The long-awaited Australian banking sector risk assessment by AUSTRAC was released in September 2021 and the key findings have been the subject of considerable debate ever since.
The product of three years of data analysis, collaboration with partner intelligence agencies and extensive industry consultation provides a detailed overview of the money laundering risk profile within our borders.
The methodology is inspired by the Financial Action Task Force (FATF) indications that risk can be measured in terms of the nature and extent of the criminal threat, vulnerabilities and damage that the activity may cause.
The FATF is the global watchdog in the fight against money laundering and terrorism. Perhaps unsurprisingly due to their size, diverse customer base and product range, the risk to our domestic banks was rated “high”, with foreign operators assessed as having a “medium” risk level.
Below we present key findings along with comments from AUSTRAC on what the ‘beating heart’ of the financial services industry should be doing to mitigate risk and protect their business, customers and community.
The top threat facing big banks (and the most common threat reported in suspicious business reports (SMR)) has been qualified as money laundering. Although the techniques ranged from simple to sophisticated, the analysis revealed that the industry was exploited at every stage of the laundering cycle with the most common methodologies, including:
- poor use of cash deposit infrastructure (often associated with rapid transfers to accounts held at different banks);
- the use of complex corporate structures or shell companies to conceal the source of wealth and the beneficial ownership of funds; and
- the purchase of high-value assets (such as real estate, boats, works of art) to reinvest or conceal criminal proceeds and convert them back into legitimate funds.
While the shift in terrorist behavior over the past few years (towards self-funded or unfunded attacks) has raised this threat to “medium”, AUSTRAC has uncovered the nature and extent of the risk posed by under-the-counter offences. underlying (or those that produce proceeds of crime) was “high”. The spectrum of crime included tax evasion, drug trafficking, and fraud and scam related offences.
Notwithstanding the threat posed, AUSTRAC recognized the challenge for banks to detect such breaches given the difficulties in alerting the regulator to breaches that occur outside the banking system or have no connection with a company’s products or services. Bank.
AUSTRAC has found that the characteristics that make the sector so attractive for criminal activity include its vast size, types of customers, network of distribution channels and services offered. Each category was assessed to have a range of inherent operating vulnerabilities with a risk rating broadly proportional to the size of customer base and product offering.
Data matching between reported SMRs and information disclosed to AUSTRAC revealed that:
- high-risk clients came in a variety of forms, ranging from Politically Exposed Persons (or “PEPs”) to temporary visa holders with companies and trusts (operating in the real estate, construction and energy) identified as problematic due to complex structures that could obscure the source and movement of funds;
- cash was a major threat because it was difficult to trace, often generated at the layering stage and due to Australia’s extensive branch and ‘Smart ATM’ networks; and
- an increase in remote service delivery through online banking (and the anonymity offered) has made it more difficult to detect unusual or suspicious transactions.
The impacts of criminal activity are considerable and place a heavy financial burden on the banking sector. Financial costs coincide with reputational and operational costs, while simultaneously impacting the Australian financial system and the community as a whole.
AUSTRAC revealed the following consequences of criminal activities on the banking sector:
- financial costs related to financial losses (such as customer refunds and civil penalties), increased compliance costs, allocation of resources to combat criminal activity (such as trained personnel), loss of income and credit rating and share price influences;
- reputational costs due to customer and investor dissatisfaction, negative brand image and impact on attracting new investment and personnel; and
- operational costs due to increased regulatory oversight, increased risk of legal action for non-compliance, and loss of staff and customers due to strengthened systems and controls.
Violations of AML/CTF controls can also impact Australia’s international economic reputation, particularly in relation to the security and safety of the Australian financial sector.
While AUSTRAC has acknowledged the industry’s investment in recent years to improve systems and controls, the sheer level of reported deficiency and inconsistent application of measures has increased banks’ vulnerability to criminal activity.
To mitigate the risk, AUSTRAC highlighted the importance of
- supplement new systems with commensurate changes to governance and control environments;
- customize transaction monitoring programs to better manage high-risk products or customers;
- the use of dynamic, “live” risk assessment tools that are updated to reflect new products, distribution channels or changes in risk profile; and
- improve the quality of SMRs, by including detailed grounds for suspicion, avoiding trigger-based reports and providing documents that provide additional context (CCTV footage, ID documents or account opening forms).
The variety of criminal activities has expanded exponentially in recent years, with criminal behavior changing rapidly. AUSTRAC’s analysis revealed that the banking sector can be exposed to criminal exploitation, with significant consequences for customers, investors, the community and the banks themselves.
While much of AUSTRAC’s analysis is not new to banking industry players, it presents a comprehensive account of the level of risk in the industry and what banks can do to strengthen their controls, improve their own AML/CTF risk assessments and ensure compliance with their AML/CFT obligations.