'Alarm bells ringing': laundering claims rain on CBA's parade
Commonwealth Bank staff at the Market City branch in Sydney's Chinatown were getting suspicious, watching the same customer making cash deposits of just under $10,000.
It was July 2015 and the customer was following a pattern they had seen elsewhere: ploughing cash into an intelligent deposit machine (IDM) just below the threshold where such deposits must be reported to authorities. Soon afterwards the money would be sent money overseas.
ASIC considers action against CBA
The corporate regulator will investigate whether the CBA's board complied with continuous disclosure laws when it decided not to alert investors to suspicious behaviour.
To the bankers, it raised a clear key risk they were trained to spot: compliance with anti-money laundering (AML) and counter-terrorism finance (CTF) laws.
"Frequent IDM deposits of just under $10K cash. AML/CTF alarm bells ringing," said an alert from the branch to CBA's anti-money laundering team.
RELATED ARTICLES
"Please monitor and investigate to prevent further loss to the group."
Yet when the bank's anti-money laundering team reviewed the alert, they lodged a "suspicious matter report" with authorities but undertook no customer due diligence, despite the "very high and specifically detailed risks," alleges AUSTRAC – the watchdog for money laundering.
Later, it emerged the account had been taken out in a fake name and used to launder money, AUSTRAC says in court documents filed last week, which also allege mass breaches of anti-money laundering laws by the country's biggest bank.
CBA chief executive Ian Narev.. Photo: Peter Braig
Chief executive Ian Narev faces questions over how sustainable his position was leading the bank, even as he delivered a bumper $9.9 billion profit, after the latest scandal to occur under his leadership.
CBA's board, led by chairwoman Catherine Livingstone, responded to fierce public scrutiny by axing millions of dollars in executive bonuses and setting up a high-level committee to respond to the allegations amid continuing pressure for further action to hold responsible staff to account.
But will this be enough to stem the pressure from investors, regulators and politicians on the bank and its bosses?
By the end of the week, CBA had found itself under fire from some of the most powerful economic figures in the country, with Treasurer Scott Morrison slamming its "epic fail" and the Australian Securities and Investments Commission investigating whether the bank board and staff met their duties under corporate law.
Reserve Bank governor Philip Lowe joined the critics, attacking the sector's focus on "short-term" profit at the expense of customers, and managing risks.
"The desire for short-term profit has meant not enough attention is being paid to risk management, trust has been strained, banks know that," he said, speaking about the industry more broadly.
Reserve Bank of Australia governor Philip Lowe lashed the banks.
Photo: Paul Jeffers
The allegations also raise wider questions about the risks created by the digital finance revolution. In an age when technology is only going to make banking more automated, and CBA is regarded as the most technologically adept bank, what lessons do the scandal hold for other banks?
Reputations hit
Trust is perhaps the most important commodity banks possess.
For that reason, some believe the most damaging aspect of the AUSTRAC case may not be any fine – though some analysts predict this could run into the billions of dollars – but the hit to CBA's reputation.
Narev and Livingstone acknowledge this hit has already occurred to some extent. In fact Livingstone said "risk and reputation matters" lay behind the board's move to cut bonuses.
Yet some broking analysts warn there could be more to come.
CBA's share price has already slumped more than 4 per cent since the allegations, but the prospect of a looming court battle with AUSTRAC and any blowback from politicians and other regulators may inflict a further cost on the 800,000 shareholders of CBA.
UBS analyst Jonathan Mott this week told clients the allegations would be an "ongoing drag on its reputation", detracting from a profit result that beat expectations and was "clean with few issues of concern".
CLSA's Brian Johnson told clients the brand of the country's largest retail bank would be "tarnished" and put the latest allegations in the context that it was also found to have last year wrongly knocked back some life insurance claims.
Johnson said the CommInsure scandal "magnified a degree of distrust between all of the Australian banks, their retail customers, but just as importantly politicians".
"CBA seem to make more missteps than peers which must inevitably impact customer perceptions of the CBA brand," he said.
ASIC chairman Greg Medcraft also said directors needed to be aware of potential damage to reputations when he revealed on Friday the regulator was investigating whether CBA and its directors might have breached the Corporations Act.
ASIC chairman Greg Medcraft slammed banks over cultural failures.
Photo: Christopher Pearce
The other reputation being affected is that of Narev – a point he acknowledged this week, as he also signalled he would not be resigning.
Narev conceded the bank had made "mistakes", that the allegations "reflect on me as chief executive", and that the buck stopped with him.
"I am here because I am accountable for representing the bank and I am accountable for everything that happens in the institution under my watch," Narev said on the ABC's
7.30.
Whether this performance will be enough to take some of the fierce heat off CBA – and indeed for how long Narev will remain chief – remains to be seen.
Bank watchers in the financial markets generally praise his discipline in staying "on message" and the fact that he fronted up to face the media. They stress the matter is yet to be decided by the court, while CBA investors also backed the board's decision to cut bonuses as a first step.
A corporate governance expert said the bonus cut was unprecedented in the banking sector, though it is likely the bank's annual report, to be published on Monday, will still show top executives still received multimillion-dollar pay packets.
"I'm not a believer that if something bad happens, you just have to get rid of people," said Angus Gluskie, managing director of $650 million White Funds Management, a CBA investor.
"There's a little tarnishing of reputations there and that's going to be in investors' memories going forward, but I don't think people will look at this and say they've got some massive problem across the organisation," Gluskie said.
But others who are further removed from the banks were more critical of the bank – and Narev's performance.
While Narev did admit there had been mistakes made, he did not apologise and did not directly answer if anyone had lost their job as a direct result of the allegations, instead saying there were "changes of leadership in key roles".
Adam Kilgour, managing director of public affairs firm Diplomacy, says Narev's response this week appeared overly defensive, when he should have been trying to show contrition and demonstrate he is changing the bank's culture.
"I did not hear one apology, I didn't hear any contrition," says Kilgour, who advises boards on managing their reputations. "It's not just the money laundering allegations, it's two or three years of cock-ups."
With banks already on the nose among the public, politicians and regulators did not ease up on CBA either.
Labor was openly questioning Narev's position. Shadow financial services minister Katy Gallagher said: "I think there are questions about whether the Commonwealth Bank is being well led."
Treasurer Scott Morrison on Thursday also stuck the boot into CBA repeatedly, after the board's promises to cut bonuses and hold those responsible to account.
While noting the case was before the courts, the Treasurer also could not resist taking a swipe at the bank's "epic fail", suggesting the matter raised "very troubling" issues of culture and governance.
Morrison made a point of this week saying the government was "prepared to consider all options" in relation to CBA, and in a separate radio interview on Thursday, Morrison said he was not about to give banks any "leave passes".
ASIC's Medcraft, meanwhile, said he was "quite disappointed" that he had only found out about the AUSTRAC action when it went to court.
While he praised the jobs Livingstone and Narev had done, he also said it was disappointing he was not told about the matter at a meeting two days before the action was lodged. That meeting was one ASIC had arranged to discuss "real risks" on the horizon for the country's biggest financial institutions.
"It's just very disappointing and I think, as I've said, I think it's a problem of culture in the organisation," Medcraft said on Friday.
He did not make any comment about whether he would have expected AUSTRAC to give him warning of the action.
Systems spotlight
Aside from the damage to CBA's standing, the allegations highlight an inherent tension in banking: all the emphasis on making life easier for customers, including through digital technology, can create new risks if not properly managed.
One of the key areas where CBA this week said it had spent an extra $85 million in the past two years is its "know your customer" systems.
This is essentially the obligation on banks to know who they are doing business with. An industry source points out, however, that there are commercial pressures to remove the "friction" from banking – by asking fewer questions of people, it is faster to sign them up to a new product.
Taking the extra time to ask more questions, however, will tell a bank more about its customers.
The allegations are also putting the spotlight on parts of the bank that normally get little public attention but are crucial: their internal compliance systems, and the lines of accountability in these enormous bureaucracies
CBA has more than 50,000 staff and Narev also highlighted the sheer complexity of the company's structure and the potential for lines of accountability to be blurred in such a large bureaucracy. When asked which part of the bank was ultimately responsible for the IDMs, Narev nominated four different areas that could be involved.
"Clearly, part of what we look at if events like this occur is, are the accountabilities clear enough?" he said.
Other banks have been keen to distance themselves from the CBA, with ANZ Bank this week saying AUSTRAC had reviewed its IDMs and this year found no evidence of non-compliance.
Even so, the scandal highlights key industry-wide challenges.
Managing director of anti-money laundering firm Kyckr, David Cassidy, points out AUSTRAC had given Australian banks a "very poor report card" on AML compliance in recent years, urging them to invest more in knowing about who they were dealing with as customers.
He says that under the law, banks must hold "accurate and current" information about their customers – a threshold that's not always being met.
"The big problem is that many financial institutions are not focused enough on assessing who these customers are that they provide accounts to," Cassidy says.
Anthony Quinn, who previously ran anti-money laundering compliance at Macquarie's retail bank, says it is a reminder for all banks of the importance of proper risk assessments and regular independent reviews to spot "compliance gaps".
"The action taken against CBA should put all financial institutions on notice that AUSTRAC expect full compliance with the AML/CTF Act and highlights the importance of getting the basics right," says Quinn, who is now chief executive of Arctic Intelligence, which helps banks meet financial crime compliance obligations.
UBS' Mott points out anti-money laundering is just one example of "operational risk" in a bank, which refers to risks from losses outside of unpaid loans, such as cyber attacks or mistreating of customers.
These risks are rising, he says, partly because of the digital revolution.
While the boom in digital banking has saved lenders money and makes banking far more convenient, these changes also raise the risks to banks from things such as cyber hacking, coding errors or system outages.
Medcraft on Friday also highlighted the way in which digital banking and automated systems had opened up the potential for mass breaches, as he also suggested the affair could end up being a learning experience.
"I do empathise with the 50,000 employees of CBA, it's actually a very sad thing what's happened, frankly. And I just hope, you've got to learn from this," he said.