You have seen the headlines. Suspected fraudulent home loans running into the billions, and a cast that goes well beyond brokers: accountants supplying false income documents, real estate agents, conveyancers, referrers, and at times people inside the lenders themselves. It is a multi-party problem moving through the whole lending chain.
The easy way to read it is as a broker problem, and to feel quietly relieved that your people are good. But that is not the question the moment is actually putting to you.
The regulator has been blunt about it. ASIC has named mortgage brokers a priority, has said misconduct by a broker will not always be obvious to their customers, and is looking closely at how licensees and aggregators supervise their brokers. Read those together and the headlines stop being about whether one of your brokers is a fraudster. They start asking every ACL holder something simpler and more uncomfortable: do you actually know what is moving through your brokers' files, and could you show it?
This is general information, not advice, and it is not a guide to catching fraud. No article and no service can promise that. It is about what oversight looks like when the spotlight is on the people who run broker networks.
The headlines are a supervision story, not a broker story
The reporting makes the breadth clear. The serious cases are not lone rogue brokers. They pull in document providers, introducers and professional facilitators across the chain, and increasingly the falsified payslips and statements are AI-generated, which is why this is not slowing down. The industry reported preventing more than $1.5 billion in fraudulent credit applications across 2025, according to Equifax, and that is the fraud that got stopped.
For an ACL holder, though, the exposure is not really the fraud itself. It is whether you can show you took reasonable steps to know what your brokers were doing. That is the thread running through everything the regulator has said. ASIC is reviewing how aggregators audit and supervise their brokers, and its message to licensees is the one worth pinning above your desk: a low complaint count is not evidence of low risk, because the misconduct that matters most is often the kind a customer never sees and never complains about.
Why "my brokers are good people" is not the answer
Start with what is true. The overwhelming majority of brokers are exactly what you think they are, and this is not an argument for treating your network as a room full of suspects. Scapegoating brokers is both unfair and a distraction from where the organised risk actually sits.
But two things make trust, on its own, a weak supervision position. The first is that the obligation was never to trust. Under the National Credit Act the licensee has to take reasonable steps to ensure its representatives comply, maintain adequate arrangements and systems, keep a written compliance plan and keep records of what it monitored. That is s47 and the conduct ASIC sets out in RG 205. Trust is not one of the items on that list, because trust is not evidence.
The second is that the risk often does not look like your broker at all. The weak point can be a document that arrived from an accountant or a referrer, or an identity that is not what it appears to be. A broker can be entirely honest and still be the channel through which a manufactured file reaches a lender. So the real question is not whether you trust your people. It is whether you can see what is moving through their files, and prove that you looked.
What oversight actually looks like, and what it does not promise
Be honest about the ceiling first. No licensee, and no service, can promise to catch every fraud, least of all when the documents are AI-generated and convincing. Brokers are not forensic document examiners, and neither is anyone reviewing a file after the fact. What good oversight does is narrow the blind spots and give you something to show. Three parts to it.
The first is seeing your network as a whole, not just file by file. Patterns live at the network level: lender concentration, a broker's volume jumping, turnaround times, commission patterns that sit outside someone's normal profile. And here is the part that matters most, because it is where this tips into unfairness if you get it wrong. A pattern proves nothing on its own. A sudden jump in a broker's volume has a dozen innocent explanations: a new referral partner, a marketing push, a strong month. An anomaly is a prompt to ask a question and write down the answer. It is never a verdict. The credit bureaus make the same point about their own fraud matches, that the industry never declines on a match alone and a human always reviews. But you cannot ask the question about a pattern you cannot see, and most principals only learn about a cluster when a lender rings to tell them.
The second is chain of custody. Knowing where each document in a file came from, and sourcing it directly wherever you can, through open banking and the like, so there is less room for a manipulated document to slip through. It is a front-line control that sits with how your brokers work, not with a report you read afterwards.
The third is an independent look. An aggregator checklist and your own internal sign-off are not the same as an independent audit of what is actually in the files. An independent audit tests whether your framework holds in practice rather than whether the boxes were ticked, and it tells you what your files would show if someone else opened them. Plenty of the groups that ended up giving the regulator enforceable undertakings had never had a genuinely independent look at themselves.
None of that is a fraud filter. What it buys you is visibility, the ability to ask the right question early and a record. The protection is that you can see, and that you can show.
The trail is the point
When the regulator comes asking, and in this climate that is a when rather than an if, the question is not did a broker do something wrong. It is what did you do to know. The only answer that holds is evidence: file notes, the reasoning behind a recommendation, a record of what you monitored and what you did on the occasions something looked off. ASIC has been pointed that inadequate record-keeping is exactly where licensees fall short, and the absence of complaints will not cover the gap, because the misconduct that counts is the kind the customer never sees. The supervision trail is not paperwork for its own sake. It is the thing that answers the question.
The question the headlines are really asking
So strip the headlines back to what they put in front of you. Not whether one of your brokers is a fraudster. The question is whether you could show, today, that you know what is moving through your network's files, and that you looked. If the honest answer is that you trust your people and hope for the best, that is precisely the gap the spotlight is built to find. Good oversight has never been about suspecting your brokers. It is about being able to answer for them.