Westpac Bank in Australia is facing one of its gravest crises from systemic AML/CTF failures over a 5-year period that contravened the AML/CTF Act on over 23 million occasions.
Heads are rolling at Westpac with resignation of the CEO and the retirement of the Chairman of the board. Expect more disciplinary action down the chain of command as the root causes of failures are identified.
Westpac failed to enforce basic AML/CTF regulatory compliance standards. If the 6AMLD standards scheduled for introduction in the EU in Dec 2020 were in place in Australia today, instead of a civil penalties, there could be criminal indictments in addition to civil fines and sanctions. 6AMLD provides for up to four years in prison for executives in financial institutions who knowingly fail to conduct proper due diligence, monitor risk and execute proper forensic oversight.
The AUSTRALIAN TRANSACTION REPORTS AND ANALYSIS CENTRE, (Austrac) court filing states that Westpac contravened the AML/CTF Act on over 23 million occasions.
According to the Austrac report, 'these contraventions stemmed from Westpac's failure to properly resource the AML/CTF function, to invest in appropriate IT systems and automated solutions, and to remediate known compliance issues in a timely manner.'
The stakes for properly identifying high-risk customers and identifying and reporting on patterns of suspicious transactions from counter-parties in high-risk regions couldn’t be higher. Amberoon CEO Shirish Netke observed “This shocking story of 23 million illicit transactions over a 5-year period is an indication of how legacy AML systems can be circumvented. Bad actors who skillfully deploy modern technology have the potential to undermine the legitimacy of the global banking system.”
Mr. Netke also stated that “Banking executives now realize that governance, process, and systems need to be closely intertwined to create a robust risk-based approach to AML. Banks that do not take a holistic view of managing operational risk are the most vulnerable to financial crimes.”
How is this relevant?
Westpac is one of the top 100 banks in the World, with assets of nearly $900 Billion, 35,029 employees, (2018), 1,204 branches and 3,222 ATMs. Although correspondent banks like Westpac have an order of magnitude more AML/CTF risk exposure than community banks, there is still significant AML risk at financial institutions of any size.
Bad actors have had plenty of time to circumvent legacy rules-based AML systems. Lots of little transactions over a period of years across multiple channels and counter-parties are extremely difficult to identify using rules-engines vs. a few big and highly visible transactions.
How could this happen?
This is not totally a management failure, nor is it wholly a technology failure. Both are at fault.
According to AUSTRAC, from November 2013 to September 2018, in four correspondent relationships, Westpac received 19,427,710 incoming IFTls (International Funds Transfer Instructions) with a total value over $11 billion under four of its correspondent banking relationships. Westpac failed to give AUSTRAC a report of each of these instructions within 10 business days of their receipt, as required by s 45 of the Act.
An international funds transfer instruction (IFTI) is an instruction to transfer money or property to either:
- Australia from another country
- another country from Australia.
If you make an IFTI, you must submit an IFTI report to AUSTRAC within 10 days.
These IFTls transactions represented over 72% of all incoming IFTls received by Westpac during this period. This is more than a huge red-flag, it’s a red-flag big enough to drape WestPac’s Sydney head-office. Westpac did not report these IFTls until the period 22 October 2018 to 20 September 2019.
From October 2016 to November 2018, Westpac received 61,717 incoming IFTls with a total value of over $100 million under the arrangements it had with an ordering institution. Westpac failed to give AUSTRAC a report of each of these instructions within 10 business days of their receipt.
Westpac did not report these IFTls until the period 27 March 2019 to 20 September 2019.
Westpac is not the only bank guilty of systematic control failures, failures in management and lack of board oversight to enforce basic AML hygiene in the onboarding process, execution of controls, and AML program oversight.
Westpac is implementing a comprehensive program to address these issues, which you can read about here.
Amberoon Point of View
In many ways, Westpac is a victim of its legacy AML technology. Rules-engines have been the default processing engine for AML systems in banks for 20 years, however unless banks are aware of a particular scenario of abuse, suspect transactions are unlikely to be identified and flagged. Bad actors have adapted behavior to circumvent the limitations of rules-based systems. The process of reviewing millions of transactions per month in an AML system that produces >90% false positives is mind-numbingly fatiguing, ineffective, and costly.
Modern machine-learning AI systems are capable of analyzing and detecting patterns among billions of transactions across all banking channels that are otherwise undetected. Finding a needle in a stack of needles is a useful metaphor for machine-learning applied to AML/CTF.
Forensic inquiry makes it easy to combine human intelligence with intelligence that machine learning produces. Forensic inquiry empowers compliance teams to quickly pinpoint high risk accounts and bad actors and drill-down on suspicious behavior so that a Suspicious Activity Report can be filed in a timely manner.
Westpac is implementing a comprehensive program to correct deficiencies, including doubling its compliance staff. It promises to review technology and its AML practices.
Westpac does not need to double its AML compliance staffing.
Westpac could invest in modern AML technology with the potential to reduce compliance staffing levels by 50%.
Modern AML technology empowers compliance staff and increases AML program effectiveness and efficiency through the use of forensic inquiry. Forensic inquiry uses a search and visualize metaphor, process automation and machine learning systems to quickly identify patterns of behavior of bad actors that today may be undetected.
We call this approach Agile AML Compliance.