In my previous post on EML Payments (EML) (see here) we noted that EML had advised that its Irish regulated subsidiary, PFS Card Services (Ireland) Limited ('PCSIL'), had received correspondence from the Central Bank of Ireland ('CBI'), including a letter received on Friday 14 May 2021 (Australian time) raising significant regulatory concerns ('Correspondence'). The CBI's concerns relate to PCSIL's Anti-Money Laundering / Counter Terrorism Financing ('AML/CTF'), risk and control frameworks and governance. The Correspondence states that the CBI is minded to issue directions to PCSIL pursuant to section 45 of the Central Bank (Supervision and Enforcement) Act 2013.

A few days ago, EML provided the Australian Stock Exchange with a trading update.  The trading update also included its Quarter 3 FY2021 update in which EML confirmed:

"Current Status:
 

• EML advised the market on 19 May 2021 that it had received correspondence from the CBI raising significant regulatory concerns (‘Section 45 Letter). EMI responded to the CBI's Section 45 letter within the deadline on 27 Moy 2021. 
• EMA remains in an ongoing dialogue with the CBI in relation to their concerns through substantial responses, data and access to our teams.  
• There ie no statutory timeframe for the CBI to finale its consideration of the matters.
• A project governance structure has been established to assist our local team in Ireland, including subcommittee of the EML Board, members of the EML executive team, external regulatory consultants and legal resources.

Communication:

• We are working co-operatively with the CBI and it authorised officers.
• Communications with the CBI are confidential and we will provide updates when appropriote, . 
• EML is proactively communicating with, and providing information if and when requested, with other regulatory in the regions where EML operates.

Business Impact:  

• We continue to focus on EMI's strong pipeline of new customers and support out existing customers, yet we are aware that ongoing uncertainty is a risk and a challenge.
• Immediate one-off costs incurred for legal (Arthur Cox) and professional advisory (PriceWaterhouseCoopers) fees are expected to be less than $2 millon in FY21. In addition, we may see an impact of delayed program launches on establishment income and transaction fees which we cannot quantify at this time.
• Financial impact for FY22 can not be fully determined at this time." 

 
Some observations:

• This statement, and in particular the fees, relates to the current financial year for EML which ends on 30 June 2021 and a new financial year starts in Australia for the company on 1 July 2021, i.e. FY22. Thus, as we all know, CBI enquiries and investigations last for many years, so one could expect the 'less than $2 million' figure to go northwards. 
• There will be costs in terms of management time and that of Board involvement, as EML points out.
• Furthermore, there is a potential loss of revenue from "an impact of delayed program launches on establishment income and transaction fees which we cannot quantify at this time.

Further reading - EML Payments Q3 FY21 Trading Update June 2021 (dated 7 June 2021)

Received a letter from the Central Bank of Ireland's Anti-Money Laundering Division headed "AML Risk Evaluation Questionnaire (‘REQ’) Notification to [Name of Regulated Firm] (or ‘the firm’) to submit an REQ on an Annual Basis." last month with a return date this month? If so you are not alone.
The letter reminds that credit and financial institutions are required to have anti-money laundering (AML) and countering financing of terrorism (CFT) preventive measures to ensure compliance with the Criminal Justice (Money and Terrorist Financing) Acts 2010 to 2021, a well as reminding of the obligation to comply with EU Council Regulations setting out financial sanctions (‘FS’) measures.

The CBI has established the REQ to seek information regarding individual firms’ exposure to Money Laundering / Terrorist Financing risks and also the AML/CFT compliance framework.

Firms are being informed to submit the REQ in the specified format via the CBI's Online Reporting System on an ANNUAL BASIS within the time period specified on ONR.

The CBI has informed firms that "for 2021, this deadline for the submission of the REQ return is 18 June 2021".

Not only is the form detailed, and there are a few potential ways of interpreting some of the questions, or at least their interaction with other questions, but importantly for Boards of Directors note:

i) Statement of Compliance: "... the REQ includes a statement to be signed by the firm confirming compliance with the firm’s AML/CFT/FS obligations. This statement if [sic] compliance should be signed and dated by a person who is duly authorised to do so by the Board (or equivalent). Ideally this person will have responsibility for AML/CFT/FS within the firm." NB this person doesn't need to be in a PCF role, but the CBI expect them to be of sufficient seniority within the firm to provide the confirmation sought.

ii) Record Retention: "A record of the person who signed the statement of compliance must be formally noted in the Board minutes (or equivalent) when it is brought forward for consideration. The original signed and dated hard copy of the statement of compliance and the accompanying REQ is required to be kept on file and made available for review by the Central Bank on request."

Need assistance with your risk assessment?  Get in contact with us at the details here.

Further reading: Risk Evaluation Questionnaire ('REQ') Return

Building upon the obligations of credit and financial institutions under the CJA 2010, the Central Bank has developed a REQ in order to seek information regarding individual firms' exposure to ML / TF risks and also their AML / CFT compliance framework.

Firms selected by the Central Bank to submit an REQ are required to submit the REQ in the specified format, through the Central Bank's Online Reporting System ('ONR'), within the time period specified on ONR.

The minimum frequency that a firm will be required to submit an REQ is predicated on the level of ML/TF risk presented by the firm, either by virtue of its business model and/or the sector into which it falls (for further information on the frequency of submission please see the Table: AML/CFT Minimum Supervisory Engagement Model on the Central Bank AML / CFT Supervision Tab).

• CBI's website - Risk-based approach to AML Supervision 
• Risk-Evaluation-Questionnaire | xls 101 KB
• REQ Guidance Materials | pdf 1126 KB

Linkedin Post:  https://www.linkedin.com/posts/peteroakes_antimoney-aml-cft-activity-6808437129467756546-vRba

The ASX Market Announcement says:

"EML PAYMENTS LIMITED (ASX: EML) ("EMU') refers to its request for a trading halt dated 17 May 2021.

EML advises that its Irish regulated subsidiary, PFS Card Services (Ireland) Limited ('PCSIL'), has received correspondence from the Central Bank of Ireland ('CBI'), including a letter received on Friday 14 May 2021 (Australian time) raising significant regulatory concerns ('Correspondence'). The CBI is the relevant regulator in Ireland.

The CBI's concerns relate to PCSIL's Anti-Money Laundering / Counter Terrorism Financing ('AML/CTF'), risk and control frameworks and governance. The Correspondence states that the CBI is minded to issue directions to PCSIL pursuant to section 45 of the Central Bank (Supervision and Enforcement) Act 2013.

The Correspondence does not concern EML's Australian or North American operations, or the operations of PFS' UK subsidiary ('Prepaid Financial Services Limited' which is incorporated in England and regulated by the FCA), or EML's other Irish regulated subsidiary ('EML Money DAC')."

ASX Announcement in PDF and at source. 

UPDATE: The law commenced operation on Friday 23rd April 2021. See Stephen Fletcher's blog of Saturday 1 May 2021 for further details

Below is my linkedin post of 16 April 2021.

​I have been asked to put a copy of the consolidation online.  We spent a lot of time preparing the consolidation and are happy to share the below slideshow.  If you would like a copy of the document in pdf which you can copy, paste and search within, please email [email protected] and we will inform of the costs and email. 

"Some comments on the updated Irish #moneylaundering and #terroristfinancing legislation.

Linkedin Post:

What: Ireland signed into law the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 (the “2021 Act”). The 2021 Act (No. 3 of 2021) makes a number of changes to the 2010 Act (No. 6 of 2010)

When: 18 March 2021. Legislation passed by Oireachtas & signed into Law by the President of Ireland

Action: It’s time to update your #Compliance & #FinancialCrime Risk Frameworks, Risk Assessments, Policies, Manuals & Procedures. So what areas of the the 2010 Act impacted by the changes in March do you need to know and consider taking into account to update your compliance documents? See the comments section below where I've listed the areas from the 2010 Act impacted by the 2021 Act.

How: Contact the team at CompliReg. We are undertaking several reviews of policies, procedures and manuals in light of the recent changes made to Irish AML/CTF law. We have tracked the changes in our consolidation of the 2010 Act up until and including Act No 3 of 2021. Contact the team at [email protected] with your business contact details for a discussion of a review.

We'll be sending a copy of our up-to-date consolidated version of the 2010 Act to our clients this week."  Post at https://www.linkedin.com/feed/update/urn:li:activity:6788600737791303680/ 

Central Bank publishes “Dear CEO” letter to Schedule 2 firms on low level of compliance with Anti-Money Laundering and Counter Financing of Terrorism obligations

• Findings include overall lack of compliance by Schedule 2 Firms with AML/CFT obligations
• Boards fail to demonstrate responsibility for ensuring the implementation and ongoing oversight of AML/CFT control framework
• Central Bank will use all means to identify unregistered firms and take appropriate action

The Central Bank has today (16 December 2020) published the outcome of supervisory engagements undertaken in respect of Schedule 2 Firms to assess compliance with their obligations under Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (CJA 2010).

The "Dear CEO" letter*, outlines the Central Bank’s expectations of firms in relation to Anti-Money Laundering/Counter Financing of Terrorism (AML/CFT) and Financial Sanctions (FS) requirements and details follow-up actions to be taken by CEOs and Boards in response to the findings outlined.

The examination, which comprised of both inspections and review meetings, found an overall lack of compliance across all areas of the AML/CFT control framework. There is also poor understanding of the requirements from Board and senior management levels, including at those firms who outsourced their AML/CFT and FS activities to third parties.

The examination identified a number of failings across Schedule 2 Firms, including:

1. Board Oversight and Governance - failure to demonstrate Boards had taken responsibility for the implementation and ongoing oversight of AML/CFT and FS in a number of firms. In many instances, AML/CFT and FS was only included on the Board’s agenda following notification from the Central Bank of the upcoming supervisory engagement exercise.
2. Money Laundering/Terrorist Financing Risk Assessment - lack of ongoing and comprehensive assessment and documentation of ML/TF risks that are specific to each firm’s consumers and business activities. In a number of instances, this was exacerbated by reliance on ‘off the shelf’ risk assessment frameworks.
3. Anti-Money Laundering/Counter Financing of Terrorism Policies and Procedures - failure to put in place and implement firm-specific AML/CFT and FS policies and procedures, and failure to review and update these on an ongoing basis.

Director of Enforcement & Anti-Money Laundering, Seána Cunningham said: “The Central Bank expects all firms to be alert to the risks that money laundering and criminal financial activities may pose to their customers and business, and the wider integrity of the Irish financial system. This requires CEOs and Boards to have in-depth knowledge and understanding of their Anti-Money Laundering and Counter Financing of Terrorism obligations. It is also essential to have the necessary control framework in place to ensure protection of their business and customers.

“Our supervisory engagements revealed a low level of compliance with the AML/CFT control framework requirements. The culture and tone of any organisation is set from the top. It therefore rests with the Board of these firms to ensure that the necessary AML/CFT governance, risk assessment, policies and procedures, training and awareness are embedded throughout the organisation. While some firms may choose to outsource AML/CFT activities to third party service providers, Boards cannot outsource the responsibility for compliance.

“We will continue to engage directly with those firms where compliance weaknesses and failures have been identified to ensure that they are addressed. We also require all firms to review the content of this letter to ensure that they assess their own compliance with the issues identified.

“We are also taking this opportunity to remind all firms to assess their activities to determine if they are required to register with us under Schedule 2. Firms who fail to register are at risk of significant criminal and/or administrative sanctions. In 2021, the Central Bank will use all means available to identify those firms not registered and take appropriate action.”

ENDS
Notes to Editor

• The Central Bank of Ireland is the competent authority for monitoring the compliance of credit and financial institutions with Part 4 of the CJA 2010, and with taking measures that are reasonably necessary to secure such compliance. Entities engaged in activities outlined under Schedule 2 of the CJA 2020, herein referred to as ‘Schedule 2 Firms’ have been obliged to comply with Part 4 of the CJA 2010 since its implementation in 2010. On 26 November 2018, Section 108A of the CJA 2010 introduced a statutory requirement for Schedule 2 Firms to register with the Central Bank, where such firms are not otherwise authorised or licensed to carry on business by the Central Bank. Details on the registration process is available on the Central Bank website.
• The definition of “financial institutions” in the CJA 2010 includes entities that carry out one or more of the activities specified in Schedule 2 of the CJA 2010, hereto referred to as Schedule 2 Firms, Subject to limited exceptions as set out in the definition of “financial institution” in s24, and in s25(4) of the CJA 2010. Firms engaged in such activities are required to register with the Central Bank pursuant to section 108A of the CJA 2010.

Further information
Media Relations: [email protected] / 01 224 6299
Ewan Kelly: [email protected] / 01 224 6269

Here's one for the #moneylaundering typology case studies for #MLROs as part of regulatory training requirements!
 
Relates to the collapse of major investigation into the Kinahan cartel and more than half a billion euros- particularly €500,000,000 stash of cars, properties & cash handed back to the accused by a Spanish judge after collapse of money laundering case.
 
Can understand that staff and MLROs at financial institutions and other obliged entities which do a lot of the initial legwork in identifying suspicious transactions may feel underwhelmed (to say the least) when a case like this collapses.
 
We should train on all types of cases, regardless if there is a criminal outcome or not. Staff (and boards) need to appreciate that not all suspicious transactions reports will 'result' in a criminal outcome, but that doesn't excuse obliged entities and their staff from complying with the legal requirement to report suspicious transactions. A skill MLROs and trainers need to focus upon is motivating staff, themselves and the senior executive to stay the course.
 
https://www.linkedin.com/posts/peteroakes_moneylaundering-mlros-financialcrime-activity-6719937607700135936-jZUH
 
#antimoneylaundering #financialcrime #mlros #suspicioustransactions #lawenforcement

Check out the linkedin post with link to news article.
​

Source: AUSTRAC
Press Release 24 September 2020

Westpac and AUSTRAC have today agreed to a AUD$1.3 billion dollar proposed penalty over Westpac’s breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). Westpac and AUSTRAC have agreed that the proposed penalty reflects the seriousness and magnitude of compliance failings by Westpac.

The Federal Court of Australia will now consider the proposed settlement and penalty. If the Federal Court determines the proposed penalty is appropriate, the penalty order made will represent the largest ever civil penalty in Australian history. 

In reaching today’s agreement, Westpac has admitted to contravening the AML/CTF Act on over 23 million occasions, exposing Australia’s financial system to criminal exploitation.
In summary, Westpac admitted that it failed to:

• Properly report over 19.5 million International Funds Transfer Instructions (IFTIs) amounting to over $11 billion dollars to AUSTRAC.
• Pass on information relating to the origin of some of these international funds transfers, and to pass on information about the source of funds to other banks in the transfer chain, which these banks needed to manage their own ML/TF risks.
• Keep records relating to the origin of some of these international funds transfers.
• Appropriately assess and monitor the risks associated with the movement of money into and out of Australia through its correspondent banking relationships, including with known higher risk jurisdictions.
• Carry out appropriate customer due diligence in relation to suspicious transactions associated with possible child exploitation.

In reaching the agreement, Westpac has also admitted to approximately 76,000 additional contraventions which expand the original statement of claim. These new contraventions relate to information that came to light after the civil penalty action was launched last year and relate to additional IFTI reporting failures, failures to reasonably monitor customers for transactions related to possible child exploitation, and two further failures to assess the money laundering and terrorism financing risks associated with correspondent banking relationships.

AUSTRAC’s Chief Executive Officer, Nicole Rose PSM said the settlement sends a strong message to industry that AUSTRAC will take action to ensure our financial system remains strong so it cannot be exploited by criminals.

“Our role is to harden the financial system against serious crime and terrorism financing and this penalty reflects the serious and systemic nature of Westpac’s non-compliance,” Ms Rose said.
“Westpac’s failure to implement effective transaction monitoring programs, and its failure to submit IFTI reports to AUSTRAC and apply enhanced customer due diligence in relation to suspicious transactions, meant AUSTRAC and law enforcement were missing critical intelligence to support police investigations.”

Ms Rose said such a large number of breaches over several years was unacceptable and could have been avoided with better assurance and oversight processes to identify ongoing reporting failures.
AUSTRAC works in partnership with the businesses we regulate through a comprehensive industry education program.

“We have been, and will continue to work collaboratively with Westpac and all businesses we regulate to support them to meet their compliance and reporting obligations to ensure this doesn’t happen again in the future.”

Westpac continues to partner with AUSTRAC to assist AUSTRAC and law enforcement agencies to stop financial crime, including as a member of AUSTRAC’s private-public partnership the Fintel Alliance.

About AUSTRACAUSTRAC (the Australian Transaction Reports and Analysis Centre) is the Australian Government agency responsible for detecting, deterring and disrupting criminal abuse of the financial system to protect the community from serious and organised crime.

Through strong regulation, and enhanced intelligence capabilities, AUSTRAC collects and analyses financial reports and information to generate financial intelligence.
​
Learn more about AUSTRAC: https://www.austrac.gov.au/about-us/austrac-overview 
Media contactEmail: [email protected] 
Phone: (02) 9950 0488  

Not long after the European Union’s top court ordered Ireland on 16 July 2020 to pay a lump sum of €2 million to the European Commission for Ireland's failure to implement regulations aimed to prevent money laundering and terrorist financing, a new law aimed at strengthening existing Irish anti-money laundering legislation and giving effect to provisions of the 5th EU Money Laundering Directive has been approved by the Cabinet of the Irish Government.

On Monday 10th August 2020, the Cabinet has approved the publication of the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2020.  This follows the signing into law by the President of Ireland on 5th May 2020 of the earlier Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (Act 6 of 2010) [previously known as the Criminal Justice (Money Laundering and Terrorist Financing) Bill 2009 (Bill 55 of 2009)].

If you need advice on the new Bill or your existing regulatory compliance obligations, get i touch with Peter Oakes here at at CompliReg.  

Useful Links: 

• 10th August 2020, Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2020 [will insert link once copy of new Bill located]
• 10th August 2020, Announcement of 2020 Bill receiving Cabinet Approval
• 16th July 2020, EU court fines Ireland €2m over delay in anti-money laundering rules
• 5th May 2020, Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (Act 6 of 2010)
• 5th May 2020, History of Act 6 of 2020
• 13th August 2020, LinkedIN post 
• Central Bank of Ireland AML/CFT Regulation Page

The Minister for Justice and Equality, Helen McEntee T.D., has received Cabinet approval for the publication of the Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Bill 2020. The Bill transposes the criminal justice elements of the 5th EU Money Laundering Directive and strengthens existing legislation.

Upon announcing the new Bill, the Minister McEntee said, "I look forward to bringing this legislation before my colleagues in both Houses, and anticipate that this Bill will receive broad, cross-party support."

What does the Bill contain?

The Bill includes provisions to:

• improve the safeguards for financial transactions to and from high-risk third countries and sets new limits on the use of anonymous pre-paid cards;
• bring a number of new ‘designated bodies’ under the existing legislation, this includes virtual currency providers and associated online ‘wallet providers’ for virtual currencies as well as dealers and intermediaries in the art trade;
• prevents credit and financial institutions from creating anonymous safe-deposit boxes;
• enhance the customer due diligence (CDD) requirements of the existing legislation;
• provide for Ministerial guidance which will clarify domestic “prominent public functions.

 
The Minister also noted that: "This Bill is an important piece of legislation for tackling money-laundering. The reality is that money laundering is a crime that helps serious criminals and terrorists to function, destroying lives in the process. Criminals seek to exploit the EU’s open borders, and EU-wide measures are vital for that reason.

This new legislation also includes a number of technical amendments to other provisions of Acts already in force."

While the Bill transposes certain elements of the 5th Anti-Money Laundering Directive, the Department of Finance is also engaged in giving effect to certain provisions of the Directive, including those relating to:

• facilitating increasing transparency on who really owns corporate entities, financial vehicles and trusts by establishing beneficial ownership registers;
• ensure the creation of, and access to, centralised national bank and payment account registers or central data retrieval

The Minister for Finance (Paschal Donohue, T.D.) has also secured Government Approval to bring forward amendments in respect of the regulation of Virtual Asset Service Providers (VASPs). The amendments will ensure that the necessary registration and fitness and probity regime, required by 5AMLD for virtual asset service providers, become statutory requirements. Amendments will also address Ireland’s international obligations, relating to a robust regulatory framework for new technologies, new products and new practices, as identified by the Financial Action Task Force (FATF).

Download Westpac's Report released 17 July 2020 - Reassessment of the Culture, Governance and Accountability Remediation Plan

Linkedin Post at ​https://www.linkedin.com/posts/peteroakes_riskculture-riskmanagement-regtech-activity-6689803983407628288-ynbv


Here's a good 5 point list of root causes of non-financial risk issues at large systemically important banks & institutions (anywhere in the world). In this case Westpac, arising from a report ordered by the Australian prudential regulator.

Applicable to non banks and non systemically important institutions:

1. an organisational construct that creates complexity;
2. an "immature and reactive" #riskculture in non‑financial risk management;
3. a 'three lines of defence model' that is not well understood or embedded among bank staff;
4. the lack of sufficient non-financial #riskmanagement capability; and
5. challenges in execution and staying the course.

With Westpac's CEO responsible for its new initiative "customer outcomes and risk excellence" or CORE, #regtech will need to feature heavily in execution, tracking & learnings.

Professor Elizabeth Sheedy, a #riskculture expert saying that the latest report shows too often risk is seen as a handbrake by banks rather than an enabler for long-term success.
Westpac "admitted the "culture, governance and accountability program", set up in January 2019 to implement the reforms, "has not delivered sufficient momentum", with many in the bank still do not "fully appreciate the cumulative impact of the issues". Paul McCarthy

Copyright with Australian Financial Review and James Eyers

Westpac Banking Corp has been forced to launch a new program to attempt to fix its broad risk-management failings, after a reassessment of its culture demanded by Australian Prudential Regulation Authority identified ongoing concerns, including that its non-financial risk culture is still "immature and reactive".

The new report identifies a lack of urgency and clarity in Westpac's response to problems it identified in a 2018 self-assessment of governance, which were exacerbated when AUSTRAC dropped a bombshell case last November that triggered the departures of the bank's CEO and chairman.

The Australian Prudential Regulation Authority insisted on the reassessment because it was concerned Westpac was not tackling the root causes of its failings when it read AUSTRAC's statement of claim. The latest investigation found Westpac is still "overly complex, which results in confusion around accountability and challenges in execution".

The shortcomings identified in the report, which was sent to all of Westpac's 35,000 staff on Friday morning, found Westpac's organisational structure created complexity, and its 'three lines defence' model, which is supposed to prevent risks materialising, "is not well understood or embedded".
The report highlights a "shortfall in sufficient non-financial risk-management capability" and says that even though Westpac has made various changes to respond to issues, "what is required is a program of deeper change".

It criticised an ongoing blame game, stating a priority for its work on culture "will be to strengthen psychological safety" for staff after the reassessment found "in some situations leaders had reacted to incidents with a focus on who is to blame rather than what to learn".
Many of the same failings were identified in the bank's self-assessment for APRA in 2018, after all banks were asked to audit themselves against the prudential regulator's expectations for fixing widespread cultural problems at Commonwealth Bank of Australia. The Hayne royal commission should also have emphasised the urgency of repairing culture to meet community expectations and restore trust.

But Westpac recognised on Friday the changes it has been making to respond to the 45 recommendations set out in its 2018 self-assessment had been "incremental". It admitted the "culture, governance and accountability program", set up in January 2019 to implement the reforms, "has not delivered sufficient momentum". It said many in the bank still do not "fully appreciate the cumulative impact of the issues".

“Our reassessment confirms that our management of non-financial risk is currently not at the standard we set for ourselves," said Westpac CEO, Peter King, releasing the 50-page report to the ASX.
“It is clear we have more to do to address these shortcomings, including improving our risk management capability and risk culture which is not where we want it to be."

APRA is continuing to investigate possible breaches of the Banking Act by Westpac, including the speed at which it has rectified issues identified by AUSTRAC. APRA has already imposed a $1 billion capital penalty on the bank to reflect its "heightened operational risk profile".

At the CORE

Westpac on Friday announced it would initiate a multi-year, multi-million dollar program, which it is calling "customer outcomes and risk excellence" (CORE). Mr King said he would be accountable for its delivery.

The reassessment said Mr King, who replaced Brian Hartzer as CEO, and the Westpac board, now led by John McFarlane who took the reins from Lindsay Maxsted, need to take more responsibility and set a proper "direction and tone" about the importance of the measures.

The report – which was conducted by Westpac management and a team from consultants Oliver Wyman together with assurance oversight by another consulting firm, Promontory – pointed to five ongoing "root causes" of Westpac's travails.

These are: an organisational construct that creates complexity; an "immature and reactive" risk culture in non‑financial risk management; a 'three lines of defence model' that is not well understood or embedded among bank staff; the lack of sufficient non-financial risk management capability; and challenges in execution and staying the course.

"Westpac does not underestimate both the magnitude of the changes that are required and the effort involved."

Professor Elizabeth Sheedy, a risk culture expert from Macquarie University, said the latest report shows too often risk is seen as a handbrake by banks rather than an enabler for long-term success.

"For me it all comes back to excessive focus on short-term profits which is driven by short-term cash bonuses," she said. "There is also a massive shortage of qualified and experienced risk and compliance executives across the industry. Institutions tend to want to keep budgets very tight when it comes to resourcing risk and compliance, which sends a message about organisational priorities."

It is expected that Westpac will look to make additional cost savings in order to pay for additional investment that will be required to improve risk systems.

The report was released after Mr McFarlane warned in an interview with the Financial Review on Friday that excessive financial regulation could make it more difficult for banks to lend and hamstring the economic recovery.

Westpac has been negotiating with AUSTRAC over a potential settlement of the anti-money laundering case, with the financial crimes regulator due to file an amended statement of claim next month to incorporate broader allegations that the bank should have suspected another 270 customers were paedophiles.

It is also waiting for a decision from the Australian Securities and Investments Commission on whether it will appeal the bank's responsible lending victory in the full Federal Court last month to the High Court.


James Eyers writes on banking, fintech and technology. Based in our Sydney newsroom, James is a former Legal Affairs and Capital editor for the Financial Review Connect with James on Twitter. Email James at [email protected]

Source: https://www.afr.com/companies/financial-services/westpac-culture-still-immature-and-reactive-20200717-p55cxa