Wednesday, 30 August, 2017 – 05:55
When the Commonwealth Bank of Australia (CBA) story first appeared, I instructed World Money Laundering Report that we should not become involved in what would inevitably become a frenzy of speculation and ill-informed comment as consultants (of which I am, obviously, one) and media outlets vied to benefit their own profile, and to get website visits, while the story was hot. I wrote what amounted to a placeholder article .
In that article “Commonwealth Bank : “53,000” breaches of money laundering requirements,” which WMLR placed in its publicly accessible sister BankingInsuranceSecurities.com at https://www.pleasebeinformed.com/publications/BankingInsuranceSecurities…, we said
“This is automated banking and almost nothing happens “under eye.”
“We think, when more information is made available, that we will hear that the monitoring software was not properly coded and that the bank abrogated its responsibility in favour of a tech-only “solution.”
“It is already known that there was data available that indicated suspicion but it was not properly analysed and/or acted upon.”
We were right. The ATM software people say that the data they produced accurately identified the reportable transactions but that somewhere, after their responsibility ended, the data did not reach, or was not acted upon by, those responsible for reporting.
But that, it is now becoming clear, is not the root cause of the problem.
Ever since 1994, I have been arguing until I am blue in the face that the reason counter-money laundering systems fail is, primarily, due to the fact that main boards do not consider financial crime risk management, and money laundering risk management in particular, to be a main board responsibility. It happens somewhere in their organisation but they neither know nor, in some cases, care where. It is a legal function? Compliance? Risk Management? Internal Audit? Oh, there’s training involved, is it an HR function?
In the mid 1990s, I was met with astonishment when I said money laundering compliance and risk management should be a board function. One large insurance company appointed the CEO’s secretary as MLRO “because it’s all paperwork, isn’t it? ” A bank appointed a junior clerk in accounting “because it’s got to do with money.”