On the ground at FFCA 2026

As AUSTRAC CEO Brendan Thomas made clear in his opening keynote: digital crime doesn’t stay digital. It always ends in the real economy. For AU-focused institutions, the scale of crypto-enabled financial crime is easy to underestimate, the international speakers at FFCA 2026 shifted that picture fast. Criminal networks are laundering funds across eight or more jurisdictions through scam factories, shell companies, peer-to-peer platforms and hybrid methods that blend crypto and traditional channels.

Red flags to watch for: multiple citizenship profiles acquiring local assets, South-East Asian gaming activity, unusually large yields, and peer-to-peer and hybrid laundering patterns. The sanctions environment is tightening with the first Russian crypto provider sanctioned in February 2026. Review your transaction monitoring rules with crypto typologies in mind, understand both direct and indirect sanctions exposure, and document your risk appetite decisions clearly.

Criminal money moves offshore in near real time, flowing across telecoms, banks, crypto and peer-to-peer simultaneously. Our frameworks remain siloed by institution, sector and team. Fraud and financial crime teams are often separated, despite fraud being a predicate offence for money laundering and both disciplines working from the same underlying data. Bringing them together makes operational sense.

Data consortiums came up repeatedly as the direction of travel: shared typology intelligence, collective mule detection, and closer collaboration between banks and telecoms. Regulatory guidance on safe data sharing is expected. In parallel, AUSTRAC is moving towards a more risk-based approach and there was a firm call from the floor for clearer regulatory prioritisation, so institutions can focus limited resources where they matter most.

AI ran through almost every presentation, and the central tension was stark: criminal investment in AI is outpacing the banks. Synthetic identities are changing the risk equation across APAC, and detection algorithms are struggling to keep pace. Practical examples of what good looks like are emerging, data-driven approaches to identify mule accounts, detect micro money laundering, and use environmental cues like liveness checks and IP verification to catch manipulated onboarding.

The non-negotiable message: AI must be explainable and auditable. Compliance needs a seat at the table when models are built, not after. Get your data foundation right first, yesterday’s data needs to be usable today. Build governance around your model, document decisions thoroughly, and tune continuously. As one speaker put it, all forms of financial crime are evolving and AI is making that evolution faster and less predictable. ‘Fit for purpose over perfection’ was the mantra.

Three actions to take away from FFCA 2026:

• Review your digital asset and crypto typologies. Update your transaction monitoring rules for cross-border and crypto risk, and document your risk appetite decisions.
• Break down your silos. Bring fraud and financial crime into the same conversation and prepare for data consortium models, regulatory guidance is coming.
• Get your AI governance in order. Explainability and auditability are the baseline. Compliance in from the start, data kept current, models continuously tuned and documented.

If any of these conversations are live in your institution right now, we’d love to talk. Get in touch with the ThirdEye team.

This blog is based on the March 2026 episode of ThirdEye View, hosted by Jing Zhang, Business Development Manager, and Colin Dixon, CAMS-certified AML Solutions Specialist at ThirdEye.