Listening to the ‘voice of financial crime risk’ and combatting the online exploitation of children

Recent AML enforcement in Australia sends a strong message on financial crime compliance in the context of protecting children online

With a second penalty in the hundreds of millions in as many years announced last month, AUSTRAC (the primary Australian financial crime regulator) has demonstrated the potential costs of non-compliance with anti-money laundering regulations and the extent to which operational failures and missed transaction reporting can quickly multiply into significant fines. While press coverage of money-laundering frequently highlights money flows linked to corruption, drug trafficking, organised crime and tax avoidance, this penalty also sheds further lights on the role of the financial system in protecting children online. It should also remind institutions that US and UK regulators, being the most active in this area, are not the only source of significant penalties.

The penalty

On 24 September 2020, Westpac agreed to pay a penalty of approx. USD930m (AUD 1.3bn) in respect of breaches of Australia’s Anti-Money Laundering and Counter Terrorist Financing Act 2006. If approved by the Federal Court of Australia this will represent Australia’s largest-ever civil penalty and follows a USD500m (AUD700m) penalty imposed on Commonwealth Bank in 2018 for AML/CTF failings which in part resulted in funds being channelled to drug importers.

Westpac has admitted breaches of its AML obligations including:

• failures to report international fund transfer instructions, to provide information as to the source of funds to AUSTRAC and to keep records of these transactions;
• failures to monitor risks in relation to correspondent banking relationships; and
• failures to carry out adequate customer due diligence in relation to transactions potentially relating to child exploitation.

The first two areas arose from systemic and operational failings within Westpac which contributed to a failure to report in excess of 19 million transactions totalling over USD7.8bn (AUD11bn).

In contrast to other notable enforcement activity by US and UK agencies, the agreed statement of facts filed by AUSTRAC and Westpac with the Federal Court focuses on the overall failure to provide required information to AUSTRAC for suspect transactions and does not identify specific instances of money-laundering or terrorist financing. AUSTRAC views such information as important to its ability to maintain the integrity of the Australian payment system.

Protecting children online

Certain of the transactions where Westpac fell short of its obligations were potentially linked to the online sexual exploitation of children (“OSEC”). While online exploitation has long been recognised as an issue for the tech industry (such as internet service providers and social media platforms), this penalty illustrates that the financial services and payments industry also has an important role to play in protecting children online.

Unlike some of the more “traditional” areas of financial crime concern, detecting commercial OSEC can present particular difficulties for institutions (for instance, the inability of onboarding due diligence to identify red flags which tend to characterise “typical” consumers of OSEC and the fact that payment for OSEC often adopts a high-frequency, low-value model (e.g. USD5 - 50) which in turn can fall under the threshold for suspicious ongoing account activity). Where detection scenarios are implemented the volume of transactions escalated for further review is likely to be significant which can cause concern from financial institutions. However, in recent years law enforcement agencies, NGOs and financial institutions have sought to collaborate and enhance the ability of financial institutions to identify and escalate transactions which may relate to OSEC. Westpac’s failure in this respect was to properly implement AUSTRAC guidance in its detection scenarios. While institutions may wish to believe that this issue does not arise in their customer base, the fact that the 12 Westpac customers initially identified in AUSTRAC’s statement of claim rose to over 200 following further investigation suggests that this is not an area for complacency.

Transaction flows in the developing international payments landscape and the entry of fintech startups in this area also present significant challenges to regulators and traditional banks by creating longer payment chains through which information may be obscured. Payment service providers (for example eWallet providers) may hold information about both ends of the payment chain, which is not available to the originating bank. However, it is the bank that is required to carry out customer due diligence. Similarly, a blanket de-risking by blocking low value transactions to certain jurisdictions would potentially have the effect of blocking legitimate remittances.

There are promising signs that financial institutions in the region have increased their attention to this issue. For instance, the International Centre for Missing and Exploited Children has hosted a variety of APAC country-specific roundtables to raise awareness and share learning on the fight against OSEC which bring together stakeholders from financial institutions, internet providers, technology companies, law enforcement agencies and specialist NGOs. In addition, a report released last month by the Philippines Anti-Money Laundering Council revealed that in the first half of 2020, it had received over 20,000 suspicious transaction reports associated with OSEC – almost double the total number received in 2019. The enforcement by AUSTRAC will hopefully serve to further galvanise financial institutions to keep up these efforts.

recent AML enforcement in Australia sends a strong message on financial crime compliance