We previously have observed that financial institutions face an increasing risk that alleged Anti-Money Laundering (“AML”) and Counter-Terrorism Financing (“CTF”) violations will lead to follow-on allegations of securities law violations – allegations brought not only by the government, but also by investor class action suits.

This phenomenon of AML law and securities law converging is not limited to the United States, as reflected by a recent class action lawsuit filed against one of the biggest banks in Australia – Commonwealth Bank – which arises out of claims by the Australian government that the bank failed to act adequately on indications that drug rings were using its network of “intelligent” deposit machines to launder tens of millions of dollars.

On October 8, the Australian plaintiff litigation law firm of Maurice Blackburn filed a statement of claim against the Commonwealth Bank of Australia (“CBA”), alleging in summary that, as of July 1, 2015, CBA internally became aware of information regarding AML/CTF system failures “that a reasonable person would expect to have a material effect on the price or value of CBA shares,” but did not disclose this information to the Australian Securities Exchange, or ASX, thereby  resulting in investor harm.  This civil lawsuit follows on a pending claim filed on August 3 by the Australian Transaction Reports and Analysis Center (“AUSTRAC”) – a government financial intelligence agency whose rough counterpart in the U.S. would be the Financial Crimes Enforcement Network (“FinCEN”) – seeking civil monetary penalties against CBA for over 53,000 alleged violations of Australia’s AML/CTF law.

The case turns on the bank’s use of intelligent deposit machines (“IDMs”), a type of ATM which allows customers to anonymously deposit and transfer cash, and a device which seems almost destined to create problems for AML/CTF compliance.  According to AUSTRAC:

Deposits through an IDM are automatically counted and are credited instantly to the nominated recipient account. The funds are then available for immediate transfer to other accounts both domestically and internationally.

IDMs can accept up to . . . $20,000 per cash transaction. [CBA] does not limit the number of IDM transactions a customer can make a day.

IDMs facilitate anonymous cash deposits. In order to make a deposit through an IDM, a card must be entered to activate the machine.  The card can be from any financial institution, however, deposits can only be made into [CBA] accounts.  If the card entered into the machine was not issued by [CBA], the cardholder details are not known to [CBA].  Nor are banks obliged to collect or report depositor details for threshold transaction reports (TTRs) for deposits made through an IDM.

By 2016, billions in cash deposits were being made through the bank’s IDMs. According to AUSTRAC, the anonymity offered by the IDMs apparently appealed to certain drug trafficking/money laundering syndicates, which used the machines to make over $70 million in suspicious and often structured cash deposits from late 2014 through May 2016.

Overall, the press release by AUSTRAC alleges the following:

• CBA did not comply with its own AML/CTF program, because it did not carry out any assessment of the AML and CTF risks posed by the IDMs before their rollout in 2012, and that CBA took no steps to assess such risks until mid-2015.

• For a period of three years, CBA did not comply with the requirements of its AML/CTF program relating to monitoring transactions on 778,370 accounts.

• CBA failed to file 53,506 Threshold Transaction Reports, or TTRs, with AUSTRAC on time for cash transactions of $10,000 or more through IDMs from November 2012 to September 2015. These late TTRs represented approximately 95 per cent of the threshold transactions that occurred through the bank’s IDMs from November 2012 to September 2015 and had a total value of around $624.7 million.

• CBA failed to file Suspicious Matter Reports, or SMRs, either on time or at all involving transactions totalling over $77 million.

• Even after CBA became aware of suspected money laundering or structuring involving CBA accounts, it did not monitor its customers to mitigate and manage the AML/CTF risks, including the ongoing risks of doing business with those customers.

In general, the plaintiff class action latches on to the above allegations by AUSTRAC and further alleges that the bank misrepresented over time to investors and the market that it was in compliance with its AML/CTF obligations.

The bank has stated that it intends to defend itself against these allegations, and that the IDMs suffered from a coding error which has been corrected. Although CBA’s stock price has fallen since AUSTRAC announced its action on August 3, CBA still has enjoyed overall record profits for several years.  The bank also has stated that it has been cooperating fully with AUSTRAC, that it reports over four million transactions annually to AUSTRAC, and that it has invested over $230 million in its AML compliance and reporting systems.