Commonwealth Bank and Austrac reach AU$700m agreement over anti-money laundering breaches

CBA will pay the largest civil penalty in Australian corporate history after previously laying blame on a coding error and disparate data.

The Commonwealth Bank of Australia has entered into an agreement with Australia's financial intelligence and regulatory agency, Austrac, to end civil proceedings brought against it in August 2017.

The agreement sees the bank admitting to 53,750 breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act (AML/CTF), which included failing to hand over 53,506 threshold transaction reports (TTRs) for cash transactions over AU$10,000 to the regulator through intelligent deposit machines (IDMs) for almost three years between November 2012 and September 2015; and that for a period of three years, it did not comply with its AML/CTF program across 778,370 transactions.

"Even after it became aware of suspected money laundering or structuring on CBA accounts, it did not monitor its customers to mitigate and manage ML/TF risk, including the ongoing ML/TF risks of doing business with those customers," Austrac said in a statement on Monday.

The terms of the agreement will see the bank pay AU$700 million, along with Austrac's legal cost of AU$2.5 million, and the regulator's proceedings dismissed. The agreement still needs to be approved by the Federal Court.

"As we have seen in this case, criminals will exploit poor business practices to launder the proceeds of their crimes," Austrac CEO Nicole Rose said.

"We know that businesses are the first line of defence in protecting the community and our financial system from criminal abuse, and it is critical for AML/CTF compliance and risk management to be embedded in business strategy and practices."

In its initial response in August, CBA claimed that much of the blame for its lack of filing was due to a "coding error".

"The issue began after an unrelated software update to the IDMs in late 2012," the bank said at the time. "Following the software update, a coding error occurred which meant the IDMs did not create the TTRs needed. This error became apparent in 2015 and within a month of discovering it, we notified Austrac, delivered the missing TTRs, and fixed the coding issue.

"The vast majority of the reporting failures alleged in the statement of claim (approximately 53,000) relate specifically to this coding error. We recognise that there are other serious allegations in the claim unrelated to the TTRs."

In December, the bank said disparate datasets contributed its contraventions, and that since it was first made aware of the discrepancies in 2015, it launched an upgraded financial crime technology platform used to monitor accounts and transactions for suspicious activity.

At the same time, it said it was adding new controls, such as using "enhanced digital electronic customer verification" processes to supplement face-to-face identification, in an attempt to reduce the risk of document fraud.

"While not deliberate, we fully appreciate the seriousness of the mistakes we made. Our agreement today is a clear acknowledgement of our failures and is an important step towards moving the bank forward. On behalf of Commonwealth Bank, I apologise to the community for letting them down," Commonwealth Bank CEO Matt Comyn said on Monday.

"To date, we have spent over AU$400 million on systems, processes, and people relating to AML/CTF compliance and will continue to prioritise investment in this area. We have changed senior leadership in the key roles overseeing financial crimes compliance supported by significant resources and clear accountabilities."

In February, CBA reported AU$4.9 billion in after-tax profit on revenue of AU$21.3 billion for the first half of 2018. At the time the bank said it has provided for a civil penalty of AU$375 million. On Monday it said will recognise the penalty in its August 8 announcement of its full-year results.

Related Coverage

CBA sent over 650 emails holding data on 10k customers in error

The bank has admitted discovering an issue with emails going to incorrect addresses.

CBA admits disparate data contributed to anti-money laundering contravention

The bank has admitted it was late in filing more than 53,500 reports as required under the Anti-Money Laundering and Counter-Terrorism Financing Act, but has asked for Austrac to consider them as one course of conduct, arguing that it was due to one systems-related error.

Australian bitcoin exchanges to face requirements that put CBA in hot water

Digital currency exchanges in Australia will need to abide by anti-money laundering and counter terrorism funding reporting requirements under a new proposal.

CommBank looks to commercialise blockchain solution down under

The blockchain solution that the Commonwealth Bank of Australia's South African operation TymeDigital has been working on could take shape in Australia, the bank's executive manager of emerging technology has said.

Commonwealth Bank loses chief financial officer to Cayman Islands blockchain firm

Commonwealth Bank CFO Rob Jesudason will leave the country's largest bank to lead Block.one as group president and chief operating officer.