On October 30, the Australian Transaction Reports and Analysis Centre (AUSTRAC) issued a report setting out its money laundering and terrorist financing (ML/TF) risk assessment for the Australian mutual banking sector. As AUSTRAC explained, mutual bank “are owned by their customers, with profits returning to customers rather than being distributed to shareholders.” Mutual banks constitute a significant component of Australian banking, as “four million Australians and businesses bank with mutuals holding some [AU]$101 billion in deposits and [AU]$119 billion in assets.”
At the outset, the report noted that over the past ten years (2008-2018), the Australia mutual banking sector has undergone serious consolidation (decreasing from 142 to 71 entities, while experiencing 88 percent growth in both assets and deposits (i.e., from AU$60.2 billion to AU$113.1 billion in assets, and from AU$51.6 billion to AU$96.8 billion in deposits). Mindful of these trends, the report focused on three primary topics:
- Criminal Threat Environment: AUSTRAC assessed the overall ML/TF risk associated with mutuals’ criminal threat environment to be medium. The report stated that suspicious matter reports (SMRs) “indicate the key threat faced by mutuals is money laundering, with substantial reporting activity detailing large and frequent cash transactions, transactions involving unknown third parties, and the rapid and complex movement of funds between financial products and ” It considered many of these reports to be “highly likely to be trigger-based in nature, and describe legitimate, if unusual, transactional activity.” As for TF activity, AUSTRAC stated that less than one-half of one percent of the SMRs in the dataset “related to terrorism financing,” but that it assessed the nature and extent of TF activity evident in the mutual sector as a medium risk.
- Vulnerabilities: AUSTRAC assessed AUSTRAC assesses the overall ML/TF risk associated with vulnerabilities in the mutual banking sector to be high. The report identified three factors that most expose the sector to financial crime:
- “The types of products offered by the sector,” particularly transaction accounts with high levels of (1) cash exposure, (2) access to international remittances, including with high-risk jurisdictions , and (3) transactions by unknown third parties;
- “A high level of non-face-to-face service delivery”; and
- “High levels of outsourcing of customer-facing and AML/CTF processes, and limited oversight/influence over the operations of third-party service providers.”
The report also singled out the delivery channels that mutuals use to provide their services to their customers – which include ATMs, online banking, banking apps, the nationwide New Payments Platform (NPP), and outsourcing of customer-facing services — as presenting a high ML/TF risk.
- Consequences: AUSTRAC assessed consequences of ML/TF activity in the mutual banking sector to be moderate. The report noted that those consequences “can include” the following:
- Personal loss and emotional distress for customers;
- For mutuals, “loss of revenue and capital from fraud, higher insurance premiums, reputational damage and heightened regulatory attention”;
- “[I]ncreased predicate offending affecting the community”;
- “[R]educed government revenue as a result of tax evasion, and higher government expenditure due to welfare fraud, impacting on the delivery of critical government services”;
- “[D]amage to Australia’s international economic reputation as a safe and secure place to invest’; and
- “[E]nabling and sustaining the activities of Australian foreign terrorist fighters, or enabling terrorist acts in Australia or overseas.”
The report also assessed the sector’s level of implementation of risk mitigation strategies to be medium. On this point, it identified four principal areas “in which mutuals’ risk mitigation systems and controls could be strengthened”:
- Risk Assessment: The report characterized a robust risk assessment as “the centrepiece of an effective AML/CTF regime.” Emphasizing the importance of risk assessment processes’ capacity to generate a genuine understanding of ML/TF exposure at an individual reporting entity level,” it cautioned that “the use of of-the-shelf risk assessment tools needs to be tailored to ensure it reflects the actual risks posed to mutuals operating within different contexts.”
- SMR Processes: The report took note of “many examples of good SMR reporting practices from the sector,” but found inadequacies in some SMR processes. These included:
- Lack of Followup: Mutuals “repeatedly reporting on the same customers exhibiting the same behaviours without any indication they were attempting to address their suspicion by engaging with the customer, conducting further investigation, or even exiting the customer in cases of unacceptably high risk.”
- Trigger-Based Reporting: Mutuals submitting an SMR to AUSTRAC “solely on the basis of a trigger generated by their transaction monitoring system without conducting further investigation to form suspicion on reasonable grounds.”
- Insufficient Details: Mutuals submitting SMRs “with insufficient details in the Grounds for Suspicion section.” Some reports “failed to provide details about why the activity was considered suspicious,” and some SMRs reviewed for the risk assessment “contained only 2-3 words.”
- Transaction Monitoring Programs: One industry participant in the risk assessment commented that the most significant vulnerability for the mutual banking sector is the quality of automated systems to detect unusual transaction activity, which is limited by the amount of resources many smaller mutuals have to invest in their technology.” In addition, an industry expert “observed mutuals often have a ‘set and forget’ approach to AML/CTF measures, particularly in the context of growing size and scale.”
- Outsourcing: The report stated that “[m]utuals and industry experts engaged for this assessment indicated they saw outsourcing as a major challenge for the sector.” Their observations about outsourcing included “inadequate documentation and oversight of service-level agreements,” senior management’s inadequate prioritizing of oversight of outsourcing arrangements, and “heavier reliance on of-the-shelf products which are not tailored to individual businesses” limiting effectiveness of controls.
N.B.: Although this AUSTRAC report does not identify any urgent ML/TF threats to the mutual banking sector in Australia, compliance teams at Australian mutuals should nonetheless review it closely and draw on the findings in revising or updating their bank-specific ML/TF risk assessment processes.