No matter which way you cut the numbers, Commonwealth Bank should count itself extremely lucky with the A$700 million deal it has negotiated with Austrac to settle its chronic non-compliance with Australian anti-money laundering and counter terrorism financing laws.Under the terms of the agreement made public on Monday, CBA acknowledges it committed more than 54,000 breaches of the AML/CTF Act.If the full force of the law had been imposed on the bank, the total penalties could have exceeded $1 trillion.This was not completely lost on Austrac chief executive Nicole Rose."It absolutely could have been larger if you extrapolate the number of fines with the maximum penalty under the legislation," she said."I think it's a trillion dollars.""Would that ever be enforced?""No, it wouldn't."While a penalty of this magnitude was never a possibility, the final size of the penalties dished out to CBA appears lenient even on the most conservative assessment of its liability under the legislation.CBA failed on 53,506 occasions to provide Austrac with threshold transaction reports between November 2012 and September 2015.Its systems also failed to generate transaction alerts on more than 778,370 accounts over a three-year period from October 2012.CBA could have been liable to pay at least $11 million for each of these breaches, which would have brought the final bill in the vicinity of $1 trillion.The multitude of breaches was probably recognised by the Austrac as stemming from two software errors and therefore treated as only a couple of violations for the purposes of negotiating the settlement.However, that still leaves hundreds of other breaches - including many cases where the bank failed to properly monitor customers undertaking suspicious transactions.The most conservative assessment of the penalties for the breaches admitted by CBA under the settlement deal is that it had been staring at a potential bill of $4 billion.Other breaches included the bank's failure on 149 occasions to file suspicious matter reports to the intelligence agency.These breaches, which mostly occurred in 2015, would have resulted in maximum fines of between $11 million to $18 million for each case of non-compliance.Considered alone, this class of breaches could have attracted total penalties in excess of $2 billion.Details of how the $700 million figure was calibrated are likely to be contained in joint submissions of the bank and the regulator to the Federal Court in the next month.Clearly, CBA has won some big concessions from Austrac, although it remains for the court to determine whether the penalty relief agreed to by the regulator is too generous.Most of the penalty relief seems to be linked to the bank's "productive" response to Austrac's concerns after it launched the court action in August last year.In a statement of agreed facts and admissions made to the court on Monday, the anti-money laundering regulator acknowledged that the bank had "at all times" invested in building "a productive, cooperative and transparent relationship with Austrac".The regulator also observed that CBA had owned up to breaches "at the earliest available opportunity" and had already overhauled AML compliance in parts