CBA admits to breaches of counter-terrorism and anti-money laundering laws

In August, it was revealed that Australia’s financial intelligence and regulatory agency, AUSTRAC, had initiated civil penalty proceedings in the Federal Court against the Commonwealth Bank of Australia (CBA) for “serious and systemic non-compliance” with anti-money laundering and counter-terrorism laws.

AUSTRAC’s civil case alleged that there were 53,000 contraventions of the AML/CTF legislation involving CBA’s intelligent deposit machines (IDMs) that allowed criminal syndicates to launder money overseas. This is one of the allegations that CBA has admitted.

CBA said in a statement: “In our response filed today, we contest a number of allegations but admit others, including the allegations relating to the late submission of 53,506 threshold transaction reports (TTRs), which were all caused by the same single systems-related error.”

The defence focuses on key factual and legal matters in the claim.

CBA’s defence: 

• Agreed that the bank was “late in filing 53,506 TTRs, which all resulted from the same systems-related error, representing 2.3 per cent of TTRs reported by CBA to AUSTRAC between 2012 and 2015.
• Agreed that it “did not adequately adhere to risk assessment requirements for Intelligent Deposit Machines (IDMs)”. However, the bank said that it did not accept that this amounted to eight separate contraventions. It agreed that it “did not adhere to all its transaction monitoring requirements in relation to certain affected accounts”.
• Admitted 91 (in whole or in part) but denied a further 83 of the allegations concerning suspicious matter reports (SMRs).
• Admitted 52 (in whole or in part) but denied a further 19 allegations concerning ongoing customer due diligence requirements.

A statement released by the bank on Wednesday (13 December) read: “We continue to fully cooperate with AUSTRAC in relation to our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and respect its role as a regulator. The nature of the regime involves continuous liaison and collaboration with the regulator as risks are identified. As such, we are in an ongoing process of sharing information with the regulator.”

CBA may face more allegations of breaches

The bank also revealed that AUSTRAC has indicated that it “proposes to file an amended statement of claim containing additional alleged contraventions”.

CBA said: “If an amended claim is served on us, we expect the court would set a timetable for CBA to file an amended defence. We will provide market updates as appropriate.

“We take our anti-money laundering and counter-terrorism financing (AML/CTF) obligations extremely seriously. We deeply regret any failure to comply with these obligations. CBA is accountable for those deficiencies.

“We understand that, as a bank, we play a key role in law enforcement. AUSTRAC’s former CEO has publicly acknowledged our contribution in this regard. We have invested heavily in seeking to fulfill the crucial role we play. CBA has spent more than $400 million on AML/CTF compliance over the past eight years. We will continue to invest heavily in our systems relating to financial crimes, thereby supporting law enforcement in detecting and disrupting financial crime.”

The bank highlighted that during the period of the claim, CBA submitted more than 36,000 SMRs, including 140 in relation to the syndicates and individuals referred to in AUSTRAC’s claim. 

It also submitted more than 17 million reports in aggregate, in the same period, including SMRs, TTRs and in respect of international funds transfer instructions.

It added that it will submit over four million reports to AUSTRAC in this year alone.

“CBA also responds to large numbers of law enforcement requests for assistance each year, including approximately 20,000 requests this year,” the bank said. “Some of the information provided directly resulted in disrupting money laundering and terrorism financing activity and prosecuting individuals.

“Any penalty imposed by the Court as a result of the mistakes we have made will be determined in accordance with established penalty principles. For example, the Court may consider whether any contraventions arise out of the same course of conduct and will assess the appropriate penalty for that conduct accordingly, as it recently did in the Tabcorp decision.

"CBA’s submissions at trial will also highlight steps that we have taken since 2015 as part of our Program of Action to strengthen and improve our financial crimes compliance," the statement continued. 

Program of Action

The bank added that it has made “significant progress” in strengthening its policies, processes and systems relating to its obligations under the AML/CTF Act through its Program of Action. 

The bank said: “While this is a continuing process of improvement, progress achieved since the issues concerning TTRs associated with IDMs were first identified and rectified in late 2015 includes: 

• Boosting AML/CTF capability and reporting by hiring additional financial crime operations, compliance and risk professionals. As at 30 June 2017, before the claim was filed, CBA employed over 260 professionals dedicated to financial crimes operations, compliance and risk.
• Strengthening our Know Your Customer processes with the establishment in 2016 of a specialist hub providing consistent and high-quality on-boarding of customers, at a cost of more than $85 million.
• Launching an upgraded financial crime technology platform used to monitor accounts and transactions for suspicious activity.
• Adding new controls such as using enhanced digital electronic customer verification processes to supplement face-to-face identification to reduce the risk of document fraud.

“The Program of Action has also addressed issues that AUSTRAC alleges were ongoing contraventions in its claim. For example, CBA recently introduced daily limits for IDMs deposits for CBA cards associated with a personal account. We understand CBA is the first major Australian bank to implement a control of this type.”

The bank concluded: “CBA is committed to continuing to strengthen our financial crimes compliance and to working closely with regulators across all jurisdictions in which we operate to fight financial crime.”

Further details can be found in CBA’s Concise Statement in Response.

[Related: CBA apologises to shareholders]