Paying a record A$1.3 billion fine for breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act is one thing, making sure it couldn’t happen again is another.
The fine agreed to by Westpac and the Australian Transaction Reports and Analysis Centre (AUSTRAC) last week amounts to one-fifth of its 2019 full year net profit.
Although Westpac’s shareholders will suffer through lower dividends, financially it will be able to move on.
But not in other ways. It failed to properly report A$11 billion of international fund transfers and “failed to identify activity potentially indicative of child exploitation” in the words of the agreed statement.
One of the reasons identified in the agreed statement is that its data management and technology systems weren’t up to scratch. They also did not keep enough trained people around to oversee it all.
In 2011 and 2012 fifteen members of the team that was meant to ensure it was happening left to join another bank. These people were not replaced because of resource constraints.
The other explanation is that the board “could have recognised earlier the systemic nature of some of the financial crime issues Westpac was facing,” in the diplomatic language of the panel of expert directors Westpac commissioned to try to work out what went wrong.
Although the behaviour in question took place between 2013 and 2019 the expert director’s report draws a line between the work of the board’s risk and compliance sub-committee before and after 2017:
“our assessment is that, while not satisfactorily focussed before 2017 and slow off the mark, the board’s response appears to have been appropriate after 2017, though reaction times remained slow.”
In 2017 the committee attended a financial crime workshop to provide it with a “greater awareness of the group’s approach to managing, and the current status, of its anti-money laundering and counter-terrorism financing obligations”.
Training helped, but not enough
However, even allowing for the changes from 2017, the report concludes the board
“let lagging improvement and risk mitigation efforts continue unchallenged for too long while overseeing risk across the Group probably could have picked these things up.”
This is a damming finding, given that in 2017 the baord’s committee had specific financial crime compliance training, there had been a significant uplift in resources deployed to financial crime across the bank and new executive and board appointments were made “with relevant international and domain expertise”.
Despite this, Westpac’s board allowed the most-risky of its international transfer payment businesses to continue until 2019.
That it could have shut it down is evidenced by the fact that it did so, in November 2019 in the week AUSTRAC commenced legal action against it and Westpac let go of its chief executive and chairman.
Its board rightly has a reputation for not taking its anti-money laundering and counter-terrorism financing obligations as seriously as it was bound to.
A $1.3 billion fine, or a bigger one should the federal court not approve the settlement, won’t make any of this go away.
Boards can’t wish away duties
The Australian Prudential Regulation Authority and Australian Securities and Investments Commission are separately investigating whether Westpac’s directors and senior executives at times breached their duties as directors and accountable officers under the Banking Act and Corporations Act.
Care needs to be taken to ensure concern about how well the board did its job does not get lost in complaints about whether bank boards are being asked to do too much.
In June this year, John McFarlane, Westpac’s chairman, indicated a willingness to push back on some of AUSTRAC’s allegations, saying “if you bring everything to the board, the board stops focusing on what it really needs to focus on”.
He was speaking before Westpac agreed to pay the $1.3bn fine.
Ultimately, the responsibility for risk oversight of all forms rests with the board. Paying a great big fine won’t fix it.