The Commonwealth Bank of Australia (CBA) is accused of failing to report more than 53,000 “serious and systemic” breaches of anti-money laundering (AML) laws involving at least four criminal syndicates and over $44 million Australian dollars. This month, Australia’s financial intelligence agency, the Australian Transaction Reports and Analysis Center (AUSTRAC), filed a civil action against the CBA for such AML breaches, which has already resulted in a decline in the bank’s shares.
AUSTRAC’s case against the CBA specifically involves the bank’s “intelligent” deposit machines (IDMs), which were introduced in 2012 as a type of ATM that accepts cash and check deposits and credits monies “instantly” to the recipient’s account. AUSTRAC accuses the CBA of failing to identify, monitor and report money transfers exceeding $10,000 Australian dollars in violation of the Anti-Money Laundering and Counter-Terrorism Financing Act of 2006 (AML/CTF Act). According to officials, the bank failed to report these large deposits for several years resulting in criminals using the IDMs to launder money for crimes such as drug dealing.
The CBA blames its inability to detect and report large money transfers on coding errors in its IDMs. According to the bank, this system error, which wasn’t detected and fixed until September 2015, prevented the creation of threshold transaction reports (TTRs) that would have alerted the CBA to any suspicious activities. Once this issue was recognized, the CBA reported the error to AUSTRAC, delivered the missing TTRs and resolved the coding issue. Unfortunately, by that time, the CBA had already committed thousands of alleged AML breaches.
In addition to the allegations of the bank’s failure to report suspicious activity, AUSTRAC accuses the bank of not assessing risks relating to money laundering and terrorist financing before introducing IDMs. Further, according to AUSTRAC, the CBA did not take any action even after it became aware of activities suspected to involve money laundering. In fact, on several occasions, the CBA failed to suspend suspicious accounts that may have been linked to criminal activity. AUSTRAC claims that several of these suspicious accounts were being used for “cuckoo smurfing,” a form of money laundering where multiple people make numerous small deposits below the reporting threshold in order to avoid detection.
The CBA’s Chief Executive Officer, Ian Narev, who has been heavily criticized over this case, said he would persevere during these “difficult matters” and that it was up to the board to decide the fate of his position at the CBA. However, in a recent news release, Catherine Livingstone, chairwoman of the CBA, stated that Narev would step down next year and that is was “important for the business that [it] deal with the speculation and questions about his tenure.” Livingstone further explained that the board had “decided to provide details of its planned chief executive succession process to ensure the market is fully informed and to provide certainty for the business.”
The CBA faces a maximum penalty of A$18 million per breach, which could potentially increase to A$22 billion according to wealth manager analysts at Shaw and Partners.
This case exemplifies the amount of risk exposure involved in electronic transactions and software. While it is imperative to have reliable, error-free systems, it is also just as critical for companies to have robust manual procedures to facilitate constant monitoring of such systems. At the end of the day, compliance software can do wonders for a company, but it cannot replace the need for individuals who can monitor and mediate errors that could result in major legal violations. Investing in world-class compliance products, services and programs can help companies avoid civil fines, individual liability, declines in shareholder value, and most of all, negative media attention.
For the full story, click here.