Financial intelligence agency AUSTRAC’s allegations of massive anti-money-laundering breaches by Westpac have many puzzled.
The allegations in AUSTRAC’s Statement of Claim on 20 November have damaged the bank’s reputation, disrupted management, executive and board succession planning, and point to deep operational problems. They associated the name of Australia’s oldest bank with the child-sex industry in the Philippines and South East Asia, which some of the payments in question appear to have facilitated.
Within days, the episode had claimed CEO Brian Hartzer and board risk and compliance committee chair Ewen Crouch AM FAICD, and forced chair Lindsay Maxsted FAICD to announce he would step down by the middle of this year. In a fortnight, the scandal sparked investigations by regulators, the Australian Securities and Investments Commission (ASIC) and Australian Prudential Regulation Authority (APRA), exposed board and management to penalties and sliced around $4b from the company’s market capitalisation.
Westpac’s problems appear to have started with IT system errors, which Westpac says date back to 2010–11. What’s unclear is why those errors remained unfixed for as long as eight years. And then, when they were brought to the attention of the board and AUSTRAC in 2018, why the financial agency was forced to legal action.
Estimates are the penalty will be closer to $1b, of a similar scale to CBA’s $700m settlement with AUSTRAC in 2018. NAB’s 2019 annual report advised it has also reported a number of compliance breaches, which it is remediating, and that it may receive significant monetary penalties.
Directors and executives of large financial institutions talk about the complexities and costly nature of identifying and reporting on anti-money laundering and counter-terrorism financing transactions. Admittedly, most of the allegations pre-date the Royal Commission, but, barely a year since the intense public scrutiny and findings of the Commission on culture, accountability and changing community expectations of board and management, many are asking how it could come to this. How did the board not discover the need to forestall a looming disaster? This was after rival CBA had owned up in 2017 to more than 53,000 similar breaches and paid a $700m penalty; and NAB had announced in 2018 it was dealing with AUSTRAC in relation to a number of similar issues.
As the Australian Council of Superannuation Investors (ACSI) CEO Louise Davidson AM MAICD asks: why did that not make adequate urgency a priority for the board?
Fronting the company’s marathon AGM in December, Maxsted and acting CEO Peter King apologised. “As a board and as individuals, we are devastated that anyone may have been exposed to the risk of harm as a result of a failing by Westpac,” said Maxsted. “For this, we are truly sorry. Every one of us in this company has been shaken by the events of the past few weeks and we know this feeling is shared widely throughout the community.”
Maxsted told the meeting that the board had only had sight of the issue since Westpac reported it to AUSTRAC in August 2018 — and, 16 months later, indicated it still needed to find out the facts. Facing repeated questioning from investors on the company’s culture, management and board accountability and capacity, Maxsted emphasised that while there was much speculation about what happened, the Financial Crime Program Review by risk consultant Promontory would reveal all. It would be overseen by three independent governance experts and the company would publicly release the recommendations.
From various documents and reports on Westpac and the broader banking industry, we can see some likely origins of Westpac’s trouble. And we can see at least one lesson for directors everywhere: encourage a corporate culture where people are encouraged to speak up.
Maxsted offered the AGM hints about what went wrong. Banks, Westpac included, had focused too little on non-financial risk. The board felt it was making progress, “but clearly that wasn’t going at sufficient pace and it wasn’t going at sufficient depth,” he said. “We did elevate financial crime, we had people reporting to us and probed, but clearly the right questions weren’t asked at the right time. That’s why we need to do the detailed reviews, and get the experts to see is there something fundamentally wrong with the culture of Westpac?”
In 2018, Westpac, among 36 of the country’s biggest banks, insurers and superannuation licensees, prepared a Governance, Accountability and Culture Self-Assessment for APRA, in response to the final report of the APRA Prudential Inquiry into the CBA. The self-assessment was delivered after Westpac had admitted the transgression to AUSTRAC. It is a surprisingly detailed examination of Westpac’s weak spots.
The financial intelligence agency has commenced civil proceedings against Westpac.
AUSTRAC alleges Westpac contravened its obligations under the AML/CTF Act 2006 with a total of more than 23 million breaches.
The allegations include IFTI (international funds transfer instruction) reporting failures, tracing information and record-keeping failures, correspondent banking and customer due diligence failures (regarding identifying, mitigating and managing child exploitation risks).
AUSTRAC claims Westpac was aware of the heightened child exploitation risks since 2013. It alleges that in June 2016, senior management was briefed on the risks of LitePay, a Westpac product that facilitates low-value international transactions. Westpac did not implement automated detection for LitePay until June 2018.
The 131-page report, compiled by a Westpac team and consultants from Oliver Wyman, found “Westpac’s management of non-financial risks across all lines of defence remains generally less mature than its management of financial risks and this factor is likely near, or at, the root cause of many of Westpac’s non-financial risk-related issues”.
It went on to identify three frequently observed “strands of Westpac corporate DNA” — including a “tendency to cultivate complexity with multiple frameworks and policies in place to deal with what are really common issues, a tendency to privilege upfront conceptual work over execution and implementation, and an imperative for safety, both at a company and employee level. Westpac’s near insolvency in the early 1990s reinforced this trait and drove a focus on management of financial risk, especially credit risk.”
The self-assessment also noted: “a lack of clarity on accountabilities and consequences, and challenges in rapidly identifying, prioritising, escalating and remediating issues”.
At the centre of this lack of clarity was a troubling revelation — many Westpac staff were worried they would get into trouble if they spoke up about problems. In free-form text responses, interviews and focus groups, the self-assessment stated, “people frequently spoke of being ‘fearful’, with obvious implications for speaking up, managing messages, challenging and taking ownership and accountability”.
The report noted that many interviewees and focus group participants used the phrase “good news culture”. And it quantified the problem: “more than a quarter of surveyed employees still do not agree with the employee sentiment survey statement: ‘I feel safe calling out issues, risks and/or concerns.’”
The end result was that Westpac’s Risk Appetite Dashboard rated speak-up culture as “red”, the self-assessment said. The company knew that when they saw a problem, many staff would be tempted to keep quiet about it.
The self-assessment team also highlighted how Westpac staff reticence might play out when the need for strong financial results clashed with risk or compliance concerns: financial concerns might “crowd out claims for additional spending on risk or compliance issues”.
Westpac had good systems for whistleblowing including an external hotline. “If we are not the organisation that we think we are, if we have bigger weaknesses in a speak-up policy or whatever, then we have to go back to scratch and revisit this again.”
The Westpac response is to
- Close the relevant Westpac Australasian Cash Management Product — the technology platform at the core of Westpac’s failure to identify/report on IFTIs to AUSTRAC.
- Remediate and analyse all unreported IFTIs to AUSTRAC.
- Close the LitePay international funds transfer system.
- Lookback screen of customer transactions: Westpac has undertaken a further review of all child exploitation transaction types for the Philippines over the past 12 months.
- Review and action highlighted customers.
- Westpac has more than doubled its internal resourcing dedicated to financial crime to 750 people over the past three years. In 2020, it plans add 200 more people to this team.
Financial institutions have an obligation to “know your customer” and help AUSTRAC and the federal government fight financial and other serious crime. Individual banks only get a fraction of the information. Former Westpac executive Amanda Wood was the inaugural chair of AUSTRAC’s Fintel Alliance Experts Working Group of major banks and financial institutions. The alliance will allow the Australian Federal Police, AUSTRAC and the banks to view transactions in real-time across all entities to achieve a better overall picture.
ACSI’s Davidson sees significance in the Westpac admission that it needs to escalate bad news more effectively. She calls it “something that all organisations, all companies, not just in banking, but all sectors, really need to be thinking about... It can be really difficult for people who are at less senior levels within organisations to have the confidence to do this.”
Davidson adds we have already seen examples of this in a number of organisations — including CBA being penalised for transgressing anti-money laundering regulations.
The problem with speaking up is also supported by scientific work, notably by Macquarie University researcher Professor Elizabeth Sheedy, who has co-authored a series of papers on the banks’ risk culture. She and her co-authors compared three major Australian and four major Canadian banks. Sheedy won’t reveal whether Westpac was part of the Australian group, but says there was a statistically significant difference between the risk culture of the Canadian and Australian banks. In particular, the Australian banks showed higher “avoidance” — indicating “a culture where issues are ignored, swept under the carpet, downplayed”.
Sheedy says her research also shows that the Australian banking industry views compliance in general as “not a priority”. To make matters worse, she notes, anti-money-laundering (AML) systems are “notoriously difficult and expensive”, requiring considerable manual checking. “It’s incredibly resource-intensive,” she says, and requires banks to ask their customers “lots of intrusive questions”.
AML systems and processes now have a rich history of creating scandals at institutions such as HSBC, Danske Bank and Deutsche Bank. If Australian banking had cultural problems, it seemed almost fated that they would turn up in anti-money-laundering efforts. And so they have.
“Ninety-five per cent of directors believe culture is critical,” notes Tim Boyle from board advisory specialist Blackhall & Pearl. “Yet it is an area where they spend the least amount of time.”
That’s not because of lack of desire, he suggests. “Most boards want to spend time on strategy and culture.” But, he adds, boards are simply not properly equipped to do it. “They have few tools to understand the operating culture beyond what management says, or the application of generic surveys, which are often proven wrong with the benefit of hindsight.”
Westpac’s self-assessment puts it bluntly:
“In reality, the industry has no-one to blame but itself. In the past decade, it provided the country with what seemed an endless supply of customer failings, many giving rise to genuine questions about bank and employee integrity.”
A year after the banking royal commission, AUSTRAC has launched civil proceedings against Westpac, alleging it repeatedly breached anti-money laundering laws.
August 2018 Westpac notifies AUSTRAC of failure to report a large number of international funds transfer instructions (IFTIs).
20 Nov 2019 AUSTRAC launches Federal Court proceedings alleging Westpac contravened its obligations under the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act 2006 (Cth). Investors wipe more than $6b in value from its shares.
22 Nov Westpac apologises and says board, CEO Brian Hartzer and management are taking necessary steps to urgently close any remaining gaps and fix policies and procedures.
24 Nov Board announces response plan, including closing LitePay and says it will work with AUSTRAC and withhold part or all of executive short-term incentives.
25 Nov ASIC confirms it is investigating possible breaches of legislation it administers. Law firm Phi Finney McDonald indicates shareholder class action likely.
26 Nov Board announces CEO Brian Hartzer to go. Appoints CFO Peter King acting CEO and COO Gary Thursby as acting CFO. Ewen Crouch AM FAICD, Westpac risk & compliance committee chair, will not seek re-election and chair Lindsay Maxsted FAICD will bring forward his retirement to the first half of 2020. Search begins for new CEO.
28 Nov Westpac appoints board financial crime subcommittee to oversee review and increases resourcing. Chaired by Peter Nash, with Nerida Caesar, Margaret Seale FAICD and Steven Harker. Consultant Promontory begins an urgent external review. Westpac flags accountability review by independent advisory panel to consider Promontory report and provide recommendations on governance and board accountability. Bank provides withdrawal option for investors in its Share Purchase Plan.
2 Dec APRA chair Wayne Byres GAICD tells a parliamentary hearing the regulator’s investigation into Westpac over alleged breaches would focus on culture and governance failures, including whether internal red flags were ignored.
9 Dec AUSTRAC and Westpac advise Federal Court they’ve begun discussions regarding a “statement of agreed facts”. The matter is further listed for case management hearing in February–March 2020.
11 Dec Westpac raises $750m from retail investors as part of $2.5b capital raising.
12 Dec Lindsay Maxsted FAICD chairs six-hour Westpac AGM, at which shareholders deliver a second strike on executive remuneration, forcing a board spill motion. Directors survive with more than 90 per cent of the vote.
17 Dec APRA imposes a $500m capital charge on Westpac and launches an investigation into whether Westpac, its directors and senior managers have contravened the Banking Act 1959. It is the first investigation using APRA’s new powers under the Banking Executive Accountability Regime (BEAR).