Previously unreleased documents, filed to support a Federal Court class action against CBA by Maurice Blackburn, shed new light on the bank’s shambolic ­approach to identifying and dealing with the compliance issues.

Red flags around noncompliance were raised by employees as far back as 2013 and 2014, it is alleged in the documents that cite emails between staff. “A spreadsheet discovered by CBA reveals that the June 2014 late (threshold transaction reports) had a total value of approximately $143.7m,” the documents read.

They also show that in the latter half of 2013 emails alerted then CBA senior technical business analyst Mark Ashdown to two transactions not included in required reporting to regulators.

“Astonishingly, no further action was taken,” the class action applicants say in the documents.

On an account monitoring issue, CBA is alleged to have downgraded the matter to a ­“medium rating” in 2014.

The bank’s lax approach to its anti-money-laundering and counter-terrorism financing obligations saw it settle legal action brought by regulator Austrac in 2018, and pay the $700m fine.

Austrac identified more than 53,800 contraventions of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, and found criminals including suspected terrorists were exploiting the bank’s systems.

The applicants represented by Maurice Blackburn are suing CBA claiming the bank’s failure to inform the market of what it had found and of Austrac’s initial probing harmed investors. Disclosure of the regulatory action launched in 2017 triggered a 5.4 per cent fall in its share price.

The lead applicants in the class action include William Phillips and Philip and Joanne Baron. In an affidavit, Mr Phillips said he would not have participated in a 2015 capital raising if CBA had adequately disclosed information about Austrac’s probe.

Among points raised in their affidavit, the Barons said their super fund would have refrained from purchasing CBA shares through the dividend reinvestment plan, unless they believed the stock “was settled at a level which fairly reflected those risks”.

CBA is defending the class ­action arguing its initial engagement with Austrac gave no indication that legal action would eventuate. The bank’s defence said it did not have sufficient ­information to warrant market disclosure in the years ahead of 2017 and that the internal reports in 2014 were not material and were unlikely to have negatively affected the share price. CBA faced stiff remediation action by the prudential regulator over the compliance failures, including an enforceable undertaking and being forced to hold more capital.

The class action stems from CBA’s troubled rollout of its so-called intelligent deposit machines, which could accept deposits up to $20,000 cash per transaction, with no limit on the number of transactions a customer could make daily.

CBA started rolling out the machines in 2012, but when changes were made to the machines to fix customer receipts late that year and then again in September 2015, the link between the deposits and CBA’s reporting to Austrac was severed. Those reporting errors were not escalated to management until mid-to-late August 2015, leading the bank to report to Austrac it had failed to inform it of at least 53,506 cash deposits in excess of $10,000 through intelligent ATMs.

The case documents note that the retail division’s then chief risk officer, Fiona Larnach, escalated the issue to then head of the unit Matt Comyn in August 2015.

“By that date, ‘group execs’ were provided daily updates on the issue,” the documents say. Mr Comyn is the current CBA CEO.

The law firm cites the CBA staff emails between August and October 2013 – which chart the discovery that the deposit machines were not passing on transaction reports to Austrac – as the point when the incidents should have been escalated. The class action alleges that despite the issue being identified as a risk, the bank “took three counterintuitive measures”. First, CBA allegedly chose to implement a self-correction process for its account type issues in a move that took 13 months, rather than a few hours.

The documents say the bank also opted not to remediate previously unmonitored transactions on affected accounts “which CBA had estimated would only take three weeks”. CBA downgraded the unremedied issues rather than escalating them, assigning it a “medium” risk rating.

The case, which began in mid-2018, is being heard and is set to run through to December 16. It has seen a string of former CBA figures hauled in, including former chief executive Ian Narev, who announced his resignation just days after the money-laundering breaches were outlined in Austrac’s court action.

Despite some documents being released to The Weekend Australian, CBA has secured a ruling from the court to suppress large parts of evidence.

The bank’s troubles escalated when Austrac contacted CBA twice in August 2015, calling on the bank to find two threshold transaction reports. CBA was unable to locate the reports and the two sides traded emails, before CBA’s production operations employee Arun Palanisamy told Austrac the bank’s systems did not “gather data on cash deposits made via IDMs/ATMs”.

“The picture does not look promising,” CBA group head of AML/CTF and sanctions Tony Byrne told the group operational risk officer Gary Dingley.

“This does not sound good,” Mr Dingley responded.

The class action claims CBA was aware of major issues with its anti-money-laundering and counter-terrorism financing reporting systems, pointing to a ­December 2013 internal audit at the bank that identified issues.

In August 2014, PwC delivered an audit to CBA management of the bank’s AML and CTF systems, warning that the bank faced increased regulatory scrutiny.

In May 2014, CBA produced another internal audit report of its AML and CTF issues, again finding the bank’s control environment was unsatisfactory and giving the bank another red ­rating. The class action notes the increased attention given to the issues by September 2015.

In a note sent to Mr Comyn on September 6, the then CEO noted “we need to take this extremely seriously”.

“I have let Alden (Toevs) know that he should personally be in touch with Austrac about this, and offer up discussions with me,” Mr Narev said.

Around that time, CBA notified Austrac of the transaction threshold reporting breaches, noting the bank had missed at least 51,637 reports. But the court documents suggest Austrac was not satisfied, questioning why the bank added more breaches weeks after reporting the issue.

CBA and Austrac traded correspondence over 2015 and 2016, with the regulator sending the bank notices to hand over information, which bank figures noted could signal civil penalties. Austrac’s investigations also saw the regulator uncover further failures at CBA, including not properly monitoring transactions, which was only picked up by a “passing reference” in a tranche of documents supplied to the regulator.

More Coverage

ING hit with anti-money laundering warnings

David Ross

Austrac eyes ‘on crypto, lenders’

David Ross

Originally published as Noncompliance warnings were raised by staff as far back as 2013, court documents show