This article is a case study of the regulatory fines and enforcement actions relating to CDD/KYC failures. On September 24th, 2020, Westpac Banking Corporation (Westpac) agreed to pay AU$1.3 billion in penalties for admitted breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act (AML/CTF Act) in a proposed settlement with the Australian Transaction Reports and Analysis Centre (AUSTRAC).
Proposition of penalty to Westpac
The proposed settlement and penalty, awarded to reflect “the serious and systemic nature of Westpac’s non-compliance,” is subject to approval by the Federal Court of Australia. If approved, the penalty will become the highest civil penalty ever awarded in Australia, almost doubling the AU$700 million civil penalties imposed on the Commonwealth Bank of Australia for AML non-compliance in 2018.
The case is a reminder for all New Zealand financial institutions to ensure that their AML controls, particularly those about correspondent banking, transaction reporting, and customer due diligence, are up to date, well understood, and implemented effectively.
Regulatory fines and enforcement actions relating To CDD/KYC failures against Westpac
Westpac has correspondent banking relationships with international banks, which allow for the international transfer of funds by customers of those correspondent banks to beneficiaries in Australia and overseas. Correspondent banking involves higher money laundering and terrorism financing risks associated with cross-border movements of funds, foreign jurisdictions, and the (lack of) transparency regarding customer identity and source of funds.
AUSTRAC commenced proceedings in the Federal Court if Australia on November 20th, 2019, seeking declarations that Westpac breached various provisions of the AML/CTF Act. These claims were based on alleged reporting and monitoring failures relating to transfers of international funds. Specifically:
- failures relating to the reporting of international funds transfer instructions (IFTI): Westpac is required to provide AUSTRAC with a report on IFTI received or sent within 10 business days of the instruction. AUSTRAC claimed that Westpac was in breach of this requirement 23 million times by failing to properly vet and report thousands of international transactions;
- failure to assess the money laundering and terrorism financing risks associated with correspondent banking relationships;
- failure to reasonably monitor customers for transactions related to or fitting the pattern of possible child exploitation.
Westpac internal investigation
Westpac undertook its internal investigation. In its report issued in June 2020, it acknowledged many of AUSTRAC’s claims, pointing to technological failures, leadership misjudgments, and poor systems for the breaches. In July 2020, Westpac published a further report reassessing its corporate culture, identifying ongoing concerns including that its non-financial risk culture is still immature and reactive.
Non-compliance to CDD/KYC will result in a penalty from the government’s financial intelligence agency. The case is a reminder for all organizations and financial institutions to ensure that their AML controls, particularly those about correspondent banking, transaction reporting, and customer due diligence, are up to date, well understood, and implemented effectively.