Westpac’s epic mainframe transaction monitoring fail has blown a billion dollar hole in the results of Australia’s oldest bank, after the institution bowled-up the bad news on provisions flowing from the AUSTRAC scandal ahead of its forthcoming financial results.
With new chief executive Peter King now firmly installed to start cleaning up the regulatory mess caused in large part by over-sweating legacy technology, Westpac on Tuesday bit down hard on “provisions and costs associated with the AUSTRAC proceedings and response plan”, telling shareholders it expects the figure to land at “$1,030 million after tax.”
It's a bitter pill to swallow as Westpac and its institutional peers pivot to help release unprecedented levels of emergency capital into the Australian market in an all-out effort to limit lasting economic damage stemming from the COVID-19 lockdown.
The financial hit from the AUSTRAC scandal made up the bulk of a total of $1.4 billion in provisions and write downs telegraphed to the market on Tuesday, which also included customer refunds, repayments, litigation and asset devaluations, including software.
The disclosure to the market is the first major financial scene-setter since the regulatory scandal claimed prompted both Westpac chief executive Brian Hartzer and chairman Lindsay Maxsted to fall on their swords.
The scale of Westapac’s regulatory breaches – AUSTRAC has alleged 23 million contraventions of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 – for the most part stem from international money transfers that failed to ping regulators with transaction reports.
Dubbed IFTI reports (International Funds Transfer Instruction), the alerts failed to surface because of an unwieldy batch-based legacy stack that somehow failed to come under effective governance and compliance supervision at Westpac for almost a decade.
The systems that handled the foreign money – most of which was uncontroversial payments like pension payments to customers from foreign governments – was essentially a workaround to keep things running outside the SWIFT ecosystem.
However the AUSTRAC probe also uncovered the system deficiencies let through a number of repugnant transactions, including some almost certainly used to pay for child sexual abuse.
“The batched instructions are sent to Westpac via channels that are not governed by the Society for Worldwide Interbank Financial Telecommunication (SWIFT). These non-SWIFT instructions did not always include full information about the payer and payee,” AUSTRAC said in documents filed to the Federal Court in November 2019.
In the wake of Westpac’s AUSTRAC scandal – which followed the Commonwealth Bank of Australia’s $700 million run-in with the financial intelligence unit (FIU) over intelligent ATMs that also failed to send regulatory pings – Westpac commissioned IBM-owned Promontory Group to conduct a systems autopsy ahead of Westpac’s prosecution.
What’s less clear is at what stage the system's autopsy is at, and how much will be publicly released, although it is likely some of it will surface as evidence eventually tendered to the Federal Court.
While the use of an IBM-owned firm to dig into a stack that will almost certainly contain IBM products has raised eyebrows, the creation of the sub-standard systems that festered at Westpac for a decade preceded IBM’s purchase of Promontory in late 2016.
IBM’s buyout of Promontory signalled the veteran tech giant’s ambition to remain deeply entrenched in financial systems and banks through buying into the so-called reg-tech space by snapping-up intellectual and legal capital needed to underpin systems likely to be automated.
Governance, regulation, anti-money laundering and counter-terror financing have been a boon for compliance product vendors and legacy systems specialists because clients like banks often have to modify software and infrastructure to meet legal obligations – rather than standing up a business case.
However the often high cost to comparative value associated with compliance-based modifications or software adds has prompted both institutions and regulators to look to automation, artificial intelligence and so called regulation-as-code to help ease regulatory costs.
That impetus is likely to increase sharply in the medium term as bank provisions for regulatory actions tip into seven-digit territory and strip sorely needed capital out of reserves and dividends as institutions brace for a slew of interest payment holidays and credit collection pauses.
Six months ago Westpac ponying up a billion dollars to appease AML/CTF enforcers looked like a coup for the government and emboldened regulators.
Today many will be silently asking themselves if the size of the provisions revealed today still serve the national interest the way they did in November.