Too Busy to Read? We’ve Got You.
Get this blog post’s insights delivered in a quick audio format — all in under 10 minutes.
This audio version covers: AI-Driven Mortgage Fraud Is Here: A Broker’s Playbook to Protect Your Accreditation
Australia’s mortgage-fraud problem has found a powerful new accomplice: artificial intelligence. ASIC has issued an open letter warning that AI is reshaping the cyber threat landscape, lowering the barrier for criminals and accelerating the scale and complexity of attacks, as fabricated payslips and doctored bank statements push estimated fraudulent lending across the big four towards $3 billion. For brokers, this isn’t an IT worry — it lands in your inbox as a referral, and puts your accreditation on the line.
Key Takeaways
- ASIC says the risk is here now. Commissioner Simone Constant has warned boards and executives that AI-driven cybercrime is “here now, evolving quickly” — not a distant or hypothetical threat.
- The numbers are eye-watering. Estimated fraudulent loans across the big four have ballooned to around $3 billion, with CBA flagging up to $1 billion of home loans on its books that may have been obtained fraudulently.
- Brokers are being caught in the net. Charges have been laid, ASIC is investigating brokers linked to major groups including LMG and Finsure, and some lenders have suspended or terminated accreditations en masse.
- The referrer channel is the weak point. Most broker exposure so far traces back to false income slips and doctored employment records passed on via referrers.
- Documentation is your best defence. Independently verifying identity and income — and filing evidence of every step — protects your accreditation and directly supports your Best Interests Duty obligations.
In this article
ASIC sounds the alarm
In an open letter aimed squarely at boards and executives, ASIC Commissioner Simone Constant has warned that artificial intelligence is fundamentally reshaping the cyber threat landscape — lowering the barrier to entry for criminals and accelerating the scale and complexity of their attacks. For a broking industry that runs on trust, documents and identity, the message could not be more direct.
“This is not a distant or hypothetical risk. It is here now, evolving quickly and requires the attention of boards and executives.” — Simone Constant, ASIC Commissioner (ASIC open letter)
Constant’s blunt advice was not to sit on your hands until the picture clears: “Do not wait for perfect clarity to address the threat posed by new AI models. Instead, act now, and act with discipline, to strengthen the cyber resilience fundamentals that underpin your business.” Translated for a mortgage broker, that means tightening verification, hardening your systems and treating every document with fresh scepticism — before a fraudulent file becomes your problem.
The $3 billion problem
Mortgage fraud in Australia has quietly grown from a nuisance into a multi-billion-dollar systemic issue. Estimates of fraudulent loans across the big four banks have ballooned to around $3 billion — a figure large enough to register on the radar of regulators and boards alike.
The Commonwealth Bank sits at the centre of the storm, understood to believe up to $1 billion of home loans on its books may have been obtained fraudulently. ASIC has confirmed it is “making compliance inquiries” into the alleged fraud, and has flagged money laundering as “a real emerging issue” — a phrase that should make every principal broker sit up straight.
The point for brokers isn’t the number itself but what it signals: lenders and regulators are now hunting for the fingerprints of fraud in loan books. When that hunt reaches a file with your name on it, the questions will be about what you checked and what you documented.
How AI fabricates an entire borrower
What makes this wave different from the old-school photocopied-payslip rort is the sophistication. Generative AI now lets bad actors fabricate an entire borrower profile from scratch — and make it look convincing.
The toolkit includes:
- Fake employment histories — invented employers, roles and tenure designed to survive a casual sniff test.
- Manipulated financial records — profit-and-loss statements, tax documents and account histories altered to paint a serviceable picture.
- Doctored payslips and bank statements — polished enough to slip past traditional, eyeball-only verification.
The uncomfortable truth is that many manual checks brokers have relied on for years were built for a world of clumsy forgeries. AI-generated documents are a different beast: internally consistent, correctly formatted and free of the tell-tale errors that used to give the game away. If your process assumes a fraudster will slip up, that assumption is now a liability.
The referrer blind spot
Here is the good news, and the catch. So far, broker involvement in this fraud wave appears to be concentrated not in brokers cooking the books themselves, but in the documentation being fed to them — most often through referral partners.
The pattern is familiar: a referrer introduces a client, then supplies the supporting paperwork. False income slips, doctored employment records and manipulated statements arrive pre-packaged, and a busy broker under settlement pressure passes them up the chain. The fraud originates upstream, but if it is approved on your recommendation, the compliance exposure flows straight back to you.
That makes referrer risk the single most important area for brokers to lock down. A referral relationship that delivers volume is an asset — right up until it delivers a fabricated file. Knowing exactly who your referrers are, how they source clients and whether their documents stand up to independent checks is no longer optional. It is front-line fraud control.
Charges laid, accreditations lost
This is not a theoretical debate playing out in a regulator’s discussion paper. Enforcement is already underway. A Sydney-based lawyer and a Melbourne accountant have been charged, and authorities are investigating brokers linked to major aggregation groups including LMG and Finsure.
Lenders are not waiting for the courts. Some banks have moved to suspend or terminate broker accreditations en masse where they suspect exposure — a reminder that a lender’s risk appetite can end your relationship long before any finding of wrongdoing. Losing a key lender accreditation is not a slap on the wrist; it can gut your ability to write competitive deals overnight.
The lesson: proximity to fraud, even unwitting, carries consequences. When a lender or aggregator starts pulling a thread, brokers who can’t demonstrate a clean, documented verification trail are the most exposed.
The deepfake frontier
If fabricated documents are the current battleground, impersonation is the next one. AI voice and video cloning have advanced to the point where the person on the other end of a call or video verification may not be who they appear to be.
“There’s a lot of client impersonation: AI generated voice and video cloning, which means a call or video from someone who sounds and looks like your client may not actually be them. This is a real concern that will only worsen.” — Rory Sercombe, Own Home Loans (via Australian Broker)
For brokers who have leaned into remote verification since the pandemic, that is genuinely unsettling: a video ID check feels rigorous, but a convincing deepfake can defeat it. The takeaway isn’t to abandon remote processes — it’s to stop treating “I saw them on video” as the end of the identity question. Layered checks and independently sourced contact points are now part of the job.
What it means for your accreditation
Strip away the technology and the stakes for brokers come down to three blunt consequences:
- Compliance breaches — a fraudulent application approved under your watch can put you offside with responsible lending obligations and your credit licence conditions.
- Reputational damage — in a referral-driven industry, being associated with a fraud file can quietly close doors with lenders and aggregators that never fully reopen.
- Loss of licences and accreditations — the most serious outcome, and one already playing out as lenders cut ties with brokers they view as a risk.
Crucially, ignorance is a weak defence. Regulators and lenders will ask what a reasonable, diligent broker should have caught. If a fabricated payslip was obvious on closer inspection, or an employer couldn’t be independently confirmed, “the referrer gave it to me” won’t carry you far.
Your broker defence playbook
ASIC has published 12 practical steps to lift cyber resilience. Several translate directly into a broker fraud-defence playbook. Here is what to put in place now:
- Reassess your verification plan. Review how you check identity, income and employment, and focus your effort on the highest-risk points — new clients, referrer-sourced deals and anything that feels rushed.
- Independently verify identity and income. Don’t rely solely on documents handed to you. Confirm employment by calling the employer on an independently sourced number — not the one printed on the payslip — and cross-check bank statements against the story the file is telling.
- Scrutinise referrer-supplied documents. Treat paperwork that arrives pre-packaged from a referrer with extra care. If you cannot verify it yourself, it is not verified.
- Watch for impersonation. In phone and video verification, stay alert to voice-clone and deepfake red flags — audio that doesn’t quite sync, reluctance to complete additional checks, or details that don’t match earlier conversations.
- Review and restrict access. Limit who in your business can touch client files and lodge applications. Insider misuse is a real vector, and tight access controls are basic hygiene.
- Actively manage third-party risk. Know your referrers, understand how they source clients, and be willing to walk away from a channel that can’t withstand scrutiny.
- Use AI defensively — and keep an incident-response plan. The same technology fuelling fraud can help detect anomalies in documents and data. And if you suspect a file is compromised, know exactly who you escalate to and how.
Above all, when something doesn’t sit right, raise it. Blake Buchanan, general manager of Specialist Finance Group, puts the protective logic plainly.
“If brokers follow safe protocols, do their due diligence and raise any concerns with their aggregator around client or documentary authenticity, you will be better protected against losing accreditations, suffering financial penalties or worse.” — Blake Buchanan, Specialist Finance Group (via Australian Broker)
Why documentation is your BID shield
The 2017 Financial Services Royal Commission reshaped broking and ushered in the Best Interests Duty — the obligation to act in the best interests of your clients. Fraud defence and BID pull in the same direction: both demand that you genuinely understand and verify the customer in front of you, rather than waving a file through.
That is why documentation is the single most valuable habit you can build. Every time you confirm an employer on an independent number, reconcile a bank statement, or flag a doubt to your aggregator’s compliance team, write it down and file the evidence. A well-documented trail does two jobs: it stops fraudulent files progressing, and it proves — after the fact — that you did the work a diligent broker should. If a lender or ASIC comes asking, that file is the difference between a clean bill of health and a fight to keep your accreditation.
As Buchanan notes, the technology isn’t going anywhere: “AI is here to stay. So we need to ensure that we remain vigilant about how it can be used by bad actors.”
The Bottom Line
AI-driven mortgage fraud has crossed the line from emerging threat to present-day enforcement risk. With an estimated $3 billion in fraudulent lending across the big four, ASIC making compliance inquiries and lenders already pulling accreditations, the brokers most exposed are those who trust documents at face value and keep no record of their checks.
The defensive playbook is not complicated, but it is non-negotiable: independently verify identity and income, treat referrer-supplied paperwork with suspicion, stay alert to deepfake impersonation, escalate any doubt to your aggregator, and document everything. Watch for the CBA inquiries to widen, for more charges and accreditation terminations, and for lenders to tighten their own verification demands on the broker channel. In this environment, a paper trail isn’t red tape — it’s the cheapest insurance policy you’ll ever hold.
Sources: Australian Broker — “ASIC sounds alarm as AI-driven mortgage fraud accelerates”, ASIC 2026 risk outlook / open letter (Commissioner Simone Constant).
Disclaimer: This article is for general information and professional development purposes only. It does not constitute legal, compliance, or financial advice. Brokers should consult their aggregator’s compliance team and, where required, seek independent legal advice regarding their obligations under the National Consumer Credit Protection Act 2009 and ASIC’s responsible lending guidelines.

