Mongolian fintech pioneer chooses ThirdEye to power its Australian compliance operations.
Insider threat is one of the most underestimated risks in financial services, not because it’s rare, but because it comes from people who already have access to your systems, your customers, and your trust.
This month on ThirdEye View, Jing Zhang and Colin Dixon bring our UK team’s insider threat findings into an Australian and New Zealand context. The UK team has produced a webinar, blog and guide worth exploring in full. What we add here is local relevance and practical steps you can take right now, without new technology.
The scale of the problem
In one survey, 1 in 8 respondents admitted to selling company login credentials. That is not a fringe issue. We might assume Australia and New Zealand are different. Smaller organisations and closer teams, but that assumption is more about comfort than evidence. In a tough economic climate, the temptation to act against an employer’s interests increases.
The regulatory expectation is already clear: both AUSTRAC and New Zealand’s AML framework require firms to address all material risks in their AML programme, and that includes insider risk. Useful local guidance is available from both AUSTRAC and the New Zealand Serious Fraud Office — links below.
Know your colleague
Apply your KYC logic internally. Hiring a new colleague is not unlike onboarding a new customer. Remote hiring carries higher risk, just as remote customer interactions do. Yet most organisations apply far less scrutiny to new employees than to new customers. The identity verification tools your team already uses — liveness checks, document validation, PEP and sanctions screening — can and should be applied at the hiring stage.
And just as a low-risk customer can become a bad actor over time, so can a colleague. Financial pressure, personal difficulties, external coercion — any of these can alter behaviour. Ongoing monitoring matters just as much as the initial check.
What your existing systems can already detect
Make sure your data captures who performed a transaction, not just what happened. That single addition unlocks meaningful analytical capability. Patterns worth flagging include:
A transaction performed outside a colleague’s normal working hours. A withdrawal from a dormant account where the destination account was recently changed. A customer who always uses the same colleague, which may reflect a trusted relationship, but could also indicate collusion or unauthorised access. As with all AML rules, a rule detects the pattern; a human makes the call.
One simple but effective control: prevent colleagues from transacting on their own accounts. This requires only a staff identifier on the customer record and a matching rule. Easy to implement, and harder to abuse.
The home working dimension
In an office, a colleague browsing through large numbers of accounts would likely be noticed. At home, that activity is invisible, unless your system records account views, not just updates. If it does, you can detect unusual browsing behaviour. When that precedes a withdrawal from a dormant account, the combination becomes a significant signal.
Don't overlook your financial crime team
Analysts who assess alerts are in a particularly sensitive position. A compromised analyst can close an alert without suspicion ever being raised. Structured spot checks, even if you cannot review everything, catch problems and create a deterrent.
Insider threat also belongs in your risk assessment. Identify the risks, assess likelihood and impact, and put controls in place. Keep one distinction clear: deliberate misconduct and unintentional mistakes require different responses, training addresses the latter, controls address the former.
Most colleagues behave well. These measures are not about distrust, they are the infrastructure that lets you act quickly when someone does not.
This blog accompanies the May 2026 episode of ThirdEye View, hosted by Jing Zhang and Colin Dixon, CAMS-certified AML Solutions Specialist at ThirdEye.
