• The big Aussie AML battle in the bush is over.
• After months of haggling in a widely-watched game of brinkmanship, Australia’s top financial regulator has issued a record, statement making penalty of more than $1 billion against the country’s second largest bank for fincrime compliance failings – the most serious of which tied to exploiting children.
• The Australian Transaction Reports and Analysis Centre (Austrac) and Westpac have agreed to a $1.3 billion penalty – less than the originally desired $1.5 billion, but far more than the $900 million set aside by the bank, a figure the institution said it would not budge from in negotiations.
• The millions of anti-money laundering (AML) failings involving billions of dollars in transfers form the foundation of the fine, an amount that “reflects the seriousness and magnitude of compliance failings by Westpac,” according to Austrac.
• The penalty has several key takeaways for fincrime compliance professionals in Australia – and the world over.
• In short, AML teams must better get to know the nuanced transaction trails tied to child exploitation networks, just as they have in recent years related to human trafficking groups, and keep better oversight of regions at a higher risk for child exploitation, including gaps through leaky correspondent portals.
• The penalties also echo the grumblings from regulators in the United States, Europe and the Nordic and Baltic Regions, where examiners have also cited institutions for broad failures in AML 101 areas.
• Which ones? These might sound familiar: the depth and accuracy of customer due diligence, how those figures inform the risk assessment and how those scores tune the transaction monitoring system – the beating electronic heart of any fincrime compliance program.

After months of haggling, behind the scenes negotiations and a widely-watched game of brinkmanship on both sides, Australia’s top financial regulator has issued a record, statement making penalty of more than $1 billion against one of the country’s largest banks for financial crime and compliance failings – the most serious of which tied to exploiting children.

The Australian Transaction Reports and Analysis Centre (Austrac) and Westpac have agreed to a $1.3 billion penalty – less than the originally ballyhooed $1.5 billion the regulator initially sought, but far more than the $900 million set aside by the bank, a figure the institution said it would not budge.

The millions of anti-money laundering (AML) failings involving billions of dollars in transfers form the foundation of the fine, an amount that “reflects the seriousness and magnitude of compliance failings by Westpac,” according to Austrac.

To read the announcement, statement of facts and notice of filing, click here, here and here.

The penalty has several key takeaways for fincrime compliance professionals in Australia – and the world over.

In essence, AML teams must better get to know the nuanced transaction trails tied to child exploitation networks, just as they have in recent years tied to human trafficking, and keep better oversight of regions at a higher risk for child exploitation, including through leaky correspondent portals.

More broadly, banks are trying to band together to better identify transaction patterns tied to exploiting children, particularly tied to online streaming.

That is one of the goals set out by the Egmont Group of Financial Intelligence Units (FIUs), which include many of the largest countries in the world.

The group, as part of a Jointly-led project by AUSTRAC, Australia, UKFIU, United Kingdom and AMLC, Philippines, is collaborating with INTERPOL and the FIUs from around the globe to better understand the financial and banking components of the online streaming of child sexual abuse and exploitation (CSAE) material.

To review the group’s just released findings, click here.

The Egmont Group report also noted the potential involvement of organized crime in such exploitation networks.

“In impoverished communities, online streaming offers a financial incentive for criminal networks, which creates a commercial element for CSAE,” according to the group. The illicit business models in relation to this activity, whereby offenders pay to view CSAE material via online streaming, means there is a money trail in the form of payments and profits.”

While it is noted that a lack of large profits means wide-scale involvement of organized criminal groups (OCGs) is likely to be limited, there “is some evidence of criminal business structures in developing countries exploiting the commercial opportunities presented by online streaming of CSAE.”

The AML penalties also echo the grumblings and mirror the compliance flashpoint issues in places like the United States, Europe and the Nordic and Regions.

In the regions, regulators have repeatedly cited institutions for broad failures in core, foundational areas of the AML program, such as the depth and accuracy of customer due diligence, how those figures inform the risk assessment and how those scores tune the transaction monitoring system – the electronic heart and digital brain of most compliance programs.

The Federal Court of Australia will now consider the proposed settlement and penalty. If the Federal Court determines the proposed penalty is appropriate, the “penalty order made will represent the largest ever civil penalty in Australian history.”

In the settlement, Westpac admitted to breaching Australia’s chief AML regulations on more than 23 million occasions, exposing Australia’s financial system to criminal exploitation.

In summary, Westpac admitted that it failed to:

• Properly report over 19.5 million International Funds Transfer Instructions (IFTIs) amounting to over $11 billion dollars to Austrac.
• Pass on information relating to the origin of some of these international funds transfers, and to pass on information about the source of funds to other banks in the transfer chain, which these banks needed to manage their own ML/TF risks.
• Keep records relating to the origin of some of these international funds transfers.
• Appropriately assess and monitor the risks associated with the movement of money into and out of Australia through its correspondent banking relationships, including with known higher risk jurisdictions.
• Carry out appropriate customer due diligence in relation to suspicious transactions associated with possible child exploitation.

In reaching the agreement, Westpac also admitted to “approximately 76,000 additional contraventions which expand the original statement of claim,” according to Austrac.  

“These new contraventions relate to information that came to light after the civil penalty action was launched last year and relate to additional IFTI reporting failures, failures to reasonably monitor customers for transactions related to possible child exploitation, and two further failures to assess the money laundering and terrorism financing risks associated with correspondent banking relationships.”

AUSTRAC’s Chief Executive Officer, Nicole Rose PSM, said the settlement “sends a strong message to industry that Austrac will take action to ensure our financial system remains strong so it cannot be exploited by criminals.”

“Our role is to harden the financial system against serious crime and terrorism financing and this penalty reflects the serious and systemic nature of Westpac’s non-compliance,” she said.

“Westpac’s failure to implement effective transaction monitoring programs, and its failure to submit IFTI reports to Austrac and apply enhanced customer due diligence in relation to suspicious transactions, meant Austrac and law enforcement were missing critical intelligence to support police investigations.”

Such a large number of breaches over several years was “unacceptable and could have been avoided with better assurance and oversight processes to identify ongoing reporting failures,” Rose said, adding that, on the plus side, Westpac continues to partner with Austrac and assist law enforcement agencies to stop financial crime through private-public partnerships, including the the Fintel Alliance.

In the months of negotiations, it was clear Austrac wanted to break the billion-dollar barrier – and Westpac did not want to let them.

Those figures are significant because they would have, and eventually did, set a new precedent for penalty ceilings in Australia for systemic AML program failings.

Austrac has only had a handful of major AML enforcement actions with U.S.-style penalty figures – with all of them south of $1 billion Aussie dollars.

The U.S. still has the highest ever compliance and sanctions penalty ever handed out at just shy of $9 billion against BNP Paribas in 2015, with the bulk of that tied to dealing with blacklisted regimes.

In August 2017 Austrac applied for a civil penalty order under the AML/CTF Act against the Commonwealth Bank of Australia (CBA). In June 2018, the Federal Court ordered CBA to pay a penalty of A$700 million.

Prior to that, in 2015, Austrac applied for a civil penalty order under AML regulations against Tab Ltd, Tabcorp Holdings Ltd and Tabcorp Wagering (Vic) Pty Ltd (‘Tabcorp’). In early 2017, the Federal Court ordered Tabcorp to pay a penalty of A$45 million.

Even as sabers continued to clash in recent months behind the scenes with legal thrusts and parries in court, Austrac has already exacted a pound of flesh, causing executive upheaval at the highest levels of Westpac.

In November, in the wake of Austrac’s penalty order, Westpac stated its chief executive and chairman would be stepping down in response to the scandal.

Bowing to shareholder pressure, the bank stated at the time that Brian Hartzer would leave Dec. 2 after more than four years as CEO and managing director.

At the same time, Lindsay Maxsted, the chairman of almost eight years, agreed to voluntary retire in the first half of 2020.

The managerial bloodletting was clearly done by Westpac in hopes of proving to regulators the bank has changed its tune on compliance – a potential hard sell, however, reviewing how it treated a top compliance professional working to rectify the issues.

“As CEO I accept that I am ultimately accountable for everything that happens at the bank. And it is clear that we have fallen well short of what the community expects of us, and we expect of ourselves,” Hartzer said at the time of his departure.

The news is tinged with irony as other media reports highlighted at the time that Westpac in its initial response to compliance problems didn’t support the compliance professional who brought the failings to the bank’s attention, but instead tried to bury the dirt, removing her from the position.

Westpac also laid out a four-page Austrac and overall compliance remediation “Response Plan,” which details some of the more pressing and longer term plans the bank has to address issues uncovered internally and externally, including:

• Immediate fixes, including closing LitePay, a remittance arm that allowed wires of thousands of dollars for a flat fee, but failed in user oversight and transaction monitoring.
• Lifting our standards, including priority screening and improving cross-industry data sharing, a move done as a mea culpa to help better identify larger, interconnected crimes.
• Protecting people, including investments to reduce the human impact of financial crime, in the form of spending more than $30 million on various initiatives to better spotlight and protect children and convene with experts to better be part of the solution and not the problem.

The news of executive upheaval roughly coincides with Westpac stating it will invest $25 million Australian dollars to improve cross-border and cross-industry data sharing and analysis as one of the “immediate fixes” as part of its response plan, following issues raised by Austrac.

That is also in-line with other global banks strengthening public-private partnerships to both boost compliance and become more aligned with law enforcement trends and needs, according to media reports.

The Westpac saga is turning into Australia’s version of the Danske Bank scandal, with an institution taking the rare step of jettisoning seemingly entrenched executives as a show of faith, force and fealty to regulators.

The scandal against Danske, Denmark’s biggest bank, originated after it failed to adequately scrutinze about 200 billion euros in non-resident flows through its Estonian operations, much of which was subsequently deemed suspicious.

Since the money laundering case erupted, Danske has replaced a number of executives and board members to bring in people who aren’t tainted by the scandal – a more stringent response than many high-profile U.S. AML penalties, where the penalties are higher, but against individuals, only a few compliance deck chairs get moved around.

The money laundering scandal and related investigations have resulted in Estonia booting Danske out of the country and has spawned aggressive investigations into banks in the Nordic and Baltic regions and the United States, particularly Swedbank and Deutsche Bank, among others.

At the supranational level, the Danske scandal has caused European Union regulators, at the country and bloc level, to engage in a game of naming, blaming and shaming, with accusations and recriminations at all levels – the tacit meaning that Austrac also has its name and reputation as a top enforcement body on the line with the world watching how it would negotiated the Westpac fine.

In recent months, the EU has pushed to create a dedicated pan-bloc AML oversight and enforcement body that would put regional regulators in the hot seat and better attempt to see fincrime vulnerabilities happening across multiple member states.

The future similarly looks costly for Westpac when it comes to compliance.

What is clear reading these stories is that the bank also had a failure of what U.S. regulators call a “culture of compliance” where a financial crime compliance officer is valued, their concerns addressed and suggestions taken seriously and implemented.

In the case of Westpac, the compliance officer who first found the problems and was working for months to get to the root of the issue, was given the sacrificial lamb treatment, most likely as a way for the bank to quickly and immediately show Austrac it “did something.”

If that culture doesn’t change, along with setting a compliance “tone at the top,” a common U.S. regulatory refrain, all the technology improvements and investments to various child protection organizations in the world won’t make the changes needed.

Westpac needs all the pieces of the puzzle to come together – technology, resources, culture and authority for AML investigators – to go from a failing entity from a compliance perspective to a law enforcement ally championing the safety of children and all other vulnerable groups.

In the United States, the bank has also been sued by more than half a dozen groups as part of a bevy of class action lawsuits.

The latest suit, filed earlier this year by investor rights law firm Bernstein Liebhard in a U.S. court, came just days after six U.S.-based law firms announced similar class-action lawsuits against the lender.

Westpac in statements had cautioned that similar suits may follow, while responding to New York-based Rosen Law Firm’s suit, according to media reports and court filings.

Bernstein said in a statement the class action was filed on behalf of investors who bought Westpac’s securities between Nov. 11, 2015 and Nov. 19, 2019.

The law firm accused the lender of not carrying out appropriate due diligence on transactions in Southeast Asia and the Philippines and failing to monitor terrorism financing risks with movement of money into and out of Australia among others.

This is not entirely unexpected.

In the face of several high-profile fincrime compliance failures in Australia and the Nordic and Baltic regions, investors have fumed in the face of falling stock prices and levied lawsuits at the institutions.

As difficult as this will be for Westpac, there is one bright spot for the broader AML compliance community: this cautionary tale could be great leverage to use when counter-crime teams are trying to get more budget to improve training, systems and overall resources.