Case note: reasons for TAB AML penalty

The Federal Court has now published Justice Perram’s reasons in Chief Executive Officer of Australian Transaction Reports and Analysis Centre v TAB Limited (No 3) [2017] FCA 1296 for imposing a civil penalty on the TAB group of companies totalling $45 million for their admitted breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

These reasons will be relevant in Austrac’s recent action against Commonwealth Bank of Australia (CBA) should a settlement be reached, in particular whether CBA’s alleged 53,760 breaches should be treated as a single contravention. Background

TAB’s contraventions and the penalties were as follows:

(a) $500,000 for a contravention of s 51B(1)(a) of the AML/CTF Act in November 2011 by failing to apply in writing to Austrac by 29 November 2011 for enrolment as a reporting entity. The maximum possible penalty was $11 million;

(b) TAB and Tabcorp Vic together engaged in a contravention of s 81 of the Act between September 2012 and December 2015 by commencing to provide designated services in circumstances where the joint anti-money laundering and counter-terrorism financing program that applied to TAB and Tabcorp Vic did not fully meet the requirements of the Act. The maximum penalty was $17 million; the penalty imposed was $15.5 million;

(c) $26 million for contraventions of s 41(2)(a) of the AML/CTF Act between July 2010 and August 2014 by failing to give suspicious matter reports to the Applicant within the timeframe stipulated in s 41(2)(a) in respect of:

(i) the failure to provide a suspicious matter report to AUSTRAC for an instance of suspected NRL match-fixing in August 2010 (Maximum penalty: $11 million, penalty imposed: $1 million);

(ii) the failure to provide suspicious matter reports to AUSTRAC on time for 32 instances of suspected credit betting between July 2010 and March 2013 (maximum penalty: $578 million, penalty imposed: $10 million); and

(iii) the failure to provide suspicious matter reports to AUSTRAC on time in respect of 51 TAB accounts in relation to instances of suspected credit card fraud (maximum penalty $68 million, penalty imposed: $15 million);

(d) a contravention of s 32(1) of the AML/CTF Act in March 2015 by commencing to provide a designated service to a non-account customer in a retail outlet having failed to carry out the applicable customer identification procedure ( maximum penalty: $17 million, penalty imposed: $3 million).

In making his decision in respect of TAB Justice Perram took into account the following:

“(c) the AML/CTF program which has generated its liability in this case was in place for more than three years. Most of the contravening conduct came to light following an on-site assessment by AUSTRAC in September 2012;

(d) the contraventions did not arise as a result of a deliberate intention to contravene the Act. Instead, the state of affairs which prevailed under the Program came about because of insufficient resourcing together with insufficient processes for consistent management oversight, assurance and operational execution. Management should have done more;

(e) on the other hand, as was required, the Board and senior management did receive compliance reports during the relevant period;

(f) neither the Board nor senior management were aware of the deficiencies nor were either involved in the contraventions;

(g) there have been some prosecutions in relation to the match-fixing incident and credit card frauds

(h) since these matters came to light, the Respondents have made a substantial investment in improving their compliance arrangements including: replacing the Former Program with a new program; hiring a Chief Risk Officer, creating a Financial Risk Team and significantly expanding the team responsible for AML/CTF; introducing further systems and controls including those in respect of automated transaction monitoring; improving processes for monitoring credit card fraud; making improvements to the suspicious matter report (‘SMR’) process; making improvement to identification procedures for transactions in excess of $10,000 in relation to retail outlets; and creating enhancements to electronic customer identification; and increased staff training.

It is appropriate to observe that the Respondents did co-operate with AUSTRAC both in relation to the audit and investigation process. It is also significant that the Respondents actively sought to settle these proceedings. This has involved the making of significant admissions. A very large trial at considerable public expense has been averted.”

The largest individual penalty related to the non-compliant AML/CTF Program.

In relation to whether there were multiple breaches or a single course of conduct Justice Perram observed:

“Accordingly, I conclude that a failure to comply with the AML/CTF Rules will generally have the consequence of causing an infringement of s 81. Contrary to the submissions of the parties, I cannot see how the text of s 81 can be bent so that it can be read as involving only a single infringement when a program is said to be deficient. Intractably, it appears to be contravened each time a reporting entity commences to provide a designated service to a customer whilst its program is not in a proper condition.

This otherwise alarming conclusion may, to an extent, be ameliorated by the course of conduct principle …. Where every infringement of s 81 springs from the same deficiencies in a program there is much to be said for the view that what is involved is a single course of conduct…..

The Respondents admit that these deficiencies were serious and related to core elements of its AML/CTF obligations. The correctness of that admission is borne out to an extent by the further fact, also admitted by the Respondents, that the deficiencies in their program had, in fact, resulted in failures on their part to detect certain suspicious transactions and to submit suspicious matter reports (‘SMRs’) to AUSTRAC. The failure to lodge these SMRs can, it is agreed, have the effect of depriving law enforcement agencies of important intelligence….

During most of this period, the maximum penalty was $17 million. Although it seems most likely that there were probably an almost untold number of contraventions, I propose for the reasons I have already given, to treat all of them as resulting from a single course of conduct. This does not limit the penalty which may be imposed to $17 million but it informs the decision which must be made.

The parties suggested that a penalty of $15.5 million would be appropriate. I agree. Although the breach may appear perhaps dry in nature it went, in fact, to the heart of the operation of the Act. It had potential consequences for law enforcement agencies. It is true that the contravention was not deliberate but, in the present context, that may mean rather less than it ordinarily does. Section 81 is aimed at precisely the kind of deficient management practices which are now admitted. What one has here is a large corporation operating in an industry with known money-laundering risks. Serious management failures result in a deficient program which leads to actual difficulties. I assess the seriousness of the contravention as being towards the upper end of the scale. However, I accept the submission that it cannot be an example of the worst kind of case for which the maximum penalty might be appropriate …That would be constituted by a business which had no program at all. I accept the proposed penalty of $15.5 million as being within the appropriate range….”

Justice Perram concluded:

“The sum of the above penalties is some $45 million. It is then necessary, finally, to reflect upon whether that penalty captures the totality of the wrongdoing involved. This is, in effect, a final check. In my opinion, a $45 million penalty is appropriate. It is true that the failures were system failures but that is precisely what this statute is about. It is also true that the penalties could have been much greater had the Court not accepted that in several instances courses of conduct were involved. Overall, a penalty of $45 million will serve to demonstrate to those in the industry that failures to comply with the Act have a very real potential to be expensive. Finally, in this case it is useful to approach the issue of penalty on a group wide basis. Little would be served by assessing the penalty position of each entity in the group when the overall group position is known.”

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.