Why have one when you can have two? That is not an unreasonable expectation when your favourite cricket team has just hit a six off the penultimate ball of the innings to get within five runs of victory. Or when, as a struggling university graduate, you receive two great job offers on consecutive days.
However, the same cannot be said of the Commonwealth Bank of Australia Limited (“CBA”). Less than two weeks ago, AUSTRAC announced that it had initiated civil proceedings against CBA in regard to serious and systemic issues relating to alleged contraventions of the Anti-Money Laundering and Counter-Terrorism Financing Act (Cth) 2006. This involved the use of Intelligent Deposit Machines (“IDMs”) - a type of ATM which accepts cash deposits (amongst other things).
AUSTRAC alleges that the IDMs accepted up to $20,000 per cash transaction and then these amounts were directly credited to a CBA account. However, in doing so, CBA was not able to properly report to AUSTRAC the full details of a Threshold Transaction, (the transfer of physical currency or e-currency of $10,000 or more). Further, it did not fully report these transactions as suspicious. Even if the alleged perpetrators tried to disguise the nature of what they were doing by depositing amounts less than the threshold, CBA would still have an obligation to note any attempts to structure transactions to avoid the Threshold Transactions Reporting requirements. (Structuring involves splitting transactions into separate amounts under $10,000 to avoid the threshold transaction reporting obligations).
So where to now? CBA has indicated that they are likely to fight AUSTRAC’s proceedings due to the fact that it never deliberately undertook action that enable any form of crime. CBA noted that a coding error with the new IDMs was behind most of the breaches.
It is important to note that there were 53,506 alleged breaches. That amount of quantum defines systemic and serious. If CBA did not know, then it ought to have known.
CBA finds itself in a lose-lose predicament. Assuming the allegations can be substantiated, then how appropriate were CBA’s policies and procedures? If they were not adequate, then CBA finds itself in a pot of bother. If it did have robust procedures, then they were not sufficiently robust to negate such actions. Where was management? Reports indicate that CBA workers at the branch level became aware of certain irregularities owing to the fact that some of the IDMs would have been located at the branch. Did they properly report their concerns. If so, why did it take so long for CBA’s AML/CTF department to investigate?
So now we come to the regulatory tag team. Just when you thought you had matched Hulk Hogan, in comes Andre the Giant to finish you off. In a similar manner to WWE, ASIC is considering pursuing a case against CBA in that its directors acted contrary to their general duties - that is, to act with care and diligence and in good faith. ASIC may focus their case on the following three areas:
Did the directors weigh up the risks to CBA’s reputation when deciding how to respond to AUSTRAC's allegations?
Was there continuous disclosure to the sharemarket about the AUSTRAC allegations?
Was there continuous disclosure to the sharemarket about the accounting disclosure in regards to contingent liability?
STOP PRESS: Things do indeed come in twos. ASIC has just released a media release advising that CBA will refund over 65,000 customers approximately $10 million after selling them unsuitable consumer credit insurance.
Sigh.
Should you have any queries about AUSTRAC or other issues involving compliance, licensing, or corporate governance, please contact Jeremy Danon, director of Ariel & Associates Pty Ltd on (02) 8223 3355 or at jeremy@ariel.associates.