Commonwealth Bank of Australia faces enquiries from a range of different regulatory agencies in various jurisdictions over its alleged anti-money laundering failures, sources said. The bank is already preparing a response to the Australian Transaction Reports and Analysis Centre's litigation alleging more than 53,700 breaches of the anti-money laundering and counter terrorism financing regime.
The bank is also understood to be facing enquiries from the Australian Prudential Regulation Authority about its management of risk culture. The Australian Securities and Investments Commission, meanwhile, has indicated that it will investigate whether the bank has complied with its obligations under the Corporations Act 2001.
The agency is investigating whether the directors met their continuous disclosure obligations in keeping the market informed of the regulatory action, as well as complying with broader conduct and culture obligations.
Dr Andy Schmulow, senior law lecturer at the University of WA, said this coordinated oversight from regulators could see CBA defending a range of regulatory actions - and not only in Australia.
Regulators tended to steer clear of each other's primary areas of responsibility but complex cases such as this could involve a number of agencies attacking from different angles.
Schmulow said Section 912A of the ASIC Act 2001 requires the conduct regulator to be more proactive in protecting the integrity of the financial system. Resolute action from AUSTRAC had made ASIC look feckless and weak by comparison and ASIC would be keen to salvage its reputation, he argued.
"ASIC has been embarrassed by AUSTRAC's performance. Hopefully it will come to grips with Section 912A of the Corporations Act and launch a vigorous investigation. It would be good if Greg Medcraft could commit to more than ASIC's infamous 'light touch' in this instance," Schmulow said.
The prudential regulator also has jurisdiction over the matter if it can establish that CBA has failed to manage its "risk culture" obligations. APRA said last October that it would look into this area more closely to address an array of financial sector risks.
Wayne Byres, the chairman of the prudential regulator, said this was "critically important for an institution's long-run health."
Every Australian bank's chief executive and board must ensure they have a robust risk culture that ensures they operate in line with the broader commercial strategy and risk appetite, according to the rules.
Schmulow said APRA had "walked the talk about risk culture" but was yet to put its ideas into action. This scandal could be a good opportunity to test these regulatory concepts, he said.
"The AUSTRAC statement of claim sets out evidence of alleged malpractice and evidence that the bank was moving eye-watering amounts of illicit cash," he said.
APRA has the power to give directions and to enforce prudential standards. It has the power to remove directors where those directions are ignored.
Schmulow said APRA needed to be more forthcoming about its interests in the CBA case to ensure it was accountable to the public and other stakeholders.
"APRA should not fail to be accountable by using Section 56 of the APRA Act as a shield. Section 56 protects confidential information on a bank. The AML breaches are in the public domain, and any direction APRA might give is information on APRA, not CBA," he said.
Across the Tasman, the Reserve Bank of New Zealand is also making enquiries into the major banks' AML controls for smart ATMs. The central bank, which oversees AML/CFT supervision, said it had written to each of the country's major banks last week to ascertain the controls they had in place for cash deposits at smart ATMs.
"AUSTRAC's move will be on the agenda for the regular AML discussions we have with our supervised institutions," an RBNZ spokesman said.
In Asia, the Hong Kong Monetary Authority, is also understood to be looking into CBA's systems and controls.
The bulk of the illicit transfers alleged in AUSTRAC's statement of claim moved through Australian accounts and up to accounts in Hong Kong, which could give the HKMA jurisdiction in the case. CBA has a branch in Hong Kong and was charging customers just A$22 for thousands of these international transfers, according to AUSTRAC's 450-page statement of claim.
Bill Majcher, president of corporate risk consultancy EMIDR, said the Hong Kong regulator was likely to be in talks with CBA officials already about the extent to which they had facilitated money laundering.
"Given the concerns from regulators in Australia, it would appear to be highly unlikely that CBA has kept the Hong Kong regulators informed of developments. This really gets any investigation off on the wrong foot," he said.
"Keeping regulators informed and being proactive about any potential breaches is critical in all areas of regulation, but especially in AML/CTF compliance."
Majcher said it was disappointing Hong Kong had featured so heavily in the outbound transactions that drug cartels had made through CBA's intelligence deposit machines and online bank accounts.
Local, Hong Kong, financial institutions should look at Australian banks with the same level of caution they exercise when Russian and Chinese banks remit funds via Hong Kong, he said.
"Hong Kong often gets a bad rap due to its perceived status as Asia's global laundromat, based primarily on its nexus to Chinese capital flows. It is becoming increasingly clear, however, after the Russian Laundromat money laundering operation, Malaysia's 1MDB scandal and now CBA, that no single banking jurisdiction has a monopoly on virtue," Majcher said.
This article first appeared on Thomson Reuters' Accelus Regulatory Intelligence service.