Westpac confirmed it has been hit with another class action relating to the AUSTRAC scandal. Via Financial Standard.
The
class action, brought by Johnson Winter & Slattery, has been filed
on behalf of certain shareholders who acquired interest in Westpac
securities or equity swap confirmations between 2013 and 2019.
“The
claim relates to market disclosure issues connected to Westpac’s
monitoring of financial crime over the relevant period and matter which
are the subject of the AUSTRAC proceedings,” Westpac told the ASX.
“The claim does not identify the amount of any damages sought.”
Westpac said it will be defending the claim, as it has said for the other class actions filed against it.
Prior to this proceeding being filed, Westpac said it expects around $80 million in additional expenses in FY20 as part of its response plan to the AUSTRAC scandal.
The bank is facing 23 million alleged breaches of anti-money laundering and counter-terrorism laws brought on by AUSTRAC.
The
regulator alleges, amongst other things, Westpac failed to
appropriately assess the online money laundering and terrorism financing
risks associated with the movement of money into and out of Australia
through correspondent banking relationships.
The bank is also facing class actions from US-based law firm Rosen Law on behalf of purchasers of Westpac shares between November 2015 and November 2019, as well as another Australia-based class action lodged by Phi Finney McDonald.
Afterpay breached money laundering law because of incorrect legal advice, according to an auditor. Via InvestorDaily.
The
buy-now, pay-later giant was the subject of an AUSTRAC probe over
allegations it breached the Anti-Money Laundering and Counter-Terrorism
Financing Act (AML/CTF).
But an independent auditor contracted by Afterpay has discovered that the breaches occurred because of incorrect legal advice.
“In
reaching these findings I have established that Afterpay’s compliance
with its AML/CTF obligations was, from the outset and over time, based
upon legal advice from top tier Australian law firms,” wrote Neil Jeans,
an anti-money laundering consultant who conducted the audit.
“I am of the opinion this initial legal advice was incorrect.”
The
unnamed law firms decided Afterpay was not providing loans to consumers
but instead providing factoring services to merchants. This advice “did
not reflect Afterpay’s business model” and led to the company focusing
its AML/CTF controls upon merchants rather than consumers.
“Despite
Afterpay having a compliance-focused culture, the consequences of being
provided with incorrect legal advice has resulted in historic
non-compliance with the AML/CTF Act and Rules,” Mr Jeans wrote in the
report.
However, the audit noted that Afterpay’s transaction
monitoring system is now “effective, efficient and intelligent” as a
result of greater resource allocation.
Mr Jeans also decided that
the nature of Afterpay’s service mitigates some money laundering and
terrorism financing risks, and noted that the company’s AML/CTF
compliance had “evolved and matured over time”.
Afterpay was quick to seize on the opportunities of the report in light of Westpac’s recent breaches of the same laws.
“Afterpay
reaffirms that it has not identified any money laundering or terrorism
financing activity via our systems to date,” the company said in a
statement accompanying the report.
But the ball is now in AUSTRAC’s court. The regulator will consider the report and decide whether to take further action.
Afterpay has pledged to continue its co-operation with AUSTRAC.
The news that Australia’s anti money-laundering regulator has accused Westpac of breaching the law on 23 million occasions points to the prospect that powerful members of corporate Australia are still behaving badly. Via The Conversation.
Regulators are still struggling to find the right balance between
pursuing wrongdoers through the courts – an admittedly costly,
time-consuming and highly risky business – and finding other means to
punish and deter misconduct.
Australia’s anti money-laundering regulator, AUSTRAC, is seeking penalties against Westpac in the Federal Court.
Each of the bank’s alleged contraventions attracts a civil penalty of
up to A$21 million. In theory, that could equate to a fine in the
region of A$391 trillion.
In practice, it is likely to be a mere fraction of that sum.
Commonwealth Bank breached anti-money-laundering laws and faced a theoretical maximum fine of nearly A$1 trillion, but settled for A$700 million.
No doubt the reality that companies can minimise penalties is a factor in why breaches continue.
This impression is reinforced by revelations last week that financial services company AMP continued to charge fees to its dead clients despite the shellacking it received at the hands of the royal commission.
Last month a Federal Court judge refused to approve a A$75 million
fine agreed between the Australian Competition and Consumer Commission
and Volkswagen to settle litigation over the car company’s conduct in
cheating emissions tests for diesel vehicles. The judge was reported to
be “outraged” by the settlement, which meant Volkswagen did not admit liability for its misconduct.
The A$75 million is a drop in the ocean of the likely profits
obtained from this systemic wrongdoing and pales into insignificance
next to fines imposed in other countries.
Proposals for law reform
So business as usual, right?
Maybe not for long. The Australian Law Reform Commission has just released a discussion paper on corporate criminal responsibility.
It points out that effective punishment and deterrence of serious
criminal and civil misconduct by corporations in Australia is undermined
by a combination of factors.
These include a confusing and inconsistent web of laws governing the
circumstances in which conduct is “attributed” to the company. Similar
problems of inconsistency arguably also undermine other key areas, such
as efforts to give courts the power to impose hefty fines based on the profits obtained by the wrongdoing
The repeated attempts to come up with new and more effective
attribution rules arise because corporate wrongdoers are “artificial
people”. For centuries, courts and parliaments have struggled with how
to make them pay for what is done by their human managers, employees and
(both human and corporate) agents. All too often a company’s directors
disclaim all knowledge of the wrongdoing.
To fix this, the ALRC recommends having one single method to
attribute responsibility. It builds on the attribution rule first
developed in the Trade Practices Act 1974 (Cth) and now used, in various forms, across various statutes.
The ALRC proposes that the conduct and state of mind of any
“associates” (whether natural individuals or other corporations) acting
on behalf of the corporation should be attributable to the corporation.
This goes well beyond the traditional focus on directors and senior
managers and would provide some welcome consistency in the law.
Importantly, serious criminal and civil breaches that require proof
of a dishonest or highly culpable corporate “state of mind” can be
satisfied either by proving the state of mind of the “associate” or that
the company “authorised or permitted” the conduct.
A “due diligence” defence would protect the corporation from
liability where the misconduct was truly attributable to rogue “bad
apples” in an otherwise a well-run organisation. There would be no
protection in the case of widespread “system errors” and “administrative
failures” so pathetically admitted during the royal commission.
The ALRC also proposes that senior officers be liable for the conduct
of corporations where they are in “a position to influence the relevant
conduct and failed to take reasonable steps to prevent a contravention
or offence”.
This would place the onus on those in a position to change egregious
corporate practices to show they took reasonable steps to do so.
Removing the penalty ceiling
These recommendations, if adopted could prove a game-changer for
regulators asking themselves “why not litigate?” and corporations used
to managing the fall-out of their misconduct as simply a “cost of
business”.
The ALRC’s recommendations that the criminal and civil penalties
should be enough to ensure corporations don’t profit from wrongdoing
will be welcomed by many. Some academics have gone further and argued
that the law should be changed to make it clear that civil, not just
criminal penalties, should be set at a level that is effective to punish
serious wrongdoing.
The ALRC also raises the question whether current limits on penalties should be removed. The Westpac scenario might be just the kind of case to make that option attractive.
Authors: Elise Bant, Professor of Law, University of Melbourne; Jeannie Marie Paterson, Professor of Law, University of Melbourne
The past week’s events have been deeply distressing.
The issue raised by AUSTRAC that weaknesses in our systems failed to detect criminal actions by customers is incredibly serious and unacceptable. This is not the company we aspire to be and I, again, apologise unreservedly.
As a long-time director, shareholder and customer of Westpac, I know we can – and will – do better for all stakeholders in meeting our Anti-Money Laundering and Counter-Terrorism Financing obligations. Being one of the country’s biggest financial institutions, we are alert to the critical role we play in helping law enforcement agencies such as AUSTRAC prevent criminals from carrying out illegal activity.
These build on several actions we have already been working on, including implementing a multi-year financial crime program, undertaking leadership changes in risk and financial crime and doubling the resourcing dedicated to financial crime to around 750 people, which we expect will further grow.
As a starting point, it’s important to note that we understand the gravity of the issues raised by AUSTRAC and the importance of – and focus on – accountability. To ensure we get all the facts and assess the issues fully, we will appoint an external expert to provide independent oversight of the process and will make the recommendations public. In the interim, all or part of the 2019 short term variable rewards for the full executive team and several general managers will be delayed, subject to the assessment of accountability.
We also understand the importance of urgently fixing the issues raised by AUSTRAC, lifting our standards, and doing this effectively. As a board, we treat our oversight responsibilities with the utmost seriousness.
Our response has been divided into three areas: immediate fixes, lifting our standards and protecting people.
Firstly, we need to step up to better assist law enforcement agencies in tracking and ultimately stopping payments that can facilitate wrongdoing. When we introduced our LitePay product in 2016, transaction monitoring was put in place to identify suspicious transactions. However, more advanced monitoring, including updated “typologies” from AUSTRAC regarding child exploitation were not put in place for LitePay payments to the Philippines until June 2018.
While the updated detection scenarios are now in place for the Philippines across the SWIFT payment channel, we accept this should have occurred earlier and was not handled appropriately.
As part of our range of immediate actions, we are now closing LitePay.
Where Westpac flags transactions that suggest potential child exploitation in high risk locations, these transactions are now prioritised for action and reported to AUSTRAC within 24 hours. This is faster than regulatory standards require.
We have re-reviewed the 12 customers highlighted by AUSTRAC and taken action and are working with authorities. We are also providing $18 million over the next three years to International Justice Mission, a global not for profit that protects vulnerable people from violence, to assist their critical work in Southeast Asia in relation to Online Sexual Exploitation of Children (OSEC).
On the separate issue of International Funds Transfer Instructions (IFTIs) – which make up the bulk of the 23 million alleged contraventions of the AML/CTF Act – we have closed the relevant Australasian Cash Management (ACM) product enabling these transactions with foreign banks and reported 99.99 per cent of all the relevant transactions to AUSTRAC with the remaining to follow shortly.
For context, the vast majority of the IFTIs we failed to report related to two overseas “correspondent” banks. These are relationships that we have with foreign banks and include them using our infrastructure to process payments, in this case predominantly foreign government pension payments to people living in Australia.
Again, we accept this problem, while unintended, should not have occurred and dates back to a series of human and technical errors in 2010-11.
In terms of the second area of our response, lifting our standards, we are establishing a dedicated Board sub-committee for financial crime, which will commission an external expert to independently review our financial crime program. We are also investing $25m to improve cross industry data sharing analysis capabilities, including via potential partnerships with industry and government partners.
But we understand banking affects real people, which goes to the heart of our belief that banking is a service business rather than a product business.
As such, we will convene an expert advisory roundtable and provide up to $10 million per year for three years on the subsequent recommended actions to support the prevention of online child exploitation. We will also match the Australian government’s funding for its SaferKidsPH partnership with Save the Children, UNICEF and The Asia Foundation, investing $6m over six years.
These initiatives and actions are just the start and the board will continue to provide updates, including on accountability, while working constructively with AUSTRAC and other agencies.
As the board of Australia’s oldest company dating back more than 200 years, we are committed to showing all our stakeholders we can – and will – address these issues so we can continue playing our critical role for the economy into the future.
This seems to me, too little too late, and an attempt to “manage” the PR aspects of the issue. Frankly, senior heads need to roll. They do not get how much their brand has been trashed, and this stems from a basic set of cultural norms which are not aligned to community expectations. Behaviours, which are unfortunately widespread across the sector.
AUSTRAC, Australia’s anti money-laundering and terrorism financing regulator, has taken Westpac to court, alleging the major bank violated anti-money laundering and terrorism regulation on over 23 million occasions. Via Australian Broker.
According to AUSTRAC CEO Nicole Rose, the decision to commence civil
penalty proceedings came on the back of a detailed investigation into
Westpac’s non-compliance.
The regulator has alleged Westpac’s oversight of its program intended
to identify, mitigate and manage money laundering and terrorism
financing risks was deficient.
AUSTRAC has found the failures led to “serious and systemic non-compliance” with the AML/CTF Act.
“These AML/CTF laws are in place to protect Australia’s financial
system, businesses and the community from criminal exploitation. Serious
and systemic non-compliance leaves our financial system open to being
exploited by criminals,” said Rose.
“The failure to pass on information about IFTIs to AUSTRAC undermines
the integrity of Australia’s financial system and hinders AUSTRAC’s
ability to track down the origins of financial transactions, when
required to support police investigations.”
Westpac allegedly failed to:
Appropriately assess and monitor the ongoing money laundering and
terrorism financing risks associated with the movement of money into and
out of Australia through correspondent banking relationships
Report over 19.5m International Funds Transfer Instructions to
AUSTRAC over nearly five years for transfers both into and out of
Australia
Pass on information about the source of funds to other banks in the
transfer chain, depriving them of information needed to manage their
own AML/CTF risks
Keep records relating to the origin of some of these international funds transfers
Carry out appropriate customer due diligence on transactions to the
Philippines and South East Asia that have known financial indicators
relating to potential child exploitation risks
AUSTRAC aims to build resilience in the financial system and ensure
the financial services sector understands, and is able to meet,
compliance and reporting obligations.
“We have been, and will continue to work with Westpac during these
proceedings to strengthen their AML/CTF processes and frameworks,” Rose
said.
“Westpac disclosed issues with its IFTI reporting, has cooperated
with AUSTRAC’s investigation and has commenced the process of uplifting
its AML/CTF controls.”
Westpac is a member of the Fintel Alliance, a private-public
partnership established by AUSTRAC to tackle serious financial crime,
including money laundering and terrorism financing.
AUSTRAC has ordered the appointment of an external auditor to examine ongoing concerns in regard to PayPal Australia’s compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the AML/CTF Act).
These concerns relate to PayPal Australia’s compliance with its
International Funds Transfer Instruction reporting obligations, which
require regulated entities to report the transfer of funds or property
to or from Australia.
International Funds Transfer Instructions reported by the financial
services sector provide AUSTRAC with vital intelligence that enables
AUSTRAC and its partners to combat serious crimes such as child sex
exploitation.
AUSTRAC Chief Executive Officer, Nicole Rose PSM said the AML/CTF
regime is in place to protect businesses, the financial system and the
Australian community from criminal threats.
“Regulated businesses like PayPal Australia, who facilitate payments
and transactions for millions of Australian customers every year, play a
critical role in helping AUSTRAC and our law enforcement partners stop
the movement of money to criminals and terrorists,” Ms Rose said.
“PayPal is an important partner in the fight against crime. However,
when we suspect non-compliance AUSTRAC will take action to protect the
Australian community.”
The external auditor must report to AUSTRAC within 120 days of being
appointed and will examine PayPal Australia’s compliance with its:
AML/CTF Program obligations
International Funds Transfer Instruction (IFTI) reporting obligations
Record keeping obligations.
The outcomes of the audit will assist PayPal with its compliance, but
also inform AUSTRAC whether any further regulatory action is required.
“We will continue to work closely with PayPal during this process to address any compliance concerns,” Ms Rose said.
The extent of the auditor’s examination is determined by AUSTRAC and will be at PayPal Australia’s expense.
Commonwealth Bank of Australia (CBA) notes the approval by the Federal Court today of the agreement between CBA and the Australian Transaction Reports and Analysis Centre (AUSTRAC) to resolve the civil proceedings commenced by AUSTRAC on 3 August 2017.
As noted in CBA’s release on 4 June 2018:
CBA will pay a civil penalty of $700 million together with AUSTRAC’s legal costs of $2.5 million.
AUSTRAC’s civil proceedings are otherwise dismissed.
CBA will recognise a $700 million expense in its financial statements for the full year ending 30 June 2018, which will be released on 8 August 2018.
The Commonwealth Bank of Australia (CBA) this week agreed to pay a record penalty to settle its violations of anti-money laundering and counter-terrorism financing laws. The A$700 million fine plus legal costs will become final upon the approval of the Federal Court.
What if the penalty is a sign of mob justice, rather than just deserts? And given the scale of the payout, will the fine also end up further punishing customers and shareholders?
First, it introduced Intelligent Deposit Machines (IDMs) without conducting an independent risk assessment and/or instituting mitigation procedures to tackle money-laundering. Unlike older ATMs, IDMs process cash deposits and make the funds available for transfer immediately. Clearly, criminals could use these features to launder cash gained through crime. CBA wrongly believed that its existing ATM monitoring processes covered these risks.
Second, it was warned about these risks and could have minimised money laundering by imposing daily limits on accounts. CBA refused.
Third, CBA failed to provide transaction reports within 10 business days for cash deposits greater than A$10,000. This violation referred to 53,506 transactions totalling about A$625 million. The failure was due to a coding error – the software was not updated to pick up a new code created for IDM deposits.
Fourth, CBA failed to report transactions with a pattern of money-laundering – apparently misunderstanding its legal obligations.
Fifth, CBA failed to report suspicions about identity fraud – for example, in relation to eight money-laundering syndicates. Therefore, AUSTRAC and law enforcement were unaware of “several million dollars of proceeds of crime mostly connected with drug importation and distribution” that passed into accounts held by CBA.
Sixth, CBA was deficient in monitoring accounts despite warnings from law enforcement – 778,370 accounts were not monitored. CBA was slow to act even after suspicious accounts were terminated, facilitating money-laundering.
Clearly these are significant violations. However, the statement of facts agreed by AUSTRAC and CBA state that the bank did not deliberately or intentionally violate its legal obligations under the relevant laws.
Considering that CBA’s violations were inadvertent, due to technical glitches, and attributable to a mistaken belief about existing systems satisfying legal obligations, the A$700 million fine might be excessive.
International comparisons
By international standards, the fine seems to be very high. This week the UK Financial Conduct Authority fined the British division of India’s Canara Bank £896,100 (A$1.58 million) for “consistent failure” in its money-laundering controls, and for failings “affecting almost all aspects of its business”.
The FCA said the bank’s failings “potentially undermine the integrity of the UK financial system by significantly increasing the risk that Canara could be used for the purposes of domestic and international money laundering, terrorist financing and those seeking to evade taxation or the implementation of sanction requirements”.
CBA’s fine is far higher than Canara’s punishment for similar violations, and roughly on a par with the sanction meted out to US Bancorp – albeit the latter was for more serious criminal wrongdoing. It is also comparable to the US$665 million (A$874 million) penalty imposed on HSBC (plus US$1.26 billion in sacrificed profits). Unlike CBA, HSBC was punished for “willfully failing” to maintain proper money-laundering controls.
Yet the proceeds from HSBC’s violations stretching back to the 1990s were staggering: at least US$881 million in laundered drug money; a failure to monitor more than US$670 billion in wire transfers and over US$9.4 billion in purchases of physical US dollars from HSBC Mexico; some US$660 million in sanctions-prohibited transactions; and evidence of deliberate sanctions violations by processing transactions to parties in Iran, Cuba, Burma, Sudan, and Libya.
A fair punishment?
The size of CBA’s penalty seems to be more in line with banks that have deliberately flouted money-laundering laws, rather than the smaller punishments handed to banks that did so unintentionally. It is tempting to conclude that this is influenced by the current prevailing mood to “send a message” to financial institutions.
What’s more, we cannot necessarily assume that the fine will act as a deterrent. The penalty is not paid by the CBA staff who acted wrongly; it is paid by the bank, ultimately by the shareholders.
Similarly, the cost of managing enhanced scrutiny and investing in additional compliance machinery will be passed on to customers in the form of higher charges and fees. Likewise, if banks become excessively cautious because of apprehensions about overenforcement, that will impact services and reduce profitability – again harming innocent people.
The punishment must always fit the crime. Excessive punishment is counterproductive and creates additional victims.
If the purpose was really to tackle wrongdoing, the CBA staff who were responsible for the violations should have been identified and penalised.
The A$700 million fine is good for political posturing but will hurt customers and shareholders the most. Bank-bashing has a cost, and it is paid by ordinary people, not politicians.
Author: Sandeep Gopalan, Pro Vice-Chancellor (Academic Innovation) & Professor of Law, Deakin University
Commonwealth Bank of Australia (CBA) has announced it has entered into an agreement with AUSTRAC, the Australian Government’s financial intelligence agency, to resolve the civil proceedings commenced by AUSTRAC in the Federal Court of Australia on 3 August 2017.
The agreement follows Court-ordered mediation between CBA and AUSTRAC and remains subject to Court approval. As part of the agreement:
CBA will pay a civil penalty of $700 million together with AUSTRAC’s legal costs of $2.5 million.
CBA has admitted further contraventions of Australia’s Anti-Money Laundering and Counter-Terrorism(AML/CTF) Act, beyond those already admitted, including contraventions in risk procedures, reporting,monitoring and customer due-diligence.
AUSTRAC’s civil proceedings are otherwise dismissed.
CBA Chief Executive Officer Matt Comyn said: “This agreement, while it still needs to be approved by the Federal Court, brings certainty to one of the most significant issues we have faced.
“While not deliberate, we fully appreciate the seriousness of the mistakes we made. Our agreement today is a clear acknowledgement of our failures and is an important step towards moving the bank forward. On behalf of Commonwealth Bank, I apologise to the community for letting them down.
“Banks have a critical role to play in combating financial crime and protecting the integrity of the financial system. In reaching this position, we have also agreed with AUSTRAC that we will work closely together based on an open and constructive approach.
“We are committed to build on the significant changes made in recent years as part of a comprehensive program to improve operational risk management and compliance at the bank. To date we have spent over $400 million on systems, processes and people relating to AML/CTF compliance and will continue to prioritise investment in this area.
“We have changed senior leadership in the key roles overseeing financial crimes compliance supported by significant resources and clear accountabilities.
“We have started implementing our response to the recommendations provided to us by our prudential regulator, APRA, to ensure our governance, culture and accountability frameworks and practices meet the high standards expected of us.
“I am also very focused on ensuring we have clear lines of accountability across our entire business. This includes an approach to risk management that recognises the importance of non-financial risks, including an escalation framework that ensures key operational and compliance issues such as these are identified, escalated and resolved in a timely manner.
“These changes are part of a large and concerted effort to become a better, stronger bank – one that earns the trust of our customers, staff, regulators and shareholders. Today is another very important step forward, and continuing to make the changes we need in an open, transparent and timely way is my absolute priority as CBA’s new chief executive,” Mr Comyn said.
CBA provided for an estimated penalty of $375 million in the half year ending 31 December 2017 at which time the bank noted the proceedings were complex and ongoing, and the ultimate penalty determined by the Court may be higher or lower than the amount provided for. CBA will recognise a $700 million provision in its financial statements for the full year ending 30 June 2018 which will be announced on 8 August.
Background
The settlement with AUSTRAC includes a Statement of Agreed Facts and Admissions. A copy of the Statement is attached to this announcement and is available on CBA’s website. In summary, as part of the agreement CBA has admitted to:
Late filing of 53,506 Threshold Transaction Reports for cash deposits through Intelligent Deposit Machines (IDMs).
Inadequate adherence to risk assessment requirements for IDMs on 14 occasions.
Transaction monitoring did not operate as intended in respect of a number of accounts between October 2012 and October 2015.
149 Suspicious Matter Reports were filed late or were not filed as required.
Ongoing customer due-diligence requirements were breached in respect of 80 customers.
We appreciate the key role we play in supporting law enforcement to fight financial crime. Our contribution includes:
During the period of the claim, we submitted more than 44,000 Suspicious Matter Reports, including 264 SMRs in relation to the syndicates and individuals referred to in AUSTRAC’s claim.
We submitted more than 19 million reports to AUSTRAC (including SMRs, TTRs and international fund transfer instructions) during the period covered by the AUSTRAC claim up to the end of 2017. We submitted over 4 million of these reports to AUSTRAC in 2017 alone.
We responded to approximately 20,000 law enforcement requests for assistance in 2017.
CBA has made significant progress in strengthening its policies, processes and systems relating to its obligations under the AML/CTF Act through our Program of Action. This is a continuing process of improvement and has already included:
Boosting AML/CTF capability and reporting by hiring additional financial crime operations, compliance and risk professionals with more than 300 professionals dedicated to financial crimes operations, compliance and risk across the group.
Strengthening Know Your Customer processes with the establishment in 2016 of a specialist hub providing consistent and high-quality on-boarding of customers, at a cost of more than $85 million.
Launching an upgraded financial crime technology platform used to monitor accounts and transactions for suspicious activity.
Adding new controls such as using enhanced digital electronic customer verification processes to supplement face-to-face identification to reduce the risk of document fraud.
Introducing an account based daily limit of $10,000 for cash deposits using IDMs, the first Australian bank to do so.