On the 3rd August 2017, the Australian Transaction Reports and Analysis Centre (AUSTRAC) initiated civil penalties proceedings against the Commonwealth Bank of Australia (CBA) for ‘serious and systematic non-compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act)’. Alleged breaches of the AML/CTF Act include failure to perform risk assessment on CBA’s own Intelligent Deposit Machines (IDMs), failure to provide over 50,000 threshold transaction reports (TTRs) and the failure to report suspicious activity. In total, AUSTRAC has claimed that CBA has contravened the act on 53,700 occasions. In May 2012, CBA commenced the rollout of its IDMs, ATMs that accept both cash and cheque deposits and immediately credits these funds into the recipients account. The use of IDMs grew exponentially from only $89.1 million being deposited between June and November 2012 to $5.81 billion being deposited between January and June 2016. CBA failed to conduct proper risk assessments on its IDMs prior to its 2012 rollout and during the first 3 years of their operation. By the time risk assessment was finally carried out, a total of $8.91 billion had already been deposited through these machines. Figure 1. Deposits made through Intelligent Deposit Machines (IDMS) Source: AUSTRAC In addition, financial institutions are required to submit TTRs to AUSTRAC on physical currency transactions of $10,000 or more within 10 business days. CBA failed to submit the required TTRs on their IDMs on 53,506 transactions, forming 95% of their total IDM transactions. CBA has cited the cause of this breach as a coding error from a software update in late 2012. The error was found in 2015 and fixed within one month of its discovery. AUSTRAC and the Australian Federal Police have already identified four cases of money laundering through the use of IDMs. In one instance, $20.59 million was deposited into 30 CBA accounts, 29 of which were opened using fake names, from late 2014 to August 2015. Most of these deposits were then transferred offshore into bank accounts in Hong Kong. By April 2015, CBA had already identified the suspicious pattern of cash deposits and offshore transfers. The bank has put the blame on a single coding error and believe that they are only liable for one contravention. Since each contravention carries a maximum penalty of $18m, this would reduce their maximum penalty from $960 billion to $18 million. Figure 2. Timeline of events Source: BondAdviser These events come off the back of AUSTRAC’s record $45m penalty order against TABcorp for breaches of AML/CTF Act earlier this year, Wells Fargo’s USD$185m penalty for opening fake customer’s accounts in the US last year and a string a reputation damaging scandals involving the major banks. While the immediate credit impact is immaterial (Standard & Poor’s (S&P) have stated the bank’s credit rating will not be affected by the AUSTRAC proceedings), it is worth watching out for longer term implications for banking credit. For most for the past year, the Federal Parliament has gone back and forth on a royal commission into the Australian banking sector and commentators are suggesting this is now inevitable. Historically, bank fines for misconduct have been minor but the question remains whether there is the potential for a significant financial precedent here. The potential for this process, major bank levies, credit rating action and regulator announcements have all added to increased uncertainty for Australia’s financial system which may weigh on perception offshore and subsequently, foreign investment.