Westpac Banking Corporation has said "a mix of technology and human error" and "deficient financial crime processes" were to blame for its failure to comply with anti-money laundering obligations.
The bank is accused by the Australian Transaction Reports and Analysis Centre (Austrac) for being involved in "systemic non-compliance" with the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act on over 23 million occasions.
"While the compliance failures were serious, the problems were faults of omission. There was no evidence of intentional wrongdoing," CEO Peter King said.
Specifically, Austrac said the bank consistently failed to assess and monitor ongoing money laundering and terrorism financing risks; report over 19.5 million International Funds Transfer Instructions (IFTIs) to Austrac over nearly five years for transfers both into and out of Australia; pass on information about the source of funds to other banks in the transfer chain; keep records relating to the origin of some of these international funds transfers; and carry out appropriate customer due diligence on transactions in the Philippines and South East Asia that were related to potential child exploitation risks.
To date, the parties have been unable to reach agreement on all issues and so some aspects of the dispute are continuing through the court process.
"It's been my experience since joining the bank that Westpac deeply regrets this matter," Westpac chairman John McFarlane said in the bank's 48-page report released on Thursday on its own investigation into the compliance issues.
"We are all committed to fixing these issues so they don't happen again."
Westpac said it identified three primary causes of the AML/CTF compliance failures: Some parts of the related risk were not sufficiently understood within Westpac; there were unclear end-to-end accountabilities for managing compliance; and there was a lack of sufficient expertise and resourcing.
The report said investigations have formed a central conclusion that Westpac's AML/CTF risk culture was immature and reactive, noting that this had the effect of the bank not giving enough priority to the identification and management of some important elements of AML/CTF risk.
"For the large majority of the non-reported IFTIs, failings can be traced back to the IFTI implementation program which started in 2009, where resource constraints in the relevant technology team impacted the successful implementation of the project," the report said.
"In 2011/12, there was also a high turnover of staff where a whole team departed to join another organisation. The loss of continuity and specialist knowledge associated with these departures contributed to the implementation errors."
Westpac also admitted that it did not monitor 12 customers sufficiently to identify, mitigate, and manage the risk they may engage in behaviours consistent with child exploitation risk.
It also said that for a period, there was no formal register kept to capture relevant Austrac guidance.
"Westpac has made admissions that some of its processes and procedures fell short of the legal standard required," it said.
Westpac said the time period in question -- 2013-2019 -- was one where a number of "relevant trends were evident", including rapid changes in technology in the financial services sector, an increasing focus on financial crime, an increased expectation that all companies had a "social licence" obligation to meet, and increasing expectations about what boards can and should do.
"The ignition event for the IFTIs breaches occurred in 2010 and the problem persisted for some years until self-reported by Westpac," it said. "A relatively small IT project involving a software upgrade and complex plumbing to connect to other systems was not completed satisfactorily and resulted in regulatory reporting deficiencies, which the bank's control and reconciliation processes failed to detect for some years."
In delivering its first-half results last month, Westpac said it would put aside just over AU$1 billion for Austrac proceedings, including a provision for a potential penalty of AU$900 million and AU$127 million for a response plan.
In addition to losing CEO Brian Hartzer, Westpac on Thursday said a number of individuals covered by the investigation have already left the bank.
- Westpac coughs up AU$25m to improve data sharing amid Austrac claims
- Westpac's Juno system centralising risk compliance issues
- Westpac tracking vulnerable customers to escalate service level
- Commonwealth Bank and Austrac reach AU$700m agreement over anti-money laundering breaches
- Austrac orders financial crime compliance audit of PayPal Australia