Australia’s second-largest bank, WESTPAC, has overtaken the largest COMMONWEALTH BANK… If you think it’s in terms of assets, profits, or market capitalization, you are wrong; it’s in terms of the heftiest fine it is forced to pay!!
Westpac is accused of over 23 million breaches of anti-money laundering and counter-terrorism finance regulations that involve $11 billion in overall transactions, and reportedly include the transfers that are associated potentially to the most heinous offenses – child exploitation.
Each of the security infringements possesses up to A$63,000 penalty, leading to a total fine of more than A$1 trillion. It could be bargained down, but yet so, it is likely to be greater than A$1 billion.
Do you wonder how is it possible for these many transactions to escape a bank’s notice? According to the law, what exactly should banks keep track of? And what does the scandal mean for other financial institutions?
Here’s a quick analysis!
What Does The Law Say?
The Australian Transaction Reports and Analysis Centre (AUSTRAC) requires all organizations that manage notable sums of money – like banks and casinos, to recognize the exact pattern of all risky transactions, involving international funds transfers to high-risk jurisdictions or the undertaking of transfers by third parties to and from accounts for no obvious reason.
As per the reports from AUSTRAC, Westpac had failed to competently assess some transactions to the Philippines and Southeast Asia, which are known to have certain financial indicators associated with child exploitation risks.
The banking behemoth is also accused of its failure to monitor money transactions from its accounts to some intermediary banks based in regions where terrorist organizations operate.
How Do Banks Keep Track Of?
In this case of Westpac, the majority of the 23 million breaches came from customers who either make online purchases frequently or collecting a pension from any of the international countries.
As per the law, banks must lodge an “International Funds Transfer Instruction report (IFTI report)” to AUSTRAC, every time any amount of money goes in or out of the country.
Furthermore, there is a crucial standard – “Society for Worldwide Interbank Financial Telecommunication (SWIFT),” for the international funds’ transfers between banks. This, in fact, is a messaging network that banks use to send information about any amount of money being sent between different countries.
But AUSTRAC says that Westpac considered the SWIFT system costly and slow, and opted for a cheaper and quicker procedure in multiple associations with foreign banks.
Moreover, Westpac hadn’t reported 19.5 million IFTIs to the Australian authorities, owing to a software glitch in Westpac’s monitoring systems that supposedly went undetected for many years, and to confuse matters further, most of these transactions – around 99 percent – came from Citibank, a third party using Westpac!
Who Is To Blame?
That is the million-dollar question!
AUSTRAC blames the senior management of Westpac for their “cool” approach towards compliance. They claim that the banking team was notified about its systemic failures and security inefficiencies, but was either reluctant to act or literally did nothing about it.
What Is The Impact?
As more and more people continue to manage their money online, the banking industry has nearly become a technology provider. So, today, information security is paramount for banks and other financial institutions.
Without proper cybersecurity and compliance with security laws in place, data breaches can likely occur, ending out in highly expensive losses of financial and sales data, as well as private client data. Such information security violations and cyberattacks can drain bank accounts, ruin lives, and sink businesses.
So, give a call today to 1300 292 376, or drop an email at firstname.lastname@example.org to learn what Cybernetic Global Intelligence (CGI) – an expert Aussie cybersecurity company can do to help you stay compliant to the security regulations, and thereby improving your cybersecurity.