Superannuation Fraud Prevention in Australia: What Trustees Must Prioritise in 2026

FrankieOne
Super

Superannuation Fraud Is Escalating and Trustee Expectations Are Rising

Superannuation fraud prevention has become one of the most urgent challenges facing Australian trustees. With more than $4.1 trillion in member savings, increasing digital access, widespread identity data compromise, and generally low member engagement, superannuation has emerged as a highly attractive target for sophisticated fraudsters.

These conditions have created a perfect storm. Large, long-term balances intersect with access pathways that were never designed for today’s threat environment, while attackers increasingly specialise in exploiting weaknesses across identity controls, rollover processes, and withdrawal workflows.

At the same time, the nature of fraud itself is changing. AI-enabled scams including deepfake voices, synthetic identities, hyper-personalised phishing, and scalable Fraud-as-a-Service models are rapidly outpacing traditional, rules-based defences. Attacks that once required significant effort can now be launched at scale, with speed and precision that dramatically shortens response windows.

Regulatory expectations are rising just as quickly. Across FSC 29, ASIC guidance, AFSA’s minimum fraud controls, and the proposed Scam Prevention Framework, trustees are being asked to take a far more proactive, accountable, and coordinated approach to superannuation fraud and scam prevention as the sector moves toward 2026.

A Regulatory Shift That Redefines Fraud Prevention in Super

Looking ahead to 2026, the regulatory direction for superannuation is clear: fragmented fraud controls are no longer sufficient. Trustees are expected to adopt a coordinated, intelligence-driven approach that treats scam prevention as a strategic capability, not just an operational safeguard.

FSC 29 formalises many expectations that were previously applied inconsistently across the industry. It introduces clear requirements around dedicated fraud and scam policies, enhanced controls for high-risk transactions, defined incident response protocols, and annual board-level attestation. While the standard takes full effect on 1 July 2026, the expectation is that funds are already well into implementation.

ASIC has reinforced this urgency through its guidance to trustees, highlighting that many funds still lack a dedicated scam strategy. The regulator has raised concerns about over-reliance on general fraud frameworks that were not designed for today’s evolving threat landscape, calling for clearer governance under the Financial Accountability Regime and stronger oversight of administrators and service providers.

AFSA’s minimum fraud controls, effective from August 2025, further raise the baseline. Mandatory multi-factor authentication, electronic identity verification, ongoing member validation, and alerts for high-risk actions reflect a decisive shift toward continuous verification rather than one-off checks.

While the Scam Prevention Framework initially applies to banks, telcos, and digital platforms, superannuation is widely expected to follow. The direction of travel is unmistakable: stronger prevention duties, coordinated intelligence sharing, and meaningful consequences where organisations fail to meet their obligations.

Where Fraud in Superannuation Continues to Succeed

Despite increased awareness and regulatory focus, fraud in superannuation continues to succeed across four critical areas: account access, rollovers, withdrawals, and the use of mule accounts to move and launder stolen funds.

Unauthorised account access remains a common entry point. Phishing, credential-stuffing, and SIM-swap attacks enable fraudsters to take control of member accounts and quietly make changes that set the stage for more serious downstream activity. These changes often go unnoticed due to infrequent member engagement and limited real-time monitoring.

Rollovers have become an increasingly attractive target. Scammers rely on impersonation, social engineering, fake SMSFs, and deepfake-enabled identity fraud to redirect funds before trustees or members are aware that anything is wrong. Once initiated, these transactions can be difficult to unwind.

Withdrawals pose the greatest financial risk. False hardship claims, forged documentation, and highly persuasive manipulation tactics can result in irreversible losses once funds leave the system. The speed of modern digital payments significantly reduces the window to detect and intervene.

Mule accounts play a critical enabling role across all three stages. Fraudsters increasingly rely on networks of money mules - both witting and unwitting - to receive, move, and disperse stolen superannuation funds. These accounts are often held by individuals recruited through scams or coercion, making transactions appear legitimate and fragmenting the flow of funds. This layering obscures detection, complicates recovery, and allows fraud to scale rapidly.

These risks are not new, but the scale, automation, and sophistication behind them continue to accelerate as 2026 approaches.

From Reactive Controls to Proactive Scam Prevention

As trustees look toward 2026, effective superannuation fraud prevention must move beyond reactive controls and become a core strategic capability.

A dedicated scam prevention strategy is now essential. Regulators have been clear that its absence represents a material gap. This strategy must go beyond documentation to include clearly defined accountability aligned to FAR, consistent expectations across administrators and service providers, and regular testing against emerging scam typologies.

Identity verification is another critical pillar. The sector is steadily shifting toward layered assurance models that combine multi-factor authentication, electronic identity checks, behavioural signals, and contextual risk indicators. In banking, identity has long been treated as the primary security perimeter. Superannuation is now being pushed firmly in the same direction.


Supporting Trustees With Modern Fraud Prevention Platforms

As regulatory expectations rise and fraud tactics continue to evolve, trustees need modern platforms that can support stronger, more adaptive fraud prevention across the member lifecycle.

FrankieOne enables superannuation funds to strengthen identity verification, orchestrate controls for high-risk transactions, and apply real-time, risk-based fraud prevention. Through a single integration, the platform connects to hundreds of global data sources, including government identity systems, allowing funds to apply proportionate controls based on the transaction type and assessed risk.

For trustees navigating obligations under FSC 29, AFSA requirements, ASIC guidance, and emerging scam prevention frameworks, this approach supports a shift away from fragmented controls toward a unified, identity-led strategy designed for 2026 and beyond.

2026 Will Be a Defining Year for Superannuation Fraud Prevention

As the sector moves closer to full FSC 29 implementation, fraud and scam risks continue to escalate, regulatory scrutiny is intensifying, and member trust is increasingly tied to how effectively funds protect retirement savings.

Trustees that act early with a clear scam strategy, stronger identity assurance, and proactive monitoring, will be far better positioned to meet regulatory expectations and protect members in an increasingly complex threat environment.

Assess Your Readiness for 2026

If you’re reviewing your superannuation fraud and scam prevention strategy, or assessing what the transition toward full FSC 29 compliance means for your fund, FrankieOne can help you identify gaps and prioritise next steps with confidence.