These articles first appeared in the Australian Financial Review. View the original articles in pdf here.

Now questions loom from NZ regulators

Smart ATMs

Patrick Durkin

The Commonwealth Bank faces questions from anti-money laundering regulators in New Zealand, after revelations that CBA’s New Zealand subsidiary ASB Bank is under scrutiny over the use of its smart ATM machines similar to those exploited by criminals in Australia. The CBA-owned ASB Bank rolled out a network of smart ATMs in December 2013 which allow its customers to deposit under $10,000 without any identification. The ATMs operate 24/7 and allow customers to deposit cash instantly into their bank accounts, including on weekends and public holidays. The customers can then transfer funds into other accounts and move them to other financial institutions or remit the funds overseas.

While other banks have used similar ATM technology, money laundering experts said other banks had hard limits and oversights, such as ANZ which had a cap of 50 notes and transaction monitoring systems to prevent repeat transactions. The CBA ATMs had a limit of 200 notes or $20,000 and no daily transaction limit which was exploited by the criminals, AUSTRAC claims in court documents.

CBA CEO Ian Narev has admitted the bank ‘‘made mistakes’’ by failing to report the money laundering. In Australia, $8.9 billion in cash moved through CBA’s smart ATMs before a compulsory risk assessment was undertaken with AUSTRAC alleging 53,700 contraventions of the act.

A spokesman for the Reserve Bank of New Zealand, which supervises banks for money laundering, said ‘‘smart ATMs will be on the agenda for regular anti-money laundering discussions we have with our supervised institutions’’. Organised crime syndicates, particularly from Malaysia, have exploited the so-called smart ATMs because they allow vast sums of money to be deposited without any face-to-face interaction with bank staff, a risk assessment from the RBNZ warned in April.

‘‘The ease of use and anonymity afforded by these services … present a high level of … risk. While RBNZ recognises that this service provides greater customer convenience and quicker deposit of funds the deposit of cash by unidentified persons remains a key vulnerability,’’ the RBNZ update warned.

Leading Australian and New Zealand barrister in financial crime and regulatory cases Gary Hughes said New Zealand’s laws carry a similarly explicit legal requirement to assess the risk of the smart ATMs for money laundering before they are rolled out.

‘‘There is a requirement to give direct consideration to any new or developing technologies or products, especially where they might favour anonymity,’’ Mr Hughes said. ‘‘In New Zealand, this is explicit in our legislation, obliging regulated entities to assess the risk of any such technologies before they introduce them, and to put in place any additional measures if needed to mitigate and manage the risk that the anonymous machine element can be exploited.’’

A spokesperson for ASB bank said its smart ATMs were a different model and used a different operating system to the CBA’s.

‘‘ASB has processes and tools in place to ensure compliance to New Zealand’s AML regime, including the reporting of suspicious transactions to the New Zealand Police Financial Intelligence Unit,’’ an ASB bank spokesperson said.

Money laundering expert Ronald Pol said it was unsurprising the Australian Federal Police had identified professional laundering syndicates from Malaysia exploiting weaknesses in CBA’s controls. ‘‘Criminal enterprises are adept at manipulating gaps in the anti-money laundering regime. When they identify a loophole, they quickly adjust their operations to exploit it,’’Mr Pol said.

Nathan Lynch, Thomson Reuters’ head of financial crime intelligence for Asia-Pacific, said regulators in New Zealand were scrutinising the bank’s anti-money laundering controls as it emerged that ASB Bank’s smart ATMs had similar vulnerabilities.

He claimed New Zealand regulators would now place pressure on CBA to do an internal review on the controls of its smart teller network.