The financial intelligence agency Austrac has alleged the Commonwealth Bank’s Intelligent Deposit Machines broke anti-money laundering laws on 53,700 occasions, and that the bank turned a blind eye to suspicious activities. The potential fines of almost a trillion dollars have already overshadowed a record $9.8 billion full-year dollar profit.
The whole CBA money laundering scandal needs a bit more analysis. The latest excuse is that it was a software glitch. Is that a cause, or a symptom?
In risk management, there is a technique called root cause analysis. The only way to get to the bottom or a problem is to drill down and keep asking “…and what caused that…”
Applying root cause analysis to the CBA issue, we start with the software glitch and ask what caused that. Obviously nobody has come up with that answer – at least publicly – as yet. The best we can do is to look at what usually causes software glitches.
The typical cause is lack of proper testing when the change was made. But what caused the lack of proper testing? Once again, the typical causes are lack of time, lack of people, lack of money, lack of testing skills or lack of a proper test plan.
The three streams are people, processes or expertise. All three point to an organisation that has cut corners on either the number of people, their time or their skills. This would seem to be reinforced by the fact that nobody seemed to miss the production of the reports. Surely someone said
“The reports on suspected money laundering we used to get are not there. What happened to them?”
So why are people, time allocation or skills not working. Usual reason is that resources are reduced, or re-allocated somewhere else to improve profitability.
If this is the case, why are we trying to increase profitability to the level where it threatens legal compliance? Again we can only look at the usual suspects.
- Shareholders (and that is us who have superannuation) are demanding bigger returns than the bank can deliver, and still comply with regulations
- The board are driving such a lean operation cracks are starting to appear
- Executives are driven by bonuses and KPIs to cut corners
The root cause would seem to be one or more of the three points above. Blame could potentially be sheeted home to shareholders wanting more profit, a Board who put too much pressure on management, and/or executives who caved in to the pressure and cut costs too far. Is anyone likely to loose their job over this? Highly unlikely. A few bonuses have been trimmed back but nobody will get fired unless it is some poor technical person who implemented the software change.
The problem seems cultural rather than a minor slip up. I would be asking why the compliance team did not demand the missing reports? Who was supposed to be looking at these reports and identifying anomalies? If they missed these, are there other problems that have been missed? Is the risk and compliance staffed to a level that they can do their job?
Labor has to do nothing. The banks are arguing the case for a royal commission into banking in a much more effective manner than Bill Shorten ever could. Like legalising gay marriage, lets just get it over and done with rather than stalling.