Austrac has announced that it has commenced civil penalty proceedings in the Federal Court against the Commonwealth Bank of Australia (CBA) for serious and systemic non-compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) relating to its use of intelligent deposit machines (IDMs).

IDMs allowed anonymous cash deposits of up to $20,000 per deposit with no limit on the number of deposits that could be made each day.

AUSTRAC’s concise statement alleges 53,760 contraventions of the AML/CTF Act including:

• CBA did not comply with its own AML/CTF program, because it did not carry out any assessment of the money laundering and terrorism financing (ML/TF) risk of IDMs before their rollout in 2012. CBA took no steps  assess the ML/TF risk until mid-2015 – three years after they were introduced;
• For a period of three years, CBA did not comply with the requirements of its AML/CTF program relating to monitoring transactions on 778,370 accounts;
• CBA failed to give 53,506 threshold transaction reports (TTRs) to AUSTRAC on time for cash transactions of $10,000 or more through IDMs from November 2012 to September 2015. These late TTRs represent approximately 95 per cent of the threshold transactions that occurred through the bank’s IDMs from November 2012 to September 2015 and had a total value of around $624.7 million;
• AUSTRAC alleges that the bank failed to report suspicious matters either on time or at all involving transactions totalling over $77 million;
• Even after CBA became aware of suspected money laundering or structuring on CBA accounts, it did not monitor its customers to mitigate and manage ML/TF risk, including the ongoing ML/TF risks of doing business with those customers.

Austrac alleges CBA’s conduct has hindered law enforcement efforts, including causing lost intelligence and evidence, further money laundering and lost proceeds of crime.

CBA Response

In response the CBA says:

“Our Intelligent Deposit Machines (IDMs) are now providing the correct Threshold Transaction Reports (TTRs) to AUSTRAC, and have been since September 2015. When we first rolled out these machines in May 2012, they were providing all the correct TTR reporting. The issue began after an unrelated software update to the IDMs in late 2012. Following the software update, a coding error occurred which meant the IDMs did not create the TTRs needed. This error became apparent in 2015 and within a month of discovering it, we notified AUSTRAC, delivered the missing TTRs and fixed the coding issue. The vast majority of the reporting failures alleged in the statement of claim (approximately 53,000) relate specifically to this coding error. We recognise that there are other serious allegations in the claim unrelated to the TTRs.”

AUSTRAC’s enforcement strategy

Civil penalty orders are one of the options Austrac can take in respect of AML/CTF breaches.

If the Federal Court is satisfied that a reporting entity has contravened a civil penalty provision, then the Federal Court may order a pecuniary penalty to be paid to the Commonwealth.
The pecuniary penalties are:

• to a body corporate – up to 100,000 penalty units;
• to a person other than a body corporate – up to 20,000 penalty units.

One penalty unit is currently $210.

In March, 2017 the Federal Court of Australia ordered gambling operator Tabcorp and associated companies to pay a $45 million civil penalty for 108 breaches of the AML/CTF Act over a period of more than five years.

Liability of AML/CTF Compliance Officers

Under proposed changes to AML/CTF Rule 8.5.3 an organisation’s AML/CTF Compliance Officer is responsible for ensuring the entity’s continuing compliance with the obligations of the AML/CTF Act and AML/CTF Rules.

By making the AML/CTF Compliance Officer responsible for ensuring the entity’s continuing compliance it makes it possible for a compliance officer to contravene a civil penalty provision.

Australian Financial Services Licence and APRA issues

Compliance with other relevant “financial services laws” is a core Australian Financial Services Licence obligation under section 912A(1)(c) of the Corporations Act.

Section 761A of the Corporations Act defines “financial services laws” with which a financial services licensee must comply as including “any other Commonwealth, State or Territory legislation that covers conduct relating to the provision of financial services (whether or not it also covers other conduct), but only in so far as it covers conduct relating to the provision of financial services”.

Compliance with the AML/CTF Act reporting requirements would be covered by the AFSL obligation.

An Australian financial services (AFS) licensee is obliged under s912D Corporations Act to report to ASIC significant breaches of obligations under the financial services laws.

A financial services licensee must lodge a FS71 report each year with ASIC in accordance with section 989B(3) of the Corporations Act in relation to the AFS licence.

For an APRA regulated entity, an CPS 220 declaration must be lodged with APRA within 4 months of its annual balance date containing a risk management “declaration” from the chief executive, endorsed by the board.