The Australian Transactions Report and Analysis Centre (AUSTRAC) has stepped up its oversight of the National Australia Bank (NAB). On Monday, June 7, NAB confirmed that the regulator had opened an official investigation into its AML/CFT processes. The news follows reports that the bank’s compliance team is struggling to get its workload — which includes a year-long backlog of suspicious transactions and high-risk individuals that still need to be investigated — under control.
Former employees of NAB say that the current problems stem from an internal policy change in 2018 that was meant to improve the bank’s due diligence processes, not hinder them. Instead of calculating a customer’s risk profile via a series of binary (i.e., yes/no) questions, the bank switched to a risk-based approach that required its employees to conduct a more detailed analysis of potential and current customers upfront.
The problem, however, lies in the execution.
Though well-intentioned, the bank — which, according to former staff, relied on decades-old technology — was ill-prepared to make the change. Instead, workloads increased, and the team soon found itself stretched too thin to be effective.
In the unenviable position of scrambling to keep up, NAB tried to scale up its compliance team as quickly as possible. But the new employees they onboarded were allegedly under-qualified, which further exacerbated the issues. Moreover, to address the growing backlog, sources say compliance officers were expected to “process alerts within two or three minutes” instead of the 15 minutes they had been spending previously — and prohibited from internally moving up the career ladder if those expectations weren’t met.
NAB has not commented on these reports from former employees. But the bank, which is one of the four largest banks in Australia, emphasized that it has invested approximately $800 million to shore up its processes since 2017. Further, according to the Sydney Morning Herald, NAB has been secretly working to clean up its customer profiles. Dubbed “Project Apollo,” the massive undertaking involves going through hundreds of thousands of problematic customer profiles, then deleting duplicates and offboarding those deemed too high-risk.
For its part, the regulator hasn’t indicated yet whether it plans to pursue enforcement actions, though it has confirmed civil penalties aren’t being considered at this time. Even so, the probe is still in its early stages. Given that NAB hasn’t managed to rectify these long-term compliance issues, AUSTRAC’s position could change.
Indeed, AUSTRAC has taken an increasingly aggressive stance against AML/CFT compliance violations recently, in part because it’s been called out on its failure to do so in the past. In 2015, ATF released a Mutual Evaluation Report (MER) that cast a critical eye on Australia’s AML/CFT controls. A year later, another report was released, this time by Australia’s Attorney-General, which found fault with the country’s AML/CFT legislation. Since then, AUSTRAC has focused on strengthening its oversight capabilities, and there’s nothing to suggest the regulator has changed its tune.
On the contrary, it seems likely that stiff penalties and other punitive measures will continue to feature prominently in the AUSTRAC’s financial crime-fighting playbook. Therefore, other regulated entities should take steps now to shore up their own compliance processes before AUSTRAC turns its attention on to them.