Commonwealth Bank of Australia has blamed a software ‘coding error’ for the ‘vast majority’ of the anti-money laundering and counter-terrorism (AML/CT) financing law breaches it was accused of by AUSTRAC last week.
The Australian Transaction Reports and Analysis Centre initiated civil penalty proceedings in the Federal Court against CBA on Friday, for ‘serious and systemic non-compliance’ with AML/CT laws.
AUSTRAC’s action alleges more than 53,700 contraventions, which concern the banks use of intelligent deposit machines.
With the maximum fine for each breach at $18m, the bank faces a potential payout of nearly a trillion dollars – around seven times its market value.
AUSTRAC says the bank failed to provide 53,506 threshold transaction reports for cash transactions of $10,000 or more during a three year period, accounting for a total value of around $624.7 million, the agency said.
The bank also failed to assess the AML/CT risks of intelligent deposit machines before they were rolled out in 2012, or in the following three years.
CBA failed to monitor transactions on 778,370 accounts, in accordance with its own AML/CT requirements, and failed to report suspicious matters either on time or at all involving transactions totalling more than $77 million, AUSTRAC alleges.
Even after CBA became aware of suspected money laundering on its accounts, the bank failed to monitor those customers or take action. AUSTRAC says. This is despite NSW Police telling the bank it was investigating a 'cuckoo smurfing' syndicate, which was laundering money through CBA accounts.
Responding to the allegations this morning, CBA said that when its intelligent deposit machines were first rolled out in May 2012, they provided the necessary threshold transaction reports, until a software update later that year.
“The issue began after an unrelated software update to the IDMs in late 2012. Following the software update, a coding error occurred which meant the IDMs did not create the TTRs needed,” the bank said in a statement.
“This error became apparent in 2015 and within a month of discovering it, we notified AUSTRAC, delivered the missing TTRs and fixed the coding issue.”
Most of the reporting failures alleged by AUSTRAC relate “specifically to this coding error”, the bank said, adding that it recognised there were other allegations that didn’t relate to the TTRs.
CBA said it would file a statement of defence.
It is the latest is a string of scandals to rock Australia’s biggest bank.
“In an organisation as large as Commonwealth Bank, mistakes can be made. We know that because we are a big organisation, these mistakes can have significant impact,” the bank said in a statement.
“We need to be ever more vigilant in the area of financial crime and anti-money laundering. The rapid evolution of technology in banking, the increased sophistication of criminal activity, and higher regulatory expectations together create an imperative to continuously raise our standards."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.