Dirty money: How the banks and AUSTRAC are fighting back against financial crime

By Charlotte Grieve

Financial crimes watchdog AUSTRAC raised concerns about NABs compliance this week. Credit:Brent Lewin/Bloomberg

Earlier this year in the National Australia Bank’s Docklands headquarters, a fraud officer noticed a suspicious pattern of transactions made by a 70-year-old woman.

The officer opened the bank account and saw more than 20 transfers to Coinspot, an Australian cryptocurrency exchange.

The customer’s transaction history showed the woman had transferred between $550 and $39,000, amounting to more than $400,000, within a few months.

Notes attached to the account revealed a previous investigation had determined there was nothing to see here and allowed the payments to continue.

Alarmed, the officer called the customer and quickly discovered it was textbook fraud. The woman had never used internet banking before but her account had been hacked after a stranger helped her set up an online account to buy shares over the phone.

It was too late to retrieve the money, so the officer recommended calling the Australian Financial Complaints Authority. The next day, the person was sacked.

That employee was on a temporary contract through recruitment firm Hays, so there was little that could be done to protest the sacking. But after almost two years of a growing workload and shrinking deadlines, the officer was ready to leave.

The Age and Herald have spoken to dozens of former and current workers from the frontlines of the fight against financial crime, working in both the major banks and the Australian Transaction Reports and Analysis Centre (AUSTRAC), about the strengths and weaknesses of the system. None could be named because they were discussing sensitive information and were not authorised to speak publicly.

What’s emerged is an industry confronted with a fierce fight for talent that understands complex anti-money laundering laws at a time when compliance has never been more important and criminals have never been more sophisticated.

Systemic breaches of these laws have cost two of the country’s largest banks – Commonwealth Bank and Westpac – a combined $2 billion in recent years and toppled its top brass.

Now, the regulator has set its sights on the National Australia Bank, which has struggled to fix legacy problems with customer identification for years.

Senior Jefferies banking analyst Brian Johnson says failure to comply with these laws can strip banks of their licence to operate and plugging holes has become among the most costly and important tasks.

“There are gigantic civil penalties coming through,” Johnson says. “But there’s financial stability implications to this as well.”

So what is going on inside these big banks? And what needs to be done to fix the problem once and for all?

‘Pumping out numbers’

CBA was the first major bank to be burnt by AUSTRAC – a nimble and aggressive regulator that feeds intelligence from banks to law enforcement.

By failing to implement a $10,000 cap on cash deposits through its ATMs, CBA allowed millions of dollars to be laundered through its machines by criminals, including those importing drugs and firearms. CBA apologised and was fined $700 million.

The damning revelations came around the same time as the banking royal commission, where misconduct scandals at the country’s major financial institutions regularly made front page news.

CBA CEO Matt Comyn this week: "We are committed to making substantial investments in technology to maintain our leadership over time.”Credit:Renee Nowytarger

CBA poured money into boosting its compliance processes and developed a rigorous training program for new recruits. Staff were fronted by chief executive Matt Comyn, of whom one recalls “told the entire bank to take this stuff seriously”.

Those who have worked across banks say CBA’s technology is by far the most advanced, with most systems working through one centralised, purpose-built platform – CommSee. “You can pretty much do anything you want on that system,” says one former employee.

CBA’s approach to technology has been described as proactive, rather than reactive, and the bank regularly innovates to improve systems and automate processes.

But, as the country’s largest bank, its workload is also the largest. Amid what could be described as a battle for bodies, CBA has turned to labour hire firms to fill permanent roles with temporary contractors across its financial crime operations.

AUSTRAC has strict requirements on how quickly suspicious activity must be flagged by banks. Each day, CBA’s teams meet for a “huddle” where managers would set targets to encourage staff to work quickly. Teams competed against each other, and those who cleared the most alerts were rewarded with gift vouchers or free breakfasts.

While the targets were designed to encourage efficiency, staff say it caused standards to slide. “They were just pumping out numbers,” says one former analyst. “If you are rushing, you’re going to miss something.”

In a few instances, staff were found copy and pasting information into reports sent to AUSTRAC and temporary contractors were threatened with termination if they missed targets that have been described as “rough” and “numbers-driven”.

Managers closely monitored the targets, which many say led to micro-managing or bullying, especially for those on insecure contracts. One email sent by a former contractor, obtained by this masthead, details bullying so severe the person was compelled to make a formal complaint.

“We [are] all afraid as [the manager] has said to others he can fire them without much thought,” the email said. “After a while coming into work would make me cry and I would feel so bad that I had no one to turn to.”

The corner-cutting staff were sacked and CBA switched from rewarding quantity to quality, which is where they’re at today. The bank played a key role in Operation Ironside, the Australian Federal Police-led sting that led to more than 100 organised criminals being charged.

CBA now circulates monthly internal emails to highlight the work of employees who contribute intelligence to AUSTRAC that is used in police investigations or results in arrests, with top performers paid bonuses. “We have quality assurance teams to review the quality of the work that’s actually being done,” CBA chief risk officer Nigel Williams says.

Digital consultancy Publicis Sapient director Adam Flesch says employing contractors is not necessarily good or bad, and can be used to avoid headcount restrictions where banks fund additional staff through project budgets.

And while training is essential for these staff, Flesch says risks remain as these teams are exposed to highly sensitive and confidential data and business intelligence. “Those workforces that have access to such information need to be trusted personnel. Contractor status contradicts with this concept.”

‘Medieaval’ technology

Westpac copped the largest civil penalty in Australian corporate history last year when it was fined $1.3 billion – the second major bank on AUSTRAC’s hit list.

The regulator’s lawsuit detailed failures that led to Westpac processing funds for paedophiles and blamed an “indifference” among senior management towards compliance.

The allegations sent the bank, its customers, staff and shareholders into turmoil. Chief executive Brian Hartzer was axed, and his replacement took out full-page advertisements in major newspapers promising to do better.

While Westpac’s reaction to the scandal was widely covered, CBA’s was not. CBA quietly launched a secret internal project to weed out customers that could be suspected of paying for child exploitation material. A team of about 30 senior analysts worked for 72 hours to identify caucasian males, aged 40 years or over, sending between $500 to $1500 to south-east Asian countries, particularly the Philippines. These customers’ accounts were closed or referred to AUSTRAC. “They didn’t want any more fines,” says one analyst on the team.

Westpac is one of many banks around the world to fall foul of anti-money laundering laws, but until recently that didn’t mean much in Australia. Credit:Getty Images

Six months on, those on the frontlines say the change at Westpac is noticeable.

Westpac has sought to address the lack of accountability by becoming the only big four bank to create an executive role dedicated to financial crime, appointing Les Vance last May.

Insiders say this has tangibly changed the bank’s approach to risk, where concerns are taken seriously and escalated to the very top where necessary. “When you have a higher seat at the table, you pretty much have full support from the board,” says one manager working in financial crime.

Westpac says it does rely on temporary contractors in its core financial crime team – something staff say prevents high turnover and creates a cohesive culture. “Everyone comes in focused, has a sense of security. I think that definitely helps,” says a Westpac employee currently working full-time in financial crime compliance.

“I work at Westpac now, their technology compared to CBA’s is medieaval.”

And while the bank has made progress in updating its technology, the full scale of what is needed is still many years away. Westpac is in the business of poaching staff from CBA by offering more money or permanent contracts. But some who have made the jump say they regret it.

“You have to leave CBA to understand how awesome their tech is,” says one. “I work at Westpac now, their technology compared to CBA’s is medieaval.”

Westpac has many subsidiaries – St George, Bank of Melbourne, BT, Rams, Bank of South Australia – that have not been integrated into one system, meaning staff need to juggle multiple platforms to investigate cases that appear suspicious.

One employee with experience at both banks says this set-up means it takes between two and three times longer to complete the same task compared to CBA. Another said the cumbersome technology had made the job a nightmare.

“I would love to go back to CBA. I feel like I have made a mistake.”

‘Long rope’

The 70-year-old customer who became a victim of cryptocurrency fraud is one very small part of NAB’s struggles with preventing financial crime.

As revealed in this masthead this month, NAB has launched a mammoth project dubbed Project Apollo to manually sift through hundreds of thousands of customer accounts to make sure they had valid and verified identification documents.

A backdated error in NAB’s processing meant a large portion of customers were not properly identified, hence they were incorrectly risk-rated and did not trigger the right alerts needed to file reports to AUSTRAC.

Fulfilling ‘know your customer’ (KYC) requirements is the backbone of any anti-money laundering regime. Personal details need to be updated over the course of a customer’s lifecycle. Failure to do so leaves the door open for criminals to buy bank accounts on the black market, through which they can clean dirty money.

NAB has struggled with getting its KYC process right for years. In 2018, the bank hired Sharon Campbell from Europe to sort it out once and for all.

Campbell had spent almost a decade at the UK’s feared corporate cop – the Financial Services Authority – where she rose in the ranks to become the head of financial crime and intelligence.

Campbell was appointed NAB’s executive general manager of financial crime operations and transformation, a lengthy title for a challenging role. Arriving with a new strategy concocted with help from a big four accounting firm, she wasted little time in making her presence felt.

“The changes Sharon Campbell brought in were extensive, vast and felt across the entire financial crime operations,” says one former employee.

Campbell introduced new processes that increased the amount of customer information collected to paint a detailed picture of where money was coming from and going to. Some say this lifted standards, others say it blew out processing times to unsustainable levels.

To keep up, NAB went on a hiring spree that caused its financial crime team to swell by the hundreds.

While improving people and processes are just one part of the equation, arguably technology is the most important. Insiders say NAB’s patchwork of technology systems meant the root cause of its AML headaches was not being addressed and mistakes were repeated.

NAB has been accused of serious non-compliance issues with anti-money laundering laws. Credit:Pat Scala

AUSTRAC rejected multiple internal reviews of NAB’s KYC revamped policies. Extensions were granted but the regulator’s patience has now worn thin. This month, AUSTRAC sent a letter informing NAB the matter had been escalated to its enforcement team.

NAB has since pulled off a major victory in hiring former AUSTRAC boss Paul Jevtovic to join its ranks. It has invested $800 million since 2017 to improve its financial crime operations and staff in these teams have increased by six-fold.

Chief executive Ross McEwan is taking the challenge seriously. He inked a deal in April with the AFP to improve information sharing and meets regularly with AUSTRAC. “We take the feedback. We’re not perfect. They know that,” McEwan told Senate estimates in April. “I would consider the relationship is constructive. We have the same purpose in mind. But, as an organisation, we still have quite a bit to do and we’re putting in the resources and the technology to be better at it.”

But some within the bank are concerned AUSTRAC has given NAB a “long rope”. “Why is the regulator granting so many extensions? If there is no regulatory action, there is no motivation to fix it.”

Friend or foe?

Much of AUSTRAC’s hot-headed reputation emerged under the leadership of Jevtovic, who was chief executive from 2014 to 2016.

Paul Jevtovic is highly regarded within the ranks at AUSTRAC and preceded current CEO Nicole Rose.Credit:Janie Barrett

Jevtovic had spent the first 28 years of his working life in the Australian Federal Police, working across drugs, fraud and serious crime. “I most enjoyed working on organised crime,” he says on LinkedIn.

When the Melbourne-educated executive joined AUSTRAC it was a sleepy, risk-averse regulator with a “culture of comfort” that mostly operated behind the scenes.

Those who worked with Jevtovic say he could be abrasive, didn’t take excuses lightly and had a “heavy-handed” approach to the job.

But above all, Jevtovic was respected and widely recognised as transforming the regulator for the better, by tightening the relationship with law enforcement and scaling up its technology.

At the time, there was chatter in Canberra about merging AUSTRAC with other financial regulators like the Australian Securities and Investments Commission (ASIC), and Jevtovic was determined to prove its worth as a standalone operator.

AUSTRAC is smaller by comparison to both APRA and ASIC in terms of revenue and staffing levels, which comes with its pros and cons. It is nimble and can make changes quickly, but resourcing limits the number of enforcement investigations that can be undertaken at any given time.

Jevtovic poured money into upgrading technology, ensuring processes were automated where possible and analysts had access to top of the range platforms. “People were amazed by the speed he was running at. He gave the organisation the injection it needed,” says one former senior AUSTRAC employee.

In 2019, AUSTRAC appointed Nicole Rose as chief executive, who had an expansive career in law enforcement that saw her win the Public Service Award for her services to policing in 2013.

Those who have worked under both bosses claim they have brought starkly different leadership styles to the role. Where Jevtovic was front of stage, Rose prefers to promote others and foster collaboration.

Rose’s leadership style has been described as “second to none” and was instrumental in the Westpac prosecution, but many say she is more cautious. Banking sources are fearful this will allow NAB to get off the hook lightly, compared to its rivals.

But the ability for AUSTRAC to do its job relies on striking a balance between acting as friend and foe. The regulator must be feared, so entities take the laws seriously, but also trusted, with many recent coups stemming from self-reported breaches.

Where Jevtovic was more willing to strike from behind, Rose is careful to walk entities through the process. “You don’t want a regulator to immediately slap you with a fine, escalate things to court. You have to demonstrate the response is warranted,” says one AUSTRAC insider.

While many now believe the regulator is striking the right balance, the federal opposition thinks otherwise.

Labor Senator Deborah O’Neill successfully garnered enough votes last week to establish a Senate inquiry into the country’s anti-money laundering regime, after blaming AUSTRAC for being reactive and too reliant on the banks.

“We need to look at the overarching regulatory regime, is it appropriate?” Senator O’Neill said.

Interview requests with Westpac and NAB were declined.

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Business

Source: Read Full Article