The second-largest lender in Australia, Westpac, says that millions of breaches of anti-money laundering (AML) laws resulted from technology shortcomings and human error, but were not intentional, according to an internal audit.
Westpac has recently faced accusations of 23 million instances of AML compliance violations, including failures to detect money transfers that may have been used in child exploitation in Asia and failure to make a timely report of around $7.5 billion in transfers. The breaches would be the largest in Australian money-laundering and terrorism financing laws in history. Each individual breach could face a fine of 21 million Australian dollars ($15.7 million).
The bank self-reported the problems to the Australian financial-intelligence agency in late 2019 and has accepted responsibility for the breaches. CEO Brian Hartzer stepped down in December 2019 after four years in the role.
Systemic Failures
Westpac released the findings of an internal investigation in early June. The report found a lack of expertise and resourcing within the organization, as well as insufficient understanding of risk and unclear end-to-end accountabilities for managing compliance. The report also found that the issues Westpac identified were systemic and could have been rectified earlier, and that financial crime reporting to the board was sometimes inaccurate and incomplete. The root of the technology and human errors concerning the international fund transfer non-reporting trace back to 2009.
“While the compliance failures were serious, the problems were faults of omission. There was no evidence of intentional wrongdoing,” Peter King, CEO of Westpac said in a statement.
Westpac is cooperating with the Australian Transaction Reports and Analysis Centre, which filed a civil suit against Westpac in November 2019.
To review risk governance in the company, Westpac set up an external advisory panel with former NBN chairman Ziggy Switkowski, former Sydney chief executive CEO Kerry Schott, and the BCG Australia co-founder Colin Carter in January. “We accept the recommendations of the Advisory Panel report and we are implementing them as part of the remediation plan, which is already well advanced,” Westpac Chairman John McFarlane said.
Westpac’s woes come as other large banks in Australia also faced recent scandals. Commonwealth Bank of Australia settled a 700 million Australian dollar ($480 million) case of compliance breaches in 2017, the largest corporate civil penalty ever paid in Australia. AMP, the largest wealth-management company, admitted to misleading regulators in 2018, leading to the stepping down of its CEO. In early 2019, the CEO and chairman of National Australia Bank stepped down after a judicial review revealing misconduct.
Westpac’s remediation program is focused on fixing the issues to prevent another breach. The plan focuses on fixing non-financial risk management and company culture. “We recognize we need to change. We completely accept that some important aspects of Westpac’s financial crime risk culture were immature and reactive, and we failed to build sufficient capacity and experience in some important areas,” King said. 
Stephanie Liu is assistant editor at Internal Audit 360°