CBA was ‘aware’ of risk shortfall
The Australian 12:00am September 2, 2017
Leo Shanahan, Michael Roddan
Finance Minister Mathias Cormann said CBA had some “serious work to do.”
Seriously Mathias: is it not the case that Government and its sleepy regulator named
APRA have very serious work to do in locking up those responsible???”
The crisis facing Commonwealth Bank has widened, after it confirmed the existence of an explosive internal review of large gaps in its global transaction monitoring compliance, which Scott Morrison said was evidence of “further serious matters” facing the nation’s largest bank.
The internal review of the bank’s compliance with Australian and global anti-money laundering and terrorism financing laws, obtained by Sky News Business, revealed that billions of dollars worth of transactions in the US, Europe and Asia were not being monitored, which could put the bank in the firing line of global regulators.
The review of the Institutional Banking & Markets business, which was presented to executives in February, also confirms upper levels of CBA management were aware of the large-scale gaps in the bank’s compliance frameworks, well before Austrac filed its explosive 600-page statement of claim against the bank in August, which alleged more than 53,000 breaches of anti-money laundering rules.
“These are other further serious matters that have been raised,” The Treasurer said in Sydney yesterday.
“Commonwealth Bank has made a statement putting what was reported into some context but still, if there are questions there that need to be addressed, they will be.”
The Australian Prudential Regulation Authority earlier this week announced the launch of a wide-ranging six-month inquiry into CBA, saying it would investigate the culture, governance and financial objectives of the bank.
Mr Morrison had pushed for the inquiry in meetings with the regulator.
APRA is understood to be including the report in its inquiry, while the Australian Securities & Investment Commission is aware of the report as part of its investigation after the Austrac claims.
The confidential review, which showed non-existent or minimal transaction monitoring across almost two-thirds of CBA’s Institutional Banking & Markets division, also found that “product financial crime risk assessments” across the group “have not been updated since 2013”.
Institutional Banking & Markets manages global corporate, government and institutional clients and, according to CBA’s 2017 annual report, was worth $1.63 billion to the bank.
In a brief statement yesterday, CBA said the document “was a working document, proposing technology enhancements as part of our ongoing program of action, including the automation of tasks currently undertaken manually”. It said: “A combination of automated and manual monitoring is common practice across the industry.”
However, the documents show that areas of the bank that had neither automatic nor manual transaction monitoring capabilities outnumber the areas of the business that had some form of transaction monitoring.
The documents show in numerous divisions, several of the bank’s management information systems lacked transaction monitoring, such as the loan maintenance platform Midas and the derivatives and options trading platform Murex. CBA businesses found to have no transaction monitoring include debt capital markets, leasing, and institutional lending in Australia and international locations such as Singapore, Hong Kong, Shanghai, Tokyo, London and New York.
The report says it would cost the bank $6 million to make the businesses compliant with global transaction monitoring standards and was to be implemented in July if the “business case” gained approval from the executive committee.
The bank’s approach to internal auditing and compliance has raised questions among bankers as the audit committee reports through the chief financial officer, Rob Jesudason. The CFO is also responsible for the bank’s security division, which contains its financial crimes unit.
The report also shows that risk assessors at the IB&M arm engaged auditors KPMG as far back as early 2014 to “conduct a full gap analysis of its transaction-monitoring model” to bring the bank up to industry standard.
According to CBA’s own confidential review it “highlighted weaknesses in (the) current state” that were yet to be rectified by this year.
Finance Minister Mathias Cormann said CBA had some “serious work to do” and that the “very serious” revelations were the latest in a series of compliance issues and allegations that have emerged from the bank.
“This is a very serious issue and it goes to the heart, obviously, of the credibility of a very important financial institution in Australia, and that is why the government has welcomed the independent review initiated by APRA to look very closely at the governance culture and accountability frameworks and practices of the CBA,” Senator Cormann said.
The documents will also add fuel to a potential shareholder class action that has been flagged by Maurice Blackburn, which the law firm says could result in the largest ever compensation terms. “The slow revelation of the anti-money laundering breaches at CBA looks like a death by a thousand cuts,” CLSA analyst Brian Johnson said
“This report, and CBA’s response, is clear evidence that CBA’s present Austrac dispute goes well beyond the simple ‘coding error’ rhetoric. The report was presented to CBA executives in February 2017 which may raise some further continuous disclosure problems for CBA.”
Mr Johnson said the cross-border nature of the businesses could leave the bank open to huge fines, such as the $US630m fine facing Pakistan’s Habib Bank for anti-money laundering breaches in its US branch, despite the lender only having a business there worth about $US20m a year.
CBA is already in talks with regulators around the world and the prospect of the institutional banking arm being non-compliant with transaction monitoring laws in America, Europe and Asia could threaten billions of dollars in business for the bank.