Three weeks ago, Australia’s chief financial intelligence agency, the Australian Transaction Reports and Analysis Center (AUSTRAC), launched civil penalty proceedings against the country’s largest bank, Commonwealth Bank, for allegedly violating the 2006 Anti-Money Laundering and Counterterrorism Financing Act.
In its August 3 filing, AUSTRAC alleges that the bank racked up over 53,700 violations of the AML/CTF Act since May 2012. In May 2012, Commonwealth Bank introduced a fleet of Intelligent Deposit Machines (IDMs) at its branches. These “smart ATMS” allow users to deposit cash and checks without interacting with a teller, and have the funds instantly credited to their account as well as made available for both domestic and international transfers. AUSTRAC claims that Commonwealth Bank neglected to implement appropriate fraud controls following the introduction of the IDMs. The bank’s IDM can accept up to 200 notes – or up to $20,000 in cash – per deposit, with no limit on the number of transactions a customer makes per day.
The main violations detailed in the filing include:
- Failure to carry out a Money Laundering/Terrorism Financing risk assessment, despite an “exponential rise in cash deposits through IDMS” as well as alerts from internal monitoring systems;
- Failure to report 53,506 “threshold transactions” (TTRs), or transactions that involve the transfer of $10,000 ore in physical currency), to AUSTRAC within 10 business days of the transactions; and
- Failure to file suspicious matter reports (SMRs), despite internally identifying a pattern of “structured” cash deposits designed to avoid triggering the bank’s TTR reporting obligation.
As a result of these violations, AUSTRAC claims that at least four money laundering syndicates, three of which engaged in drug trafficking, used the IDMs for roughly $77 million worth of suspicious transactions, all of which went either entirely unreported or only partially reported to law enforcement in a timely manner.
On August 17, AUSTRAC CEO Peter Clark reported to the Australian parliament’s Senate Estimates Committee that “Six of those (in the transactions listed in the statement of claims) relate to cash transactions by five customers in whom the bank has assessed a potential link to terrorism or terrorism financing.”
The bank issued a statement earlier in the month implying that the “vast majority” of breaches were the result of a “coding error” in a 2012 software update to the IDMs that went undetected until 2015.
I will be following this developing story. For more updates and analysis, see the upcoming September issue (Vol. 33, Issue 9) of the International Enforcement Law Reporter.