AUSTRAC’s long awaited risk assessment of the Australian banking sector was released in September 2021 and the key findings have been the subject of considerable debate since.
The product of three years of data analysis, collaboration with partner intelligence agencies and extensive industry consultation provides a detailed snapshot of the money laundering risk profile within our borders.
The methodology draws from Financial Action Task Force (FATF) guidance that risk can be measured through the nature and extent of the criminal threat, vulnerabilities and harm the activity can cause.
FATF is the global anti-money laundering and terrorist watch dog. Perhaps unsurprisingly due to their size, diverse customer base and product range, risk for our domestic banks was deemed ‘high’, with foreign operators assessed as having a ‘medium’ level of risk.
We set out the key findings below as well as some commentary from AUSTRAC on what the ‘beating-heart’ of the financial services industry should be doing to mitigate risk and protect their business, customers and the community.
The primary threat facing the major banks (and the most common threat reported in suspicious matter reports (SMRs)) was assessed to be money laundering. While techniques were varied from simple to sophisticated, the analysis found the sector was exploited at each stage of the laundering cycle with the more common methodologies including:
- misuse of cash deposit infrastructure (often combined with rapid transfers to accounts held at different banks);
- use of complex corporate structures or shell companies to disguise source of wealth and beneficial ownership of funds; and
- the purchase of high value assets (such as real estate, boats, artwork) to reinvest or conceal criminal proceeds and convert back to legitimate funds.
While changing behaviours in terrorists over recent years (to self-funded or attacks which require no funding) shifted that threat to ‘medium’, AUSTRAC found the nature and extent of risk posed by predicate offences (or those which generate criminal proceeds) was ‘high’. The range of criminality included tax evasion, drug trafficking and offences connected with fraud and scams.
Notwithstanding the threat posed, AUSTRAC acknowledged the challenge for banks to detect such offences given the difficulties in alerting the regulator to offences that either occur outside the banking system or have no nexus to a bank’s products or services.
AUSTRAC found the characteristics which make the sector so attractive to criminal activity include their vast size, customer types, network of delivery channels and services offered. Each category was assessed to have a range of inherent vulnerabilities to exploitation with the risk rating largely proportional to the size of the customer base and product offering.
The data-matching between SMRs reported and intelligence disclosed to AUSTRAC revealed that:
- higher risk customers came in a variety of forms from politically exposed persons (or ‘PEPs’) to temporary visa holders with companies and trusts (operating in the property, construction and energy sectors) identified as problematic due to complex structures which could obscure the provenance and movement of funds;
- cash was a major threat due to it being difficult to trace, often generated at the layering stage and because of the extensive branch and ‘Smart ATM’ networks within Australia; and
- an increase in remote service delivery through online banking (and the anonymity offered) made it harder to detect unusual or suspicious transactions.
The impacts of criminal activity are extensive and result in a heavy financial burden for the banking sector. Financial costs coincide with reputational and operational costs, while simultaneously impacting the Australian financial system and community at large.
AUSTRAC revealed the following consequences of criminal activity on the banking sector:
- financial costs from financial losses (such as customer reimbursements and civil penalties), increased compliance costs, allocation of resources to combat criminal activity (such as skilled staff), loss of earnings, and credit rating and share price influences;
- reputational costs from dissatisfaction of customers and investors, negative brand image and impact on attracting new investments and staff; and
- operational costs from heightened regulatory oversight, increased risk of legal action from non-compliance, and loss of staff and customers from tightening systems and controls.
Breaches of AML/CTF controls may also have an impact on Australia’s international economic reputation particularly pertaining to the security and safety of Australia’s financial sector.
While AUSTRAC acknowledged the investment by the sector in recent years to uplift systems and controls, the sheer level of deficiency reported and inconsistent application of measures elevated the vulnerability of banks to criminal activity.
To mitigate the risk, AUSTRAC emphasised the importance of
- supplementing new systems with commensurate changes to governance and control environments;
- customising transaction monitoring programs to better manage high risk products or customers;
- using dynamic, ‘live’ risk assessment tools that are updated to reflect new products, delivery channels or changes in risk profile; and
- improving the quality of SMRs, by including detailed grounds for suspicion, avoiding trigger-based reporting and providing documents that provide additional context (CCTV footage, identity documents or account opening forms).
The variety of criminal activity has expanded exponentially over recent years with criminal behaviour rapidly shifting. AUSTRAC’s analysis revealed the banking sector can be susceptible to criminal exploitation which results in significant consequences for customers, investors, the community and the banks themselves.
While much of AUSTRAC’s analysis won’t be news to those in the banking sector, it presents a comprehensive account of the level of risk in the industry and what banks can do to strengthen their controls, enhance their own AML/CTF risk assessments and ensure compliance with their AML/CTF obligations.
This publication is introductory in nature. Its content is current at the date of publication. It does not constitute legal advice and should not be relied upon as such. You should always obtain legal advice based on your specific circumstances before taking any action relating to matters covered by this publication. Some information may have been obtained from external sources, and we cannot guarantee the accuracy or currency of any such information.