AUSTRAC Warns Banks Against Low-Value AI-Generated Financial Crime Reports

Australia’s financial intelligence agency AUSTRAC has warned banks to avoid flooding the regulator with AI generated suspicious matter reports that are long on text but light on actionable intelligence. The message, reported in Australian media this week, puts the spotlight on a newer use of AI in financial crime teams: large language models drafting the narrative and supporting context for reports, not just analytics detecting unusual transactions.

The practical takeaway is simple. Automation can help speed up reporting, but banks remain responsible for accuracy, relevance, and usefulness. AUSTRAC’s concern is that generative AI makes it cheap to produce high volumes of documentation, and that can create more “noise” for investigators if it is not tightly governed.

What Happened

In reporting published 26 December 2025, AUSTRAC acting CEO Katie Miller said the agency is watching how banks use AI and wants to avoid a surge of low value submissions generated at scale. The same reporting said AUSTRAC has not yet formally queried banks about AI use through its latest industry questionnaire, but is engaging with institutions as AI adoption accelerates across the sector.

The report also described AUSTRAC’s concern about some banks using AI for bulk drafting of suspicious matter reports, and said at least one major institution was reprimanded in a private meeting over how it used AI for report drafting (attributed to industry sources). Because this element is sourced to media reporting and unnamed industry sources, it is best treated as a signal of supervisory tone rather than a confirmed enforcement action.

Suspicious Matter Reports Are Time Critical

Suspicious matter reports, or SMRs, are one of AUSTRAC’s key inputs for financial intelligence that supports law enforcement. AUSTRAC’s guidance is explicit that timing is critical:

• Within 24 hours if the suspicion relates to terrorism financing

• Within 3 business days for other suspicions such as money laundering

AUSTRAC also warns that disclosing you have submitted (or must submit) an SMR can be “tipping off”, which is a criminal offence. That confidentiality pressure is one reason banks tend to formalise report writing tightly, even before generative AI entered the picture.

This is where the AI angle becomes front and centre. Generative AI can reduce the time needed to draft narratives and summaries. But if it produces generic or repetitive text, or if it encourages “report more just in case”, it risks undermining the very thing SMRs are supposed to provide: clear, specific, decision ready intelligence.

From Detection Models to Narrative Generation

Banks have used automation in financial crime for years. Rules engines and machine learning commonly flag unusual behaviour for analysts to review. What has changed recently is the mainstream availability of large language models that can generate fluent text on demand.

That creates a new temptation: use AI not just to identify suspicious activity, but to write the report narrative quickly, possibly for many cases in parallel. AUSTRAC’s warning targets this “text generation at scale” behaviour rather than traditional anomaly detection.

A useful real world example comes from Bendigo and Adelaide Bank’s recent technology announcements. In late November 2025, iTnews reported the bank planned organisation wide access to Gemini Enterprise and also referenced deployment of Google Anti Money Laundering AI as part of broader compliance and customer protection efforts.

This matters because it shows how quickly generative AI tools and financial crime tooling can sit side by side in a bank’s stack, and why regulators want clarity on how the workflow is governed end to end.

AUSTRAC Is Also An AI User?

AUSTRAC is not anti AI in principle. In fact, AUSTRAC has published an Artificial Intelligence Transparency Statement, outlining how it uses AI and the controls it applies. The agency says it aims to adopt AI to support its regulatory and intelligence capabilities while ensuring humans remain a key part of decision making.

The same statement says AUSTRAC makes limited use of public generative AI tools for workplace productivity, applies protective security controls to prevent sensitive information being entered into public systems, and notes it has not deployed AI that interacts with the public or makes administrative decisions without human intervention.

That context helps explain AUSTRAC’s posture with banks: the regulator is effectively signalling that governance, controls, and accountability must keep pace with capability, especially when the output is a regulated report that may drive law enforcement action.

Bendigo and Adelaide Bank Actions Put Non-financial Risk Management in Focus

AUSTRAC’s warning also lands during a heightened period of scrutiny on bank risk management.

On 18 December 2025, APRA and AUSTRAC announced coordinated actions addressing weaknesses at Bendigo Bank following an independent Deloitte review into suspected money laundering at a branch. APRA required a root cause analysis beyond AML issues and imposed a 50 million dollar operational risk capital add on, while AUSTRAC commenced an enforcement investigation into compliance with the AML and CTF Act.

Bendigo Bank’s own statement confirmed the capital charge is effective 1 January 2026, and that AUSTRAC identified serious potential contraventions and commenced an enforcement investigation, while noting AUSTRAC had not decided on any enforcement outcome at that time.

While this is separate from the AI generated reporting concern, it reinforces why banks are sensitive to AUSTRAC expectations right now: regulators are explicitly focused on non-financial risk, including AML program quality and risk culture.

what Changes inside Banks If “Quality over Quantity” Becomes The Rule for AI Assisted Drafting

AUSTRAC’s warning does not automatically mean “less automation”. It points to a different kind of automation outcome: more guardrails and more human checking around AI outputs.

Here is what that usually means in practical workforce terms, without assuming any specific bank’s staffing plans:

More quality assurance and second line review

If AI makes it easy to draft reports quickly, banks may need formal QA processes such as sampling, peer review, and escalation triggers to ensure SMRs are specific, consistent, and evidence based. That shifts effort from typing to verification and judgement.

More governance work, not just operational work

Generative AI in regulated reporting raises questions about prompt control, approved templates, audit logs, model drift, and who is accountable for the final narrative. These are typically handled by compliance governance, model risk, and operational risk teams.

More training and tighter playbooks for analysts

If analysts use AI drafting tools, they need practical guidance on what must be checked, what cannot be assumed, and how to avoid vague language. In effect, the “skill” becomes less about writing quickly and more about writing precisely with defensible reasoning.

This is why AUSTRAC’s warning is better understood as job redesign pressure rather than a simple headcount story. Faster drafting is real, but the demand for review, governance, and defensible reporting can rise at the same time.

Other Financial Intelligence Regimes Are Also Pushing for Higher Value Reporting

AUSTRAC’s quality message aligns with themes seen overseas, even if the regulatory frameworks differ.

In the United States, FinCEN and several banking agencies issued updated SAR FAQs on 9 October 2025 aimed at clarifying requirements and helping institutions focus compliance resources on activities that provide the greatest value to law enforcement and authorised government users.

In the United Kingdom, the UK Financial Intelligence Unit published new SAR best practice guidance in November 2025, with the Law Society highlighting new guides covering SAR portal use, submitting a SAR, and DAML and DATF processes, and noting the guidance replaces previous versions. The UK Gambling Commission also told licensees the new UKFIU guidance replaces prior versions and should be reviewed.

Different jurisdictions, similar direction: regulators want reporting that is timely and compliant, but also useful, and not bloated by low value activity that consumes resources.

License This Article

Source: The Australian, AUSTRAC, IT News, APRA, Bendigo Bank, Fincen, The Law Society