But CBA is not alone in its alleged missteps. Some 50 large banks across the world — such as the ICBC, Citi, Standard Chartered, HSBC and Deutsche Bank have been involved in breaching the anti-money-laundering and counter-terrorism financing law.

Austrac needs to be commended for initiating the civil suit.

But it raises many questions. Was the CBA not aware that the Intelligent Deposit Machines facility provided an opportunity for misuse? How did the internal governance mechanism of CBA fail?

The law requires every bank to appoint a money laundering control officer to identify and mitigate money laundering and terrorism financing risk on a regular basis. How come the auditors or regulators, such as the Australian Prudential Regulation Authority, who conduct on-sight inspection couldn’t fathom that the facility could be misused?

Or was this all ignored assuming that it is the Austrac’s call? And above all, why do such big banks get involved in activities that they know could test the boundaries of legality?

The AMLCTF Act 2006 requires all reporting entities (banks and others specified under the Act) to put in place systems to identify and mitigate money laundering risk. Austrac found that CBA didn’t assess the money laundering and terrorism financing risk the IDMs posed when they were introduced in 2012, nor in 2015 bank-wide review.

Furthermore, transactions that were above the threshold transaction limit of $10,000 or more should have been reported to Austrac as well as those that involved suspicious transactions. It is surprising that the CBA either didn’t report or reported late, according to Austrac’s claim.

The alleged lapses on the part of the bank of the stature of CBA is inexcusable given the sheer volume of over 50,000 such transactions. It is hoped that Austrac’s actions would send a strong message that lapses won’t be tolerated.

However, while this post-mortem will go on, it raises some basic questions about the way big banks, in particular, are approaching the compliance under the AMLCTF. But the CBA is not alone.

• HSBC was imposed with a fine of nearly $US2 billion in 2012 for its involvement in facilitating terrorism financing.

• The world’s 50 biggest banks have also been allegedly involved in Russian money laundering.

• Some major banks in the world have also called on regulators to ease the requirements under the AMLCTF rules. The alleged actions and stance of CBA as well as the world’s powerful banks raises a number of questions.

First, “profit before everything else” philosophy seems to guide the big banks. The alleged noncompliance by CBA would not have happened at the junior level and the rot needs to be traced at the very top.

Was the group risk management committee aware of the alleged non-compliance? What actions did they take? Or — one can only speculate — was all this going on with their tacit approval?

If a court finds wrongdoing, are sanctions going to be imposed personally on the erring officials or the institution pays for the deliberate lapse on their part?

The apparent internal governance failure within CBA is shocking. More staggering is the alleged deliberate attempt to hide or delay reporting. The pet argument of the banks would be that compliance costs are high. However, they invariably pass these on to the customers.

Second, the role of APRA and external auditors also needs to be scrutinised. How is that the on-sight inspection mechanism of APRA failed to pick up such serious lapses in their assessment of risk management?

Did the external auditors not pick the alleged non-compliance for several years? Auditing Standards do require them to examine AMLCTF-related compliance systems. The tendency seems to be, there is Austrac to look after this so why bother.

Third, if one of our big banks is going to be so casual towards the implementation of the AMLCTF, why do we have such a huge compliance machinery in place at the taxpayers’ expense?

Fourth, we already know how difficult it is to trace money laundering transactions when they make round trips across several jurisdictions. Western countries are often critical of poor governance in developing countries. However, they need to do some introspection at home. Without the convenience of the big banks, it would be very hard that money can be transferred across the border without getting tracked.

Fifth, if criminal penalties are imposed on bank management it could deter such behaviour, but who is going to bell that cat?

Until such time the above issues are thoroughly investigated at all levels and actions initiated there is less likelihood of anything concrete happening.

Milind Sathye is professor of banking and finance at the University of Canberra.

More related stories

Opinion

How I survived Writers Fest

Lo, I ventured into the Canberra bubble, and returned ­unharmed and unchastened.

Read more

Opinion

Slaves to sanctimony

The activist Left increasingly will bully any journalist impertinent enough to report facts.

Read more