Insights
Type
Industry
image description

Sign up for free to receive our blogs, regulatory alerts, and monthly updates

Sign up

Emerging AML Risks: Proliferation Financing, Digitisation and Artificial Intelligence

image description
Tali Borowick Lawyer Linkedin

In a period defined by rapid digitisation and the rise of artificial intelligence (“AI”), financial systems are becoming faster, smarter and yet, ironically, more vulnerable. The same technologies driving innovation are enabling increasingly sophisticated financial crime. As a result, reporting entities can no longer rely on traditional AML/CTF controls.

On 12 May 2026, AUSTRAC released an updated risk snapshot of Australia’s financial crime landscape.[1]  While updates are expected in a major year of reform for Australia’s anti‑money laundering and counter‑terrorism financing (“AML/CTF”) framework, particular attention should be paid to AUSTRAC’s focus on “Proliferation Financing” (or “PF”). Critically, AUSTRAC has delved into the connection between PF and emerging technologies, such AI and virtual assets, and the implications for legal compliance.

In this article, we highlight how developments in Australia’s AML/CTF framework require entities to:

  • reassess their ML/TF risk assessments to explicitly account for PF and technology-related risks;
  • uplift transaction monitoring, customer due diligence and governance frameworks to reflect the use of AI and digital channels; and
  • ensure compliance frameworks remain adaptive, data-driven and responsive to emerging threats.

AUSTRAC guidance suggests that the shifts in PF activity and risk, digitisation and emerging technologies require a fundamental recalibration of legal compliance, from one that largely focused on a rules-based model, to one that necessitates a dynamic, risk-based approach capable of addressing the complexity of PF in a digital financial system.

What is Proliferation Financing?

In November 2024, the Parliament of Australia passed the AML/CTF Amendment Act 2024 (Cth), amending the AML/CTF Act 2006 (Cth) (the previous AML/CTF Act).  These reforms, which commenced on 31 March 2026 (the current AML/CTF Act), modernise long‑standing AML/CTF obligations, as well as expanding the reach of the regime, to capture a broader range of professions and services across Australia.

The reforms also introduce the concept of PF. Section 5 of the AML/CTF Act defines PF as conduct that amounts to:

(a) an offence against the Charter of the United Nations Act 1945, or regulations made under that Act, that is prescribed by regulations made under this Act for the purposes of this paragraph; or

(b) an offence against the Autonomous Sanctions Act 2011, or a contravention of regulations made under that Act, that involves sanctions addressing the proliferation of weapons of mass destruction; or

(c) an offence against the Autonomous Sanctions Act 2011, or a contravention of regulations made under that Act, that is prescribed by regulations made under this Act for the purposes of this paragraph; or

(d) the provision of assets (including funds) or financial services, or other dealing with assets, in contravention of a law of the Commonwealth that:

(i) implements an international agreement, convention or treaty relating to the proliferation of weapons of mass destruction; and

(ii) is prescribed by the regulations for the purposes of this paragraph; or

(e) an offence against a law of a State or Territory that corresponds to an offence referred to in paragraph (a), (b), (c) or (d); or

(f) an offence against a law of a foreign country or a part of a foreign country that corresponds to an offence referred to in paragraph (a), (b), (c), (d) or (e); or

(g) an offence against a law of the Commonwealth, a State or a Territory that is prescribed by the regulations for the purposes of this paragraph.

In general, this means conduct involving:

  • dealing with money, assets or value that supports any step in illicitly developing, producing, acquiring, transferring or using nuclear, chemical or biological weapons
  • financing, arranging or helping with the export or import of goods, technology or services that are banned or controlled under UN sanctions or Australian autonomous sanctions (external link) – for example, supplying export sanctioned goods to Iran or the Democratic People’s Republic of Korea
  • providing financial services, funds or other assets to people or entities involved in weapons of mass destruction (“WMD”) programs, or activities that support them
  • dealing with defence, strategic or dual‑use goods,[2] technology or software that could be used in a WMD program
  • helping another person carry out transactions that breach UN sanctions, Australian autonomous sanctions, or laws that relate to the prevention of WMD proliferation.

Why the focus on Proliferation Financing?

In 2022, AUSTRAC released Australia’s first National Risk Assessment of PF in Australia (“the report”).[3]

The report identified several threats to Australia, including:

  • the use of Australian financial services and infrastructure to procure dual-use goods and evade sanctions;[4]
  • the use of Australia-based corporate structures to facilitate proliferation financing and evade sanctions;
  • the use of Australian or third-country nationals to facilitate proliferation financing and evade sanctions;
  • the exploitation of Australian citizens to source and export sensitive technologies and knowledge for use by actors of proliferation concern; and
  • the use of designated non-financial businesses and professions to facilitate proliferation financing and evade sanctions.

As highlighted in the report, Australia’s focus on PF reflects the intersection of global obligations (FATF reforms), national security risks (WMD), and the exposure of Australia’s own economic and financial systems. Combined with structural vulnerabilities (trade links, Designated Non-Financial Businesses and Professions gaps, opaque ownership) and increasingly complex evasion methods, PF represents a high‑impact, hard‑to-detect risk that sits at the intersection of sanctions, AML, and national security.[5]

This risk is further amplified by emerging technologies. FATF’s 2025 report on the “Complex Proliferation Financing and Sanctions Evasion Schemes” identified that AI can create and oversee extensive networks of false identities (commonly known as synthetic entities), each with distinct digital characteristics and accompanying documentation.[6] This may make it more challenging to associate these entities with a malicious actor.[7]

Consequently, Australia’s AML/CTF reforms have meant that in addition to assessing and managing the money laundering and terrorism financing risks relevant to one’s business, a reporting entity must also now consider the risk that its products, services or delivery channels could be used for PF. This includes extending existing risk assessments and controls to identify indicators of sanctions evasion, trade-based activity and the misuse of corporate or financial structures.

What does this mean for Australian reporting entities?

1.Australia’s PF risk today

According to AUSTRAC, the blurring between legitimate and illicit activity, together with technology and globalisation, is driving increasing complexity and interconnectedness in Australia’s money laundering, terrorism financing and PF risks.[8]

AUSTRAC CEO Brendan Thomas has stated:

“Criminals are increasingly using AI as a part of their money laundering toolkit— fabricating identities, forging documents and rapidly disguising the proceeds of scams. In some cases, technology is automating what used to be manual laundering techniques, raising the sophistication and scale of financial crime,”. [9]

Indeed, a limited awareness of PF risk exposure can compound this challenge, arguably creating blind spots where sophisticated, technology‑enabled illicit activity goes unrecognised. In combination with AI‑driven techniques and increasingly complex and rapid financial flows, this increases the likelihood that PF risks are misunderstood, underestimated, or embedded within otherwise legitimate‑looking activity, further weakening detection and response frameworks.[10]

2. The use of Artificial intelligence as part of commercial transactions

According to AUSTRAC, AI is likely to become an accelerant for PF actors, which expands the scale, speed and further opaqueness of PF activity.

As detailed in AUSTRAC’s update,[11] AI can be used to:

  • automate the creation and management of complex shell and front‑company networks
  • generate fictitious entities
  • generate convincing falsified trade, shipping and corporate documentation
  • optimise sanctions contravention and export‑control evasion across multiple jurisdictions.

For example, AI can be used to mask the geographic origin of a transaction, such as IP address data, to conceal a customer’s connection to a high‑risk or sanctioned jurisdiction. This is particularly problematic, as geographic indicators often inform whether a transaction should trigger enhanced due diligence, or escalation for further review. If those indicators are disguised or fabricated, a transaction may appear to be low risk, when it in fact involves a prohibited connection, and the failure to trigger enhanced due diligence could allow funds or trade activity to pass through compliance controls undetected. This can undermine a reporting entity’s ability to identify, assess and respond to sanctions and PF risk. It can also mean a reporting entity is helping to facilitate prohibited conduct under Australian law.

Beyond this, AI can enable PF actors to design increasingly sophisticated logistics chains and financial flows, that hide the origin, movement and end‑use of funds and goods, often blending into legitimate trade and financial activity or “flows”. In the AI era, PF activity is, therefore, likely to become faster, more complex and increasingly difficult to detect. For AUSTRAC, this heightens the risk that Australia’s open, trade‑integrated financial, corporate and logistics systems may be unknowingly exploited by global PF networks.

3. The use of virtual assets

According to AUSTRAC, virtual assets are increasingly used by some PF networks as a means of value transfer, embedded within otherwise legitimate trade, financial and corporate activity, rather than as a standalone financing mechanism.[12] Indeed, as identified in the National Risk Assessment, the anonymity afforded by some digital currencies and reliance on technology makes this an “attractive method of sanctions evasion and revenue-raising to proliferation actors”.[13]

For example, virtual assets may be used to settle obligations between overseas counterparties, hold value temporarily during trade transactions, or bridge payments across jurisdictions, while the underlying goods, services and corporate arrangements remain lawful and commercially plausible.

Australia’s open and trade-integrated economy and general increase in trading in virtual assets, increase PF risks – not just for virtual asset providers, but for all businesses.

Accordingly, Risk Registers for virtual asset providers should consider factors such as:

  • unregulated or offshore peer-to-peer (P2P) trading
  • a customer’s limited face-to-face interactions
  • a customer’s deliberate evasion of AML/CTF controls
  • the speed and urgency in which transactions are requested.

This risk is amplified by the growing use of stablecoins – cryptocurrencies pegged to assets like the US dollar – which offer liquidity and price stability, making them well‑suited to trade‑like activity and increasing the potential for PF exploitation of financial and trade systems.[14]

For example, stablecoins may be used to settle cross‑border payments linked to dual‑use goods, route funds through multiple wallets or jurisdictions to obscure origin and destination, or facilitate transactions with counterparties in sanctioned regions via decentralised platforms – heightening the risk of PF exploitation.

4. Implications: Personnel, outsourced arrangements and third parties

The use of outsourced providers and third‑party arrangements introduces additional PF risk where there are gaps in oversight, visibility or control implementation. This risk is heightened where AI is deployed without proper supervision, potentially undermining onboarding, monitoring or verification processes.

These issues are amplified in reporting group structures, where responsibilities span multiple entities. Weaknesses in one system or control environment can, therefore, extend across different businesses, designated services and industries.

Where AI forms part of AML/CTF controls, reporting entities should implement robust AI governance processes, including clear accountability, human oversight in higher‑risk scenarios, and effective testing and assurance processes to address known limitations and potential manipulation. Failure to do so may compromise a reporting entity’s ability to meet its AML/CTF obligations.

In this context, businesses should consider:

  • how AI-related risk is identified and managed
  • how internal and external systems detect AI misuse or fraud
  • what oversight and control frameworks are required for AI deployment
  • whether outsourcing arrangements adequately address AI, fraud and privacy risks
  • how KYC processes are adapted to address AI-enabled risks and identity fraud.

Next steps

The AML/CTF reforms are here – now comes the real test and focus the shift to execution: do your controls effectively manage PF risk? Entities must not only implement controls to manage PF risks, but ensure that they are operating effectively in a rapidly shifting environment shaped by regulatory change, new payment channels and AI – and rising AUSTRAC expectations.

Practical next steps we suggest include:

  • understanding the PF risks specific to your business and industry
  • ensuring your policies and procedures reflect your up-to-date AML/CTF obligations, and also consider PF risk
  • mapping and monitoring your relevant Risk Register
  • upskilling personnel through training
  • reviewing your controls, disclosures or conflict management settings.

If you would like guidance on reviewing your AML/CTF policies, procedures, outsourcing arrangements or AI policies our team can assist. We regularly support reporting entities of all industries and can help you identify and address any gaps in your obligations.

Author: Tali Borowick (Lawyer)

Require further assistance?

Contact Us Our Expert Team Our Training

[1] AUSTRAC releases updated risk snapshot of Australia’s financial crime landscape | AUSTRAC.

[2] FATF (2021), Guidance on Proliferation Financing Risk Assessment and Mitigation, FATF, Paris, France,

https://www.fatf-gafi.org/publications/financingofproliferation/documents/proliferation-financing-risk-assessment-mitigation.html.

[3] AUSTRAC releases Australia’s first national proliferation financing risk assessment

[4] Ibid (n 2).

[5] Ibid.

[6] FATF (2025), Complex Proliferation Financing and Sanctions Evasion Schemes, FATF, Paris,

https://www.fatf-gafi.org/content/fatf-gafi/en/publications/complex-proliferation-financing-sanctionsevasion-

schemes.html.

[7] Ibid.

[8] Ibid (n 1).

[9] Ibid.

[10] Sanctions risks from misuse of AI and new technologies | Australian Government Department of Foreign Affairs and Trade.

[11] AUSTRAC – Money laundering update 2026.

[12] Ibid.

[13] Ibid (n 2) page 35.

[14] Ibid.

Related Insights

“Fees for no service” – Still a hot topic

Wednesday, 29 Apr 2026
image description

Rachel Erlich

Special Counsel

One of the significant findings from the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Royal Commission) was that Australians were being charged “fees for no…...

Read more
Load more insights