Cross-Examined

The Law Institute of Victoria

The law never stops evolving. Now, Victorian lawyers have a new way to stay informed. Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts on hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. To make sure you don’t miss our first episodes, landing in early 2026. Find and subscribe to Cross-Examined on your favourite podcast app today.

  1. 5 days ago

    Lawyers and AML/CTF enforcement: Two decades of lessons from the UK

    Episode Summary: Most AML/CTF enforcement action against lawyers does not stem from deliberate wrongdoing, but small everyday decisions that go unchallenged and unchecked. This episode explores UK enforcement cases to show how Australian practitioners can recognise risk earlier, strengthen compliance and avoid the mistakes of their UK counterparts. Guest: Dr Katie Benson, Senior Lecturer in Criminology, University of ManchesterAssociate Fellow, RUSI Centre for Finance and Security, with a background in UK law enforcementExpert in the role of lawyers in facilitating illicit finance and regulatory responseswww.linkedin.com/in/katie-benson-b36029a4/ | research.manchester.ac.uk/en/persons/katie.benson Host: Artemis Evangelidis, Law Institute of Victoriapodcasts@liv.asn.au | www.linkedin.com/company/law-institute-of-victoria Episode Overview: Drawing on UK’s AML/CTF enforcement cases against lawyers, this episode examines how the decisions and actions in day-to-day legal practice can lead to serious legal consequences. It highlights key risk areas, including client account compliance, property transactions and source of funds due diligence. Dr Katie Benson brings a research-driven perspective, grounded in case analysis and industry interviews, to explain how situational pressures and organisational context shape decision making. For lawyers preparing for AML/CTF compliance Australia, this episode provides practical guidance on identifying early warning signs, avoiding complacency and strengthening firm-wide risk management practices. Topics & Timestamps: 00:04 Intro and AML reforms context01:02 Types of AML enforcement cases involving lawyers03:00 Criminal and regulatory pathways05:00 High-risk areas including property and client accounts09:27 Differences in culpability and enforcement outcomes14:58 Red flags and suspicious client behaviour19:45 Practical guidance for Australian lawyers23:31 Final reflections on risk and accountability Key Takeaways: AML/CTF enforcement action against lawyers in the UK does not often stem from deliberate misconductUK cases show client accounts and property transactions are consistent high-risk areasSource of funds and source of wealth checks are critical and increasingly scrutinisedDemonstrating active compliance, not just policies on paper, is essential[IF1]Situational pressures and firm culture influence how lawyers respond to riskEarly intervention and questioning client narratives can prevent escalationCompliance must be embedded across the firm, not left to individuals Resources & Links: LIV AML/CTF Hub – Central resource for Tranche 2 readiness and compliance guidance | www.liv.asn.au/amlhubLIV Compliance and Professional Standards – Practical guidance on regulatory obligations for lawyers | www.liv.asn.au/complianceSRA AML Annual Report – UK enforcement trends and insights into compliance failures | www.sra.org.uk/sra/research-publications/aml-annual-report-2023-24/University of Manchester profile – Dr Katie Benson – Research overview and publications | research.manchester.ac.uk/en/persons/katie.bensonAUSTRAC AML/CTF guidance – Australian regulatory framework and expectations | www.austrac.gov.auDr Katie Benson’s 2020 book, Lawyers and the Proceeds of CrimeFrom money laundering to illicit finance – Comparative research on evolving AML regulation in the UK and Australia (2025) | www.tandfonline.com/doi/full/10.1080/10345329.2024.2443702#abstractComplementarity, tension and proportionality in the anti-money laundering regulation of law firm client accounts (2026) | link.springer.com/article/10.1007/s10611-025-10252-3Occupation, organisation, opportunity and oversight: law firm client accounts and (anti-)money laundering (2024) | link.springer.com/article/10.1007/s10610-024-09581-1 About This Podcast: Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer: This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information: Produced by: The Law Institute of VictoriaProducer and audio editor: Garreth HanleyMusic: Garreth HanleyCopy and show notes: Louise Surette Connect With Us: Email: podcasts@liv.asn.auWebsite: www.liv.asn.auLinkedIn: www.linkedin.com/company/law-institute-of-victoriaApple Podcasts: podcasts.apple.com/au/podcast/cross-examined/id1858765728Spotify: open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV

    Lawyers and AML/CTF enforcement: Two decades of lessons from the UK
  2. 6 July

    Risk vulnerabilities and money laundering typologies: What lawyers need to know

    Episode Summary: What if the biggest money laundering risks in your practice looked exactly like your most routine transactions? This episode explores money laundering typologies and why criminal activity often hides in plain sight within legitimate legal work. Learn how recognising patterns – not just stand-alone red flags – can help mitigate risks for your practice. Guest: Neil Jeans, Partner, Risk Consulting, Grant Thornton AustraliaFormer financial crime investigator, regulator and AUSTRAC expert witnessSpecialist in financial crime risk and AML systems across law enforcement, banking and regulationwww.linkedin.com/in/neiljeanswww.grantthornton.com.au/meet-our-people/neil-jeans Host: Artemis Evangelidis, Law Institute of Victoriapodcasts@liv.asn.au | www.linkedin.com/company/law-institute-of-victoria Episode Overview: For lawyers now operating under the AML/CTF regime, the key risk is not deliberate involvement in financial crime, but inadvertent facilitation through routine work. Far from abstract concepts, money laundering typologies reflect real, documented methods criminals use to exploit legitimate legal services. In this episode, Neil Jeans explains how these patterns persist and why they may appear completely ordinary at the point of transaction. This episode explores practical examples, including trust account transactions, property settlements and nominee structures, to show how they can inadvertently create opportunities for criminal networks to exploit. It also examines why red flags often seem obvious only in hindsight and at what junctions applying additional scrutiny yields most benefit. Listeners will gain a clearer understanding of financial crime risk in legal practice, AML reporting obligations for lawyers, and how to identify suspicious transaction behaviours before they escalate. Topics & Timestamps: [00:12] Introduction and AML regime context[01:39] Money laundering typologies explained[04:28] Why particular legal services are attractive to criminals[06:35] Lessons from CBA and Westpac enforcement cases[09:01] How criminals approach lawyers as clients[12:06] Red flags and ambiguity in real transactions[14:06] Reporting obligations and tipping-off concerns[16:40] Key resources for understanding typologies[18:44] Final advice: applying professional judgment Key Takeaways: Criminal networks exploit legal services by making fraudulent transactions look routine and legitimateMost exposure for lawyers is inadvertent facilitation, not deliberate wrongdoingStructural factors such as trust accounts and professional credibility create money laundering vulnerabilitiesRed flags often appear plausible in real time and only stand out in hindsightAn effective way to approach unusual behaviour is to rationalise it before forming a suspicionThe AML/CTF regime creates a degree of tension between client relationships and reporting obligationsCuriosity and sound professional judgment are critical tools in identifying money laundering risks Resources & Links: Law Institute of Victoria AML resources – Guidance and updates for lawyers on AML obligations | www.liv.asn.au/amlhubLaw Institute Journal - Beyond the AML/CTF checklist | www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2026/06june/beyond-the-amlctf-checklist.aspxLaw Institute Journal – New free AML guide helps lawyers understand compliance requirements | www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2026/02february/new-free-aml-guide-helps-lawyers-understand-compliance-requirements.aspxLaw Institute Journal - AML red flags for lawyers | www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2024/09september/new_aml_regime_will_require_lawyers_to_monitor_red_flags_and_mitigate_risks.aspxAUSTRAC AML/CTF starter kit for lawyers – Risk assessments and typologies for legal practitioners | www.austrac.gov.au/industry-and-business/obligations-and-guidance/program-starter-kits/legal-profession-program-starter-kitAUSTRAC National Risk Assessment – Analysis of money laundering threats in Australia | www.austrac.gov.au/industry-and-business/education-and-resources/publications-and-resources/money-laundering-australia-national-risk-assessment-2024 About This Podcast: Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer: This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information: Produced by: The Law Institute of VictoriaProducer and audio editor: Garreth HanleyMusic: Garreth HanleyCopy and show notes: Louise Surette Connect With Us: Email: podcasts@liv.asn.auWebsite: www.liv.asn.auLinkedIn: www.linkedin.com/company/law-institute-of-victoriaApple Podcasts: www.podcasts.apple.com/au/podcast/cross-examined/id1858765728Spotify: www.open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV

    Risk vulnerabilities and money laundering typologies: What lawyers need to know
  3. 29 June

    Inside FATF: Australia’s role in the global taskforce fighting financial crime

    Episode Summary: The Financial Action Task Force, or FATF, may be the most important organisation Australian lawyers have never heard of. Its global standards underpin Australia’s AML/CTF Tranche 2 reforms, shaping how legal practices onboard clients, assess risk and help prevent financial crime. This episode explains why the regime exists, how Australia fell behind its global counterparts and the practical steps lawyers need to be taking as the reforms come into effect from 1 July 2026. Guest: Tim Goodrick, Partner, Financial Crime, KPMG AustraliaFormer Acting Director of the FATF Training and Research Institute and former financial crime policy lead at the Attorney-General’s DepartmentSpecialist in AML/CTF system design, financial crime policy and global AML standardswww.kpmg.com/au/en/contacts/g/timothy-goodrick.htmlwww.au.linkedin.com/in/timothygoodrick Host: Artemis Evangelidis, Law Institute of Victoriapodcasts@liv.asn.au | www.linkedin.com/company/law-institute-of-victoria Episode Overview: The Financial Action Task Force, or FATF, is the global standard-setter behind anti-money laundering and counter-terrorism financing laws, but its influence is often invisible to legal practitioners. This episode explains how FATF reshaped the global financial crime system, why Australia’s Tranche 2 reforms now extend AML/CTF obligations to designated services provided by lawyers, and what this means for everyday practice. Tim Goodrick outlines the practical impact of risk-based AML/CTF compliance on customer due diligence, beneficial ownership checks, suspicious matter reporting and legal professional privilege. The discussion is designed for practitioners who need to understand why the regime exists, whether they provide designated services, how to identify risk in routine work and practical steps to implementation. Topics & Timestamps: [00:04] Welcome to Cross-Examined[00:12] Episode introduction and AML/CTF Tranche 2 overview[00:54] Why lawyers need to understand FATF[01:14] FATF – the most important body you’ve never heard of[03:24] How Australia moved from model jurisdiction to compliance gaps[07:05] Real-world harms the AML/CTF regime is designed to prevent[09:06] What Tranche 2 means in practice for lawyers[12:24] Professional resistance and lessons from New Zealand[15:22] Legal professional privilege and confidential instructions[18:10] What the regime means for sole practitioners and smaller firms[20:35] First steps for lawyers who have not started yet[22:50] Closing remarks[22:57] Resources, show notes and AML/CTF mini-series reminder Key Takeaways: FATF is not a domestic regulator. It is an inter-governmental standard-setter that assesses how countries combat money laundering, terrorism financing and proliferation financingAustralia helped build the global AML system but has fallen behind FATF standards in areas involving lawyers, accountants, real estate agents and other professional servicesAML/CTF compliance is not only about paperwork. The regime is designed to protect communities by helping law enforcement follow the money behind serious and organised crimeLawyers may be exposed to money laundering risk through ordinary work involving property, trusts, companies, client money and beneficial ownership structuresTranche 2 introduces practical obligations including AUSTRAC enrolment, risk assessments, AML programs, customer due diligence, ongoing monitoring and suspicious matter reportingLegal professional privilege remains important, but practitioners need to understand the distinction between privileged legal advice and transactional servicesThe first practical step is to identify whether the services provided fall under designated services, then map the regulated parts of the business and build the AML/CTF program into daily operations Resources & Links: LIV AML/CTF Hub – Guidance for legal practitioners on designated services, enrolment, AML/CTF programs and Tranche 2 obligations | www.liv.asn.au/web/content/resource_knowledge_centre/anti-money-laundering-and-counter-terrorism-financing-for-solicitors.aspxFollow the Money: Financial Crime, AML and Risk Series – LIV education series supporting legal practitioners to understand AML/CTF changes and compliance obligations | www.liv.asn.au/amlcpdEssential AML/CTF resources – Law Institute Journal resource article for practitioners preparing for the new AML/CTF obligations | www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2026/06june/aml-ctf-resources.aspxFATF Australia Follow-Up Report 2024 – Australia’s current FATF technical compliance ratings and remaining deficiencies | www.fatf-gafi.org/en/publications/Mutualevaluations/Australia-fur-2024.htmlAUSTRAC AML/CTF Reform webpage – AUSTRAC information on reform, Tranche 2 entities, obligations and preparation resources | www.austrac.gov.au/amlctf-reform-webpage-home-everything-reformAUSTRAC AML/CTF Rules release and upcoming guidance – AUSTRAC update on 2025 Rules, commencement dates and guidance for newly regulated entities | www.austrac.gov.au/amlctf-rules-release-and-upcoming-guidanceAsia/Pacific Group on Money Laundering – Australia country page and mutual evaluation materials | apgml.org/about-us/members/members/australiaAnti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) – Principal legislation for Australia’s AML/CTF regime | www.legislation.gov.au/C2006A00169/latest/text About This Podcast: Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer: This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information: Produced by: The Law Institute of VictoriaProducer and audio editor: Garreth HanleyMusic: Garreth HanleyCopy and show notes: Louise Surette Connect With Us: Email: podcasts@liv.asn.auWebsite: www.liv.asn.auLinkedIn: www.linkedin.com/company/law-institute-of-victoriaApple Podcasts: podcasts.apple.com/au/podcast/cross-examined/id1858765728Spotify: open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV

    Inside FATF: Australia’s role in the global taskforce fighting financial crime
  4. 1 June

    Fasten your cyber seatbelts: Cybersecurity tips for lawyers

    Episode Summary: Cybersecurity failures rarely start with sophisticated hacks. They start with exploiting everyday habits and loopholes that are easy to overlook. In this episode, we unpack cybersecurity for lawyers with one clear message: prevention is better, and much cheaper to implement, than the cure. Guest: • Chris Schwinghamer, Chief Information Officer, Victorian Legal Services Board and Commissioner • Specialist in digital strategy, cybersecurity and data governance in regulatory environments • https://au.linkedin.com/in/chrisschwinghamer Host: • Jayne Gurton, Law Institute of Victoria • podcasts@liv.asn.au | https://www.linkedin.com/company/law-institute-of-victoria Episode Overview: Cybersecurity and cyber risk mitigation for lawyers is no longer just about anticipating and preparing for the worst case scenario. It is about managing routine tasks and habit. In this episode, Chris Schwinghamer explains why law practices are attractive targets for cyber crime and how simple behaviours can significantly reduce exposure. The discussion covers cyber hygiene in legal practice, including password management, multi-factor authentication, software updates, phishing awareness and safer use of social media. We also explore remote work risks, public Wi-Fi, VPN use and protecting devices when travelling or working outside the office. This episode focuses on practical, low-cost actions that support client confidentiality, professional obligations and compliance with minimum cybersecurity expectations. Topics & Timestamps: • 02:55 Common cybersecurity vulnerabilities in law firms • 04:44 Strong passwords, passphrases and password managers • 06:36 Why software updates matter for ransomware prevention • 08:28 Phishing red flags and business email compromise • 10:55 Social media hygiene and over sharing risks • 12:29 VPNs, public Wi−Fi and remote work security • 13:50 Securing devices when working outside the office • 15:12 Where to find trusted cybersecurity resources Key Takeaways: • Cybersecurity risk often comes from small, routine decisions rather than major system failures • Law practices are high-value targets because of the sensitive information they hold • Long, memorable passphrases and password managers reduce password-related breaches • Keeping systems updated is a critical defence against ransomware • Urgency, impersonation and unusual requests are key phishing warning signs • Simple habits like pausing to verify requests prevent costly cyber incidents Resources & Links: • LIV Cybersecurity Hub – Centralised guidance and CPD resources for practitioners | https://www.liv.asn.au/cybersecurityhub • Law Institute Journal – Cybersecurity and professional obligations – Editorial analysis linking cyber risk to legal duties | https://www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2024/09september/practice_management__securing_your_practice_from_cyber_risk.aspx • VLSB+C Cybersecurity Guidance – Regulator guidance on why cybersecurity is a professional obligation | https://lsbc.vic.gov.au/lawyers/practising-law/cybersecurity • Minimum Cybersecurity Expectations – VLSB+C standards for Victorian law practices | https://lsbc.vic.gov.au/lawyers/practising-law/cybersecurity/minimum-cybersecurity-expectations About This Podcast: Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer: This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information: • Produced by: The Law Institute of Victoria • Producer and audio editor: Garreth Hanley • Music: Garreth Hanley • Copy and show notes: Louise Surette Connect With Us Email: podcasts@liv.asn.au Website: https://liv.asn.au LinkedIn: https://www.linkedin.com/company/law-institute-of-victoria Apple Podcasts: https://podcasts.apple.com/au/podcast/cross-examined/id1858765728 Spotify: https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV

    Fasten your cyber seatbelts: Cybersecurity tips for lawyers
  5. 25 May

    Cyber incident fallout: What happens when the proverbial bits hit the fan?

    Episode Title: Cyber incident fallout: What happens when the proverbial bits hit the fan? Episode Summary: When a cyber breach strikes, the technical problems are only the beginning. In this episode, we examine cyber incident fallout and what really happens inside a law firm once an attack is discovered. From regulatory obligations to client conversations and reputational risk, this discussion unpacks the hard realities lawyers face in the aftermath of a breach. Guest: • Cameron Whittfield, Partner, Herbert Smith Freehills Kramer • Specialist in cybersecurity, information security and emerging technology law • Market-leading adviser on major cyber incident response across Australia • www.linkedin.com/company/herbert-smith-freehills • www.hsfkramer.com/our-people/c/cameron-whittfield Host: • Jayne Gurton, Law Institute of Victoria • podcasts@liv.asn.au | https://www.linkedin.com/company/law-institute-of-victoria Episode Overview: Cyber incidents are no longer rare occurrences for law firms, but an inevitable eventuality with long-lasting consequences. This episode focuses on cyber incident fallout and the legal and human challenges that follow a breach. Cameron Whittfield explains what those first chaotic hours in the aftermath of a cyber incident look like, why early decisions on communications and privilege are so difficult to undo, and what regulatory obligations such as the Notifiable Data Breaches scheme need to be planned for and actioned. . This discussion offers practical insights into post breach response and communication, stakeholder relationships and performing under pressure during a crisis. Listeners will learn why preparation matters even more than technology spend and how reputations are shaped by what happens in the aftermath of a breach as much as the breach itself. Topics & Timestamps: • 01:34 The first call – what it feels like when a breach is first discovered • 05:15 Bringing calm and structure to the first 48 hours • 07:16 The human impact inside a firm during a cyber crisis • 09:31 Where responses go wrong and why communication matters • 12:48 Client conversations and professional obligations after a breach • 14:42 Common mistakes firms keep repeating • 29:50 What good preparation looks like Key Takeaways: • The first 48 hours after a cyber incident shape legal, regulatory and reputational outcomes for years • Early communications decisions cannot be undone and require careful judgment • Blame cultures undermine effective crisis response and information sharing • Legal professional privilege must be managed carefully without blocking response efforts • Client trust depends on transparency, process and timing after a breach • Preparation and planning matter more than the size of a firm’s IT budget Resources & Links: • LIV Cybersecurity Hub – Practical guidance and resources for Victorian legal practitioners | http://www.liv.asn.au/cybersecurityhub • LIJ: Cyber risk and law firms – Analysis of cyber security obligations for legal practices | https://www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2025/02february/law_firms_and_cyber_risk.aspx • Office of the Australian Information Commissioner – Notifiable Data Breaches scheme overview | https://www.oaic.gov.au/privacy/notifiable-data-breaches • Australian Cyber Security Centre – Cyber security guidance for professional services firms | https://www.cyber.gov.au • Privacy Act 1988 (Cth) – Legislative framework governing data breaches | http://www.legislation.gov.au/C2004A03712/latest/text • Herbert Smith Freehills Kramer Cybersecurity Practice – Insight into cyber incident response | https://www.hsfkramer.com/insights/2023-06/surging-cyber-incidents-regulatory-activity-and-class-claims-in-australia About This Podcast: Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer: This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information: • Produced by: The Law Institute of Victoria • Producer and audio editor: Garreth Hanley • Music: Garreth Hanley • Copy and show notes: Louise Surette Connect With Us: Email: podcasts@liv.asn.au Website: https://liv.asn.au LinkedIn: https://www.linkedin.com/company/law-institute-of-victoria Apple Podcasts: https://podcasts.apple.com/au/podcast/cross-examined/id1858765728 Spotify: https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV

    Cyber incident fallout: What happens when the proverbial bits hit the fan?
  6. 18 May

    Sheep in wolf’s clothing: How white hat hackers and pen testing help stop hacks

    Episode Summary: Many law firms make a heavy investment in cybersecurity tech, and yet attackers can simply walk straight through their front door. This episode exposes how ethical (and criminal) hackers think and act, revealing why human trust and everyday routines are often a real vulnerability attackers’ exploit. This episode pulls back the curtain on penetration testing, and the white hat hackers who help firms fix weaknesses before criminals can exploit them. Guest: • James Thompson, Director, principal cybersecurity consultant and penetration tester, Malware Security • More than 20 years’ experience testing government, defence and critical infrastructure networks • Specialist in offensive security, social engineering and red team engagements • www.linkedin.com/in/cyberjt • www.malsec.com.au Host: • Jayne Gurton, Law Institute of Victoria • podcasts@liv.asn.au | https://www.linkedin.com/company/law-institute-of-victoria Episode Overview: Securing a law firm from cyber attacks must take into account not just technology, but the physical environment as well. In this episode, penetration testing expert James Thompson explains what really happens when an organisation hires a pen tester and how cyber breaches can come through the front door as well as a link in an email. The discussion unpacks penetration testing, red team engagements and social engineering attacks, with practical examples from professional services environments. Listeners will learn how ethical hackers exploit human behaviour, why organisations often fall within minutes of an initial breach and what law firms can do right now to reduce their attack surface. Topics & Timestamps: • 02:04 What is penetration testing • 04:40 Common vulnerabilities in office environments • 08:49 Real-world social engineering scenarios • 11:14 What happens after initial network access • 13:48 Practical steps firms can take immediately • 15:20 Choosing a penetration testing provider • 17:20 Emerging cyberthreats and AI-enabled attacks Key Takeaways: • Penetration testing combines technical skill with human manipulation to mirror real cyber attacks • Front desks, unlocked doors and helpful staff are common breach points • Many organisations are compromised within 15 to 30 minutes of initial access • Multi-factor authentication and reducing attack surface significantly raise the barrier • Not all vendors offering pen tests deliver genuine human-led testing • Regular testing and staff awareness are essential parts of cyber risk management Resources & Links: • Law Institute of Victoria cyber security resources – Practical guidance for legal practices | https://www.liv.asn.au/web/resource_knowledge_centre/cybersecurity-hub/web/content/resource_knowledge_centre/cybersecurity-hub.aspx • Law Institute Journal – Cyber risk and legal practice coverage | https://www.liv.asn.au/web/law_institute_journal_and_news/web/lij/year/2025/02february/law_firms_and_cyber_risk.aspx | https://www.liv.asn.au/web/search_results_page.aspx?search=cyber • Australian Cyber Security Centre – Guidance for professional services | https://www.cyber.gov.au • Malware Security – Penetration testing and red team services | https://malsec.com.au • Australian Signals Directorate Essential Eight – Baseline cyber security controls | https://www.cyber.gov.au/resources-business-and-government/essential-cybersecurity/essential-eight About This Podcast Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information • Produced by: The Law Institute of Victoria • Producer and audio editor: Garreth Hanley • Music: Garreth Hanley • Copy and show notes: Louise Surette Connect With Us Email: podcasts@liv.asn.au Website: https://liv.asn.au LinkedIn: https://www.linkedin.com/company/law-institute-of-victoria Apple Podcasts: https://podcasts.apple.com/au/podcast/cross-examined/id1858765728 Spotify: https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV

    Sheep in wolf’s clothing: How white hat hackers and pen testing help stop hacks
  7. 11 May

    Cybersecurity misconduct risks for Victorian lawyers

    Episode Summary: Victorian lawyers are now being held to a minimum cybersecurity standard, and failure can lead to professional misconduct findings. This episode examines cybersecurity professional misconduct risks, what regulators expect in practice and how new privacy and ransomware laws raise the stakes for every firm, big or small. Guest: • Simone Herbert-Lowe, founder, Law & Cyber • Professional indemnity specialist with more than 30 years of legal experience • Expert at the intersection of cyber risk and legal professional responsibility • https://www.linkedin.com/in/simone-herbert-lowe/ • https://www.lawandcyber.com.au Host: • Jayne Gurton, Law Institute of Victoria • podcasts@liv.asn.au | https://www.linkedin.com/company/law-institute-of-victoria Episode Overview: Cyber risk has moved from an abstract IT issue to a core professional responsibility for Victorian lawyers. In this episode, we examine cybersecurity professional misconduct through the lens of recent court decisions, regulatory guidance and real-world claims experience. Simone Herbert-Lowe explains how the “reasonable practitioner” standard is being applied in 2026, why human behaviour remains the weakest link in law firm security, and how small and mid-sized practices are often more exposed than large firms. The discussion also unpacks the VLSB+C minimum cybersecurity expectations, the expanded reach of the Privacy Act through AML/CTF obligations, and the impact of new laws on ransomware reporting and serious invasions of privacy. Listeners will gain practical guidance on what compliance looks like in day-to-day legal practice and where to focus limited time and resources. Topics & Timestamps: • 00:12 Why cybersecurity failures can now amount to professional misconduct • 01:25 Recent court cases shaping cyber risk expectations • 04:44 Why small firms are attractive cyber targets • 06:48 Behavioural breaches and human error in law firms • 09:26 The “reasonable practitioner” standard in 2026 • 12:38 Cloud services, offshore data and Privacy Act obligations • 14:21 Ransomware reporting and the statutory privacy tort • 16:29 Practical actions firms should take this week Key Takeaways: • Cybersecurity failures can now trigger findings of unsatisfactory professional conduct or misconduct. • Small and sole practices are as at risk as large firms. • Human behaviour, not technology, is behind many serious breaches. • The VLSB+C minimum cybersecurity expectations set a clear baseline for Victorian lawyers. • Privacy Act obligations can apply regardless of firm size through AML/CTF requirements. • Principals must be able to demonstrate practical, documented cyber controls. Resources & Links: • LIV Cybersecurity Hub – Practical guidance and resources for Victorian practitioners | https://www.liv.asn.au/cybersecurityhub • VLSB Minimum Cybersecurity Expectations – Regulator guidance setting baseline standards | https://lsbc.vic.gov.au/sites/default/files/2024-02/VLSB%2BC_Minimum_Cybersecurity_Expectations.pdf • Australian Information Commissioner v Australian Clinical Labs Limited [2025] FCA 1224 – Federal Court decision on privacy and cyber breaches | https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCA/2025/1224.html • ASIC v FIIG Securities Limited [2026] FCA 92 – Cybersecurity governance and regulatory enforcement | https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCA/2026/92.html • Mobius Group Pty Ltd v Inoteq Pty Ltd** \[2024\] WADC 114 District Court of Western Australia, decided 20 December 2024 https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/wa/WADC/2024/114.html • Ransomware payment reporting factsheet – Department of Home Affairs guidance | https://www.homeaffairs.gov.au/cyber-security-subsite/files/factsheet-ransomware-payment-reporting.pdf • OAIC guidance on statutory privacy tort – Overview of serious invasions of privacy | https://www.oaic.gov.au/privacy/your-privacy-rights/more-privacy-rights/statutory-tort-for-serious-invasions-of-privacy • Australian Privacy Principles: https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines About This Podcast Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information • Produced by: The Law Institute of Victoria • Producer and audio editor: Garreth Hanley • Music: Garreth Hanley • Copy and show notes: Louise Surette Connect With Us Email: podcasts@liv.asn.au Website: https://liv.asn.au LinkedIn: https://www.linkedin.com/company/law-institute-of-victoria Apple Podcasts: https://podcasts.apple.com/au/podcast/cross-examined/id1858765728 Spotify: https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV

    Cybersecurity misconduct risks for Victorian lawyers
  8. 4 May

    The psychology behind scams – why cybersecurity is about people, not tech

    Episode Summary: Most cyber breaches are not technology failures. They are psychological successes. In this episode, cybersecurity psychology takes centre stage as Dr James Carlopio explains how scammers exploit human instinct, habit and urgency, and what lawyers can do to build safer cyber cultures. Guest: Dr James Carlopio, psychologist and co-founder, Cultural Cyber SecurityPhD in organisational psychologyExpert in cyber psychology, social engineering and cultural approaches to cyber riskhttps://au.linkedin.com/in/jamescarlopiohttps://www.culturalcybersecurity.com/james-carlopio-ccs Host: Jayne Gurton, Law Institute of Victoriapodcasts@liv.asn.au | https://www.linkedin.com/company/law-institute-of-victoria Episode Overview: Cybersecurity psychology explains why most breaches occur even in organisations with strong technical controls. In this episode, Dr James Carlopio explores how social engineering, phishing scams and AI-driven deepfakes exploit hardwired human instincts rather than technical weaknesses. Drawing on real-world examples, James explains why awareness alone is not enough, and why behaviour change requires skills, repetition and cultural leadership. Legal practitioners will gain practical insights into reducing cyber risk through everyday habits, verification practices and leadership role modelling, with a focus on making cybersecurity personal, relevant and embedded in day-to-day legal practice. Topics & Timestamps: 00:04 Why cybersecurity failures are mostly human, not technical01:47 Why law firms are attractive targets for scammers03:31 Common scam tactics targeting lawyers and legal staff05:25 Psychological principles criminals exploit06:44 Deepfakes, voice cloning and verification strategies09:09 Why old confidence scams still work10:24 Practical, low-cost cyber prevention strategies13:36 Emerging threats and AI-driven scam campaigns16:20 Simple actions listeners can take immediately Key Takeaways: Most cyber breaches succeed by exploiting human behaviour rather than technical gapsLaw firms are high-value targets because of money movement and sensitive dataSocial engineering relies on urgency, habit and trustAwareness alone does not build cyber resiliencePractical skills and regular practice reduce risk more than one-off trainingLeadership behaviour and culture drive cybersecurity outcomes Resources & Links: LIV Cybersecurity Hub – Practical guidance and resources for Victorian legal practitioners | https://www.liv.asn.au/cybersecurityhubLaw Institute Journal: Cybersecurity and phishing risks – Analysis and guidance for legal practices | https://www.liv.asn.au/lijOffice of the Australian Information Commissioner – Notifiable Data Breaches reports | https://www.oaic.gov.au/privacy/notifiable-data-breachesCultural Cyber Security – Insights on cyber psychology and behaviour change | https://www.culturalcybersecurity.com About This Podcast: Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts discuss hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. This podcast is recorded on the traditional lands of the Wurundjeri people of the Kulin Nation. The Law Institute of Victoria acknowledges the Traditional Custodians of Country across Australia. We pay our respects to Elders past and present. Disclaimer: This podcast is for informational purposes only and is not intended to replace professional legal advice. The views expressed in this podcast do not necessarily reflect the views of the Law Institute of Victoria (LIV). The LIV is not responsible for any losses, damages or liabilities that may arise from the use of this podcast. Listeners should seek independent legal advice for their matters. Production Information: Produced by: The Law Institute of VictoriaProducer and audio editor: Garreth HanleyMusic: Garreth HanleyCopy and show notes: Louise Surette Connect With Us: Email: podcasts@liv.asn.auWebsite: https://liv.asn.auLinkedIn: https://www.linkedin.com/company/law-institute-of-victoriaApple Podcasts: https://podcasts.apple.com/au/podcast/cross-examined/id1858765728Spotify: https://open.spotify.com/show/0zvyk5xia4wYv9YWcXphgV

    The psychology behind scams – why cybersecurity is about people, not tech

Ratings & Reviews

5
out of 5
11 Ratings

About

The law never stops evolving. Now, Victorian lawyers have a new way to stay informed. Cross-Examined is a new podcast from the Law Institute of Victoria. Tune in to hear experts on hot topics in the law and the changes shaping the legal profession. Regular episodes will cover everything from AI and cyber threats to ethical dilemmas, workplace taboos and practice management insights. To make sure you don’t miss our first episodes, landing in early 2026. Find and subscribe to Cross-Examined on your favourite podcast app today.

You Might Also Like