CBA agrees to $700m penalty in ATM fraud case

The Commonwealth Bank is set to pay a $700 million penalty to resolve money laundering allegations stemming from its implementation of intelligent deposit machines.

The bank said in a statement that it had entered an agreement with the financial regulator AUSTRAC but noted it still had to be approved by the federal court.

If that occurs, it will mean CBA will have paid out a civil penalty that is close to double what the bank had expected to pay back in February this year.

CBA said that as part of the proposed settlement, it “admitted further contraventions of Australia’s Anti-Money Laundering and Counter-Terrorism (AML/CTF) Act, beyond those already admitted, including contraventions in risk procedures, reporting, monitoring and customer due-diligence”.

Until now, the bank had been disputing some extra allegations made by AUSTRAC once proceedings had been filed.

“While it still needs to be approved by the federal court, [this agreement] brings certainty to one of the most significant issues we have faced,” CBA CEO Matt Comyn said.

“While not deliberate, we fully appreciate the seriousness of the mistakes we made.

“Our agreement today is a clear acknowledgement of our failures and is an important step towards moving the bank forward.”

The bank was accused by AUSTRAC last August of enabling $77 million of suspicious transactions over three years to flow through its fleet of intelligent deposit machines (IDMs) thanks to ineffective fraud controls.

The financial regulator claimed CBA did not assess the money laundering and terrorism financing risk of the IDMs before they were rolled out in 2012, and only conducted an assessment three years later.

The IDMs instantly credited cash and cheque deposits to a recipient's account, and made the funds immediately available for transfer, including internationally. They also had no daily transaction limit.

CBA at one stage blamed a coding error in the software underpinning the IDM fleet for the failure to submit AML/CTF reports to AUSTRAC as required.

Comyn said the bank had spent $400 million so far “on systems, processes and people relating to AML/CTF compliance” following the incident.

“We have started implementing our response to the recommendations provided to us by our prudential regulator, APRA, to ensure our governance, culture and accountability frameworks and practices meet the high standards expected of us,” he said.

CBA said it would “recognise a $700 million provision in its financial statements for the full year ending 30 June 2018 which will be announced on August 8”.

The bank has also agreed to pay AUSTRAC’s court costs of $2.5 million.