The customer 8 Westpac defence

Ian Rogers

WIB CEO Lynn Cobley

Westpac’s “defence” to the landmark anti-money laundering litigation with AUSTRAC is that it barely has one.

Many systems and checks failed, including second-line and third-line defences.

Lodged on Friday, the defence filing admits the substance of many of the claims by the financial crime regulator, then elaborates in awkward detail.

The bank is in settlement talks with AUSTRAC over alleged failings by the bank regarding the adequacy of reporting on 19.4 million international funds transfers with a value of around A$11 billion that span the seven years to September 2018.

This is the domain of Lyn Cobley, chief executive, Westpac Institutional Bank.

Westpac’s board are aiming for a settlement not too far from $1 billion and a range of analysts believe near $2 billion is likely.

In the filing, Westpac said at the outset that it “denies that it failed to carry out regular assessments of the Correspondent Banks”.

Then it “admits that the assessments it did not carry out and did not sufficiently assess some of the risks it may have reasonably faced that might involve or facilitate money laundering or financing of terrorism."

There was prudence and in the end red-ink and red-faces at the Sydney bank.

‘At all material times, the Risk and Fraud Operations team [within Westpac Institutional Bank] conducted preliminary risk assessments,” the bank said.

Westpac said it did carry out 47 preliminary risk assessments during the relevant period with respect to the Correspondent Banks and “reasonably believed its approach to conducting preliminary risk assessments was compliant.”

It’s the background to this assertion explained in the defence that will elevate concerns around governance and assurance at the bank.

“In 2012, the Respondent received confirmation from an external review that its processes addressed the requirements in the Act … and were operating as designed.

“Throughout the Relevant Period, second line assurance testing and third line Group Audit reports that considered correspondent banking due diligence processes and procedures did not identify non-compliance with section 98 of the Act.

“In December 2016, AUSTRAC reported on the bank’s compliance with its correspondent banking due diligence obligations, including section 98 of the Act, and while AUSTRAC made recommendations ‘for Westpac to consider in enhancing its compliance’ with the Act and the Rules, that report did not identify any non-compliance.”

Westpac said the 47 due diligence assessments it did carry out “did not always sufficiently address all of the requirements set out in the AUSTRAC Rules”.

Westpac said it did not re-assess the nature of the products and customer base of six of the Correspondent Banks sufficiently regularly [and] did not re-assess the adequacy of the AML/CTF controls and internal compliance practices of four of the Correspondent Banks sufficiently regularly.

Until November 2017, the bank did not regularly identify and assess the nature of its ongoing relationship with each Correspondent Bank, including the types of transactions carried out as part of that relationship.

And it goes on and on, including the admissions that:

• Some of the trigger reports generated for some Correspondent Banks were not fully completed;

• Some of the Correspondent Banks were not subject to any additional enhanced customer due diligence after being placed on a 'watching brief';

• The process was not designed to identify material changes in the nature of the ongoing business relationship with correspondent banks, including the types of transactions carried on as part of that relationship;

• Until 2019, the bank did not have appropriate processes in place to monitor the potential for additional ML/TF risks arising from the sale of new products”;

• There were technological failures and uncertainty as to which arrangements were in scope for various software releases associated with upgrades in 2010 and 2011 of technology systems;

• From late 2011, the bank proceeded on the misapprehension that the project to report [suspicious payments] received as structured or batched data files had been successful;

• In May 2017, a technical issue affected the database replication within the LitePay payment system which in turn meant that those Non-Reported LitePay transfers were not reported to the AUSTRAC CEO”; and

• In November 2018, a technical issue following the implementation of a SWIFT Standards Release affected payment processing "forcing the bank into manual workarounds and overlooking AML compliance”.

Westpac explain their governance and review processes in the defence then respond with some detail on select customer matters aired by AUSTRAC in their statement of claim last year; for example, the Customer 8 Account.

With the bank for 3 years until May 2019, Customer 8 “was the subject of ongoing customer due diligence” with the result that the bank "identified activity on the account that was not consistent with Guidance available at the time.”

Beginning in July 2018, Westpac five times reported to the AUSTRAC CEO in relation to activity on the account, but these were misleading.

The bank admits that, from May 2016 to November 2019 it “did not sufficiently monitor Customer 8 with a view to identifying, mitigating and managing the CEM risk in respect of Customer 8.”

In an appraisal on Friday, analyst Nathan Lynch from Regulatory Intelligence said that “financial crime experts said AUSTRAC's expectations [for a settlement] were in the A$1.5 billion to A$2 billion ballpark.”

Around twice Westpac’s present provision.