Federal Court of Australia

Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v Westpac Banking Corporation [2020] FCA 1538

File number(s):

NSD 1914 of 2019

Judgment of:

BEACH J

Date of judgment:

21 October 2020

Date of publication of reasons:

22 October 2020

Catchwords:

CORPORATIONSAnti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) – pecuniary penalties – failing to give reports of international funds transfer instructions (IFTIs) to AUSTRAC – failing to pass on transfer information and payer information to another institution in relation to ITFIs – preliminary risk assessments and due diligence assessments in respect of correspondent banking relationships – joint anti-money laundering and counter-terrorism financing program – requirements of Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No.1) (Cth) – failing to conduct appropriate ongoing customer due diligence – child exploitation material – contraventions of ss 36(1), 45(2), 64(6) and (7), 81(1), 98(1) and (2) and 115(2) of the Act – fixing of a pecuniary penalty under s 175 of the Act – declarations – orders made

Legislation:

Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) ss 3, 36, 41, 45, 64, 70, 81, 82, 83, 85, 98, 115, 175, 178

Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No.1) (Cth) rr 9.1.3 to 9.1.5, 9.6.5, 9.9.1, 15.5

Cases cited:

Australian Building and Construction Commissioner v Construction, Forestry, Maritime, Mining and Energy Union (Syme Library Case) (No 2) [2019] FCA 1555

Australian Competition and Consumer Commission v Australian Safeway Stores Pty Ltd (1997) 145 ALR 36

Australian Competition and Consumer Commission v Cement Australia Pty Ltd (2017) 258 FCR 312

Australian Competition and Consumer Commission v Coles Supermarkets Australia Pty Ltd (2015) 327 ALR 540

Australian Competition and Consumer Commission v Hillside (Australia New Media) Pty Ltd t/a Bet365 (No 2) [2016] FCA 698

Australian Competition and Consumer Commission v Leahy Petroleum Pty Ltd (No 3) (2005) 215 ALR 301

Australian Securities and Investments Commission v Commonwealth Bank of Australia [2020] FCA 790

Australian Securities and Investments Commission v Westpac Banking Corporation (No 3) (2018) 131 ACSR 585

Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v Commonwealth Bank of Australia Limited [2018] FCA 930

Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v TAB Limited (No 3) [2017] FCA 1296

Commonwealth v Director, Fair Work Building Industry Inspectorate (2015) 258 CLR 482

Markarian v The Queen (2005) 228 CLR 357

Pattinson v Australian Building and Construction Commissioner [2020] FCAFC 177

Division:

General Division

Registry:

New South Wales

National Practice Area:

Commercial and Corporations

Sub-area:

Regulator and Consumer Protection

Number of paragraphs:

209

Date of hearing:

21 October 2020

Counsel for the Applicant:

Ms W Harris QC, Ms S Gory and Mr D Habashy

Solicitor for the Applicant:

Australian Government Solicitor

Counsel for the Respondent:

Mr J Sheahan QC, Dr R Higgins SC, Ms N Oreb and Ms E Bathurst

Solicitor for the Respondent:

Allens

ORDERS

NSD 1914 of 2019

BETWEEN:

CHIEF EXECUTIVE OFFICER OF THE AUSTRALIAN TRANSACTION REPORTS AND ANALYSIS CENTRE

Applicant

AND:

WESTPAC BANKING CORPORATION ACN 007 457 141

Respondent

order made by:

BEACH J

DATE OF ORDER:

21 October 2020

THE COURT DECLARES THAT

1.    The respondent (Westpac):

(a)    contravened s 45(2) of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the Act) on 19,502,841 occasions by failing to give reports of 19,502,841 international funds transfer instructions (IFTIs) to the applicant (AUSTRAC CEO) within the time frame specified by s 45(2) of the Act;

(b)    contravened s 45(2) of the Act on 76,144 occasions by failing to give 76,144 IFTIs to the AUSTRAC CEO that contained payer names, as required by s 45(2) of the Act;

(c)    contravened s 64(7)(f) of the Act on 8,140 occasions by failing to pass on some or all of the required transfer information within the meaning of s 70 of the Act to another institution in relation to 8,140 IFTIs that Westpac transmitted out of Australia;

(d)    contravened s 64(6) of the Act on 2,400 occasions by failing to pass on complete payer information to another institution in relation to 2,400 IFTIs;

(e)    contravened s 115(2) of the Act on 3,516,238 occasions by failing to retain for seven years records of so much of the required transfer information as was passed onto Westpac in relation to the 3,516,238 transfer instructions;

(f)    contravened s 98(1) of the Act on 48 occasions, and s 98(2) of the Act on 48 occasions, by failing to comply with s 98 of the Act in relation to the preliminary risk assessments and due diligence assessments undertaken in respect of its correspondent banking relationships;

(g)    contravened s 81(1) of the Act on each occasion it commenced to provide a designated service to a customer from 20 November 2013 to 20 November 2019 in circumstances where Westpac’s joint anti-money laundering and counter-terrorism financing program did not at all times fully meet the requirements of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No.1) (Cth); and

(h)    contravened s 36(1) of the Act by failing to conduct appropriate ongoing customer due diligence in relation to 262 customers.

THE COURT ORDERS THAT:

2.    Westpac pay to the Commonwealth of Australia a pecuniary penalty pursuant to s 175(1) of the Act in the total sum of $1.3 billion within 28 days of the date of this order.

3.    Westpac pay the AUSTRAC CEO’s costs as agreed within 28 days of the date of this order.

4.    The proceeding otherwise be dismissed.

Note:    Entry of orders is dealt with in Rule 39.32 of the Federal Court Rules 2011.

REASONS FOR JUDGMENT

BEACH J:

1    The Chief Executive Officer of the Australian Transaction Reports and Analysis Centre (AUSTRAC CEO) seeks declarations that Westpac Banking Corporation contravened various provisions of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the Act) and an order under s 175 that Westpac pay a pecuniary penalty to the Commonwealth in the sum of $1.3 billion.

2    The parties have provided a statement of agreed facts and admissions (SAFA) setting out the facts agreed and admissions made by Westpac pursuant to s 191 of the Evidence Act 1995 (Cth). They have also provided joint written submissions which were elaborated on at the hearing.

3    In summary, Westpac has admitted the following breaches of the Act, each relevant provision being a civil penalty provision.

4    First, it has admitted breaches of s 45(2) concerning international funds transfer instructions (IFTI) reports in that it failed to give to the AUSTRAC CEO a report in respect of 19,502,841 IFTIs within the timeframe specified by s 45(2), and a report in respect of 76,144 IFTIs that contained payer names as required by s 45(2).

5    Second, it has admitted breaches of ss 64(6) and (7) concerning required transfer information in that it failed to pass on some or all of the required transfer information within the meaning of s 70 to another institution in relation to 8,140 IFTIs that it transmitted out of Australia in contravention of s 64(7)(f), and failed to pass on complete payer information to another institution in relation to 2,400 IFTIs that it transmitted out of Australia in contravention of s 64(6).

6    Third, it has admitted breaches of s 115 concerning the making and retaining of records in that during the period 15 March 2011 to 1 July 2016 it failed to retain for seven years records of so much of the required transfer information as was passed onto it in relation to 3,516,238 transfer instructions, contrary to s 115(2). It need hardly be said that proper record keeping is essential to anti-money laundering and counter-terrorism financing (AML/CTF) risk management and compliance to support the entitlement of law enforcement agencies to request information about incoming IFTIs.

7    Fourth, it has admitted breaches of s 98 concerning correspondent banking due diligence obligations in that from 20 November 2013 to 20 November 2019 it did not conduct in respect of its correspondent banking relationships an adequate preliminary risk assessment in accordance with s 98(1) on 48 occasions and did not conduct an adequate due diligence assessment in accordance with s 98(2) on 48 occasions. It may be noted that correspondent banking relationships present high money laundering and terrorism financing (ML/TF) risks.

8    Fifth, it has admitted breaches of s 81(1) concerning its joint AML/CTF program. Moreover, each time that it commenced to provide a designated service during the period 20 November 2013 to 20 November 2019 in circumstances where Part A of its joint AML/CTF program did not fully comply with the requirements of the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No.1) (Cth) (the Rules), it contravened s 81(1). The requirements under the Rules related to having appropriate ML/TF risk assessments and risk-based controls to enable the identification, mitigation and management of ML/TF risks, having a transaction monitoring program with appropriate risk-based systems and controls, and having systems and controls to ensure compliance with the obligation to report IFTIs. Relevantly for present purposes it may be noted that the number of contraventions of s 81 are too numerous to quantify.

9    Sixth, it has admitted breaches of s 36(1) concerning ongoing customer due diligence in that it failed to conduct appropriate ongoing customer due diligence in relation to 262 customers whose account activities were consistent with indicators of the funding of child exploitation material. This failure was systemic and occurred over a number of years.

10    For the following reasons, in my view the amount of $1.3 billion is an appropriate penalty to impose on Westpac for these admitted contraventions in order to achieve both general deterrence and specific deterrence.

General

11    The objects of the Act include fulfilling Australia’s international obligations and addressing matters of international concern relating to combating money laundering and the financing of terrorism. In 2017 these objects were augmented.

12    The present form of s 3(1) is as follows:

3 Objects

(1)    The objects of this Act include:

(aa)    to provide for measures to detect, deter and disrupt money laundering, the financing of terrorism, and other serious financial crimes; and

(ab)    to provide relevant Australian government bodies and their international counterparts with the information they need to investigate and prosecute money laundering offences, offences constituted by the financing of terrorism, and other serious crimes; and

(ac)    to support cooperation and collaboration among reporting entities, AUSTRAC and other government agencies, particularly law enforcement agencies, to detect, deter and disrupt money laundering, the financing of terrorism, and other serious crimes; and

(ad)    to promote public confidence in the Australian financial system through the enactment and implementation of controls and powers to detect, deter and disrupt money laundering, the financing of terrorism, and other serious crimes; and

(a)    to fulfil Australia’s international obligations, including:

(i)    Australia’s international obligations to combat money laundering; and

(ii)    Australia’s international obligations to combat financing of terrorism; and

  (b)    to address matters of international concern, including:

   (i)    the need to combat money laundering; and

   (ii)    the need to combat financing of terrorism; and

(c)    by addressing those matters of international concern, to affect beneficially Australia’s relations with:

   (i)    foreign countries; and

   (ii)    international organisations.

13    In order to achieve these objects, the legislature has imposed on, inter-alia, financial institutions a risk management approach by requiring them to identify areas of ML/TF risks, to assess such risks and to manage such risks (Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v TAB Limited (No 3) [2017] FCA 1296 at [3] per Perram J).

14    Now the parties have submitted that the amount of $1.3 billion is an appropriate penalty because it is at a level that achieves both general deterrence and specific deterrence.

15    Moreover they say that such a penalty is proportionate to discharging not only such objectives, but more generally is consonant with the objects of the Act, which is part of the framework under which my powers under s 175 are being exercised. Those statutory objects clearly inform the seriousness with which contraventions of the Act are to be viewed. Indeed the maximum penalties for contraventions stipulated under the Act reflect this.

16    Now s 175 of the Act provides as follows:

175 Civil penalty orders

(1)    If the Federal Court is satisfied that a person has contravened a civil penalty provision, the Federal Court may order the person to pay the Commonwealth a pecuniary penalty.

 (2)    An order under subsection (1) is to be known as a civil penalty order.

Determining amount of pecuniary penalty

(3)    In determining the pecuniary penalty, the Federal Court must have regard to all relevant matters, including:

   (a)    the nature and extent of the contravention; and

(b)    the nature and extent of any loss or damage suffered as a result of the contravention; and

(c)    the circumstances in which the contravention took place; and

(d)    whether the person has previously been found by the Federal Court in proceedings under this Act to have engaged in any similar conduct; and

(e)    if the Federal Court considers that it is appropriate to do so—whether the person has previously been found by a court in proceedings under a law of a State or Territory to have engaged in any similar conduct; and

(f)    if the Federal Court considers that it is appropriate to do so—whether the person has previously been found by a court in a foreign country to have engaged in any similar conduct; and

(g)    if the Federal Court considers that it is appropriate to do so—whether the person has previously been found by a court in proceedings under the Financial Transaction Reports Act 1988 to have engaged in any similar conduct.

Maximum pecuniary penalty

(4)    The pecuniary penalty payable by a body corporate must not exceed 100,000 penalty units.

    

Conduct contravening more than one civil penalty provision

(6)    If conduct constitutes a contravention of 2 or more civil penalty provisions, proceedings may be instituted under this section against a person in relation to the contravention of any one or more of those provisions. However, the person is not liable to more than one pecuniary penalty under this section in respect of the same conduct.

17    Let me turn to another general question. The proper approach to assessing and imposing civil pecuniary penalties which are sought on an agreed basis is explained in the joint judgment in Commonwealth v Director, Fair Work Building Industry Inspectorate (2015) 258 CLR 482. The practice of acting upon agreed penalty submissions is well established. And this was the course adopted in AUSTRAC v TAB and in Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v Commonwealth Bank of Australia Limited [2018] FCA 930, which are the only cases in which a pecuniary penalty has been ordered under s 175.

18    The joint judgment in Commonwealth v Director, Fair Work made the following points.

19    First, in proceedings such as the present there is generally considerable scope for the parties to agree on the facts and upon consequences. There is also considerable scope for them to agree upon the appropriate remedy and for a court to be persuaded that it is an appropriate remedy.

20    Second, the court is not bound by the figure suggested by the parties. The court asks “whether their proposal can be accepted as fixing an appropriate amount” (at [48]). For that purpose the court must satisfy itself that the submitted penalty is appropriate.

21    Third, the regulator in a civil penalty proceeding is not disinterested. It is the function of the relevant regulator to regulate the industry in order to achieve compliance. Accordingly, it is to be expected that the regulator will be in a position to offer informed submissions as to the effects of contravention on the industry and the level of penalty necessary to achieve compliance.

22    Let me say something about deterrence.

23    The central purpose of a pecuniary penalty has the two dimensions of general deterrence and specific deterrence. As I said in Australian Securities and Investments Commission v Westpac Banking Corporation (No 3) (2018) 131 ACSR 585; [2018] FCA 1701 at [117] to [119]:

It is well established that deterrence is the primary objective for the imposition of civil penalties (Australian Competition and Consumer Commission v Cement Australia Pty Ltd [2017] FCAFC 159 at [385] per Middleton, Beach and Moshinsky JJ; see also Australian Securities and Investments Commission v Commonwealth Bank of Australia (2018) 128 ACSR 289 at [62]). In Commonwealth v Director, Fair Work Building Industry Inspectorate (2015) 258 CLR 482; 326 ALR 476; [2015] HCA 46 at [55], the High Court approved of French J’s observation in Trade Practices Commission v CSR Ltd [1991] ATPR 41-076 at 52,152:

The principal, and I think probably the only, object of the penalties imposed by s 76 is to attempt to put a price on contravention that is sufficiently high to deter repetition by the contravenor and by others who might be tempted to contravene the Act.

In ASIC v CBA, I observed (at [62]) that the penalty:

must be fixed to ensure that the penalty is not to be regarded as an acceptable cost of doing business. As I have said, both specific and general deterrence are important. The need for specific deterrence is informed by the attitude of the contravener to the contraventions, both during the course of the contravening conduct and in the course of the proceedings. And the need for general deterrence is particularly important when imposing a penalty for a contravention which is difficult to detect.

The High Court considered civil penalty provisions in Australian Building and Construction Commissioner v Construction, Forestry, Mining and Energy Union (2018) 351 ALR 190; [2018] HCA 3. Kiefel CJ referred to “the deterrent effect which is the very point of the penalty” and “the purpose for which the power is given” (at [44]). Keane, Nettle and Gordon JJ reiterated (at [87]) that:

the principal consideration in the imposition of penalties for contravention of civil remedy provisions is deterrence, both specific and general; more particularly, the objective is to put a price on contravention that is sufficiently high to deter repetition by the contravener and by others who might be tempted to contravene.

24    Undoubtedly, a civil penalty can only achieve specific and general deterrence if it is set at an appropriate level. The penalty “must be at a level that a potentially-offending corporation will see as eliminating any prospect of gain” so that “the statutory object of ensuring that contravention is not regarded as a mere cost of doing business is achieved” (ASIC v Westpac (No 3) at [120]).

25    Further, the contravener’s size and financial position is a relevant consideration in determining whether a civil penalty will achieve deterrence. The sum required to achieve the objective of specific deterrence will be larger where the Court is setting a penalty for a company with vast resources” (Australian Competition and Consumer Commission v Leahy Petroleum Pty Ltd (No 3) (2005) 215 ALR 301 at [39] per Goldberg J).

26    Now I should say something on the question of proportionality and its interaction with deterrence and penalty setting. As Wheelahan J said in Australian Building and Construction Commissioner v Construction, Forestry, Maritime, Mining and Energy Union (Syme Library Case) (No 2) [2019] FCA 1555 at [85], what must be determined is “a penalty that is proportionate to the contravening conduct”.

27    His Honour’s analysis at [84] to [96] and particularly [96] was cited with approval by an expanded five member Full Court in Pattinson v Australian Building and Construction Commissioner [2020] FCAFC 177 expressly at [202] per Allsop CJ, White and Wigney JJ and at [230] per Besanko and Bromwich JJ. Of course these cases were concerned with how a history of prior contraventions was to be taken into account in imposing a pecuniary penalty. Both Wheelahan J in the Syme Library Case and the Full Court in Pattinson considered that such a history could be relevant to the seriousness or gravity of the contravening conduct the subject of a proposed penalty, but that the prior history could not justify a penalty that was disproportionate to the contravening conduct to be presently penalised.

28    Now I am not dealing with that scenario as there is no question of any prior history of contraventions of the Act by Westpac. But what is also clear from these authorities is that the object of deterrence itself does not justify a disproportionate penalty for the contravening conduct being imposed.

29    Let me say something further about proportionality drawing upon some passages in the reasons of Allsop CJ, White and Wigney JJ in Pattinson.

30    Proportionality is not a free-standing principle separate from the assessment required, in my case, by s 175(1), but rather it is part of that assessment (at [104]).

31    The notion of proportionality (at [197]):

… inheres in the task of imposition of an appropriate penalty in aid of the object of deterrence.

32    Relatedly, the setting of a maximum penalty (at [105]):

… is a part of such a notion of proportionality. Parliament is to be taken to be setting the maximum penalty for cases in which the need for deterrence is strongest …

33    Now proportionality may suggest a question of balancing. So it was said (at [111]):

Proportionality is relevant because of a balance in the reaching of an “appropriate” penalty between an “insistence” on deterrence and an “insistence” on not imposing more than is reasonably necessary as part of the reasonable and lawful exercise of judicial power in respect of a contravention before the court and in furtherance of the object of deterrence of contraventions of like kind. (references omitted)

34    Expressed in the positive form, it was said (at [162]):

in the furtherance of the object of deterrence the court’s task is to set an appropriate penalty for the instant contravention that is proportionate to the nature and gravity of that contravention informed by all relevant circumstances, including what can be concluded as to any willingness to disobey or defy the law, and that the maximum penalty is for the worst kind of case that warrants the maximum level of deterrence set by Parliament.

35    Expressed in the negative form, “the object of deterrence, [cannot result] in a penalty that is disproportionate to the contravening conduct itself, having regard to the maximum penalty provided” (at [227(3)] per Besanko and Bromwich JJ).

36    I will put to one side for the moment any inter-relationship between proportionality and the totality principle which latter principle I will discuss later.

37    Now my role is to determine whether the figure of $1.3 billion is an appropriate penalty. In my view it is an appropriate penalty.

38    In my view considerations of general deterrence point to the need for a penalty in the amount of $1.3 billion.

39    First, the Australian banking industry processes many billions of transactions each year. And financial institutions are an important line of defence in protecting the community and the financial system from the risks associated with money laundering and terrorism financing. As such, non-compliance with the Act exposes the financial system and the community to very significant ML/TF risks. If contraventions of the Act are not seen to attract appropriate penalties, the effectiveness of the risk management premise which underpins the Act will be undermined as will confidence in the financial system.

40    Second, even where a contravention is not deliberate, the requirements of general deterrence necessitate the imposition of a substantial penalty so that it is known that even minor or inconsequential breaches of the Act have serious consequences (AUSTRAC v TAB at [17] and [18]). I accept that the contraventions in this case were not deliberate. Nevertheless a very substantial penalty is still called for.

41    Further, specific deterrence also justifies a penalty of $1.3 billion, notwithstanding that the contraventions were not deliberate.

42    First, Westpac is a major bank that accounts for a very significant proportion of payments through the Australian financial system. So the size of the penalty must be sufficient to act as an effective deterrent to Westpac against future non-compliance.

43    Second, Westpac’s substantial financial resources means that a higher penalty is required to achieve specific deterrence.

44    Third, the contraventions persisted over a lengthy period of time, namely, from at least November 2013 to November 2019. Moreover, the regularity, number and systemic nature of Westpac’s contraventions was serious.

45    But it is appropriate to acknowledge three matters.

46    Westpac has significantly co-operated with AUSTRAC and agreed to relief including declarations and the pecuniary penalty of $1.3 billion.

47    Further, Westpac has made a very substantial investment in and has significantly improved its systems, including an enhanced customer due diligence process.

48    Further, Westpac has displayed considerable contrition for its contraventions, not only by words but in action since the deficiencies in its systems came to light.

Some relevant principles

49    A number of principles guide the determination of an appropriate penalty amount.

50    Let me say something about the statutory maximum. In Markarian v The Queen (2005) 228 CLR 357, when determining the appropriate criminal sentence to be imposed, the High Court (at [31]) held that:

careful attention to maximum penalties will almost always be required, first because the legislature has legislated for them; secondly, because they invite comparison between the worst possible case and the case before the court at the time; and thirdly, because in that regard they do provide, taken and balanced with all of the other relevant factors, a yardstick.

51    The same considerations apply in relation to civil penalties. The maximum penalty applies for contraventions falling within the worst category of cases for which that penalty is prescribed, however this does not require characterisation as the worst possible case.

52    In Australian Competition and Consumer Commission v Coles Supermarkets Australia Pty Ltd (2015) 327 ALR 540 Allsop CJ observed at [6] that:

The setting of the penalty is a discretionary judgment that does not involve assessing with any precision the “range” within which the conduct falls or by applying incremental deductions from the maximum penalty. Nonetheless, the maximum penalty must be given due regard because it is an expression of the legislature’s policy concerning the seriousness of the proscribed conduct. It also permits comparison between the worst possible case and the case the court is being asked to address and thus provides a yardstick: Markarian at [31].

53    Further, in Australian Securities and Investments Commission v Commonwealth Bank of Australia [2020] FCA 790 I observed at [65] that:

Now the process to be used in setting a civil penalty for contravention of statutory provisions is similar to that used in criminal sentencing. The maximum penalty must be given due attention because it has been legislated for, it invites comparison between the worst possible case and the case before the Court at the relevant time, and it provides a form of yardstick. But it may be an arid exercise in cases such as the present to engage in a mere arithmetical calculation multiplying the maximum penalty by the number of contraventions to get a theoretical maximum for all offending even if one could theoretically quantify that latter number (see Australian Competition and Consumer Commission v Coles Supermarkets Australia Pty Ltd (2015) 327 ALR 540 at [17], [18], [84] and [85] per Allsop CJ). But I do accept that some estimate of the number of contraventions is to be taken into account in getting some sense of the overall maximum.

54    Section 175(4) limits the maximum pecuniary penalty to 100,000 penalty units in the case of a body corporate. The value of those penalty units is assessed by reference to s 4AA of the Crimes Act 1914 (Cth) at the time of the contravention, as noted below:

Date

Penalty unit

Maximum penalty

20 November 2013 to 31 July 2015

$170

$17 million

1 August 2015 to 30 June 2017

$180

$18 million

1 July 2017 to 20 November 2019

$210

$21 million

55    In the present case, apart from the contraventions of s 81(1), Westpac has admitted over 23 million contraventions. The contraventions of s 81(1) are too numerous to be quantified because Westpac contravened s 81(1) on each occasion from 20 November 2013 to 20 November 2019 that it commenced to provide a designated service to a customer, in circumstances where its joint AML/CTF program did not fully meet the requirements of the Rules.

56    In AUSTRAC v TAB Perram J said at [28] that:

... a failure to comply with the AML/CTF Rules will generally have the consequence of causing an infringement of s 81… I cannot see how the text of s 81 can be bent so that it can be read as involving only a single infringement when a program is said to be deficient. Intractably, it appears to be contravened each time a reporting entity commences to provide a designated service to a customer whilst its program is not in a proper condition.

57    Let me now say something about identifying the various relevant factors. Section 175(3) requires me to have regard to all relevant matters in determining the appropriate penalty. But it identifies, non-exhaustively, a number of factors to which I must have regard, being:

(a)    the nature and extent of the contravention;

(b)    the nature and extent of any loss or damage suffered as a result of the contravention;

(c)    the circumstances in which the contravention took place;

(d)    whether Westpac has previously been found by the Federal Court in proceedings under the Act to have engaged in any similar conduct;

(e)    if I consider that it is appropriate to do so, whether Westpac has previously been found by a court in proceedings under a law of a State or Territory to have engaged in any similar conduct;

(f)    if I consider that it is appropriate to do so, whether Westpac has previously been found by a court in a foreign country to have engaged in any similar conduct; and

(g)    if I consider that it is appropriate to do so, whether Westpac has previously been found by a court in proceedings under the Financial Transaction Reports Act 1988 (Cth) to have engaged in any similar conduct.

58    Now numerous other relevant factors have been identified and applied in civil penalty proceedings in similar civil penalty contexts. As to such non-mandatory factors, I set out a list of augmented French factors in ASIC v Westpac (No 3) at [49] and [50]:

The fixing of a pecuniary penalty involves the identification and balancing of all the factors relevant to the contravention and the circumstances of the defendant, and the making of a value judgment as to what is the appropriate penalty in light of the purposes and objects of a pecuniary penalty that I have just explained. Relevant factors include the following:

(a)    the extent to which the contravention was the result of deliberate or reckless conduct by the corporation, as opposed to negligence or carelessness;

(b)    the number of contraventions, the length of the period over which the contraventions occurred, and whether the contraventions comprised isolated conduct or were systematic;

   (c)    the seniority of officers responsible for the contravention;

(d)    the capacity of the defendant to pay, but only in the sense that whilst the size of a corporation does not of itself justify a higher penalty than might otherwise be imposed, it may be relevant in determining the size of the pecuniary penalty that would operate as an effective specific deterrent;

(e)    the existence within the corporation of compliance systems, including provisions for and evidence of education and internal enforcement of such systems;

(f)    remedial and disciplinary steps taken after the contravention and directed to putting in place a compliance system or improving existing systems and disciplining officers responsible for the contravention;

(g)    whether the directors of the corporation were aware of the relevant facts and, if not, what processes were in place at the time or put in place after the contravention to ensure their awareness of such facts in the future;

(h)    any change in the composition of the board or senior managers since the contravention;

(i)    the degree of the corporation’s cooperation with the regulator, including any admission of an actual or attempted contravention;

(j)    the impact or consequences of the contravention on the market or innocent third parties;

(k)    the extent of any profit or benefit derived as a result of the contravention; and

(l)    whether the corporation has been found to have engaged in similar conduct in the past.

Moreover and importantly, attention must be given to the maximum penalty for the contravention. But if contravening conduct is not so grave as to warrant the imposition of the maximum penalty, I am bound to consider where the facts of the particular conduct lie on the spectrum that extends from the least serious instances of the offence to the worst category.

59    Clearly, in considering and weighing all relevant factors I need to engage in intuitive synthesis, which requires a weighing together of all relevant factors, rather than an arithmetical algorithmic process that starts from some pre-determined figure and then makes incremental additions or subtractions for each factor according to a set of predetermined rules. And it is also important to note that intuitive synthesis conducted in criminal sentencing does not have the same boundaries and content as intuitive synthesis in the context that I am considering. In criminal sentencing, the synthesis involves not only the facts and circumstances of the offending, but also conflicting sentencing considerations such as retribution and rehabilitation, and differing sentencing options along a broader spectrum than the civil context from a donation to the poor box through to imprisonment.

60    Of course, the augmented French factors are non-mandatory factors, and whether individual factors constitute relevant matters within the meaning of s 175 will depend upon the circumstances.

61    Let me say something about multiple contraventions. The assessment of appropriate penalties requires consideration of three principles associated with the treatment of multiple contraventions.

62    First, separate penalties should not be imposed for the same wrongful act. Section 175(6) provides that where conduct constitutes a contravention of “2 or more civil penalty provisions”, the person is not liable to more than one penalty “in respect of the same conduct”. Such provisions apply to conduct which is strictly “the same”, not just similar or closely related. The “course of conduct” principle deals with that latter dimension.

63    Now according to counsel for both parties, the parties’ joint position does not involve the imposition of more than one pecuniary penalty in respect of the same conduct. I am prepared to proceed on that foundation.

64    Second, contraventions can be grouped as a “course of conduct” for penalty purposes. Separate contraventions arising from separate acts should ordinarily attract separate penalties. But the “course of conduct” principle means that consideration can be given to whether the contraventions arise out of the same course of conduct in order to determine whether it may be appropriate that a single penalty should be imposed for the contraventions. Where there is an interrelationship between the legal and factual elements of two or more contraventions, care must be taken to ensure that the contravener is not punished twice for what is essentially the same contravening conduct (Australian Competition and Consumer Commission v Cement Australia Pty Ltd (2017) 258 FCR 312 at [421] to [424] per Middleton, Beach and Moshinsky JJ).

65    Now the question of whether certain contraventions should be treated as being a single course of conduct is a factual enquiry to be made having regard to all of the circumstances of the case. It is a tool of analysis which can be used in any given case. But whether the principle should apply requires an evaluative judgment in respect of the relevant circumstances. In Australian Competition and Consumer Commission v Hillside (Australia New Media) Pty Ltd t/a Bet365 (No 2) [2016] FCA 698 at [25], I observed in the context of an analogue of s 175:

… the “course of conduct” principle does not have paramountcy in the process of assessing an appropriate penalty. It cannot of itself operate as a de facto limit on the penalty to be imposed for contraventions of the ACL. Further, its application and utility must be tailored to the circumstances. In some cases, the contravening conduct may involve many acts of contravention that affect a very large number of consumers and a large monetary value of commerce, but the conduct might be characterised as involving a single course of conduct.

Contrastingly, in other cases, there may be a small number of contraventions, affecting few consumers and having small commercial significance, but the conduct might be characterised as involving several separate courses of conduct. It might be anomalous to apply the concept to the former scenario, yet be precluded from applying it to the latter scenario. The “course of conduct” principle cannot unduly fetter the proper application of s 224.

66    The principle does not restrict my discretion as to the amount of the penalty to be imposed for the course of conduct. More specifically, the maximum penalty for the course of conduct is not restricted to the prescribed statutory maximum penalty for each contravening act or omission. In this sense, the application of this principle does not result in the maximum penalty being capped in the same way that a civil penalty is capped under s 175(6).

67    Now whilst the course of conduct principle has been applied to contraventions of the Act (AUSTRAC v TAB at [29], [41] and [49]; AUSTRAC v CBA at [36]), it does not convert the many separate contraventions into a limited number of contraventions, nor does it constrain the available maximum penalty or otherwise displace the imposition of a significant penalty.

68    Now the theoretical maximum penalty in the present case is an immense figure. But the various contraventions in this case can be grouped based on the combination of failures that give rise to them. I was provided with a table of such groupings, but this does not need to be set out. Further, I should note that the parties’ submissions as to the appropriate penalty for the contraventions of each provision have taken into account that in some instances the underlying conduct that informs or contributes to one group of contraventions also informs or contributes to another group of contraventions. For example there is a degree of overlap between the underlying conduct that informs the contraventions of ss 45(2) and 81(1) and there is a degree of overlap between the underlying conduct that informs the contraventions of ss 36(1) and 81(1).

69    Third, the totality principle must be applied. Where multiple separate penalties are to be imposed upon a particular wrongdoer, the totality principle requires me to make a final check of the penalties to be imposed on a wrongdoer, considered as a whole. It will not necessarily result in a reduction. But in cases where the cumulative total of the penalties to be imposed would be too low or too high, one can alter the final penalties to ensure that they are just and appropriate (Australian Competition and Consumer Commission v Australian Safeway Stores Pty Ltd (1997) 145 ALR 36 at [53] per Goldberg J). Further, I would note here that the concept of proportionality overall can be a cognate boundary condition.

Consideration of the relevant factors

70    In the present case I accept that the proposed penalty will have the appropriate specific and general deterrence effects, taking into account the various courses of conduct, the interrelated nature of the conduct, the totality principle and the application of proportionality.

71    Further, although the contraventions were not the result of a deliberate intention to breach the Act, this does not displace the imposition of a significant penalty. This accords with the approach taken in AUSTRAC v CBA, where a significant penalty was ordered by Yates J even though the contraventions were not deliberate. For example, some of the failures in AUSTRAC v CBA derived from a misapprehension of obligations imposed under the Act, an inadvertent failure to update and configure automated processes, and an error when merging data from two of CBA’s systems.

72    But before proceeding further I should note the following in favour of Westpac.

73    Since 2014 Westpac has spent $632 million on financial crime compliance, including AML/CTF compliance, and has made improvements to its technology platforms, personnel, processes and procedures.

74    In 2015, Westpac commenced a review of its financial crime detection, case management and regulatory reporting information technology system, Norkom/Detica. This review led to a project to upgrade the system to facilitate a more efficient and coordinated approach to financial crime management, including transaction monitoring and sanctions screening. Given, its scale and complexity, the design and implementation activities associated with the project have occurred over a number of years. Work commenced on the upgrade in 2016 and continues.

75    Further, over a number of years, Westpac has made structural and resourcing changes to its first line and financial crime teams to facilitate a more consistent and effective approach to financial crime management.

76    Further, from 2015 to 2019, Westpac implemented numerous plans of work to identify and address issues relevant to AML/CTF compliance. In September 2017, an AML/CTF working group was established. The working group met on an almost monthly basis, received regular updates and tracked remediation of key AML/CTF issues until it was subsumed within broader financial crime work programs in 2018.

77    Further, from 2018, Westpac reframed its previous program of work into a broader integrated financial crime strategy and commenced a significant project of work to implement this strategy. The financial crime program currently comprises various streams of work.

78    Further, significant enhancements have also been made to the risk assessment standard, correspondent banking standard, transaction monitoring program standard, which includes systems and controls intended to ensure Westpac complies with its obligations under the Rules, and regulatory reporting standard and underlying processes and procedures.

79    Further, in 2017, Westpac Institutional Bank (WIB) instituted its own program of work to review and enhance its financial crime risk management framework and controls.

80    There have also been other improvements prior to the commencement of this proceeding. Moreover, since this proceeding commenced, Westpac has continued to implement enhancements to its approach to AML/CTF compliance. The enhancements include:

(a)    the establishment of the Board Legal, Regulatory and Compliance Committee, which is responsible for overseeing, among other matters, financial crime, and succeeds the Board Financial Crime Committee, established in November 2019;

(b)    the appointment of a new role of Group Executive, Financial Crime, Compliance & Conduct in May 2020;

(c)    engaging a third party advisor, Promontory, to provide external assurance to Westpac’s Board over the design effectiveness of the financial crime strategic plan and Westpac’s program of work to implement that plan;

(d)    appointing an independent advisory panel to assess the Board’s governance and accountability in relation to financial crime;

(e)    conducting an internal review of its financial crime governance model to clearly specify individual accountabilities and embed monitoring processes, and the financial crime assurance model to better define the three lines of defence model to ensure clarity of roles and responsibilities;

(f)    developing and resourcing a monitoring and testing team with an associated framework, dedicated to continuous testing of financial crime controls; and

(g)    undertaking significant improvements to and a refresh of Westpac’s financial crime training program for the Board, senior management and staff in relation to AML/CTF compliance.

81    But at this point it is now appropriate to discuss the nature, extent and duration of Westpac’s conduct; I will discuss other enhancements that Westpac has made to its systems in that context.

Nature, extent and duration of conduct

82    First, let me deal with breaches of s 45(2) concerning IFTI reports, none of which occurred as the result of any deliberate intention to breach the Act. Westpac admits that it failed to give 19,502,841 IFTIs to the AUSTRAC CEO within the time frame specified by s 45(2) and that it failed to give 76,144 IFTIs to the AUSTRAC CEO that contained payer names, as required by s 45(2).

83    At the time of the first relevant contravention in November 2013, a contravention carried a maximum penalty of $17 million. This maximum penalty increased to $18 million on 1 August 2015 and to $21 million on 1 July 2017.

84    These contraventions occurred in circumstances where there were opportunities to prevent and detect the non-reporting. Moreover, when such non-reporting was identified, there were failures to escalate it.

85    In 2013, in response to queries from AUSTRAC relating to its ITFI reporting, Westpac’s AML/CTF prepared a report that addressed ITFI reporting solutions. The report stated that “[a] number of gaps were found to be present in Westpacs structured IFTIs, ranging from data quality, incorrect usage of XML tags, incorrect information populated in XML tags, and incorrect definitions of reportability”, but it did not identify the non-reporting.

86    In July 2013, AUSTRAC recommended that Westpac perform a review of payment instructions not reported to the AUSTRAC CEO. This led to the provision to AUSTRAC on 30 June 2014 of a report prepared by Westpac’s Group Assurance on the review that it had undertaken, however the report did not identify the relevant non-reporting. This report included a management action plan, which generated ongoing work by Group Assurance through 2014 and 2015. This also did not identify the non-reporting.

87    In early 2016, Westpac commenced an Australasian case management (ACM) arrangements remediation project, during which in May 2017 Westpac employees became aware that IFTIs for Bank B were not being reported. This was not brought to the attention of senior management. The ACM arrangements provided by Westpac to correspondent banks involved varied models and offerings. For the purposes of the present proceeding the key ACM arrangements were those offered to a number of correspondent banks known as the direct model ACM arrangements and the referral model ACM arrangements.

88    In August 2017, other Westpac employees became aware that IFTIs for Bank B were not being reported to the AUSTRAC CEO and one Westpac employee identified that IFTIs in respect of the ACM arrangements for Bank A were not being reported to the AUSTRAC CEO. Neither instance of non-reporting was brought to the attention of the Group Money Laundering Reporting Officer or senior management.

89    More generally, it was not until May 2018 that the Group Money Laundering Reporting Officer became aware of these issues, following which urgent steps were taken to escalate the matter, including taking it to Westpac’s regulatory disclosure forum on 25 July 2018 and reporting it to the AUSTRAC CEO on 15 August 2018.

90    Since these contraventions were identified, Westpac has undertaken a range of further enhancements in respect of its IFTI reporting. I have set some of these out elsewhere.

91    The 19,502,841 contraventions of s 45 relating to the late IFTIs and the 76,144 contraventions of s 45 relating to the failure to include payer names in IFTIs were serious.

92    Westpac did not identify that over 72% of all incoming IFTIs received by Westpac for the period 5 November 2013 to 3 September 2018 had not been reported to the AUSTRAC CEO.

93    Westpac’s assurance processes to identify non-compliance with IFTI reporting were inadequate, particularly in relation to IFTIs that were processed through non-SWIFT payment systems. Westpac did not have adequate controls in place to identify the requirement to report IFTIs in relation to Ordering Institution A. Nor did Westpac have appropriate assurance processes in place to identify non-SWIFT IFTIs that did not include a payer name.

94    As a result of the failure to file the IFTIs on time, AUSTRAC, the Australian Taxation Office and other law enforcement agencies have been deprived of timely information relating to over $11 billion in international payments for up to six years.

95    Late reporting delays and hinders law enforcement efforts. IFTI information facilitates the tracking of off-shore movements of funds relating to offences such as money laundering, terrorism financing, cyber-crime, child exploitation and other crime. Given that international payments systems allow money to move quickly, late IFTIs compromise the ability of law enforcement to trace money and to investigate and prosecute serious crimes. Late IFTIs also delay law enforcement’s ability to identify and stop ongoing crime. As the international payments system allows money to move quickly, late IFTIs can also compromise the ability of law enforcement to trace and recover the proceeds of crime.

96    Further, of the 2,314 IFTI reports lodged late relating to Westpac’s LitePay product, 18 related to 7 of the first 12 customers with respect to whom Westpac had identified transactions suspected to be indicative of child exploitation and 19 related to a further 12 customers with respect to whom Westpac had identified suspect transactions. Further, AUSTRAC, the ATO and other law enforcement agencies were not given timely intelligence in relation to those 37 international transfers. During the relevant period, Westpac reported to AUSTRAC approximately 4,773 IFTIs relating to the 262 customers within 10 days of the relevant international transfers taking place.

97    Further, 76,144 IFTI reports totalling $82,731,499 did not include the payer name as required by the Act and the Rules. As a result, AUSTRAC does not have information about the origin of this transferred money. Information about the origin of funds is critical to enable AUSTRAC, the ATO and other law enforcement agencies to follow money that may be connected to unlawful activity. The absence or loss of information about the origin of funds significantly compromises investigations and prosecutions.

98    But I should note that since Westpac self-reported the non-reporting of IFTIs to AUSTRAC, it has taken a number of actions to remediate the non-reporting, address root causes and improve its governance in relation to IFTI reporting, reconciliation processes and data quality. Let me set out some of them.

99    As I have mentioned, Westpac engaged third party advisor Promontory to perform a review of the non-reported IFTIs that Westpac received from Banks A, B, C and D through the ACM arrangements in place with those banks, as well as the non-reported IFTIs received by Westpac through the arrangements with Ordering Institution A, and the non-reported IFTIs sent by Westpac through the outgoing arrangements with Bank B. Promontory performed a lookback review in relation to these IFTIs to understand the ML/TF risk profile of these transactions. Westpac provided the Promontory reports to AUSTRAC. As a result of the analysis undertaken by Promontory, Westpac provided four suspicious matter reports to the AUSTRAC CEO.

100    In August 2018, Westpac established an internal project to ascertain the scale of any IFTI non-reporting in respect of the direct model ACM arrangements, address any identified non-reporting by back-capturing non-reported IFTIs and providing those IFTI reports to the AUSTRAC CEO, and implemented additional processes and controls to facilitate IFTI reporting for those arrangements moving forward.

101    In September 2018, Westpac commenced a detailed analysis of international payment flows involving Westpac’s financial institution clients including financial institutions and non-bank financial institutions outside of the ACM arrangements to determine whether any that were required to be reported as IFTIs were not in fact reported.

102    Westpac has ceased all direct model ACM arrangements with various banks. In particular the direct model ACM arrangement with Bank A ceased on 12 November 2018, the direct model ACM arrangements with Bank D ceased on 31 January 2019, the direct model ACM arrangement with Bank C ceased 2 February 2019, and the direct model ACM arrangement with Bank B ceased on 4 February 2019.

103    Westpac has also ceased off-system bank state branch (OSBSB) arrangements with Bank B on 30 September 2019 and Bank J on 10 January 2020 and closed the LitePay product in November 2019.

104    Further, Westpac has also implemented additional controls, which I do not need to detail.

105    Second, let me deal with the breaches of ss 64(6) and (7) concerning the required transfer information, none of which occurred as a result of any deliberate intention to breach the Act. Westpac admits that it failed to pass on some or all of the required transfer information within the meaning of s 70 to another institution in relation to 8,140 IFTIs that it transmitted out of Australia in contravention of s 64(7)(f), and that it failed to pass on complete payer information to another institution in relation to 2,400 IFTIs in contravention of s 64(6).

106    At the time of the first relevant non-compliance in January 2014, a contravention carried a maximum penalty of $17 million. This maximum penalty increased to $18 million on 1 August 2015 and to $21 million on 1 July 2017.

107    Since these contraventions were identified, Westpac has undertaken a range of measures to ensure that it is passing on all necessary information, some of which I have set out elsewhere.

108    Now these contraventions were serious. The required transfer information was held by Westpac or other Australian financial institutions and was readily accessible by Westpac. Further, Westpac’s processes did not identify these systemic failures for over five years.

109    More generally, full transparency of the origin of funds is essential for other financial institutions in funds transfer chains to identify, mitigate and manage their own ML/TF risks. Westpac’s failure to pass on the required transfer information may have impacted the ability of other financial institutions to manage ML/TF risk. Further, information about the origin of funds is critical to enable AUSTRAC, the ATO and other law enforcement agencies to follow money that may be connected to unlawful activity. The absence of payment transparency delays and inhibits the investigation and prosecution of offences.

110    Third, let me deal with the breaches of s 115 of the Act concerning the making and retaining of records. Westpac admits that it failed to retain for seven years records of so much of the required transfer information as was passed onto Westpac in relation to 3,516,238 transfer instructions.

111    These contraventions occurred as a result of systems that have now been wholly replaced, or as a result of configuration issues in current systems that have been identified and fixed.

112    These contraventions were serious. Westpac’s IT change management and assurance processes did not identify failures to retain back-up files for over six years. Further, the lost records related to the origin of over 3.5 million incoming international transactions.

113    More generally, AUSTRAC, the ATO and other law enforcement agencies are entitled to request information about incoming IFTIs, including in relation to the origin of funds. Information about the origin of funds is critical to enable AUSTRAC, the ATO and other law enforcement agencies to follow money that may be connected to unlawful activity.

114    Now I should note that these contraventions occurred as a result of historical back-up systems that have now been replaced or as a result of configuration issues in current systems that were identified and fixed prior to the commencement of the proceeding. And since 2018, Westpac has also undertaken a number of further enhancements to its AML/CTF record keeping systems, including increasing the length of time that original customer instructions are maintained in an “online” state within the Westpac Integrated Banking System, being one of the systems through which it receives payment instruction files from correspondent banks, to approximately six months and improved monitoring of back-up system performance to ensure timely detection and rectification of any failures.

115    Fourth, let me deal with breaches of s 98 of the Act concerning correspondent banking due diligence. Westpac admits that it failed to comply with s 98 in relation to the preliminary risk assessments (s 98(1)) and due diligence assessments (s 98(2)) undertaken in respect of its correspondent banking relationships.

116    Now none of the contraventions were the result of any deliberate intention to breach the Act. Westpac believed that it was compliant with the Act in respect of its correspondent banking due diligence obligations. This belief was not unreasonable. In 2012, Westpac received confirmation from an external review that its processes addressed the requirements in the Act and the Rules in relation to correspondent banking and that those processes were operating as designed; it is to be noted that the relevant provisions in the Act and the Rules have not changed materially since this review. Further, second line assurance testing and third line group audit reports that considered correspondent banking due diligence processes and procedures during the relevant period did not identify non-compliance with the Act or the Rules. Further, in 2016, AUSTRAC conducted an assessment of Westpac’s compliance with its correspondent banking due diligence obligations, including s 98. In its report on 15 December 2016, AUSTRAC made seven recommendations for Westpac to consider in enhancing its compliance with the Act and the Rules, but did not identify any non-compliance with the Act or the Rules.

117    At the time of the first contravention in November 2013, a contravention carried a maximum penalty of $17 million. This maximum penalty increased to $18 million on 1 August 2015 and to $21 million on 1 July 2017.

118    Notwithstanding the foundation for Westpac’s not unreasonable belief as I have set out, multiple failures resulted in the contraventions of ss 98(1) and (2) and the contraventions were serious.

119    Correspondent banking relationships present higher ML/TF risks associated with cross-border movements of funds, jurisdiction risk including the risks of operating in certain foreign countries, and risks associated with the transparency of the identity and source of funds of customers of the correspondent banks.

120    The requirement to undertake regular preliminary risk assessments and due diligence assessments of correspondent banking relationships is a central aspect of the AML/CTF regulatory regime, as well as being a key element of Westpacs AML/CTF program. It provides an appropriate means for ensuring that the reporting entity is in a position to identify, mitigate and manage its ML/TF risks.

121    Further, appropriate risk-based monitoring over vostro accounts is a key requirement of the correspondent banking due diligence obligation. A vostro account is an account that Westpac holds for a correspondent bank in Australian dollars for the purpose of facilitating the settlement of international transactions on behalf of the correspondent bank’s customers. Without appropriate monitoring of vostro accounts, although Westpac did monitor some instructions, Westpac was not in a position to understand fully the ongoing ML/TF risks posed by its correspondent banking relationships. Nor was it in a position to understand fully the ongoing ML/TF risks of the payments flowing through the vostro accounts.

122    Further, as I have mentioned, in its December 2016 report, AUSTRAC made seven recommendations for Westpac to consider in enhancing its compliance with the Act and the Rules in relation to correspondent banking due diligence. Whilst Westpac took steps to address the recommendations, the steps it took did not adequately address AUSTRAC’s recommendations.

123    Further, flaws in the design and implementation of the correspondent banking due diligence assessment processes could have been identified and addressed earlier had Westpac had stronger first line testing, second line oversight and assurance, and third line audit coverage.

124    Further, Westpac did not always have appropriate processes to monitor whether transactions being processed through its correspondent banking relationships were consistent with its risk appetite.

125    Further, Westpac’s correspondent banking relationships allowed foreign institutions to operate within its banking environment and within the Australian payments system. The failure of Westpac to appropriately monitor vostro accounts and direct model ACM arrangements payment flows increased the exposure of Westpac, the Australian payments system, and some international payments channels to ML/TF risks. As I have mentioned, for the purposes of the present proceeding direct model ACM arrangements are one of the key ACM arrangements offered by Westpac to correspondent banks. Though direct model ACM arrangements varied as between the correspondent banks, these generally allowed the correspondent banks to use Westpac’s infrastructure to process payments for their overseas and domestic customers through Westpacs direct access to the low value clearing network in Australia and New Zealand.

126    I should note that Westpac’s approach to managing the ML/TF risk posed by its correspondent banking relationships has developed in recent years. This has included making changes to its correspondent banking due diligence processes, systems and controls to address a requirement and recommendations made by AUSTRAC in its 2012 compliance assessment report into Westpac’s correspondent banking controls.

127    Further, the changes have included making changes to its correspondent banking due diligence processes, systems and controls to address further recommendations made by AUSTRAC in its 2016 compliance assessment report into Westpac’s correspondent banking controls. In particular, Westpac made changes including to:

(a)    its correspondent banking due diligence AML/CTF procedures manual (the CB procedures manual) to respond to AUSTRAC’s conclusion that Westpac did not demonstrate in the workbooks which documented the preliminary risk assessments and due diligence assessments (the DD workbooks), a thorough assessment of the existence and quality of any AML/CTF regulation in the correspondent banks country of domicile or that of its parent when documenting due diligence assessments;

(b)    the CB procedures manual to respond to AUSTRAC’s recommendation that Westpac should enhance its oversight of correspondent banking periodic review process by providing management information to key stakeholders on any reviews not completed within the specified timeframes in the correspondent banking documentation. In particular, Westpac replaced the monthly correspondent banking stakeholders meeting with the correspondent banking due diligence committee in July 2017, which also meets monthly;

(c)    its risk and fraud operations procedures manual for clarity and comprehensiveness so that the manual was consistent with the key policies and procedures, including the AML/CTF program and the correspondent banking standard (the CB standard), which sets out the level of due diligence required for correspondent banking relationships;

(d)    its CB procedures manual so that in its preliminary risk assessments and due diligence assessments Westpac document any discrepancies identified in those assessments; and

(e)    update the correspondent bank risk assessment model, which was used to calculate the risk rating of the correspondent bank, to include, where applicable, the reasons for assessing the correspondent bank to have increased risk or adverse findings.

128    Westpac has made further enhancements to its processes, systems and controls in relation to correspondent banking due diligence as part of an initiative to align itself with global best practice, reduce its number of correspondent banking relationships, and simplify the banking services and products it offers to its correspondent banks. This has included the following steps, which Westpac undertook or initiated prior to the commencement of this proceeding. WIB has off-loaded a large number of correspondent banking relationships since July 2017 which do not meet its risk appetite or strategic or commercial objectives. Further, Westpac introduced an updated and enhanced CB standard approved by the Board on 11 December 2019, with new procedures to replace the CB procedures manual, namely the correspondent banking due diligence procedures (CBDD procedures).

129    Further, since the commencement of this proceeding, Westpac has taken measures which include the following. It has commenced re-conducting preliminary risk assessment and due diligence assessments across the correspondent banking portfolio according to Westpac’s new enhanced CB standard and CBDD procedures. Westpac anticipates completing its re-review of all relevant correspondent banks by the end of March 2021. Further, it has, until a future date, being the completion of the re-review of the relevant correspondent banks, ceased the opening of any new vostro accounts or relationship management application key arrangements, the latter being a form of correspondent banking relationship by which a digital certificate is issued to financial institutions to enable a trusted, provable and confidential end-to-end communication over the SWIFT network, as part of any new or existing correspondent banking relationships and approving new jurisdiction or currency flows for existing correspondent banking relationships.

130    Fifth, let me deal with breaches of s 81 of the Act concerning the AML/CTF program. Westpac admits that from 20 November 2013 to 20 November 2019 it contravened s 81 each time it commenced to provide a designated service in circumstances where Westpac’s joint AML/CTF program did not at all times fully meet the requirements of the Rules.

131    Section 81 of the Act provides as follows:

81 Reporting entity must have an anti-money laundering and counter-terrorism financing program

(1)    A reporting entity must not commence to provide a designated service to a customer if the reporting entity:

(a)    has not adopted; and

(b)    does not maintain;

an anti-money laundering and counter terrorism financing program that applies to the reporting entity.

Civil penalty

(2)    Subsection (1) is a civil penalty provision.

132    Section 82 of the Act provides as follows:

82 Compliance with Part A of an anti-money laundering and counter-terrorism financing program

Compliance with program

(1)    If a reporting entity has adopted:

(a)    a standard anti-money laundering and counter-terrorism financing program; or

(b)    a joint anti-money laundering and counter-terrorism financing program;

that applies to the reporting entity, the reporting entity must comply with:

   (c)    Part A of the program; or

(d)    if the program has been varied on one or more occasions—Part A of the program as varied.

Civil penalty

(2)    Subsection (1) is a civil penalty provision.

Exceptions

(3)    Subsection (1) does not apply to a particular provision of Part A of a standard anti‑money laundering and counter‑terrorism financing program if the provision was not included in the program in order to comply with the requirements specified in AML/CTF Rules made for the purposes of paragraph 84(2)(c).

(4)    Subsection (1) does not apply to a particular provision of Part A of a joint anti‑money laundering and counter‑terrorism financing program if the provision was not included in the program in order to comply with the requirements specified in AML/CTF Rules made for the purposes of paragraph 85(2)(c).

(5)    A person who wishes to rely on subsection (3) or (4) bears an evidential burden in relation to that matter.

133    I should also set out s 83 of the Act, which provides:

83 Anti-money laundering and counter-terrorism financing programs

(1)     An anti-money laundering and counter-terrorism financing program is:

(a)     a standard anti-money laundering and counter-terrorism financing program (see section 84); or

(b)     a joint anti-money laundering and counter-terrorism financing program (see section 85); or

(c)     a special anti-money laundering and counter-terrorism financing program (see section 86).

(2)     An anti-money laundering and counter-terrorism financing program is not a legislative instrument.

134    In the present case, it is s 85 that is relevant, which provides as follows:

85 Joint anti-money laundering and counter-terrorism financing program

(1)    A joint anti-money laundering and counter-terrorism financing program is a written program that:

(a)    applies to each reporting entity that from time to time belongs to a particular designated business group; and

   (b)    is divided into the following parts:

(i)    Part A (general);

(ii)    Part B (customer identification).

Part A (general)

(2)    Part A of a joint anti-money laundering and counter-terrorism financing program is a part:

(a)    the primary purpose of which is to:

(i)    identify; and

(ii)    mitigate; and

(iii)    manage;

the risk each of those reporting entities may reasonably face that the provision by the relevant reporting entity of designated services at or through a permanent establishment of the relevant reporting entity in Australia might (whether inadvertently or otherwise) involve or facilitate:

(iv)    money laundering; or

(v)    financing of terrorism; and

(b)    if any of those reporting entities provides designated services at or through a permanent establishment of the relevant reporting entity in a foreign country—another purpose of which is to ensure that the relevant reporting entity takes such action (if any) as is specified in the AML/CTF Rules in relation to the provision by the relevant reporting entity of designated services at or through a permanent establishment of the relevant reporting entity in a foreign country; and

(c)    that complies with such requirements (if any) as are specified in the AML/CTF Rules.

Part B (customer identification)

(3)    Part B of a joint anti-money laundering and counter-terrorism financing program is a part:

(a)    the sole or primary purpose of which is to set out the applicable customer identification procedures for the purposes of the application of this Act to customers of each of those reporting entities; and

(b)    that complies with such requirements (if any) as are specified in the AML/CTF Rules.

Different reporting entities

(4)    A joint anti-money laundering and counter-terrorism financing program may make different provision with respect to different reporting entities. This does not limit subsection 33(3A) of the Acts Interpretation Act 1901.

Reviews

(5)    A requirement under paragraph (2)(c) may relate to reviews of a joint anti-money laundering and counter-terrorism financing program.

Variation

(7)    A joint anti-money laundering and counter-terrorism financing program may be varied, so long as the varied program is a joint anti-money laundering and counter-terrorism financing program.

135    None of the contraventions were the result of any deliberate intention to breach the Act. But as is apparent from the text and structure of these provisions, s 81(1) is a fundamental and foundational requirement under the Act which in the present case is given content by ss 83(1)(b) and 85. And the absence of a deliberate intention to breach hardly carries significant weight in light of the nature of the obligation being imposed.

136    At the time of the first contravention in November 2013, a contravention carried a maximum penalty of $17 million. This maximum penalty increased to $18 million on 1 August 2015 and to $21 million on 1 July 2017.

137    Rules 9.1.3 to 9.1.5 of the Rules required Westpac’s Part A program to put in place appropriate risk-based systems and controls, which in turn required appropriate ML/TF risk assessments. The non-compliance of Westpac’s Part A program with rules 9.1.3 to 9.1.5 is set out in the SAFA, which there is no need to reproduce.

138    The contraventions were serious for the following reasons.

139    The AML/CTF program is the principal document for setting out the risk-based systems and controls that are required to ensure compliance with the Act and the Rules. And the requirement to carry out and maintain current ML/TF risk assessments of designated services is central to the AML/CTF program and to the Act. Further, risk assessments are the foundation of the obligation to identify, mitigate and manage the ML/TF risks relating to designated services. And in order to appropriately mitigate and manage its ML/TF risk and have appropriate risk-based controls as required by the Act, Westpac must first identify and assess the ML/TF risks it reasonably faces.

140    Further, Westpac’s international payments business involves known higher ML/TF risks. Westpac’s failure to appropriately identify, mitigate and manage the ML/TF risks of the vostro accounts, ACM arrangements, and OSBSB arrangements has resulted in inadequate controls, and in some cases reduced transparency, in relation to some international payment flows.

141    Further, reduced payment transparency undermines the reputation, integrity and security of the Australian and global payments systems. And reduced payment transparency limits the ability of AUSTRAC, the ATO and law enforcement to trace the origin, purpose and character of funds.

142    Further, over 5.7 million late IFTI reports involved transactions totalling $2.9 billion that fall outside of the statutory limits the ATO operates under in respect of taking corrective action against taxpayers who have lodged tax returns. Westpac’s failure to lodge IFTI reports on time and, in some cases, complete IFTIs, has risked undermining the Australian taxation system.

143    Further, Westpac’s failure to appropriately identify and manage all ML/TF risks from international payment flows and to appropriately monitor these transactions for suspicious activity has resulted in the loss of opportunity to detect, trace and disrupt possible unlawful activity, including possible child exploitation, money laundering, terrorism financing and tax offences.

144    Further, the OSBSB arrangements allowed certain domestic and overseas branches of the account holder direct access to Westpac’s banking environment and payment systems but did not have adequate risk-based systems and controls in place. Westpac’s OSBSB arrangements also permitted cash deposits below $10,000 at branches by persons whose identity could have been unknown and not verified, although such deposits were subject to some controls.

145    Further, reduced payment transparency with the direct model ACM arrangements with Banks A and F undermined Westpac’s ability to give IFTI reports to the AUSTRAC CEO that contained all the information required by the Rules.

146    Let me deal with another matter. Rule 15.5 of the Rules required Westpac’s transaction monitoring program to include appropriate risk‑based systems and controls to monitor the transactions of customers. The non-compliance of Westpac’s Part A program with r 15.5 is set out in the SAFA, which there is no need to reproduce.

147    The contraventions were serious for the following reasons.

148    Appropriate risk-based transaction monitoring is central to ensuring that matters that may be suspicious for the purposes of the suspicious matter reporting obligation in s 41 of the Act are identified and reported to the AUSTRAC CEO and law enforcement. Appropriate risk-based transaction monitoring is central to Westpac’s understanding of its own ML/TF risks, including emerging risks.

149    In mid-2015, Group Audit prepared an audit report that included an issue raised by WIB Financial Crime regarding deficiencies in Westpac’s transaction monitoring program with regard to the monitoring of certain transactions, including international transactions. The Group Audit report included a management action plan, which required a detailed analysis of the current state of the transaction monitoring program to determine the extent of gaps. Over the course of 2016 and 2017, Westpac took actions to address transaction monitoring issues in other jurisdictions. In August 2017, gaps in the transaction monitoring program were again identified.

150    Westpac did not appropriately monitor aspects of its international payment flows in the billions of dollars that carried higher ML/TF risks, including risks associated with tax offences and child exploitation. This failure exposed the Australian financial system to these risks. Further, payment flows through vostro accounts carry higher ML/TF risks which must be subject to appropriate risk-based monitoring to protect the integrity of the Australian payments system. For several years, Westpac failed to appropriately monitor these international payment flows.

151    Further, if transactions are not appropriately monitored, unusual or suspicious activity cannot be identified and reported to AUSTRAC. Westpac’s failure to appropriately monitor billions of dollars of international payment flows could have impacted the ability to identify and disrupt possible suspicious activity.

152    Let me deal with another matter. Rule 9.9.1(2) of the Rules required Westpac’s Part A program to include appropriate systems and controls designed to ensure compliance with Westpac’s reporting obligations. The non-compliance of Westpacs Part A program with r 9.9.1(2) of the Rules is set out in the SAFA, relevant extracts of which I do not need to reproduce.

153    The contraventions were also serious. In June 2014, Group Audit identified that there was inadequate end-to-end understanding, documentation and monitoring over the IFTI reporting process. Management undertook a number of actions to address the issues raised by Group Audit, which led to Group Audit closing the issue in January 2016. However, weaknesses in Westpac’s data management and technology systems in relation to AML/CTF compliance persisted. Further, reduced payment transparency with the direct model ACM arrangements with Banks A and F undermined Westpac’s ability to give IFTI reports to the AUSTRAC CEO that contained all the information required by the Rules.

154    Now Westpac admits that it contravened s 81 because of its non-compliance in significant respects with the Rules contrary to s 85(2)(c). But I should note that Westpac has now addressed some of these problems.

155    Since 2017, Westpac has undertaken a significant body of work to improve its approach to ML/TF risk assessments, including product and channel ML/TF risk assessments. Prior to the commencement of the proceeding, the following work was completed. In late 2017, Westpac developed refreshed channel and product ML/TF risk assessment methodologies. This included a new process for completing standalone channel risk assessments. And starting in late 2017, divisions within Westpac were required to review and update current product and channel risk assessments under the revised ML/TF risk assessment approach to ensure consistency across its operations.

156    Since the commencement of the proceeding, Westpac has been taking a number of further steps to improve its approach to assessment of ML/TF risk. Enhancements undertaken or underway include developing a new product risk assessment and channel risk assessment methodology and updating the product and project risk assessment tool.

157    Further, as to transaction monitoring, prior to the commencement of the proceeding, Westpac undertook work to uplift its transaction monitoring program standard, completed in August 2018. Further, it consolidated responsibility for transaction monitoring controls with the appointment of a new Financial Crime Controls and Operations Officer in September 2019, with an additional dedicated Executive Manager for transaction monitoring who commenced in April 2020. Further, it extended child sexual exploitation transaction monitoring rules to non-LitePay channels. Further, it developed new detection scenarios to address gaps in the monitoring of high-risk products. It also delivered enhancements to its sanctions, terrorism financing and politically exposed persons screening processes.

158    Further, since the commencement of the proceeding, Westpac has undertaken further work to enhance its transaction monitoring systems and controls, which I do not need to detail save for one aspect. With respect to child exploitation risk specifically, Westpac has:

(a)    extended its automated detection monitoring scenarios for child exploitation risk to SWIFT channel payments to a broader range of jurisdictions;

(b)    amended its procedures so that where Westpac identifies a transaction that it determines it has a reasonable basis to believe is suspicious in relation to potential child exploitation material activity, a suspicious matter report must be lodged with the AUSTRAC CEO within 24 hours, rather than 72 hours, as required under s 41 of the Act; and

(c)    made amendments to, and supplemented, its detection monitoring scenarios for child exploitation material risk to address newly published AUSTRAC and other guidance.

159    Further, as to IFTI reporting, in addition to the steps outlined above, on 1 May 2019, Westpac updated the regulatory reporting standard to include a requirement that divisions must ensure and be satisfied that there were processes and procedures in place at a group and/or divisional level to ensure that all transactions meeting the definition of an IFTI facilitated by that division were reported to the AUSTRAC CEO within the specified timeframes. This included a requirement that there were controls in place to periodically reconcile the number of IFTIs received and sent against the number of IFTI reports submitted to the AUSTRAC CEO.

160    Sixth, let me deal with breaches of s 36 of the Act concerning ongoing customer due diligence, none of which were the result of any deliberate intention to breach the Act. Westpac admits that it failed to conduct appropriate ongoing customer due diligence in relation to 262 customers whose account activity was consistent with indicators of the funding of child exploitation material.

161    At the time of the first contravention in November 2013, a contravention carried a maximum penalty of $17 million. This maximum penalty increased to $18 million on 1 August 2015 and to $21 million on 1 July 2017.

162    Westpac’s contraventions of s 36 were serious for the following reasons.

163    Westpac’s failure to conduct appropriate ongoing customer due diligence in relation to the 262 customers was systemic and occurred over a number of years. Moreover, this was in the context, as I have mentioned, that some guidance and methodology briefs on child exploitation material typologies had been available to Westpac at all times during the relevant period.

164    Further, given the serious nature of child exploitation material risks, it was and is important for Westpac and other reporting entities to ensure that they have appropriate risk-based controls for transaction monitoring and enhanced customer due diligence with respect to these risks.

165    Further, had Westpac appropriately monitored its customers in relation to child exploitation material, it may have identified activity indicative of child exploitation material sooner. Had this activity been identified sooner, it could have been reported to AUSTRAC and law enforcement sooner through suspicious matter reports. Further, had this activity been identified sooner, Westpac would have been in a position to undertake additional steps to identify, mitigate and manage the risks of ongoing child exploitation material. In some cases, Westpac could have reported customers to AUSTRAC a number of years earlier.

166    Further, Westpac failed to identify activity potentially indicative of child exploitation risks by failing to implement appropriate transaction monitoring detection scenarios. Three of the customers the subject of this proceeding had prior convictions relating to child exploitation offences. One of these customers has been arrested in relation to further child exploitation offences since the commencement of this proceeding. Other customers are being assessed further for possible investigations.

167    Now Westpac has terminated the transactional accounts of 12 of the 262 customers and placed a block on certain products which Westpac cannot immediately exit, such as credit cards or home loans with existing amounts owed to Westpac, or insurance products. Under these products, the only transactions the customers can enter into are to repay amounts owed to Westpac. Once the amount owed to Westpac has been repaid or the product term expires, the account or product will be terminated.

168    Further, since the commencement of the proceeding, Westpac has made a number of improvements to its enhanced customer due diligence process in relation to customers who have been identified in suspicious matter reports filed with AUSTRAC in relation to child exploitation material risk. Those improvements include reducing the maximum time for exit decisions to be reached and implemented in relation to customers in relation to whom a suspicious matter report has been filed in relation to child exploitation material risk. Further, they include blocking certain payments for customers the subject of an exit decision in relation to child exploitation material risk in the period between a suspicious matter report being filed and the customer account being closed. Further, they include conducting additional training for relevant staff in relation to identifying and monitoring for child exploitation material risk.

Relevant circumstance, including deliberateness and the role of management

169    The contraventions set out above were not a consequence of any deliberate intention to contravene the Act. At all times the Board and senior management sought to ensure that Westpac would comply with its obligations under the Act. But the Rules required ongoing oversight of Part A of Westpac’s program by the Board and senior management. The primary purpose of Part A was and is to identify, mitigate and manage ML/TF risk.

170    Now the Board and senior management were responsible for seeking to ensure that Westpac managed the ML/TF risks faced by its business. And during the relevant period, the Board and senior management sought and received regular and detailed reports in relation to Westpac’s Part A program and the identification, mitigation and management of ML/TF risks reasonably faced by Westpac from personnel with direct responsibility and oversight of the AML/CTF function. And where issues were identified, the Board and senior management sought to ensure these issues were addressed. But despite those steps, the following deficiencies arose:

(a)    The reporting to the Board and senior management on AML/CTF compliance and the identification, mitigation and management of ML/TF risk reasonably faced by Westpac lacked completeness and sufficient insight.

(b)    Whilst Westpac’s AML/CTF risk management framework was subject to some independent reviews by its internal audit function and by third party experts, Westpac did not complete an independent review that satisfied all of the requirements of r 9.6.5 of the Rules which are for the purposes of assessing the Part A program’s compliance and effectiveness.

(c)    There was, at times, a lack of sufficient speed in addressing instances where Westpac identified that it was operating outside of its ML/TF risk appetite.

(d)    There was a lack of sufficient clarity and understanding within Westpac as to the particular accountabilities between the three lines of defence responsible for financial crime controls.

(e)    The AML/CTF compliance and risk management functions were not adequately resourced.

(f)    There were weaknesses in Westpac’s data management and technology systems in relation to AML/CTF compliance.

(g)    Amendments to Westpac’s Part A program were approved by senior management committees, with the result that the Board did not have complete oversight over that process.

171    Now Westpac’s Board and senior management have overseen a range of measures directed at improving its AML/CTF function and the identification, mitigation and management of ML/TF risks. And many of the improvements occurred from 2017 onwards. But such improvements could and should have been made earlier.

Loss or damage caused by the conduct

172    Money laundering is fundamentally about obscuring the origin and destination of funds. For this reason, payment transparency is one of the basic foundations of AML/CTF risk management and compliance. Payment systems that are not transparent can be exploited by organised crime, can facilitate tax offences and can impede law enforcement investigations.

173    A lack of transparency with international payments that pass through the Australian payments system exposes global payments systems to the same risks. This also undermines the integrity, safety and reputation of the Australian payments system. It is critical to ensuring payment transparency that the senders or recipients of IFTIs file reports of these instructions with the AUSTRAC CEO in a timely and complete manner.

174    The late and, in some cases, incomplete IFTI reports deprived AUSTRAC, law enforcement and the ATO of intelligence to which they are entitled involving movements of over $11 billion dollars in international payments over many years. As the international payments system allows money to move quickly, late and incomplete IFTI reports result in a lack of transparency in relation to the payments, compromising the ability of law enforcement to trace money, to investigate and prosecute serious crime and to recover the proceeds of crime.

175    Over 5.7 million late IFTI reports involved transactions totalling $2.9 billion, which fall outside the statutory limits under which the ATO operates in respect of taking corrective action against taxpayers who have lodged tax returns. Westpac’s failures to lodge IFTI reports on time and, in some cases, complete IFTIs, has risked undermining the Australian taxation system.

176    Westpac’s failure to pass on information about the origin of transferred money to other financial institutions in funds transfer chains reduced transparency in relation to these payments and may have impacted the ability of those other financial institutions to manage ML/TF risk. The absence of readily available information about the origin of funds transfers may compromise the ability of law enforcement and the ATO to investigate and prosecute serious crimes.

177    Westpac’s failure to identify appropriately all ML/TF risks from international payment flows and appropriately to monitor these transactions for suspicious activity has resulted in the loss of opportunity to detect and disrupt possible unlawful activity, including possible child exploitation, money laundering, terrorism financing and tax offences.

178    Further, correspondent banking relationships present higher ML/TF risks associated with cross border movements of funds, jurisdiction risk, including the risks of operating in certain foreign countries, and risks associated with the transparency of the identity and source of funds of customers of the correspondent banks. Westpac allowed foreign institutions to operate within its banking environment and within the Australian payments system without appropriate due diligence, risk assessments and monitoring. Westpac’s failures have exposed Westpac, the Australian payments system and some international payment channels to greater ML/TF risks, including in relation to low value payments, which do not always involve inherently low ML/TF risks. Westpac’s failures have also exposed people to the risks of serious crime.

179    Further, Westpac failed to identify activity potentially indicative of child exploitation risks by failing to implement appropriate transaction monitoring detection scenarios.

Size of contravener and financial position

180    Westpac reported a net profit for the full year ending 30 September 2019 of approximately $6,790 million. Of this, approximately 70% was returned to shareholders through dividends with the balance reinvested. Westpac reported a net profit for the half year ending 31 March 2020 of approximately $1,190 million.

181    Westpac maintains approximately 1,140 branches, servicing approximately 14.2 million customers. Westpac employs approximately 33,300 people. Reflecting its scale, size of customer base and geographic spread of operations, at all material times Westpac has operated numerous and complex computer and management systems and controls.

Prior similar conduct

182    Westpac has not previously been found to have engaged in any contravention of the Act. However, this circumstance does not displace the necessity to impose a significant penalty.

Cooperation

183    At all times throughout the relevant period and since, Westpac had a cooperative relationship with AUSTRAC, including through collaboration and information sharing. This has ranged from informal updates to regular progress meetings.

184    Westpac’s cooperation and collaboration with AUSTRAC has included its involvement in the Fintel Alliance, a public-private partnership launched in 2017 that consists of a range of organisations involved in the fight against money laundering, terrorism financing and other serious crime. Westpac was a founding member of the Fintel Alliance and is a member of the Fintel Alliance Strategic Advisory Board.

185    Further, AUSTRAC’s investigation into Westpac and the matters the subject of this proceeding commenced following a voluntary self-report by Westpac on 15 August 2018 of identified IFTI non-reporting. This self-reporting was made promptly upon senior management becoming aware of the issue.

186    Further, following the identification of the IFTI non-reporting in respect of the ACM arrangements, Westpac responded quickly to identify root causes and scope a remediation program. Westpac attended frequent meetings with AUSTRAC in late 2018 and 2019 to update AUSTRAC on progress of the remediation program. More generally, Westpac has undertaken extensive remediation measures and enhancements. I have detailed some of these steps earlier.

187    More generally, at all times since August 2018, Westpac has cooperated with AUSTRAC in respect of its investigation and engaged constructively with AUSTRAC in relation to responding to the claims advanced in this proceeding. In particular, in addition to the remediation, corrective measures and enhancements that Westpac has undertaken, Westpac has continued to work cooperatively with AUSTRAC on matters relating to AUSTRAC’s ongoing supervisory role and in the conduct of the proceeding and following the commencement of the proceeding promptly expressed contrition and its desire to work with AUSTRAC to resolve the proceeding, responded to AUSTRAC’s extensive requests for further information and documents, and made substantial admissions at the earliest available opportunity.

188    But such circumstances do not displace the necessity to impose a significant penalty.

Other decisions

189    As to parity, as I said in ASIC v CBA at [77]:

… it is appropriate to consider the question of parity. But in all but the co-offender scenario or analogues thereof it is conceptually problematic to look at penalties in other cases to calibrate a figure in the present case when all that one has from the other cases are single point determinations produced by opaque intuitive synthesis. Deconvolution analysis of the single point determinations in order to work out the causative contribution of any particular factor is unrealistic. No juridical style Fourier transformation is possible. But unless that can be done, comparisons outside the co-offender or like scenario have little value. Moreover, the comparative value of other single point determinations is even further reduced in cases where they have been substantially influenced by the parties’ identification of and then consensus to the relevant figure or range.

190    The AUSTRAC v CBA case is the closest comparator to the present case and there is a degree of similarity between matters raised in AUSTRAC v CBA and the present case. But I agree with the parties that the agreed facts as to the scale of the contraventions in the present case are such that any comparison with AUSTRAC v CBA is of limited utility.

Conclusion on penalties and other matters

191    In my view penalties should be imposed in accordance with the following table totalling $1.3 billion:

Contravention

Number

Penalty

s 45(2) – late IFTI reports

19,502,841

$270 million

s 45(2) – IFTI reports without payer name

76,144

$20 million

s 64(7)(f) and (6) – electronic funds transfer instruction failures

10,540

$3 million

s 115 – record keeping failures

3,516,238

$7 million

s 98 – correspondent banking preliminary risk assessment and due diligence assessment failures

96

$300 million

s 81 – AML/CTF program

Innumerable

$400 million

s 36 – ongoing customer due diligence

262 customers

$300 million

192    These components are appropriate penalties, particularly as any overlap between ss 45(2) and 81(1) and between ss 36(1) and 81(1) has been taken into account.

193    But it is appropriate to say something further concerning the ss 81 and 98 systems breaches.

194    Clearly the integrity of Australia’s financial system depends upon Westpac and the other major banks having first-class compliant risk based systems to address ML/TF risks. Further, transparency with international payments that pass through the Australian system is essential to dealing with such risks. After all, money laundering is all about obscuring the origin and destination of funds.

195    Now there were two systemic concerns with Westpac’s systems that I raised with the parties.

196    The first of these related to Westpac’s Part A program concerning the s 81(1) contraventions. Clearly this program failed to properly identify, mitigate and manage the ML/TF risks. Further, Westpac’s transaction monitoring program was seriously deficient. That had ramifications for monitoring international payment flows concerning billions of dollars that had higher money laundering risks including risks associated with child exploitation and tax offences. Further, the inadequacies in the Part A program led to inadequacies in systems and controls for IFTIs including the numerous s 45(2) contraventions. Part of the proposed penalty of $1.3 billion has a component of $400 million for the s 81 contraventions concerning deficiencies in Westpac’s joint AML/CTF program. I have given consideration to whether this should be changed, but given the other significant components of $270 million for the s 45(2) breaches concerning the late IFTI reporting and $300 million for the s 36 breaches concerning ongoing customer due diligence dealing with child exploitation material risks, I will leave the s 81 contraventions at $400 million.

197    I said that there were two systemic concerns. The other specific concern that I raised was with Westpac’s correspondent banking relationships and the s 98 contraventions.

198    Clearly such relationships produce higher ML/TF risks. Of particular concern are risks associated with the transparency of the identity and source of funds of customers of correspondent banks. Westpac failed to appropriately monitor vostro accounts and direct model ACM arrangement payment flows concerning correspondent banking arrangements. This increased Westpac’s exposure to ML/TF risks. And even more significantly, these deficiencies increased the exposure of the Australian payments system to such risks.

199    Contamination from the suspect practices of foreign correspondent banks and their customers must be avoided.

200    Now the penalty put to me for these s 98 contraventions concerning correspondent banking relationships is $300 million. If that was the only penalty to be imposed I may have adjusted it. However, given the overall considerations of proportionality and totality, I will leave this figure where it is.

201    In summary then, in my view each of the penalties set out in the above table are appropriate, both separately and in the aggregate.

202    I should now deal with two other matters, being declarations and costs.

203    I have a wide discretionary power to make declarations under s 21 of the Federal Court of Australia Act 1976 (Cth). And for the following reasons it is appropriate to make the declarations sought.

204    First, there has been a direct and important question as to whether Westpac contravened the provisions of the Act and the extent of those contraventions.

205    Second, the AUSTRAC CEO has a real interest in bringing the proceeding on behalf of AUSTRAC, the statutory regulator discharging its functions in the public interest.

206    Third, there is a proper contradictor. Westpac has an interest in opposing the relief. This remains so notwithstanding its admissions and agreement.

207    Fourth, the utility of the declarations is not in doubt. They assist in discharging the objective of general deterrence.

208    Finally, Westpac has agreed to pay the AUSTRAC CEO’s costs of the proceeding in an agreed amount.

209    I will make orders to accord with the above reasons.

I certify that the preceding two hundred and nine (209) numbered paragraphs are a true copy of the Reasons for Judgment of the Honourable Justice Beach.

Associate:

Dated:    22 October 2020