AUSTRAC has announced that CBA has admitted to 53,750 breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and has agreed to pay a financial penalty of $700 million to resolve AUSTRAC’s Federal Court AML/CTF civil penalty action relating to those breaches. CBA will also pay $2.5 million to cover AUSTRAC’s legal costs. Background.
Case note: reasons for penalty
Previously in recognition of the importance of compliance with its AML/CTF obligations and the collective responsibility of the Board and senior management, CBA reduced the director fees for non-executive directors by 20% in the 2018 financial year and reduced to zero the Short Term Variable Remuneration outcomes for the CEO and group executives for the financial year ended 30 June 2017.
Under section 175 of the AML/CTF Act, it is ultimately for the Federal Court of Australia to determine whether CBA contravened a civil penalty provision and the amount of any pecuniary penalties and other relief that should be ordered. If the agreement is approved by the Federal Court, this will be the largest civil penalty ever ordered in Australia.
The AFR reports that the parties will submit that the penalty be apportioned as follows:
$180 million: 14 instances of failing to comply with its obligations relating to the rollout of the Intelligent Deposit Machines (IDMs);
$170 million: the bank’s failure to conduct proper due diligence of customers who were revealed to be convicted terrorists or organised drug syndicates;
$125 million: delays in delivering 55,506 threshold transaction reports or TTRs to AUSTRAC as a result of a software update coding error;
$100 million: the failure to monitor the accounts of 778,370 customers over a period of three years;
$55 million: the bank’s breaches relating to suspicious matter reporting;
$40 million: the bank’s failure to report information received from law enforcement including Australian Federal Police, West Australian Police and NSW Police on 69 occasions;
$15 million: failure to report instances where two customers opened 29 accounts despite being told by federal police that the customers were part of a criminal syndicate;
$15 million: where reports were submitted up to three weeks late and in some circumstances not at all.
Statement of Agreed Facts
In the Statement of Agreed Facts, CBA accepts that:
- it failed to carry out an appropriate assessment of the money laundering and terrorism financing (ML/TF) risks of its IDMs prior to October 2017;
- it failed to complete the introduction of appropriate controls to mitigate and manage the ML/TF risks of IDMs prior to April 2018;
- it failed to provide 53,506 threshold transaction reports to AUSTRAC on time for cash transactions of $10,000 or more through IDMs from November 2012 to September 2015, having a total value of about $625 million;
- for a period of three years, it did not comply with the requirements of its AML/CTF program relating to monitoring transactions on 778,370 accounts;
- it failed to report suspicious matters on time, or at all, involving transactions in the tens of millions of dollars;
- even after it became aware of suspected money laundering or structuring on CBA accounts, it did not monitor its customers to mitigate and manage ML/TF risk, including the ongoing ML/TF risks of doing business with those customers.
AUSTRAC has accepted that none of the contraventions was the result of any deliberate intention to breach the AML/CTF legislation.
The Statement of Agreed Facts notes that:
- the contraventions were serious because among other things they were caused by a lack of risk management, assurance and oversight that endured for close to 3 years. The contraventions were not identified until AUSTRAC drew reporting anomalies to CBA’s attention;
- the late Threshold Transaction Reports and the failures to report Suspicious Matter Reports, on time or at all, have deprived AUSTRAC and law enforcement of intelligence to which they are entitled involving movements of several million dollars in cash. AUSTRAC and law enforcement were denied timely intelligence on about $625 million in threshold transactions and on several million dollars in suspicious activity.
CBA acknowledges that:
- it did not take all necessary steps to appropriately identify, mitigate and manage the ML/TF risks of IDMs;
- there were deficiencies in oversight, accountabilities and resources in respect of its AML/CTF compliance and risk management functions.