The Commonwealth Bank of Australia has blamed a "coding error" for a failure to report suspicious transactions involving its Intelligent Deposit Machines (IDMs).
AUSTRAC has accused CBA of "serious and systemic non-compliance" with Australia's Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
The agency last week launched proceedings in the Federal Court against the bank, seeking civil penalties for what it said were 53,700 contraventions of Australia's anti-money laundering regime.
A key part of the court action by Australia's money laundering watchdog centres on the IDMs, which first rolled out by the bank in May 2012. The IDMs allow customers to deposit up to 200 notes at a time, with unlimited depositions permitted each day.
Although the IDMs can only deposit into CBA accounts, deposits can be made by anyone; a card from a bank is necessary to activate the machines, but cardholder details are not recorded in the case of non-CBA accounts.
In documents filed with the court, AUSTRAC said that the use of IDMs has soared. Between June 2012 and November 2012, $89.1 million was deposited using IDMs. In May and June 2016, a total of around $2 billion was deposited using IDMs.
AUSTRAC alleges a number of breaches of anti-money laundering regulations by the bank, including the lack of a money laundering/terrorism financing risk assessment prior to the rollout of IDMs and the lack of controls to mitigate and manage higher ML/TF risks represented by the IDMs.
AUSTRAC says that CBA failed to report 53,506 "threshold transactions" - transactions involving $10,000 or more - between 5 November 2012 and 1 September 2015.
"Suspected money laundering was conducted through CommBank accounts, by way of cash deposits, many through IDMs, followed immediately by international and domestic transfers," states a concise statement filed with the court by AUSTRAC.
The organisation said that CBA failed to report suspicious matters either on time or at all involving transactions totalling over $77 million.
The bank said today that when the IDMs were first rolled out they provided correct threshold transaction reports (TTRs) to AUSTRAC. However following a late 2012 software update "a coding error occurred which meant the IDMs did not create the TTRs needed."
"This error became apparent in 2015 and within a month of discovering it, we notified AUSTRAC, delivered the missing TTRs and fixed the coding issue," the bank said.
"The vast majority of the reporting failures alleged in the statement of claim (approximately 53,000) relate specifically to this coding error."
The bank acknowledged that AUSTRAC has made "other serious allegations in the claim unrelated to the TTRs."
"In an organisation as large as Commonwealth Bank, mistakes can be made. We know that because we are a big organisation, these mistakes can have significant impact," the bank said.
Sign up for Computerworld eNewsletters.