About $9.37 billion worth of transactions involving foreign trust customers weren't subject to adequate oversight as a backlog of tens of thousands of alerts from ASB's transaction monitoring system built up, a statement of claim in an anti-money laundering court case brought by the Reserve Bank against ASB says.
In a March 9 High Court hearing Justice Laura O’Gorman directed counsel for the Reserve Bank and ASB to provide interest.co.nz with a redacted statement of claim, which was received late on Wednesday, March 25.
The hearing follows a Reserve Bank (RBNZ) announcement on December 15 last year saying it had filed civil court proceedings against ASB for breaches of core anti-money laundering requirements dating from at least December 2019.
ASB co-operated with the RBNZ and accepted responsibility for breaches of its Anti-Money Laundering and Countering Financing of Terrorism Act (AML/CFT Act) obligations, with its CEO Vittoria Shortt saying; "We didn’t get this right and I apologise for that."
The RBNZ and ASB agreed to jointly recommend a penalty of $6.73 million to the High Court. The March 9 hearing was to determine the final penalty. Justice O’Gorman reserved her decision.
The statement of claim notes the RBNZ’s case is not that ASB was directly involved in money laundering, child exploitation or the financing of terrorism at any time. However, it sheds light on the issues leading to action by the RBNZ, which supervises banks for compliance with the AML/CFT Act.
Transaction monitoring woes
At the centre of ASB's compliance problems was its automated, centralised transaction monitoring system known as Predator, supplied by vendor GBG Australia Pty Ltd. Predator used rules to detect certain behaviours or patterns of activities of customers with whom ASB had business relationships. Predator was loaded with various rules which, if triggered by one or more transactions, resulted in alerts.
ASB's process for reviewing the alerts was redacted in the statement of claim.
ASB contraventions cited in the statement of claim include that between 12 December 2019 and 28 February 2024 the bank failed to resolve 120,771 standard priority alerts, within the required timeframe, involving transactions worth about $11.62 billion, and 595 high priority alerts involving transactions worth about $492.7 million. The average time to resolve the high priority alerts was 46 days.
Another contravention cited is that ASB didn't conduct ongoing customer due diligence on 2,624 foreign trust customers during a period in which they engaged in 655,115 transactions worth about $9.37 billion.
$13m penalty the maximum possible
In court Meredith Connell partner Sam McMullan, representing the RBNZ, said $13 million was the maximum available penalty for ASB. The parties had agreed to a starting point of $8.975 million. A 25% discount was set for ASB due to the bank's admissions and co-operation, with the suggested penalty landing at $6.73 million.
McMullan said the RBNZ maintains ASB, "an entity of significant means," didn't invest enough money to help rectify its AML compliance problems "prioritising profit over compliance."
ASB's lawyer, Blair Keown of Bell Gully, said the bank disagrees with this assessment. Rather than focusing on commercial profit making ventures instead of AML/CFT Act compliance, ASB "decided to move forward with other financial crime related projects," Keown said, adding they "couldn't all be delivered at once," with "access to recognised expertise" a key challenge.
Keown said ASB did take steps in response to the identified deficiencies in its AML/CFT Act compliance, but accepts it didn't do enough quickly enough. ASB's "acceptance of responsibility came at the first opportunity," Keown said.
McMullan said ASB's AML/CFT Act breaches were "much more significant" than those of TSB, the only bank the RBNZ has previously taken to court over AML/CFT Act breaches. TSB was fined $3.5 million in 2021.
Foreign trusts
The statement of claim says from February 2021, ASB specified trusts domiciled outside of New Zealand, and trusts with foreign beneficial owners, as high risk customers.
In court McMullan noted almost 72% of ASB's foreign trust customers had not been reviewed in relation to more than $9 billion of transactions. Foreign trusts providing anonymity to the beneficial owners of the trusts' assets is a key reason why foreign trusts are deemed high risk, he added.
A NZ foreign trust is a trust arrangement with assets settled onto the trust by a non-resident settlor. Typically these assets are held offshore.
The rules around NZ foreign trusts were tightened in the wake of the Panama Papers in 2016, with the use of some such trusts seen as potentially damaging to NZ's international reputation. A foreign trust registry with information on persons connected to the trust was introduced, which is open to the Police and the Department of Internal Affairs.
The number of NZ foreign trusts has fallen significantly since 2016.
Big backlog
Between September 2019 and 8 February 2024, ASB experienced a significant backlog of alerts, the resolution of which exceeded the required timeframes within which the bank was expected to act. The specific duration of the required timeframes within which ASB was meant to resolve the alerts was redacted. From at least 5 December 2019, ASB’s senior management was aware of the backlog.
An RBNZ onsite inspection of ASB's AML/CFT Act compliance in November 2019 highlighted ASB’s risk rating model had failed to appropriately categorise some customers as high risk, preventing those customers from being subjected to appropriate ongoing customer due diligence. Additionally some of ASB’s high risk customers, such as trusts, may not have been subject to regular ongoing customer due diligence reviews.
"ASB was required to consider its approach to ongoing customer due diligence as part of its review of the risk rating model, and to ensure that approach was appropriately risk based. ASB was aware that the 2019 onsite inspection could not be relied on to detect every instance of non-compliance with the [AML/CFT] Act," the statement of claim says.
In May 2023 RBNZ staff conducted another onsite inspection of ASB's AML/CFT Act compliance. The report following this visit identified ASB’s alert backlog as a material breach of the AML/CFT Act. It also noted alerts for terrorism financing and child exploitation weren't being triaged as high priority alerts unless associated with a high risk customer, despite this issue being raised in a 2022 report by ASB's audit and assurance team. There was also an inability to alter the prioritisation of alerts relating to terrorism financing and child exploitation due to Predator’s limitations.
Additionally ASB had failed to rectify known issues with its risk rating model, failing to reflect the number of high risk customer types the bank dealt with despite this issue being raised in 2019.
And in terms of ongoing customer due diligence on foreign trusts, "ASB had taken an inadequate approach to ongoing customer due diligence," with a monthly sample of 28 foreign trusts that hadn't been subject to ongoing customer due diligence within the preceding three years to be selected for review.
"The consequence of ASB’s approach was that not all foreign trusts would be subject to ongoing customer due diligence within any three-year period," the statement of claim says.
ASB’s AML/CFT programme required it to resolve alerts and unusual activity reports within specified timeframes from the date of the alert. These timeframes are redacted. The statement of claim says overall during the 2019 to 2024 period, the average time to resolve standard priority alerts was about 50 calendar days, and 5.6 working days for high priority alerts.
ASB also filed 1,373 suspicious activity reports relating to transactions worth about $60.7 million later than the required three working days.
Consultants and the long running Predator saga
In November 2011, ASB’s board decided to adopt Predator as the bank's transaction monitoring system for when the AML/CFT Act took effect in 2013, subject to obtaining independent external assurance. ASB thus hired PricewaterhouseCoopers (PwC) to undertake an independent review of the use of Predator for AML/CFT account monitoring purposes, and subsequently adopted Predator.
However, PwC noted the rules and scenarios required for AML/CFT monitoring were likely to become more sophisticated in the future than supported by Predator at the time. ASB should keep an eye on a more sophisticated transaction monitoring service used by its parent, the Commonwealth Bank of Australia, and shift to this platform when it became appropriate to do so. Additionally some more complex monitoring rules weren't necessarily supported by Predator, including high risk customer requirements, and politically exposed persons and sanctions, PwC said.
In June 2013, Predator became ASB’s transaction monitoring system, but couldn't display alerts older than 13 weeks, or more than 4,500 alerts at once. Alerts that couldn't be displayed were stored on an archive platform for up to three years and had to be manually extracted before they could be reviewed. At some point before 14 June 2021, Predator’s maximum display capacity was increased to 9,000 alerts.
An ASB audit and assurance report in 2017 found Predator had limitations because it wasn't specifically designed for the purpose of AML/CFT-related transaction monitoring.
In October 2019, ASB hired Ernst & Young (EY) to conduct an independent validation of ASB’s transaction monitoring daily reconciliation process after self-identifying an issue with transactions potentially not being appropriately processed by Predator. In February 2020, EY's report gave the reconciliation process a “marginal rating” meaning controls were operating but required improvement to ensure all risks were being managed properly.
Then in May 2020, GBG Australia, Predator’s vendor, told ASB that Predator wouldn't be supported after 5 March 2021. ASB decided to continue using Predator with internal ASB support.
However, the 2022 ASB audit and assurance report found Predator’s technical limitations meant the bank had to use alternative tools to implement certain transaction monitoring rules, none of which were fit for purpose and which limited ASB’s ability to implement and manage the required transaction monitoring rules effectively and efficiently.
In February 2021 an ASB executive strategy group put plans for a transaction monitoring system upgrade on hold for 12 months, noting the bank had; "insufficient specialist resource and capability in its platforms to deliver the upgrade while safely absorbing the amount of change represented by all projects."
According to the statement of claim, in August 2025 ASB said an Oracle AML specific transaction monitoring system would replace Predator, with all transaction monitoring rules scheduled to be removed from Predator by April 2026.
Other consultants were also involved. In June 2022, ASB hired Deloitte NZ, who subcontracted with Deloitte Touché Tohmatsu India, to provide operational support to supplement ASB's financial crime investigation/intelligence team, including to investigate alerts and clear the backlog.
Disclosure and action
On 20 February 2023 ASB disclosed the backlog to the RBNZ, and in September 2023 ASB hired Emagine Consulting UK, effectively to take over from Deloitte.
On or around 8 February 2024, ASB cleared the backlog. By this stage ASB’s transaction monitoring team’s business as usual staffing featured 50 approved full-time equivalent staff members, 32 actual full-time equivalent staff members, and its remediation resource comprised 11 approved, and actual, full-time equivalent staff. Between March and April 2024, ASB employed another 25 full-time equivalent staff to ensure alerts could be sustainably managed within required timeframes.
On 18 March 2024, the RBNZ told ASB it had launched an investigation into ASB’s compliance with the AML/CFT Act.
Seven causes of action detailed in the statement of claim include three related to failure to establish, implement, or maintain an AML/CFT programme, and one each of failure to adequately conduct ongoing customer due diligence, failure to report suspicious activities, failure to conduct enhanced customer due diligence and failure to terminate business relationships as required.
Since February 2024, ASB says it has not had any backlog and all alerts have been resolved within timeframes.
*This article was first published in our email for paying subscribers. See here for more details and how to subscribe.
We welcome your comments below. If you are not already registered, please register to comment
Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.