Insights from the past two weeks fun-filled AML/CTF events including FinCen’s leak and Westpac’s $1.3 billion dollar fine
Well, it certainly has been a big few weeks for everyone in Financial Crime and we’ve been in the box seat here at MWC. No doubt you have heard and seen the news regarding the FinCen files as well as the recent enforcement action being taken by our own AML/CTF regulator AUSTRAC. There has been a lot to digest so we have taken some time to identify some key insights for you to consider, discuss and action as part of your ongoing AML/CTF risk management.
The FinCen Files
The ICIJ expose on the FinCen Files last week included the leaking of approximately 2,657 documents, including highly confidential Suspicious Activity Reports (SAR’s) or Suspicious Matter Reports (SMR’s as we know them) information. The leaked data shows how $2 Trillion worth of transactions were reported from some of the world’s biggest banks and despite concerns about the transactions and /or underlying customers were processed (for a fee). The ICIJ claim the FinCen files have been released in the public interest and while it has certainly sparked a global debate the jury is still out on whether it will lead to a change in reporting and/or enforcement action being taken.
Some key takeaways from our perspective:
- Data quality of SMR’s needs to be improved – there was a large portion of SAR data which had incomplete or inaccurate information and firms demonstrated an inability to join the dots where a customer being reported had already been flagged. As key intelligence sources for law enforcement, it is understandable how this is an issue that needs ongoing focus.
- Timeliness for reporting – again, to have the largest impact for law enforcement it is crucial that the information gets to the relevant agencies in a timely manner (estimates from data indicated the 30 day (SAR reporting requirement) was more like 160+ days). Clearly the value in reporting suspected crimes months after the fact diminishes its value.
While the FinCen Files leak paints a very interesting picture of how much some of the biggest global banks may have known about criminal activity for quite some time but continued to facilitate the flow of transactions it is important to remember what the role of the bank is. It is to report suspicion of a suspected offence. It is law enforcements role to stop offences from occurring. Perhaps the real takeout from the FinCen Files is the importance of ongoing collaboration between reporting entities and law enforcement.
It does, however, serve as a timely reminder for everyone to consider whether your SMR processes suffer from some of the issues raised by the ICIJ reports and if so, what you need to do to improve them. There are also some fantastic case studies, global data and short videos released as part of the FinCen Files. Make sure you share them with the areas in your business responsible for reporting SMR’s or use them in you next AML/CTF training session.
Local Regulatory Action
AUSTRAC has certainly been in the news of late. It’s 16th September $1.24 Million fine levied at State Street Bank and Trust Company for failing to report (99) International Funds Transfer Instructions may be considered the equivalent to a regulatory “appetizer” to the full-blown “main course” in the form of a record-breaking $1.3 billion fine against Westpac released on the 24th September.
Both cases continue to highlight the importance of understanding your regulatory reporting obligations, providing complete and accurate payer information, and having end to end reconciliation assurance and oversight processes for IFTI’s. The importance of full payment transparency to the regulator and law enforcement partners is highlighted in Westpac Statement of Agreed Facts which claims late, and in some cases, incomplete IFTI reports deprived AUSTRAC and law enforcement and the ATO of intelligence involving movements of over $11 billion in international payments and deprived the ATO of the ability to take corrective action due to statutory limitations. We all know IFTI reporting is a very complex area and failures, inadvertently or otherwise caused via human error or technical glitches can happen but we should all know by now that they will result in a hefty fine.
We also know that failure to know your customer and monitor their behaviour on an ongoing basis is key to avoiding reputationally damaging allegations such as being associated with Child Exploitation.
But have you looked deeper into the Statement of Agreed Facts? We think the kicker comes deep in the Statement of Agreed facts (from paragraph 224 onward) in relation to the AML/CTF Program itself.
Here, Westpac agreed that it contravened the central provision of the AML/CTF Act – the requirement to have an AML/CTF Program. Of course, Westpac had a written Program (Parts A & B) which Board and Senior Management had oversight over. Westpac has however agreed that by:
- failing to adequately assess and have appropriate risk-based systems and controls to identify, mitigate and manage its ML/TF risks (channel risk)
- Failing to have an appropriate risk-based transaction monitoring system to enable it to monitor transactions across all designated services provided by the Group and
- failure to have systems and controls in place to ensure it was able to comply with its IFTI Reporting requirements
Part A was ineffective in achieving its primary purpose to identify, mitigate and manage the ML/TF arising from the provision of its designated services.
But what does that mean you might ask? In effect, a breach of s 81 of the Act means that Westpac has admitted that between 2013 – 2019 that it provided designated services in circumstances where its Part A (for the reasons above) did not comply with the requirements of the Rules. And because of that, each and every designated service offered (think every customer onboarded and each and every transaction etc) is a separate contravention of the act. And, that EACH contravention carried a maximum penalty of between $17 Million and $21 Million. Contraventions were so significant in number that they are unquantifiable.
So when you hear of the 23 plus million contraventions being reported in the headlines, know that the underlying number of breaches is far greater and the root cause goes as far back as having an appropriate risk assessment and risk-based systems and controls to identify, mitigate and manage your ML/TF risks.
There is a lot to digest in both the FinCen Files and the Statement of Agreed Facts and we are here to help.
MWC will be offering Board Awareness Training once the Westpac matter has been before the Court. Insights from the Statement of Agreed Facts together with the review by the Advisory Panel into Westpac’s Board Governance of AML/CTF Obligations should be compulsory for all reporting entities
Stay tuned for further details about the training but in the meantime, if you have any questions you know where to find us.
Further and related reading:
Westpac ASX Announcement and statement of facts – https://www.asx.com.au/asxpdf/20200924/pdf/44my3kd4wbw7y7.pdf