AUSTRAC's long awaited risk assessment of the Australian banking sector was released in September 2021 and the key findings have been the subject of considerable debate since.
The product of three years of data analysis, collaboration with partner intelligence agencies and extensive industry consultation provides a detailed snapshot of the money laundering risk profile within our borders.
The methodology draws from Financial Action Task Force (FATF) guidance that risk can be measured through the nature and extent of the criminal threat, vulnerabilities and harm the activity can cause.
FATF is the global anti-money laundering and terrorist watch dog. Perhaps unsurprisingly due to their size, diverse customer base and product range, risk for our domestic banks was deemed 'high', with foreign operators assessed as having a 'medium' level of risk.
We set out the key findings below as well as some commentary from AUSTRAC on what the 'beating-heart' of the financial services industry should be doing to mitigate risk and protect their business, customers and the community.
Criminal Threats
The primary threat facing the major banks (and the most common threat reported in suspicious matter reports (SMRs)) was assessed to be money laundering. While techniques were varied from simple to sophisticated, the analysis found the sector was exploited at each stage of the laundering cycle with the more common methodologies including:
- misuse of cash deposit infrastructure (often combined with
rapid transfers to accounts held at different banks);
- use of complex corporate structures or shell companies to
disguise source of wealth and beneficial ownership of funds;
and
- the purchase of high value assets (such as real estate, boats, artwork) to reinvest or conceal criminal proceeds and convert back to legitimate funds.
While changing behaviours in terrorists over recent years (to self-funded or attacks which require no funding) shifted that threat to 'medium', AUSTRAC found the nature and extent of risk posed by predicate offences (or those which generate criminal proceeds) was 'high'. The range of criminality included tax evasion, drug trafficking and offences connected with fraud and scams.
Notwithstanding the threat posed, AUSTRAC acknowledged the challenge for banks to detect such offences given the difficulties in alerting the regulator to offences that either occur outside the banking system or have no nexus to a bank's products or services.
Vulnerabilities
AUSTRAC found the characteristics which make the sector so attractive to criminal activity include their vast size, customer types, network of delivery channels and services offered. Each category was assessed to have a range of inherent vulnerabilities to exploitation with the risk rating largely proportional to the size of the customer base and product offering.
The data-matching between SMRs reported and intelligence disclosed to AUSTRAC revealed that:
- higher risk customers came in a variety of forms from
politically exposed persons (or 'PEPs') to temporary visa
holders with companies and trusts (operating in the property,
construction and energy sectors) identified as problematic due to
complex structures which could obscure the provenance and movement
of funds;
- cash was a major threat due to it being difficult to trace,
often generated at the layering stage and because of the extensive
branch and 'Smart ATM' networks within Australia; and
- an increase in remote service delivery through online banking (and the anonymity offered) made it harder to detect unusual or suspicious transactions.
Consequences
The impacts of criminal activity are extensive and result in a heavy financial burden for the banking sector. Financial costs coincide with reputational and operational costs, while simultaneously impacting the Australian financial system and community at large.
AUSTRAC revealed the following consequences of criminal activity on the banking sector:
- financial costs from financial losses (such as customer
reimbursements and civil penalties), increased compliance costs,
allocation of resources to combat criminal activity (such as
skilled staff), loss of earnings, and credit rating and share price
influences;
- reputational costs from dissatisfaction of customers and
investors, negative brand image and impact on attracting new
investments and staff; and
- operational costs from heightened regulatory oversight, increased risk of legal action from non-compliance, and loss of staff and customers from tightening systems and controls.
Breaches of AML/CTF controls may also have an impact on Australia's international economic reputation particularly pertaining to the security and safety of Australia's financial sector.
Risk Mitigation
While AUSTRAC acknowledged the investment by the sector in recent years to uplift systems and controls, the sheer level of deficiency reported and inconsistent application of measures elevated the vulnerability of banks to criminal activity.
To mitigate the risk, AUSTRAC emphasised the importance of
- supplementing new systems with commensurate changes to
governance and control environments;
- customising transaction monitoring programs to better manage
high risk products or customers;
- using dynamic, 'live' risk assessment tools that are
updated to reflect new products, delivery channels or changes in
risk profile; and
- improving the quality of SMRs, by including detailed grounds for suspicion, avoiding trigger-based reporting and providing documents that provide additional context (CCTV footage, identity documents or account opening forms).
Conclusion
The variety of criminal activity has expanded exponentially over
recent years with criminal behaviour rapidly shifting.
AUSTRAC's analysis revealed the banking sector can be
susceptible to criminal exploitation which results in significant
consequences for customers, investors, the community and the banks
themselves.
While much of AUSTRAC's analysis won't be news to those in
the banking sector, it presents a comprehensive account of the
level of risk in the industry and what banks can do to strengthen
their controls, enhance their own AML/CTF risk assessments and
ensure compliance with their AML/CTF obligations.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
Lawyers Weekly
Law firm of the year
2021 |
Employer of Choice for Gender Equality
(WGEA) |