FEDERAL COURT OF AUSTRALIA

Chief Executive Officer of Australian Transaction Reports and Analysis Centre v TAB Limited (No 3) [2017] FCA 1296

ORDERS

THE COURT DECLARES THAT:

1.    The First Respondent, Tab Limited (TAB) engaged in:

(a)    a contravention of s 51B(1)(a) of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (Act) in November 2011 by failing to apply in writing to the Applicant by 29 November 2011 for enrolment as a reporting entity.

(b)    contraventions of s 41(2)(a) of the Act between July 2010 and August 2014 by failing to give suspicious matter reports to the Applicant within the timeframe stipulated in s 41(2)(a) in respect of:

(i)    the failure to provide a suspicious matter report to AUSTRAC for an instance of suspected match-fixing in August 2010;

(ii)    the failure to provide suspicious matter reports to AUSTRAC on time for 32 instances of suspected credit betting between July 2010 and March 2013; and

(iii)    the failure to provide suspicious matter reports to AUSTRAC on time in respect of 51 TAB accounts in relation to instances of suspected credit card fraud.

(c)    a contravention of s 32(1) of the Act in March 2015 by commencing to provide a designated service to a non-account customer in a retail outlet having failed to carry out the applicable customer identification procedure.

2.    The Second Respondent, Tabcorp Holdings Limited (TAH) engaged in contraventions of s 41(2)(a) of the Act between September 2010 and August 2012 by failing to give suspicious matter reports to the Applicant within the timeframe stipulated in s 41(2)(a) for 20 instances of suspected credit betting.

3.    The Third Respondent, Tabcorp Wagering (Vic) Pty Ltd (Tabcorp Vic) engaged in a contravention of s 41(2)(a) of the Act in or about July 2014 by failing to give a suspicious matter report to the Applicant within the timeframe stipulated in s 41(2)(a) in respect of suspected credit card fraud.

4.    TAB and Tabcorp Vic together engaged in a contravention of s 81 of the Act between September 2012 and December 2015 by commencing to provide designated services in circumstances where the joint anti-money laundering and counter-terrorism financing program that applied to TAB and Tabcorp Vic did not fully meet the requirements of the Act.

THE COURT ORDERS THAT:

5.    The Respondents pay to the Commonwealth of Australia a pecuniary penalty in the total sum of AUD$45 million within 28 days of the date of this order.

6.    The Respondents pay the Applicant’s costs as agreed within 28 days of the date of this order.

7.    The proceeding otherwise be dismissed.

8.    Pursuant to s 37AI of the Federal Court of Australia Act 1976 (Cth), and until further order, the information identified in Schedule 2 (being information contained in the document entitled ‘Confidential Annexure 1’ to the statement of agreed facts filed on 22 February 2017 (Agreed Facts)) be kept confidential and not be published or otherwise disclosed to any person other than the parties or their legal representatives on the grounds that the order is necessary to prevent prejudice to the proper administration of justice.

9.    The Respondents file a redacted copy of the Agreed Facts with the Court.

Note:    Entry of orders is dealt with in Rule 39.32 of the Federal Court Rules 2011.

REASONS FOR JUDGMENT

PERRAM J:

1. Introduction

1    This case involves the punishment of the Respondents for admitted breaches of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (‘the Act’). It is the first such case brought under the Act. The Respondents are Tabcorp Holdings Ltd (‘TAH’) and its subsidiaries, Tab Ltd (‘TAB’) and Tabcorp Wagering (Vic) Pty Ltd (‘Tabcorp Vic’). The penalties under the Act are severe. On 16 March 2017, I imposed a civil penalty on the Respondents of $45 million for their admitted breaches of the Act together with other ancillary orders. These are my reasons for doing so.

2    Australia has substantial international legal obligations which require it to prevent money-laundering and the financing of terrorism. There are numerous international instruments to which Australia is a State party dealing with these topics together with, inter alia, a number of resolutions of the United Nations Security Council. Many of these instruments are set out in s 3 of the Act.

3    From a regulatory perspective, there are a number of ways anti-money laundering and counter-terrorism financing (‘AML/CTF’) measures might be taken. One way might be by invasive policing. Another might be by identifying areas of risk within the economy and seeking to manage that risk. In Australia, the Parliament has decided that it will pursue the risk management approach. Upon the introduction of the Bill which became the Act into the House of Representatives, the relevant Minister said this:

‘Consistent with the Government’s commitment to reducing regulatory burdens on business, the legislative package implements a risk-based approach to regulation. Reporting entities will manage operational risks through AML/CTF programs developed in accordance with operational Rules. AUSTRAC will monitor compliance with these programs and will assess the reasonableness of the entity’s risk assessment.

The risk-based regulatory approach recognises that reporting entities have the experience and knowledge needed to assess and mitigate risk. It will also help mitigate compliance costs by providing industry with the tools to concentrate their resources on areas where money laundering and terrorism financing risk is higher. Industry has endorsed the risk-based approach. Australia’s risked-based approach is similar to that taken in the United States and the United Kingdom.’

4    It will be seen that this regulatory decision by the Parliament put at the heart of the scheme of regulation, the concept of AML/CTF programs, which would be monitored by the regulator, the Australian Transaction Reports and Analysis Centre (‘AUSTRAC’). In a sense, it involved the reposing in industry of a degree of trust for its operation of the AML/CTF risk management system. The Act deals severely with breaches of that trust.

5    The Act is a complex one. For present purposes, the following Parts are relevant: first, Part 2 which imposes obligations upon reporting entities to adopt identification procedures for their customers; secondly, Part 3 which imposes reporting obligations in relation to a number of matters including suspicious transactions; thirdly, Part 3A which requires reporting entities to be enrolled on a Reporting Entities Roll; and, fourthly, Part 7 which requires reporting entities to have AML/CTF programs.

6    The Chief Executive Officer of AUSTRAC (‘the CEO’), who administers the Act, commenced the present proceeding against the Respondents on 21 July 2015. At that time, many breaches of the Act were alleged. After some procedural skirmishes, the parties eventually reached an agreed position which they invited the Court to adopt. In broad terms, the agreement was that the Respondents would admit to single breaches of ss 32, 51B and 81 of the Act and multiple breaches of s 41. In return, the parties would jointly submit to the Court that a penalty of $45 million should be imposed for these admitted contraventions.

7    In support of that agreed position, the parties prepared an agreed statement of facts and a joint submission. This Court may both receive and act upon such an agreed submission: Commonwealth of Australia v Director, Fair Work Building Industry Inspectorate [2015] HCA 46; (2015) 258 CLR 482 at 489 [1]. The Court nevertheless remains obliged to assess the appropriateness of the penalty. This it may do by assessing whether the figure the parties have agreed is within the permissible range of penalties albeit the Court might itself have selected a slightly different figure. Alternatively, the Court may assess the penalty itself and test the agreed penalty against that yardstick: Minister for Industry, Tourism & Resources v Mobil Oil Australia Pty Ltd [2004] FCAFC 72; [2004] ATPR 41-993 at [54] per Branson, Sackville and Gyles JJ.

8    In determining a civil penalty after satisfying itself that the Act has been breached, the Court must take into account the non-exhaustive matters set out in s 175(3). These are:

‘175 Civil penalty orders

‘…

(3)     In determining the pecuniary penalty, the Federal Court must have regard to all relevant matters, including:

(a)    the nature and extent of the contravention; and

(b)    the nature and extent of any loss or damage suffered as a result of the contravention; and

(c)    the circumstances in which the contravention took place; and

(d)    whether the person has previously been found by the Federal Court in proceedings under this Act to have engaged in any similar conduct; and

(e)    if the Federal Court considers that it is appropriate to do so—whether the person has previously been found by a court in proceedings under a law of a State or Territory to have engaged in any similar conduct; and

(f)    if the Federal Court considers that it is appropriate to do so—whether the person has previously been found by a court in a foreign country to have engaged in any similar conduct; and

(g)    if the Federal Court considers that it is appropriate to do so—whether the person has previously been found by a court in proceedings under the Financial Transaction Reports Act 1988 to have engaged in any similar conduct.

….’

9    Section 175(3) requires the Court to take account of ‘all relevant matters’. These include (or may include depending on the circumstances) the ‘French factors’: see Trade Practices Commission v CSR Limited [1990] FCA 521; (1991) ATPR 41-076 at [42] per French J. I summarised the French factors in Australian Competition and Consumer Commission v Singtel Optus Pty Limited (No 4) [2011] FCA 761; (2011) 282 ALR 246 at 250-251 [11]:

‘11    The requirements of s 76E(2) are, however, inclusive; other matters thought relevant may also be taken into account. Several decisions in this Court have confirmed that the principles relevant to the imposition of a civil penalty under the former s 76 (which dealt with the civil penalties to be imposed in the case of breaches of Part IV) are applicable in principle to s 76E: Australian Competition and Consumer Commission v Global One Mobile Entertainment Ltd [2011] FCA 393 at [110]-[112] per Bennett J; Australian Competition and Consumer Commission v Gourmet Goody’s Family Restaurant Pty Ltd [2010] FCA 1216 at [6] per Jagot J; and my own decision in MSY Technology (No.2) at [68]-[69]. Those principles, which derive from several decisions concerned with penalties in the context of Part IV, suggest that relevant non-mandatory factors under s 76E will include:

1.    the size of the contravening company;

2.    the deliberateness of the contravention and the period over which it extended;

3.    whether the contravention arose out of the conduct of senior management of the contravener or at some lower level;

4.    whether the contravener has a corporate culture conducive to compliance with the Act (or the new Australian Competition and Consumer Law) as evidenced by educational programmes and disciplinary or other corrective measures in response to an acknowledged contravention;

5.    whether the contravener has shown a disposition to co-operate with the authorities responsible for the enforcement of the Act in relation to the contravention;

6.    whether the contravener has engaged in similar conduct in the past;

7.    the financial position of the contravener;

8.    whether the contravening conduct was systematic, deliberate or covert.’

10    These overlap with s 175(3). Omitting the overlapping components, in determining a civil penalty for a contravention of this Act the following matters should be considered:

(i)    the deterrent nature of a civil penalty; that is to say, that a civil penalty should deter the contravener and others from future contraventions;

(ii)    the penalty must not be such as to be seen as a cost of doing business (Singtel Optus Pty Ltd v Australian Competition and Consumer Commission [2012] FCAFC 20; (2012) 287 ALR 249 at 265 [62]-[63]);

(iii)    the penalty is not to be seen as a form of retribution or a device for rehabilitation;

(iv)    the penalty must not be oppressive;

(v)    the nature and extent of the contravention (s 175(3)(a));

(vi)    the nature and extent of any loss suffered by reason of the contravention (s 175(3)(b));

(vii)    the circumstances in which the contravention took place (s 175(3)(c));

(viii)    whether the contravener has previously been found by the Federal Court to have engaged in similar conduct in breach of the Act (s 175(3)(d));

(ix)    whether the contravener has been found to have engaged in similar conduct by a court proceeding under State or Territory law or by a foreign court (but only if the Court thinks this should be considered) (s 175(3)(e)-(f));

(x)    whether the contravener has previously been found to have engaged in similar conduct under the Financial Transaction Reports Act 1988 (Cth) (but only if the Court thinks it appropriate to do so) (s 175(3)(g));

(xi)    the maximum penalty at the time of the contravention. In this case these were as follows:

7 April 1997 to 27 December 2012        $11 million

28 December 2012 to 31 July 2015        $17 million

1 August 2015 to 1 July 2017            $18 million

(the Act s 175(4); Crimes Act 1914 (Cth) s 4AA; see also Murrihy v Betezy.com.au Pty Ltd (No 2) [2013] FCA 1146; (2013) 221 FCR 118 at 127 [28] per Jessup J);

(xii)    a single instance of conduct which involves a contravention of more than one provision of the Act may be subject only to a single penalty (s 175(6));

(xiii)    the size of the contravening entity (the fourth French factor);

(xiv)    the financial position of the contravener (the fifth French factor);

(xv)    the deliberateness of the conduct and the period over which it extended (the sixth French factor);

(xvi)    whether the conduct arose at the level of senior management or below (the seventh French factor);

(xvii)    the state of the contravener’s culture of compliance (the eighth French factor);

(xviii)    the degree of co-operation proffered by the contravener (the ninth French factor);

(xix)    whether the conduct was systematic, deliberate or covert.

(xx)    whether there is a sufficient connection between legal and factual elements of a set of contraventions that make it appropriate to treat them as a single course of conduct. If so the Court may, but is not bound to, approach the matter as if it were a single contravention: Construction, Forestry, Mining and Energy Union v Cahill [2010] FCAFC 39; (2010) 269 ALR 1 at 12 [39];

(xxi)    the penalty is to be formulated using the process of instinctive synthesis explained in Markarian v The Queen [2005] HCA 25; (2005) 228 CLR 357; and

(xxii)    at the end of the process, as a final check, the Court is to ascertain if the penalty at which it has arrived matches the overall or total wrongdoing of the conduct involved: Australian Competition and Consumer Commission v Australian Safeway Stores Pty Limited [1997] FCA 450; (1997) 145 ALR 36 at 53 per Goldberg J.

2. General Matters

11    There are, in light of the above principles, a series of matters of a general nature that should be taken into account. I accept that:

(a)    there have been no findings against any of the Respondents in the past for the purposes of s 175(3);

(b)    TAH is a large listed entity with revenue which is measured in the billions as is its balance sheet. The net profit after tax of the consolidated group averaged approximately $149.5 million across the financial years 2012-2013, 2013-2014 and 2014-15;

(c)    the AML/CTF program which has generated its liability in this case (‘the Former Program’) was in place for more than three years. Most of the contravening conduct came to light following an on-site assessment by AUSTRAC in September 2012;

(d)    the contraventions did not arise as a result of a deliberate intention to contravene the Act. Instead, the state of affairs which prevailed under the Former Program came about because of insufficient resourcing together with insufficient processes for consistent management oversight, assurance and operational execution. Management should have done more;

(e)    on the other hand, as was required, the Board and senior management did receive compliance reports during the relevant period;

(f)    neither the Board nor senior management were aware of the deficiencies nor were either involved in the contraventions;

(g)    there have been some prosecutions in relation to the match-fixing incident and credit card frauds (discussed below at [39]-[40]); and

(h)    since these matters came to light, the Respondents have made a substantial investment in improving their compliance arrangements including: replacing the Former Program with a new program; hiring a Chief Risk Officer, creating a Financial Risk Team and significantly expanding the team responsible for AML/CTF; introducing further systems and controls including those in respect of automated transaction monitoring; improving processes for monitoring credit card fraud; making improvements to the suspicious matter report (‘SMR’) process; making improvement to identification procedures for transactions in excess of $10,000 in relation to retail outlets; and creating enhancements to electronic customer identification; and increased staff training.

12    It is appropriate to observe that the Respondents did co-operate with AUSTRAC both in relation to the audit and investigation process. It is also significant that the Respondents actively sought to settle these proceedings. This has involved the making of significant admissions. A very large trial at considerable public expense has been averted.

3. The Contraventions

(a) Section 51B

13    Section 51C(1) of the Act requires that the CEO maintain a role for the purposes of the Act known as the Reporting Entities Roll. Section 51B(1) provides:

‘51B Reporting entities must enrol

(1)     If a person’s name is not entered on the Reporting Entities Roll, the person must:

(a)    if the person provided a designated service during the period of 28 days before the commencement of this section—apply in writing to the AUSTRAC CEO under subsection 51E(1) within 28 days after the commencement of this section; or

(b)     if the person commences to provide a designated service after the commencement of this section—apply in writing to the AUSTRAC CEO under subsection 51E(1) within 28 days after commencing to provide the designated service.

…’

14    Section 51B commenced on 1 November 2011. It is admitted that TAB was providing designated services in the 28 day period before that date. Consequently, it was obliged by s 51B(1)(a) to apply in writing to the CEO under s 51E(1). In turn, that section permitted a person to apply to be enrolled on the register. TAB did not so apply within 28 days after 1 November 2011. This involved a contravention of s 51B(1)(a). Since this occurred in 2011, the maximum possible penalty is $11 million.

15    In 2011, TAB was a wholly owned subsidiary of TAH. There is no doubt that TAB was then a reporting entity but the parties also agreed that TAH was a reporting entity at that time too. It was the understanding within TAB at the time of the contravention that because the parent entity TAH was a reporting entity, TAB, as the subsidiary, was permitted to report via its parent. It was therefore believed, erroneously, that TAB did not need to enrol and it was sufficient that TAH had done so.

16    TAB remained ignorant of the requirement for enrolment until November 2013 when it was informed by AUSTRAC that it needed to do so. It then did so on 12 November 2013. Despite its failure to enrol, TAB continued to report to AUSTRAC via TAH throughout the period between 1 November 2011 and 12 November 2013.

17    It seems to me that I should accept the submission of the parties that this contravention was not deliberate and arose from a misunderstanding. It was addressed as soon as it was identified and it is clear that it will not be repeated. Were the matter to be viewed only from the perspective of TAB there might be something to be said for imposing a very modest civil penalty since it is not in need of further deterrence. However, the requirements of general deterrence necessitate the imposition of a substantial penalty so that it is known that even minor breaches of the Act have very serious consequences. I take into account the matters set out in Section 2 above. I take into account that TAB has not contravened the provision before (nor could it) but also its size which is likely to have some bearing on the assessment of the deterrent effect. For the year ending 30 June 2016, the consolidated group had earnings of $2.1887 billion. The contravention continued for two years but I am satisfied that it was not the result of Board or senior management action.

18    The parties suggested that a civil penalty of $500,000 should be imposed. In my opinion, this is within the range of legitimate penalties. It will demonstrate that even inconsequential breaches of the Act have serious consequences.

(b) Section 81

19    Section 81 of the Act provides:

‘81 Reporting entity must have an anti‑money laundering and counter‑terrorism financing program

(1)     A reporting entity must not commence to provide a designated service to a customer if the reporting entity:

(a)     has not adopted; and

(b)     does not maintain;

an anti‑money laundering and counter‑terrorism financing program that applies to the reporting entity.

Civil penalty

(2)     Subsection (1) is a civil penalty provision.’

20    I return to the detail of this shortly, but it is useful to state in the first instance that the basic factual thrust of this allegation is that, for a period of about three years between 25 September 2012 and 30 December 2015, TAB had in place an AML/CTF program that did not fully meet the requirements of the Act. I mention this at the start because it immediately throws into sharp relief some drafting infelicities in s 81. On its face, s 81 appears to contain a prohibition on commencing to provide a designated service to a customer unless the two requirements specified in it are met. That might suggest that whilst a reporting entity fails to comply with (a) or (b) (or both) then each time it provides a designated service it contravenes s 81 afresh.

21    In this Court the parties were in agreement that during the relevant three year period ss 81(1)(a) and (b) had not been complied with, but they also agreed that this conduct amounted to a single contravention. There are, I think, difficulties in reconciling the agreement of the parties that there was a single contravention of s 81 with its text. There are other difficulties too. How, for example, can it be said that an AML/CTF program which exists but is deficient in some way is nevertheless capable of bringing about a breach of s 81? May not such a program still be ‘adopted’ and ‘maintained’ so that no breach of s 81 occurs?

22    The central concept in the prohibition in s 81 is that of the AML/CMF program. This concept is explicated to an extent by s 83 which is in these terms:

‘83 Anti‑money laundering and counter‑terrorism financing programs

(1)    An anti‑money laundering and counter‑terrorism financing program is:

(a)    a standard anti‑money laundering and counter‑terrorism financing program (see section 84); or

(b)    a joint anti‑money laundering and counter‑terrorism financing program (see section 85); or

(c)    a special anti‑money laundering and counter‑terrorism financing program (see section 86).

(2)    An anti‑money laundering and counter‑terrorism financing program is not a legislative instrument.’

23    This case is concerned with s 83(1)(b), that is, a ‘joint’ AML/CTF program. This is further defined in s 85 to mean:

85 Joint anti‑money laundering and counter‑terrorism financing program

(1)    A joint anti‑money laundering and counter‑terrorism financing program is a written program that:

(a)    applies to each reporting entity that from time to time belongs to a particular designated business group; and

(b)    is divided into the following parts:

(i)    Part A (general);

(ii)    Part B (customer identification).

Note: A joint anti‑money laundering and counter‑terrorism financing program does not bind any of those reporting entities unless the reporting entity adopts the program (see section 82).

Part A (general)

(2)    Part A of a joint anti‑money laundering and counter‑terrorism financing program is a part:

(a)    the primary purpose of which is to:

(i)    identify; and

(ii)    mitigate; and

(iii)    manage;

the risk each of those reporting entities may reasonably face that the provision by the relevant reporting entity of designated services at or through a permanent establishment of the relevant reporting entity in Australia might (whether inadvertently or otherwise) involve or facilitate:

(iv)    money laundering; or

(v)    financing of terrorism; and

(b)    if any of those reporting entities provides designated services at or through a permanent establishment of the relevant reporting entity in a foreign country—another purpose of which is to ensure that the relevant reporting entity takes such action (if any) as is specified in the AML/CTF Rules in relation to the provision by the relevant reporting entity of designated services at or through a permanent establishment of the relevant reporting entity in a foreign country; and

(c)    that complies with such requirements (if any) as are specified in the AML/CTF Rules.

Part B (customer identification)

(3)    Part B of a joint anti‑money laundering and counter‑terrorism financing program is a part:

(a)    the sole or primary purpose of which is to set out the applicable customer identification procedures for the purposes of the application of this Act to customers of each of those reporting entities; and

(b)    that complies with such requirements (if any) as are specified in the AML/CTF Rules.

Different reporting entities

(4)    A joint anti‑money laundering and counter‑terrorism financing program may make different provision with respect to different reporting entities. This does not limit subsection 33(3A) of the Acts Interpretation Act 1901.

Reviews

(5)    A requirement under paragraph (2)(c) may relate to reviews of a joint anti‑money laundering and counter‑terrorism financing program.

Variation

(7)    A joint anti‑money laundering and counter‑terrorism financing program may be varied, so long as the varied program is a joint anti‑money laundering and counter‑terrorism financing program.

24    There is a statutory requirement to comply with Part A of a program in s 82 and a failure to do so may result in a civil penalty. The allegation here, however, is not that the Respondents failed to comply with their program but rather that their program fell short.

25    It will be seen from s 85 that both Parts A and B of a program are defined in a way that includes by ss 85(2)(c) and 85(3)(b) that the relevant part complies with the AML/CTF Rules (of which more in a moment). This is an unusual drafting device for it appears, on one view, to have the consequence that a program which does not comply with those rules is not a program, with the further consequence that the overall AML/CTF program fails to be a program either.

26    This is not a natural reading of s 85. The effect of it, if it be correct, is to make a failure to comply, in relation to Part A or Part B of an AML/CTF program, with the AML/CTF Rules, a civil penalty contravention. One can readily imagine easier ways of achieving that outcome than through the cumbersome drafting of ss 81 and 85.

27    The difficulty in not reading the provisions in this way, however, is that it has the consequence of depriving a central part of the Act of meaningful operation. Unless s 85 is construed as setting out essential elements of a plan such that when they are not present there is no program, then s 81, which is the central civil penalty provision, is reduced to a largely ceremonial role in which one merely asks whether a piece of paper exists. Unattractive though the interpretation of s 85 I have outlined is, it appears necessary to ensure that the Act works in a sensible fashion.

28    Accordingly, I conclude that a failure to comply with the AML/CTF Rules will generally have the consequence of causing an infringement of s 81. Contrary to the submissions of the parties, I cannot see how the text of s 81 can be bent so that it can be read as involving only a single infringement when a program is said to be deficient. Intractably, it appears to be contravened each time a reporting entity commences to provide a designated service to a customer whilst its program is not in a proper condition.

29    This otherwise alarming conclusion may, to an extent, be ameliorated by the course of conduct principle referred to above at [10(xx)]. Where every infringement of s 81 springs from the same deficiencies in a program there is much to be said for the view that what is involved is a single course of conduct.

30    Returning then to the AML/CTF Rules referred to in s 85, these are provided for in s 229 of the Act and are made by the CEO as a legislative instrument. Presently, the relevant set of rules is the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No.1) (Cth). The parties did not descend into the detail of these rules and instead were content to point to factual matters which were agreed between them to be breaches of the rules. Having regard to the identity of the parties, I propose to adopt their assumption.

31    In the agreed statement of facts a large number of these deficiencies were set out. In their joint submission, the parties narrowed their focus somewhat and identified six (without in any way abandoning the others). The six were set out as follows in the joint submission and no purpose is served by me paraphrasing that submission:

‘(a)    Parts A and B of the Former Program were not originally aligned with a risk assessment that comprehensively identified and evaluated the ML/TF risk posed to Tabcorp’s business, and therefore they did not originally have regard to the full extent of the ML/TF risks to which Tabcorp was exposed.

(b)    Tabcorp’s written transaction monitoring program did not include appropriate risk-based systems and controls to consistently monitor the transactions of customers.

(c)    Tabcorp’s Former Program did not specifically require it to apply ECDD to customers in each case where a circumstance prescribed by rule 15.9 arose. It also railed to establish sufficient controls for consistently supporting the conduct of ECDD to ensure operational execution, monitoring and internal reporting.

(d)     Tabcorp’s written EDD program did not include appropriate systems and controls to determine whether to re-screen employees who were transferred or promoted to certain positions.

(e)    Tabcorp did not include appropriate systems and controls in part A of its Former Program to consistently ensure compliance with its s 41 reporting obligations.

(f)     Tabcorp’s written Part B Program did not include appropriate risk-based systems and controls that were designed to enable Tabcorp to be reasonably satisfied that the customer was who they claimed to be in that it failed to include customer identification procedures for retail customers in certain circumstances. It also failed to include an appropriate procedure to collect information relating to customers’ agents.’

32    The Respondents admit that these deficiencies were serious and related to core elements of its AML/CTF obligations. The correctness of that admission is borne out to an extent by the further fact, also admitted by the Respondents, that the deficiencies in their program had, in fact, resulted in failures on their part to detect certain suspicious transactions and to submit suspicious matter reports (‘SMRs’) to AUSTRAC. The failure to lodge these SMRs can, it is agreed, have the effect of depriving law enforcement agencies of important intelligence.

33    It was agreed that during the time that the program was in place there were insufficient processes for consistent management oversight, assurance and operational execution of the AML/CTF program. Indeed, the Respondents admitted that their AML/CTF function was not sufficiently resourced. Senior management should have taken steps to inform themselves of this. And, it need hardly be said, the deficiencies in the program remained in place for three years.

34    During most of this period, the maximum penalty was $17 million. Although it seems most likely that there were probably an almost untold number of contraventions, I propose for the reasons I have already given, to treat all of them as resulting from a single course of conduct. This does not limit the penalty which may be imposed to $17 million but it informs the decision which must be made.

35    The parties suggested that a penalty of $15.5 million would be appropriate. I agree. Although the breach may appear perhaps dry in nature it went, in fact, to the heart of the operation of the Act. It had potential consequences for law enforcement agencies. It is true that the contravention was not deliberate but, in the present context, that may mean rather less than it ordinarily does. Section 81 is aimed at precisely the kind of deficient management practices which are now admitted. What one has here is a large corporation operating in an industry with known money-laundering risks. Serious management failures result in a deficient program which leads to actual difficulties. I assess the seriousness of the contravention as being towards the upper end of the scale. However, I accept the submission that it cannot be an example of the worst kind of case for which the maximum penalty might be appropriate (although cf. R v Kilic [2016] HCA 48; (2016) 259 CLR 256). That would be constituted by a business which had no program at all. I accept the proposed penalty of $15.5 million as being within the appropriate range.

(c) Section 41

36    Section 41 of the Act provides:

‘41 Reports of suspicious matters

Suspicious matter reporting obligation

(1)    A suspicious matter reporting obligation arises for a reporting entity in relation to a person (the first person) if, at a particular time (the relevant time):

(a)    the reporting entity commences to provide, or proposes to provide, a designated service to the first person; or

(b)    both:

(i)    the first person requests the reporting entity to provide a designated service to the first person; and

(ii)    the designated service is of a kind ordinarily provided by the reporting entity; or

(c)    both:

(i)    the first person inquires of the reporting entity whether the reporting entity would be willing or prepared to provide a designated service to the first person; and

(ii)    the designated service is of a kind ordinarily provided by the reporting entity;

and any of the following conditions is satisfied:

(d)    at the relevant time or a later time, the reporting entity suspects on reasonable grounds that the first person is not the person the first person claims to be;

(e)    at the relevant time or a later time, the reporting entity suspects on reasonable grounds that an agent of the first person who deals with the reporting entity in relation to the provision or prospective provision of the designated service is not the person the agent claims to be;

(f)    at the relevant time or a later time, the reporting entity suspects on reasonable grounds that information that the reporting entity has concerning the provision, or prospective provision, of the service:

(i)    may be relevant to investigation of, or prosecution of a person for, an evasion, or an attempted evasion, of a taxation law; or

(ii)    may be relevant to investigation of, or prosecution of a person for, an evasion, or an attempted evasion, of a law of a State or Territory that deals with taxation; or

(iii)    may be relevant to investigation of, or prosecution of a person for, an offence against a law of the Commonwealth or of a State or Territory; or

(iv)    may be of assistance in the enforcement of the Proceeds of Crime Act 2002 or regulations under that Act; or

(v)    may be of assistance in the enforcement of a law of a State or Territory that corresponds to the Proceeds of Crime Act 2002 or regulations under that Act;

(g)    at the relevant time or a later time, the reporting entity suspects on reasonable grounds that the provision, or prospective provision, of the service is preparatory to the commission of an offence covered by paragraph (a), (b) or (c) of the definition of financing of terrorism in section 5;

(h)    at the relevant time or a later time, the reporting entity suspects on reasonable grounds that information that the reporting entity has concerning the provision, or prospective provision, of the service may be relevant to the investigation of, or prosecution of a person for, an offence covered by paragraph (a), (b) or (c) of the definition of financing of terrorism in section 5;

(i)    at the relevant time or a later time, the reporting entity suspects on reasonable grounds that the provision, or prospective provision, of the service is preparatory to the commission of an offence covered by paragraph (a) or (b) of the definition of money laundering in section 5;

(j)    at the relevant time or a later time, the reporting entity suspects on reasonable grounds that information that the reporting entity has concerning the provision, or prospective provision, of the service may be relevant to the investigation of, or prosecution of a person for, an offence covered by paragraph (a) or (b) of the definition of money laundering in section 5.

Report

(2)    If a suspicious matter reporting obligation arises for a reporting entity in relation to a person, the reporting entity must give the AUSTRAC CEO a report about the matter within:

(a)    if paragraph (1)(d), (e), (f), (i) or (j) applies—3 business days after the day on which the reporting entity forms the relevant suspicion; or

(b)    if paragraph (1)(g) or (h) applies—24 hours after the time when the reporting entity forms the relevant suspicion.

(3)    A report under subsection (2) must:

(a)    be in the approved form; and

(b)    contain such information relating to the matter as is specified in the AML/CTF Rules; and

(c)    contain a statement of the grounds on which the reporting entity holds the relevant suspicion.

Note 1: For additional rules about reports, see section 244.

Note 2: Section 49 deals with the provision of further information, and the production of documents, by the reporting entity.

Civil penalty

(4)    Subsection (2) is a civil penalty provision.

Reasonable grounds for suspicion

(5)    The AML/CTF Rules may specify matters that are to be taken into account in determining whether there are reasonable grounds for a reporting entity to form a suspicion of a kind mentioned in paragraph (1)(d), (e), (f), (g), (h), (i) or (j).

Note: For specification by class, see subsection 13(3) of the Legislation Act 2003.’

37    There were three main sets of contraventions involving this section. These were:

(a)    a failure to report to AUSTRAC, TAB’s suspicion of match-fixing in relation to the NRL match on 21 August 2010 between the North Queensland Cowboys and the Canterbury-Bankstown Bulldogs;

(b)    a failure to report to AUSTRAC 52 instances of credit betting; and

(c)    a failure to report to AUSTRAC 51 suspected examples of credit card fraud.

38    It is useful to deal with these in turn.

39    As to the match-fixing: TAB had itself identified the incident through its own procedures and reported it to the NRL. It thereafter co-operated with an investigation by the NSW Police. It accepted that the contravention was nevertheless a serious one. The maximum penalty is $11 million. The parties submitted that there were several extenuating circumstances. It was not deliberate and the contravention was admitted promptly. The incident was detected and reported to authorities just not to the correct authorities. TAB assisted in the subsequent prosecution of those involved in the incident. Additionally, TAB has done considerable work since the incident to enhance its procedures (as outlined above at [11(h)]). The parties submitted that I should impose a civil penalty of $1 million. I accept this as within the permissible range.

40    As to the credit betting contraventions: It is an offence for a wagering operation to provide wagering services on credit. In some circumstances, it is also an offence for a punter to place a wager on credit. In the period 2010 to 2012, there was a misperception within TAB and TAH that they only needed to report instances of credit betting to the relevant gambling regulator and the State Police. It was not understood to be necessary also to report these to AUSTRAC. During the relevant period, there were 52 SMRs which were referred to the State regulators but, due to this misunderstanding, were not referred to AUSTRAC. The misunderstanding was rectified in September 2012 when it was pointed out by AUSTRAC.

41    The maximum penalty at the relevant time for all but one of the contraventions was $11 million (one instance occurred when the maximum was $17 million). The maximum penalty is therefore $578 million. The parties submitted, however, that the Court should treat the conduct as a single course of conduct. I accept that submission. This is an example of a single factual failure generating multiple contraventions. Because the same factual matter underpins all 52 contraventions it is appropriate that it be dealt with as a single instance of conduct.

42    The misunderstanding which occurred was a serious one. But there is no suggestion that there was any attempt to deceive and indeed the contrary is clear. No particular harm seems to have flowed from it. Taking into account the matters in the Respondent’s favour set out above, I agree with the parties that a civil penalty of $10 million is appropriate.

43    As to fraud reporting contraventions: The effect of s 41(2)(a) is to require TAB (and in one case Tabcorp Vic) to submit an SMR to AUSTRAC within three days of being suspicious of a transaction. It is agreed that on 51 occasions involving TAB this did not occur. It is also accepted that it did not occur on one occasion involving Tabcorp Vic. In each case the suspicious activity centred on credit card fraud. The failures to provide the SMRs occurred in the period between June 2012 and August 2014 when the maximum penalty was $11 million until 27 December 2012 and $17 million afterwards.

44    So far as the TAB contraventions are concerned, it was submitted that they fell into three tranches. In the first tranche were 24 contraventions which related to a single investigation. TAB passed the results of this investigation on to the NSW Police but did not file an SMR with AUSTRAC. It appears that this occurred because there were insufficient processes and controls in place to ensure that SMRs were reliably issued. Those systems have since been improved.

45    Given the subject matter this was a serious set of breaches. On the other hand, it is true that the transactions were reported to the NSW Police and that all of the accounts involved were frozen in all instances barring one.

46    A further 25 accounts also related to another single investigation. Broadly, the circumstances of these accounts were largely the same as the first, however, in the case of this tranche, SMRs were actually issued albeit late.

47    The third tranche related to only two accounts. TAB’s account sales team had frozen both of these but omitted to inform the AML team of this fact in a timely manner. An SMR was issued in respect of one account (but late) and not in respect of the other.

48    In addition to these three tranches there was one instance in relation to Tabcorp Vic where an SMR was issued late in relation to a case of suspected credit card fraud.

49    The parties submitted that the course of conduct principle should be applied to each of these four tranches. Each tranche appears to be a course of conduct arising from essentially the same wrongdoing and appropriately dealt with on that basis. But each tranche is also quite separate from the others. On that view this would suggest, but not require, the imposition of a maximum penalty of approximately $68 million. That would be significantly excessive. These are serious contraventions but do not warrant a civil penalty of that magnitude. The parties suggested a penalty of $15 million for all of these contraventions together. I accept that figure is within the permissible range.

(d)    Section 32

50    Section 32 of the Act provides:

‘32 Carrying out the applicable customer identification procedure before the commencement of the provision of a designated service.

(1)    A reporting entity must not commence to provide a designated service to a customer if:

(a)    there are no special circumstances that justify carrying out the applicable customer identification procedure in respect of the customer after the commencement of the provision of the service (see section 33); and

(b)    the reporting entity has not previously carried out the applicable customer identification procedure in respect of the customer; and

(c)    neither section 28 nor section 30 applies to the provision of the service.

Note 1: See also the definition of commence to provide a designated service in section 5.

Note 2: See also section 38 (when applicable customer identification procedure deemed to be carried out by a reporting entity).

Civil penalty

(2)     Subsection (1) is a civil penalty provision.’

51    TAB admits that it failed to carry out applicable customer identification procedures on 25 March 2015. This occurred at a retail outlet. A customer requested his winning vouchers to be redeemed in cash but the retail operator refused to pay the whole amount in cash. This caused the customer to become agitated. The operator believed, correctly as it happens, that she knew who the ultimate customer was. This was ‘Person 102’ who was a well-known high risk customer with a known and significant history. Since the ultimate customer was thought to be known, the operator then approached the transaction on the basis that it could not be completed. An SMR was submitted which identified Person 102 but no details were obtained about the immediate customer who presented at the counter. Since this occurrence, TAB has improved its procedures at retail outlets. It admitted this contravention at the earliest opportunity.

52    The maximum penalty is $17 million. The parties suggested a penalty of $3 million would be appropriate. Having regard to the affirmative matters mentioned above I accept that this lies within the acceptable range of penalties.

4. The Appropriate Penalty

53    The sum of the above penalties is some $45 million. It is then necessary, finally, to reflect upon whether that penalty captures the totality of the wrongdoing involved. This is, in effect, a final check. In my opinion, a $45 million penalty is appropriate. It is true that the failures were system failures but that is precisely what this statute is about. It is also true that the penalties could have been much greater had the Court not accepted that in several instances courses of conduct were involved. Overall, a penalty of $45 million will serve to demonstrate to those in the industry that failures to comply with the Act have a very real potential to be expensive. Finally, in this case it is useful to approach the issue of penalty on a group wide basis. Little would be served by assessing the penalty position of each entity in the group when the overall group position is known.

5. Declarations and Costs

54    The parties also agreed that the Court should make declarations. The declarations reflect the contraventions and are appropriate. They also agreed that the Respondents should pay AUSTRAC’s costs. This, too, is appropriate. It was for these reasons that I made the orders I did on 16 March 2017. There are presently in place a series of interim confidentiality orders. An issue arises as to how long these should last. My present thinking is that 3 years would suffice but I would welcome the submissions of the parties within 28 days.

Associate:

Dated:    10 November 2017