AUSTRAC’s enforcement action against CBA followed exhaustive investigations into CBA’s AML/CTF compliance and risk management practices, particularly in relation to its Intelligent Deposit Machines (“IDMs”).

These investigations, undertaken in partnership with the Australian Federal Police, NSW Police Force and Western Australia Police, identified that CBA’s IDMs were being used to launder the illicit proceeds of crime.

In reaching the agreement, CBA has admitted it contravened the AML/CTF Act on 53,750 occasions.

In summary, CBA accepted that:

  • it failed to carry out an appropriate assessment of the money laundering and terrorism financing (ML/TF) risks of its IDMs prior to October 2017;
  • it failed to complete the introduction of appropriate controls to mitigate and manage the ML/TF risks of IDMs prior to April 2018;
  • it failed to provide 53,506 threshold transaction reports to AUSTRAC on time for cash transactions of $10,000 or more through IDMs from November 2012 to September 2015, having a total value of about $625 million;
  • for a period of three years, it did not comply with the requirements of its AML/CTF Program relating to monitoring transactions on 778,370 accounts;
  • it failed to report suspicious matters on time, or at all, involving transactions in the tens of millions of dollars; and
  • even after it became aware of suspected money laundering or structuring on CBA accounts, it did not monitor its customers to mitigate and manage ML/TF risk, including the ongoing ML/TF risks of doing business with those customers.

This outcome clearly sends a strong message to the industry that serious non-compliance with the AML/CTF Act will not be tolerated and the consequences of poor compliance are significant.

The Statement of Agreed Facts and Admissions is available at:


10 things that you should be DOING

You have Successfully Subscribed!