Bank Accused of Being Asleep at the AML-CTF Switch

On November 20, 2019, AUSTRAC, Australia’s anti money-laundering (“AML”) and counter-terrorism financing (“CTF”) regulator, initiated an action in the Federal Court of Australia seeking civil penalty orders against Westpac Banking Corporation (“Westpac”), Australia’s second largest retail bank, alleging systemic failures to comply with Australia’s AML-CTF laws.  Specifically, AUSTRAC alleges over 23 million breaches of those laws, including activity involving potential child exploitation. As we will discuss, the bank has taken, and continues to take, several steps to try to mitigate and contain the scandal’s consequences.

The Allegations

AUSTRAC’s Statement of Claim focuses on Westpac’s correspondent banking relationships with financial institutions in other countries. Correspondent banking relationships require increased due diligence efforts because of the inherent money laundering and terrorism financing risks associated with cross border movement of funds; dealing with banks in high risk jurisdictions, doing business with banks who themselves do business in, or with, sanctioned or high risk countries; and the limited information about the identity and source of funds of customers of the correspondent banks.

The services Westpac offered to correspondent banks at issue in the Statement of Claim include:

1. Australasian Cash Management (“ACM”) service arrangements. The ACM service arrangements allowed correspondent banks to use Westpac’s infrastructure to process payments for their overseas customers through the Australian payments system. Under the ACM service arrangement, the correspondent banks could provide Westpac batch transfer instruction from multiple payers to multiple payees.
2. LitePay, a low cost international payment service. LitePay facilitated low value international transfers out of Australia, including to higher-risk foreign jurisdictions.
3. “Off-system BSB” (OSBSB) arrangements. The OSBSB arrangements allowed correspondent banks that did not have direct access to the Australian payments system to open an account with Westpac through which its offshore and domestic customers operate virtual accounts.

The Statement of Claim alleges that Westpac’s oversight of these payment services was deficient and alleges over 23 million breaches of AML-CTF laws. From November 2013, Westpac allegedly failed to:

1. Appropriately assess and monitor the risks associated with correspondent banking relationships and the movement of money into and out of Australia;
2. Carry out appropriate due diligence on customers sending money to the Philippines and Southeast Asia for known child exploitation risks;
3. Report millions of international funds transfer instructions (“IFTIs’) to AUSTRAC, including failing to report IFTIs within 10 business days of their receipt, and failing to report instructions received through LitePay;
4. Pass on information about the course of funds to other banks in the transfer chain; and
5. Keep records relating to the origin of some of these international funds transfers.

The Statement of Claim further alleges that Westpac’s oversight of its AML-CTF program was deficient. The Concise Statement filed by AUSTRAC alleges:

[Westpac’s] contraventions are the result of systematic failures in its control environment. Indifference by senior management and inadequate oversight by the Board. They stemmed from Westpac’s failure to properly resource the AML/CTF function, to invest in appropriate IT systems and automated solutions and to remediate known compliance issues in a timely manner. They have occurred because Westpac adopted an ad hoc approach to [money laundering and terrorism financing] risk management and compliance.

AUSTRAC seeks declaratory relief and civil pecuniary penalties of up to $21 million per violation.

Response to the Scandal

Westpac has appeared to be scrambling to deal with the scandal.  In response to AUSTRAC’s announcement, Westpac stated that it had self-reported to AUSTRAC a failure to report a large number of IFTIs and that it would be working with AUSTRAC to resolve the allegations. In the statement, Westpac Group’s CEO Brian Hartzer said “These issues should never have occurred and should have been identified and rectified sooner. It is disappointing that we have not met our own standards as well as regulatory expectations and requirements.”

In a statement released on November 24, 2019, Mr. Hartzer discussed Westpac’s response plan including, announcing Westpac’s decision to close its LitePay platform, its decision to close its ACM service, and a commitment to provide $18 million over three years to International Justice Mission to assist the nonprofit’s work in Southeast Asia in relation to online sexual exploitation of children. Mr. Hartzer further stated that Westpac would be establishing a dedicated Board sub-committee for financial crime and investment in data-sharing analysis capabilities.

Leadership changes followed shortly after that announcement.   On November 26, 2019, Mr. Hartzer stepped down as CEO, effective December 2, 2019. Peter King has been appointed acting CEO. Further, Westpac chairman Lindsay Maxsted announced that he would retire in the first half of 2020. Director Ewen Crouch announced he would not seek re-election at Westpac’s annual meeting on December 12.  The bank also demoted its former chief AML compliance officer, who later resigned.

Westpac shareholder proxy advisors have urged investors to vote out more of the directors ahead of Westpac’s annual meeting.  The pressure from investors and regulators is mounting; yesterday, Westpac announced that it would pay back retail shareholders who bought A$500 million ($340 million) of new stock two weeks earlier, prior to AUSTRAC’s announcement, potentially to address concerns that the bank had not disclosed to investors the underlying problems and the then-brewing enforcement action.

Westpac also is likely to face increased scrutiny from the Reserve Bank of New Zealand (“RBNZ”), where Westpac has a major presence. RBNZ Governor Adrian Orr recently stated that he was “very concerned” about AUSTRAC’s allegations and that RBNZ would be increasing its scrutiny of banks and life insurers.

It is yet to be seen how Westpac will resolve the lawsuit and how many more heads will roll over the scandal.

AUSTRAC Enforcement Continues

This is not the first high-profile enforcement action by AUSTRAC.  As we have blogged, the Commonwealth Bank of Australia (“CBA”), the largest bank in Australia, agreed in June 2018 to a proposed civil settlement with AUSTRAC of historic proportions, involving a fine of approximately $700 million Australian dollars (roughly equivalent to $530 million U.S. dollars) regarding numerous alleged AML and CTF violations.  This settlement arose after AUSTRAC filed a claim seeking civil monetary penalties against CBA for over 53,000 alleged violations of Australia’s AML/CTF law.  The case fundamentally rested on the bank’s use of so-called intelligent deposit machines (“IDMs”), a type of ATM which allowed customers to anonymously deposit and transfer cash.  Unfortunately, and perhaps not surprisingly, the IDMs also became an alleged favored conduit for money laundering by criminals involved in drug trafficking and illegal firearms.