Regulators emphasized deterrence through substantial penalties and cultural change within institutions. In the first six months of 2025, the Australian Securities and Investments Commission (ASIC) commenced 132 new investigations, compared to 63 investigations in the same period last year; and 23 new court actions, compared to 12 new actions in the same period last year. In the last six months, ASIC has secured six criminal convictions and AUD57.5 million in civil penalties, excluding a further AUD240 million penalty against the Australia and New Zealand Banking Group (ANZ), which is still being considered by the Court.
Against this backdrop, in house legal and investigations teams should anticipate expanded corporate and individual exposure for financial crime and integrity risks and invest in elevated controls and policies with a focus on governance, disclosure, and incident response.
Enforcement trends in Australian white-collar crime investigations
Australia’s white-collar crime landscape was shaped in 2025 by ongoing anti-corruption and AML/CTF reforms, along with heightened scrutiny of ESG governance, cyber resilience and consumer protection.
The National Anti-Corruption Commission (NACC)’s published strategic priorities for 2025-29 include: targeting corruption in senior executive decision making; corruption involving contractors and consultants; corruption affecting vulnerable people or the environment; border related corruption; and corruption in complex procurement.
The Australian Transaction Reports and Analysis Centre (AUSTRAC) indicated that, in 2025 and 2026, it would, in part, prioritize improvements to money laundering, terrorism financing, and proliferation financing risk management. This includes assisting reporting entities to understand existing and incoming AML/CTF obligations and to implement proportionate programs, systems, and controls. AUSTRAC has indicated a focus on digital currency businesses and cash intensive sectors that present heightened money laundering risks. With AML/CTF reforms slated for 2026, scrutiny is likely to extend to tranche two “gatekeeper” professions, including lawyers, accountants, real estate agents, and dealers in precious metals and stones.
ASIC’s strategic priorities in its Corporate Plan for 2025 and 2026 include consumer protection, cyber resilience, supporting better retirement outcomes and superannuation member services, and strengthening market disclosure and professional conduct with a focus on financial reporting, climate reporting, auditors and director conduct. ASIC’s focus on consumer protection and market integrity has meant that its enforcement action has cut across all financial services sectors, with a particular focus on the superannuation, banking and insurance industries. For example, in 2025, ASIC settled four claims against a large banking group for AUD240 million in penalties. These claims involved widespread misconduct that endangered public funds and negatively impacted thousands of ANZ customers.
Both ASIC and AUSTRAC continue to coordinate with international counterparts to combat cross-border financial crime, including bilateral intelligence sharing with foreign financial intelligence units to track the movement of illicit funds.
The Australian Competition and Consumer Commission (ACCC) has listed ESG as an enforcement priority for 2025–26. Both ASIC and the ACCC have pursued “greenwashing” proceedings. For example, in 2025, the Federal Court ordered penalties against Active Super in ASIC’s greenwashing case after findings that Active Super had invested in securities that it had claimed were eliminated or restricted by its ESG investment screens (e.g. investments in companies which had gambling and coal mining operations).
Targeted, multi-sector enforcement is also likely in response to the potential misuse of AI to facilitate money laundering and related financial crime. For example, a 2025 Department of Foreign Affairs advisory note highlights how AI can be exploited to enable financial fraud and deception. Such misuse may include deepfakes, voice cloning and fake videos to impersonate staff or customers, inducing teams to approve payments or onboard new clients. Generative AI can also produce realistic and consistent fake documents, such as invoices and bank statements, which can further enable financial crime.
Key 2025-2026 reforms impacting corporate accountability in Australia
Failure to prevent bribery offense
The Crimes Legislation Amendment (Combatting Foreign Bribery) Act 2024, which commenced late 2024, creates a corporate offense where a business fails to prevent an “associate” from bribing a foreign public official for the benefit of the business. While there has not yet been any public enforcement action under this offense, key agencies have begun mobilizing resources to target this area. For example, in October 2025 the Australian Federal Police (AFP) announced Taskforce Solaris, a dedicated multi disciplinary team to prevent, detect and investigate foreign bribery, including the new failure to prevent offense. The introduction of the offense is also expected to have prompted a significant increase in anti bribery and corruption risk assessments within companies.
Guidance published by the Attorney-General’s Office sets out six key principles that companies should consider when implementing anti-bribery and corruption policies, and expressly emphasized that the mere existence of anti-bribery controls will not be considered adequate for the purpose of the defense. In-house counsel should review the guidance as well as the business’ internal policies and controls to ensure that the defense would be available if necessary. Unlike in earlier proposed iterations, deferred prosecution agreements have not been introduced at this time. Read more about the new offense.
Statutory tort of privacy will impact investigations
In line with its evolving data protection, privacy and cybersecurity landscape, a new statutory tort for serious invasion of privacy came into force in Australia in June 2025. Under this new tort, a plaintiff may be able to sue for serious invasions of privacy which are intentional or reckless where this invasion is occasioned by “intrusion upon seclusion” (e.g. physical intrusion or covert surveillance) or “misuse of information” (e.g. collecting, using or disclosing personal information) in circumstances where there was a reasonable expectation of privacy, and the public interest in the individual’s privacy outweighs any countervailing public interest. While the tort itself is a civil offense, it is likely to affect investigate steps relevant to white-collar crime and demand greater governance over surveillance and data collection mechanisms.
In an investigative context, the lawful authority and plaintiff’s consent defenses may be relevant. Lawful authority will require court or statutory authorization whereas informed and documented consent may legitimize data collection and device monitoring, provided the conduct remains within the agreed scope.
However, where these defenses are unavailable and in the absence of strong justification or proportionate design, aggressive internal monitoring, covert recordings or disproportionate surveillance (e.g. keystroke logging) for the purposes of collecting information in an internal investigation may constitute “intrusion upon seclusion” or “misuse of information” and thereby trigger a breach of the new tort. Businesses should review their policies to ensure tighter scoping and conduct necessity assessments on measures used when conducting internal investigations.
Financial Accountability Regime (FAR) expansion
From March 2025, the Financial Accountability Regime applies to insurers and superannuation trustees, extending responsibility and accountability obligations beyond banks. FAR strengthens accountability for directors and senior executives and requires “enhanced entities” to maintain accountability maps and statements showing reporting lines and prescribed responsibilities across the entity or group. The regime aims to lift risk management and governance standards across the financial sector. While no individual has yet been prosecuted under the FAR, the risk of personal enforcement is expected to rise in light of parliamentary and public pressure on regulators to pursue senior executive accountability. Criminal enforcement is available to the Australian Prudential Regulation Authority (APRA) and ASIC, the regulators responsible for administering FAR, but is generally reserved for conduct that undermines the integrity of the regime. For example, s66 FAR makes non-compliance with a formal regulator direction an offense.
AML/CTF
AUSTRAC has published guidance on AML/CTF reforms which will come into effect on March 31, 2026 for businesses that are currently regulated and on July 1, 2026 for those businesses in the legal, accounting professions, real estate and jewelry sectors that are newly coming under regulation. One of the key reforms relates to new AML/CTF program requirements which will require regulated businesses to:
- carry out a risk assessment relating to money laundering, terrorist financing and proliferation financing;
- establish appropriate policies to manage and mitigate these risks; and
- appoint a fit and proper AML/CTF compliance officer responsible for implementing the AML/CTF program.
While most of the reforms will come into effect in 2026, changes to the “tipping off” offense are already in force. Now it is a criminal offense to disclose certain types of information to another person, where it would or could reasonably be expected to prejudice an investigation. For example, where a financial services firm has flagged potential fraud and is preparing a mandatory report, a client facing statement such as “your account has been flagged and may be reviewed by investigators” may amount to unlawful tipping off.
Predictions for 2026
In 2026, Australia’s enforcement of corporate crime is likely to intensify and broaden in scope as regulators begin to take enforcement action under recent and upcoming reforms. The new strict-liability failure to prevent foreign bribery offenses will test the adequacy of companies’ internal risk management and controls. The AML/CTF reforms will similarly invite scrutiny of companies’ systems. Furthermore, given the new accountability reforms and the continued pressure to impose personal liability, organizations should expect more investigations involving both individuals and entities.
ASIC and ACCC’s continued focus on greenwashing and consumer protection will also likely be at the forefront of investigative and regulatory enforcement activity in 2026 . In house and legal investigation teams should be increasingly conscious of statements by businesses relating to climate and environmental goals, particularly where these are likely to influence consumer investment decisions. Superannuation funds should remain alert to their duties to members, given the rise in enforcement actions related to member service shortcomings. Finally, businesses, especially financial services licensees who often hold a lot of sensitive customer information, should ensure that they have adequate cybersecurity risk managements in place to protect against data breaches and data leaks.
On the horizon
Beyond 2026, Australia’s white collar enforcement landscape is likely to feature tougher corporate and individual accountability, stricter responses to data and privacy breaches, and heightened scrutiny of climate related financial disclosures. Given the breadth of reform across anti bribery, corruption, environmental, privacy, and accountability regimes, in house legal and investigations teams should periodically review governance, risk management, and assurance programs to ensure ongoing compliance.
