Macquarie Bank is facing civil proceedings over system and process deficiencies that saw fraudulent fee payments from financial advisers pass through its bulk transactions system without being flagged.
The Australian Securities and Investments Commission (ASIC) on Tuesday launched Federal Court proceedings against Macquarie for “failing to adequately monitor and control transactions by third parties, such as financial advisers’ on their customers’ cash management accounts”.
ASIC alleges that transactions made through the bank’s bulk transaction system using a ‘fee authority’ between 1 May, 2016 and 15 January, 2020 “did not pass through a fraud monitoring system or undergo manual checks”.
It means third parties were capable of using the fee authority to misappropriate, or attempt to misappropriate Macquarie’s customer funds, such as in the case of former independent adviser, Ross Andrew Hopkins, who exploited Macquarie’s systems to embezzle $2.9 million.
“Macquarie failed to properly detect and prevent these unauthorised fee transactions, many of which were over $10,000 each,” ASIC deputy chair Sarah Court said, describing Hopkins’ conduct as “an example of what can go wrong when banks do not properly monitor their systems”.
A fee authority is a mechanism used by independent financial advisers (IFAs) to recoup fees from their clients, which is paid from deposit accounts called ‘cash management accounts’ through a fees bulk transaction.
ASIC said the fees bulk transacting system was used by IFAs on a “large scale”, with the value of transactions by IFAs ranging from $173.7 million to $476.5 million during the 44 month period of inspection.
According to its Federal Court filing [pdf], ASIC alleges Macquarie had “deficient detective monitoring and controls” over transactions that were outside the scope of the fee authority, both “after the posting of bulk fees transactions” and “prior to the posting of fees bulk transactions”.
“There was no or limited transaction monitoring of payments made under bulk transacting; bulk transacting payment data did not feed into any fraud monitoring system,” the financial watchdog alleges.
ASIC said an email alert – which was “intended to be reviewed and sent to the fraud team and fees and commissions team” – was automatically generated for fees bulk transactions over $10,000 and sent to inboxes accessible by Macquarie’s fraud team.
But it found “Macquarie had no proper practice or procedure to review or monitor $10k alerts and they were only provided to the fraud team”, and the alerts "were not systemically reviewed against further transaction data... against information about the IFA, or at all”.
ASIC also alleges that “$10k alerts were not generated as an inadvertent consequence of the decommissioning of a legacy system” between 3 September, 2019 and 15 January, 2020, and that customer did not receive push notifications or SMS alerts when a fees bulk transaction had occurred.
Macquarie’s monitoring and controls prior to the posting of fees bulk transactions were similarly “deficient”, according to ASIC’s concise statement, with “no limits placed upon amounts that could be paid through a fees bulk transaction”.
“Fees bulk transactions were pushed directly to Macquarie’s central ‘MIMS’ system without passing through a fraud monitoring platform, and without any manual checks confirming that the transactions were for fees,” ASIC said.
ASIC further alleges that Macquarie “was aware that fees templates had been misused to effect fees bulk transactions for no-fee purposes” throughout the period in question.
ASIC has accused Macquarie of conduct that contravened financial services laws and said it is “seeking declarations, pecuniary penalties and other relief from the court, including a compliance order for an independent review of Macquarie’s fee authorities”.
Macquarie acknowledged the proceedings in a statement and said it "has cooperated with ASIC’s investigation into this matter."
"ASIC’s court filing notes that this issue arose in relation to 13 clients of an independent financial adviser between 2016 and 2019, who has since pleaded guilty to fraud," the financial group said.
"Following the independent adviser’s failure to compensate his clients for their losses, Macquarie fully reimbursed the 13 clients.
"Macquarie treats the security of its clients’ accounts with the utmost seriousness, and has continued to introduce new controls and processes to respond to the evolving external fraud environment."