the most convincing cases of AI-powered impersonation seen to date — and issued a national warning to corporations and finance professionals.

Impact on Financial Institutions and Corporates

While the fraud targeted one company, its implications ripple across the entire financial system:

Deepfake Fatigue and Trust Erosion

When even video calls are no longer trustworthy, confidence in digital communication takes a hit. This undermines both internal decision-making and external client relationships.

CFOs and Finance Teams in the Crosshairs

Finance and treasury teams are prime targets for scams like this. These professionals are expected to act fast, handle large sums, and follow instructions from the top — making them vulnerable to high-pressure frauds.

Breakdown of Traditional Verification

Emails, video calls, and even voice confirmations can be falsified. Without secondary verification protocols, companies remain dangerously exposed.

ChatGPT Image Jul 29, 2025, 02_34_13 PM

Lessons Learned from the Scam

The Singapore deepfake case isn’t an outlier — it’s a glimpse into the future of financial crime. Key takeaways:

  1. Always Verify High-Value Requests
    Especially those involving new accounts or cross-border transfers. A secondary channel of verification — via phone or an encrypted app — is now a must.
  2. Educate Senior Leadership
    Executives need to be aware that their digital identities can be hijacked. Regular briefings on impersonation risks are essential.
  3. Adopt Real-Time Behavioural Monitoring
    Advanced analytics can flag abnormal transaction patterns — even when the request appears “approved” by an authority figure.
  4. Invest in Deepfake Detection Tools
    There are now software solutions that scan video content for artefacts, inconsistencies, or signs of AI manipulation.
  5. Strengthen Internal Protocols
    Critical payment workflows should always require multi-party authorisation, escalation logic, and documented rationale.

The Role of Technology in Prevention

Scams like this are designed to outsmart conventional defences. A new kind of defence is required — one that adapts in real-time and learns from emerging threats.

This is where Tookitaki’s compliance platform, FinCense, plays a vital role.

Powered by the AFC Ecosystem and Agentic AI:

  • Typology-Driven Detection: FinCense continuously updates its detection logic based on real-world scam scenarios contributed by financial crime experts worldwide.
  • AI-Powered Simulation: Institutions can simulate deepfake-driven fraud scenarios to test and refine their internal controls.
  • Federated Learning: Risk signals and red flags from across institutions are shared securely without compromising sensitive data.
  • Smart Case Disposition: Agentic AI reviews and narrates alerts, allowing compliance officers to respond faster and with greater clarity — even in complex scams like this.
Talk to an Expert

Moving Forward: Facing the Synthetic Threat Landscape

Deepfake technology has moved from the realm of novelty to real-world risk. The Singapore incident is a wake-up call for companies across ASEAN and beyond.

When identity can be faked in real-time, and fraudsters learn faster than regulators, the only defence is to stay ahead — with intelligence, collaboration, and next-generation tech.

Because next time, the CEO might not be real, but the money lost will be.

The CEO Wasn’t Real: Inside Singapore’s $499K Deepfake Video Scam