CBA beefs up intelligent ATM controls after review

CBA has applied a fresh round of “controls” to its fleet of intelligent deposit machine (IDM) ATMs as it tries to stem the fallout from a civil suit filed by financial regulator AUSTRAC.

The bank was accused in August of deploying the IDM fleet with ineffective fraud controls, enabling $77 million of suspicious transactions to be made using the machines over a three year period.

Earlier this week, CBA filed its defence, only to be hit with an expanded case and extra allegations to answer.

AUSTRAC now alleges an extra 100 contraventions of anti-money laundering and counter-terrorism financing (AML/CTF) laws.

The regulator claimed in August that CBA “did not carry out any assessment of the money laundering and terrorism financing (ML/TF) risk of IDMs before their rollout in 2012” and “took no steps to assess the ML/TF risk until mid-2015 - three years after they were introduced".

It now says it found “six instances additional to those in the original statement of claim [where] CBA did not comply with the requirements of its own AML/CTF program to identify, mitigate and manage the ML/TF risks associated with [its] intelligent deposit machines”.

In addition, AUSTRAC also now alleges that CBA was either late or failed to report “suspicious matters” and did not monitor accounts suspected of illegal activity.

CBA said in financial filings today that it would amend its defence in the case to answer the new allegations, according to a schedule yet to be determined by the court.

However, it sought to play down the alleged extra contraventions, saying many stemmed from a single incident.

In addition, in the case of a “customer with possible links to terrorism financing”, the bank said it had “successfully stopped or retrieved the funds” in question.

CBA has blamed a “single systems-related error” for the late filing of reports with the regulator.

It said it has “made significant progress in strengthening our policies, systems and processes” to deal with the problems with the IDMs, which were discovered “in late 2015”.

Most of this progress has come through what CBA calls its ‘program of action’.

Under this program, CBA said it launched an “upgraded financial crime technology platform used to monitor accounts and transactions for suspicious activity".

The bank also added “new controls such as using enhanced digital electronic customer verification processes to supplement face-to-face identification to reduce the risk of document fraud".

Work is ongoing, and CBA used its financial filings today to note that additional risk controls had been added to the way the IDMs worked.

“We undertook a new risk assessment in relation to IDMs in October 2017 and introduced further controls in November 2017,” it said, without elaborating.