Commonwealth Bank’s $700 million fine will end up punishing its customers


Sandeep Gopalan, Deakin University

The Commonwealth Bank of Australia (CBA) this week agreed to pay a record penalty to settle its violations of anti-money laundering and counter-terrorism financing laws. The A$700 million fine plus legal costs will become final upon the approval of the Federal Court.

The deal was met with market approval, and has allowed regulators to claim victory. Given the public’s current hostility to banks in the wake of revelations from the Banking Royal Commission, politicians also joined the bandwagon and applauded CBA’s loss.

What if the penalty is a sign of mob justice, rather than just deserts? And given the scale of the payout, will the fine also end up further punishing customers and shareholders?




Read more:
After damning the Commonwealth Bank’s management, regulators want the bank to fix itself


Answering these questions requires a close look at the case. CBA was alleged to have violated the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, in several specific ways.

First, it introduced Intelligent Deposit Machines (IDMs) without conducting an independent risk assessment and/or instituting mitigation procedures to tackle money-laundering. Unlike older ATMs, IDMs process cash deposits and make the funds available for transfer immediately. Clearly, criminals could use these features to launder cash gained through crime. CBA wrongly believed that its existing ATM monitoring processes covered these risks.

Second, it was warned about these risks and could have minimised money laundering by imposing daily limits on accounts. CBA refused.

Third, CBA failed to provide transaction reports within 10 business days for cash deposits greater than A$10,000. This violation referred to 53,506 transactions totalling about A$625 million. The failure was due to a coding error – the software was not updated to pick up a new code created for IDM deposits.

Fourth, CBA failed to report transactions with a pattern of money-laundering – apparently misunderstanding its legal obligations.

Fifth, CBA failed to report suspicions about identity fraud – for example, in relation to eight money-laundering syndicates. Therefore, AUSTRAC and law enforcement were unaware of “several million dollars of proceeds of crime mostly connected with drug importation and distribution” that passed into accounts held by CBA.

Sixth, CBA was deficient in monitoring accounts despite warnings from law enforcement – 778,370 accounts were not monitored. CBA was slow to act even after suspicious accounts were terminated, facilitating money-laundering.

Clearly these are significant violations. However, the statement of facts agreed by AUSTRAC and CBA state that the bank did not deliberately or intentionally violate its legal obligations under the relevant laws.

Considering that CBA’s violations were inadvertent, due to technical glitches, and attributable to a mistaken belief about existing systems satisfying legal obligations, the A$700 million fine might be excessive.

International comparisons

By international standards, the fine seems to be very high. This week the UK Financial Conduct Authority fined the British division of India’s Canara Bank £896,100 (A$1.58 million) for “consistent failure” in its money-laundering controls, and for failings “affecting almost all aspects of its business”.

The FCA said the bank’s failings “potentially undermine the integrity of the UK financial system by significantly increasing the risk that Canara could be used for the purposes of domestic and international money laundering, terrorist financing and those seeking to evade taxation or the implementation of sanction requirements”.

In the United States, the Justice Department fined US Bancorp US$528 million (A$694 million) for criminal violations of money-laundering laws and for concealing its behaviour from regulators.

CBA’s fine is far higher than Canara’s punishment for similar violations, and roughly on a par with the sanction meted out to US Bancorp – albeit the latter was for more serious criminal wrongdoing. It is also comparable to the US$665 million (A$874 million) penalty imposed on HSBC (plus US$1.26 billion in sacrificed profits). Unlike CBA, HSBC was punished for “willfully failing” to maintain proper money-laundering controls.

Yet the proceeds from HSBC’s violations stretching back to the 1990s were staggering: at least US$881 million in laundered drug money; a failure to monitor more than US$670 billion in wire transfers and over US$9.4 billion in purchases of physical US dollars from HSBC Mexico; some US$660 million in sanctions-prohibited transactions; and evidence of deliberate sanctions violations by processing transactions to parties in Iran, Cuba, Burma, Sudan, and Libya.

A fair punishment?

The size of CBA’s penalty seems to be more in line with banks that have deliberately flouted money-laundering laws, rather than the smaller punishments handed to banks that did so unintentionally. It is tempting to conclude that this is influenced by the current prevailing mood to “send a message” to financial institutions.

What’s more, we cannot necessarily assume that the fine will act as a deterrent. The penalty is not paid by the CBA staff who acted wrongly; it is paid by the bank, ultimately by the shareholders.

Similarly, the cost of managing enhanced scrutiny and investing in additional compliance machinery will be passed on to customers in the form of higher charges and fees. Likewise, if banks become excessively cautious because of apprehensions about overenforcement, that will impact services and reduce profitability – again harming innocent people.




Read more:
CBA’s board needs to take ultimate responsibility for the bank’s failings


The punishment must always fit the crime. Excessive punishment is counterproductive and creates additional victims.

If the purpose was really to tackle wrongdoing, the CBA staff who were responsible for the violations should have been identified and penalised.

The ConversationThe A$700 million fine is good for political posturing but will hurt customers and shareholders the most. Bank-bashing has a cost, and it is paid by ordinary people, not politicians.

Sandeep Gopalan, Pro Vice-Chancellor (Academic Innovation) & Professor of Law, Deakin University

This article was originally published on The Conversation. Read the original article.

Advertisements

After damning the Commonwealth Bank’s management, regulators want the bank to fix itself


Helen Bird, Swinburne University of Technology

A report on the Commonwealth Bank’s governance, culture and accountability has stripped away the bank’s delusion that it is well run and a model of good governance.

The report by the Australian Prudential Regulation Authority (APRA) is a damning indictment of every aspect of CBA management, from the board of directors to executive management and even the lower levels of the bank. However, APRA has done little more than rap CBA on the knuckles.

Responsibility for fixing up CBA has been turned over to the bank itself. More could have been done, including placing conditions on CBA’s banking licence and removing board members and executives.

APRA has applied a A$1 billion add-on to CBA’s minimum capital requirement. These are the financial assets that the Commonwealth Bank is required to hold to ensure a stable banking system.

APRA has also accepted an enforceable undertaking from the CBA. This is essentially an agreement under which CBA accepts the report’s findings (but does not expressly agree with them) and promises to prepare a plan to respond to its recommendations.

There are indications in the APRA report that there will be further investigations of the conduct of bank employees.

What penalties?

The A$1 billion add-on to CBA’s capital requirements is not a penalty, despite commentary to that effect. APRA can and does require top-ups of this kind from time to time under the Banking Act to ensure security and confidence in the banking sector.

Given the Commonwealth Bank’s size and leading role in the sector, the additional capital requirement is prudent but hardly controversial. The funds will be returned to CBA when it completes the actions proposed by the enforceable undertaking.

At best, the capital requirement is a temporary but not significant inconvenience for CBA. It represents a mere 0.103% of its total assets as of the last financial year

That leaves the CBA enforceable undertaking as the principal outcome from the APRA report.




Read more:
Why the new banking laws won’t be the slam dunk the government is expecting


The enforceable undertaking is mostly a procedural document. For instance, CBA must submit its remedial action plan by June 30 2018.

It must have a clear and measurable set of responses and a timetable for each response, and must nominate a person responsible from the CBA executive team. CBA must also appoint an independent reviewer, approved by APRA, to report to APRA on compliance with the enforceable undertaking and the completion of items in the plan. CBA must report separately on executive pay issues.

In essence APRA has handed over the responsibility for cleaning up the management mess found at the CBA to the bank itself, despite finding that it is culturally unfit to properly manage itself.

Why should anyone take comfort from that arrangement?

APRA’s report also makes clear that the problems at the Commonwealth Bank do not stem from one specific issue. The problems affect the whole organisation of more than 45,000 employees with A$967 billion in assets.

An independent reviewer will vet what is being done and report on its success or otherwise to APRA. But that report will be made to APRA, not to the general public. We may never know what measures the bank implements as APRA has no obligation to disclose anything.

What else could have been done?

An enforceable undertaking can save the regulator the time, cost and uncertainty of taking legal action, as well as enable it to craft specific remedial actions to fit the circumstances.

But there is very little tailoring in the Commonwealth Bank’s enforceable undertaking. APRA has opted to wait and see what remedial action the bank comes up with. The regulatory touch is so light that even describing it as featherweight would be an exaggeration.

APRA could have done much more than it did. Banks require a licence and APRA is empowered by Banking Act to place conditions on these licences that restrict or limit how banks can operate.

APRA could have used this power to place immediate restrictions on CBA’s business practices, including on the size and calculation of executive compensation. One of the major findings of APRA’s report is that CBA executive compensation schemes did not provide sufficient incentives for senior executives to account for risk in their decision-making. Certainly, the criticisms of CBA management in the APRA report are sufficient to warrant this kind of action.




Read more:
APRA and ASIC have the legal power to sack bank heads, but they need willpower


APRA has the power to remove a bank director or senior manager if the person does not meet one or more of the criteria for fitness and propriety. That APRA did not do this may be because there have already been resignations and new directors at the Commonwealth Bank.

APRA should have queried whether these changes were sufficient. Perhaps this is part of the wait-and-see approach implied in the enforceable undertaking.

The ConversationThe APRA report highlights systemic problems in Australia’s leading company and premier bank, including a culture of complacency, defensiveness, insularity and overconfidence. But for all of that, and despite the financial and emotional costs borne by the Australia community, APRA’s response appears to be no more than “wait and see”.

Helen Bird, Course Director, Master of Corporate Governance & Research Fellow, Swinburne Law School, Swinburne University of Technology

This article was originally published on The Conversation. Read the original article.

Allegations against the CBA show the need for a Royal Commission into the banks


Thomas Clarke, University of Technology Sydney

The Commonwealth Bank is facing another scandal as the Australian Transactions Reports and Analysis Centre (AUSTRAC) launches civil proceedings accusing the bank of being complicit in money laundering.

This exposes a deeply worrying prospect, that the Australian public are vulnerable to crime and terrorism directly funded through the Australian banking system.

AUSTRAC alleges CBA breached the Anti-Money Laundering and Counter-Terrorism Financing Act (2006) 53,700 times since 2012, where transactions were not reported by the bank, or reported too late. The bank faces a potential penalty of A$18 million per breach, which could amount to billions of dollars.

According to AUSTRAC, criminals deposited cash, amounting to tens of millions of dollars, over a period of two years in intelligent deposit machines where it was automatically counted and credited instantly to the nominated recipient account. The funds were then available for immediate transfer to other accounts both domestically and internationally.

In their evidence AUSTRAC details how four identified criminal syndicates were able to readily use CBA ATMs to breach the A$10,000 transaction threshold on 1640 occasions amounting to A$17.3 million. A total of A$625 million of suspicious transactions flowed through these CBA ATMs.

CBA’s response to these serious allegations is that it reports 4 million transactions to AUSTRAC per year contributing to the effort to “combat any suspicious activity as quickly and efficiently as we can.” The bank insists all key personnel have been trained in compliance with the Money-Laundering Act. The CBA acknowledges there was a software fault with a number of their ATMs which allowed these transactions to take place, but apparently this took several years to fix.

Unfortunately this response in the circumstances only provokes further questions.

Regulators asleep at the wheel

What this really shows up is the government’s “light touch” regulatory approach which translates into soft touch regulation. It seems regulators in Australia are too frightened to take action even when there is mounting evidence of illegality.

AUSTRAC itself did not launch any proceedings under the Anti-Money Laundering and Counter-Terrorism Financing Act until 2015. This followed a lengthy report of the Financial Action Task Force which concluded:

[AUSTRAC’s] graduated approach does not seem to be adequate to ensure compliance.

Since then AUSTRAC has taken action against Tabcorp on a money-laundering case which reached a A$45 million settlement in February 2017. This contrasts with far larger fines imposed on international banks for money laundering including a US$1.2 billion fine for HSBC and a US$262 million fine for Standard Chartered in 2012 from the US Justice Department.

At a US Senate hearings in 2012, a HSBC chief compliance officer famously quit his post on the spot in answering money laundering allegations, implying he could not defend the indefensible.

The Australian banking industry has faced minimal pressure to reform compared to other countries, where the restructuring of the banks is progressing. Australia has seen a succession of inquiries however each has focused on particular aspects of the banks functioning and proposed specific reforms.

It will require a Royal Commission into the Australian banks to examine the structural and systemic failures of the banks. The banks have become the main providers of not only retail but investment banking, insurance, superannuation and financial advice, and this deserves critical scrutiny.

If the AUSTRAC allegations against the CBA are proven in the Federal Court, this matter is of a different order of magnitude to earlier problems. It suggests a degree of irresponsibility which is unacceptable in major financial institutions.

It also suggests it’s deeply embedded in the banks cultural and operating processes, which undermines the security of Australian citizens. This would demand a substantive inquiry into the management, integrity and culture of the banks that only a Royal Commission could provide.

The ConversationIn the meantime, the CBA needs to provide firm evidence to the Australian public that none of its ATM machines can continue to be used for money laundering. It also needs to prove there are procedures in place for ensuring all suspicious banking activity by potential criminals or terrorists is fully reported to the Australian authorities as soon as the CBA has any knowledge of such activity.

Thomas Clarke, Professor, UTS Business, University of Technology Sydney

This article was originally published on The Conversation. Read the original article.