I like the sound of ~ONE TRILLION DOLLARS. As long as they pay off all the depositors first (excepting the level 1-2s) I say go for it. It would be very instructional. We have the same rules here.
Australia's Commonwealth Bank has blamed a software update for a money laundering scam that saw criminals send over AU$70m (US$55m, £42.5m) offshore after depositing cash into automatic teller machines. News of the Bank's involvement in the laundering scam broke last week, when Australia's financial intelligence agency AUSTRAC …
@eldakka - times have changed. Now you sick a wad of cash into a contraption that grabs it from you and counts it. But I think you can only stick a maximum of 50 bills in at one go, and I would suspect most money laundering isn't done with crisp, clean, large denomination bills. So you'd probably have to feed several stacks into the machine and wait as they are counted in order to hit the $10,000 mark.
And these crooks did it over 53,000 times without setting off the alerts. They must have been camped out in front of the ATMs for months at a time.
I had two Bad Experiences of doing that.
(1) The bank got raided soon after I deposited my cheques, and I had to really moan at the bank to get my money credited (weeks later), even though I had proof of deposit. (The bank's excuse was that they are not insured against this kind of eventuality).
(2) Used one of those machines where it prints out copies of everything you submit. Ooh good! Except that the bank branch I submitted the cheques to was different to that on the printed receipt. Took an extra day for my account to be credited.
Since then I prefer to queue. Thank you.
I'm pretty sure that if the bank made a mistake whereby it lost $1T of funds it would be on the hook and the old "computer error" defence would not stop them being bankrupted. Also, I'd be very surprised if AUSTRAC needs to demonstrate criminal intent to nail the bank; incompetence alone should be enough.
From experience, the testing and validation of coding at the CBA has dropped off dramatically. There was a time when every code change was peer reviewed before it was implemented. The outsourcing of the IT meant that there were pressures on the outsourcer to cut their costs so "unnecessary" costs like code review and validation went out the window.
AC because I worked for CBA in their IT... and had to do periodic money laundering (and terrorist watch list) checks and independent verification of reporting code.
BTW, don't try to get around the $10000 mandatory reporting by doing multiple smaller transactions, certain patterns of transactions will flag the lower amounts...
"BTW, don't try to get around the $10000 mandatory reporting by doing multiple smaller transactions, certain patterns of transactions will flag the lower amounts."
In your day. On the basis of this report, maybe not now.
Oh, there are stories in the US of small business owners who been put out of business by the government (assets seized) because they kept doing $9000 deposits....
AUSTRAC notes all transactions over AUD$50, so running sub $10,000 transactions fools no-one. You may not be in the most watched category but every transaction should have been noted. It is one of the essential systems designed to find black money in our economy.
But to claim that it was software bug that went undetected for 3 years makes you wonder how competent the rest of their banking systems is. It beggars belief
It is inviting a case action.
"The news was not a good look for the Bank (CBA), because most of the cash was deposited into accounts established with fake drivers licences."
Software glitches aside what went on with the identity checking?
Given the Australian addiction to identity checking for almost everything (even worse, IMHO, than the UK - I was asked for proof of ID and address when buying a $750 camera lens with cash "to prevent guarantee fraud") the CB should be taken for task for not complying with ID requirements.
It begs the question as to how many other CB accounts are based on fake identity and are operating under the radar by just moving chunks $9000 around.
The identity check requirements only require someone to present the 100-point ID check documents to the bank staff creating the account. It doesn't require the bank staff to verify with the issuing agency the ID document.
So if the documents were either good enough forgeries such that they passed a quick visual inspection from a non-expert, or the ID is a genuinely issued ID but was obtained with fraudulent information (e.g. false information was provided to the DMV who issued the drivers licence with that fraudulent information), the bank would never know.
By "worse" you mean "thorough".
When someone is able to establish a bank account with a false identity it opens up a Pandora's box of problems for police, banks, government agencies and national security. It would be stupid for banks to slacken their identity verification processes.
This is why most criminal syndicates use mules with real identities. The mules wear the consequences when they are found out. This is a big hassle for crims which limits their operations.
"Given the Australian addiction to identity checking for almost everything (even worse, IMHO, than the UK"
You are not wrong there. When I first got to Australia 13 years ago, i went to Hardly Normals to buy a digital tv receiver. I was paying cash, and they asked for ID and proof of address. As I didn't have a permanent address yet or utility bills on me, there was a big debate amongst staff whether they could sell it to me.
They did eventually after much discussion. I still hate going to Harvey Normans, even for the simplest thing like an ink cartridge they want all your details.
Because Y'know, we're banks. We're special.*
This story smells all kinds of fishy. The ATM hardware is standard from various mfgs.
So is this a fault in the ATM code for transaction reporting at source, or a fail in the banks in house SW that crunches that data to produce a "suspect accounts list" ? Who writes ATM code? The banks provide the graphics but do they do detailed internal functions as well?
Wouldn't that be a pretty strange ATM reporting fault? Doesn't report some transactions, does report others? Keep in mind, those transactions are partly how the bank knows how much money is in a customers account. Sounds like the bank should be suing the ATM mfg. OTOH if it's in house they should sue their IT supplier.
*When I look at a bank I see a business. If it can't meet it's obligations due to fines then it's an ex business. It's customers need to find a new business to do their business through (after they've been compensated by the personal protection scheme most governments run) and shift their payments. It's loan book gets sold off and eventually everyone with a loan or mortgage through them gets a letter telling them the new arrangements.
What may complicate things is wheather they are still using that BS "insurance" process where by a claim on their "insurance" triggers multiple other bets (which is what they are) to fail.
It's way past time more banks were put out of their misery.
"Business without bankruptcy is like Heaven without Hell" as IIRC George Sorros put it.
There are reports that other Australian banks accept a maximum of $5,000 via similar ATMs. I suspect management at those banks were much happier after finding this out.
Yes, seriously, what's the deposit limit on these?
Now, I can understand in Canada where a $10k limit on an ATM is impractical because it would stop people from withdrawing enough to buy a cup of Tim Horton's, but still.
For 3 years there were no ATM reports and nobody normally getting them even blinked ? I mean, after a week at most somebody should have started asking questions.
I'm pretty sure they knew about the average number of reports they usually got. Seeing that drop to zero is a statistical impossibility.
3 years is a bloody long time to keep thinking "oh well, I might get a report next week".
But of course, blame the developers. We're used to that.
"Probably, nobody ever read the reports..."
Once had a customer whose contract demanded certain detailed reports sent to them on the first day of each month - otherwise there was a financial penalty.
Crunching the raw data to produce accurate reports was complicated and often required human intervention for reported exceptions. We managed to automate most of it with some customised software. A human still had to be in the office on the 1st of a month at the crack of dawn to oversee the run - no matter what day of the week or season.
After a few years it turned out that the customer's staff just filed the reports without anyone even understanding or looking at them.
Ah yes, the "One bad developer"
You would just not believe how many jobs this person has had traveling the globe as they ply their trade.
All distinguished by the level of s**t code they leave behind. :-(
The day they retire world software quality will rise dramatically.
The fact the issue was not detected by asking, why am I not reporting these any more (would expect it to be tracked just for a measure of business operations), and that nobody attempted to identify the transactions via other means (they are only simple transactions after all) suggests a deep rooted systemic failure.
Yes, testing should have caught it, %$(t happens - but this was long standing, undetected, and unmitigated.
Not a goo show at all I am afraid.
" including sales of insurance policies that covered almost nothing and predatory financial advisors who lined their own pockets by dishing out poor advice to investors. The Bank was also at the centre of the bribery allegations made against CSC subsidiary ServiceMesh"
yep, it's the CBA for sure.
While I generally believe in the adage "Never attribute to malice anything that can be accomplished by incompetence," this sounds a little too convenient to be accidental ... did someone have a quiet word with the offshore developers and suggest that they quietly add a semi-colon in the wrong place? It could have been quite profitable for everyone.
It can be a bit of both. Someone spots the mistake. They realise they are in big trouble for seeing it. Even if they do not even work in IT. Even if they are just a desk worker. How do they convince their boss? Who will believe them when the accuse the multi million dollar IT staff of making a mistake?
Then finally, they realize their pay check and bonus is being paid through the processing charges and other things involved, so they just get on with their day job and don't make any noise.
"Today the bank has explained the reason for its failure: “a coding error” that saw the ATMs fail to create reports of $10,000+ transactions. The error was introduced in a May 2012 update designed to address other matters, but not repaired until September 2015."
No-one noticed or cared that the report for large transactions weren't coming through and it takes three years to find it and fix it.
WOW, just WOW!
It is one thing that within the bank controls failed. Buy the regulator also took 3 years to spot the issue? They also should have been surprised that (only) one bank had no large deposits. So they have to review their own checks and in my opinion have no ground to put up a fine at all.
It may simply have been that they thought that no one was depositing $10000 at a time through an ATM. As a previous poster pointed out, the machines only accept 50 notes at a time, which means that to deposit $10,000 in a single transaction, ie stuffing sufficient notes in for a single counting episode, would require 10 $1,000 notes, or 20 $500 notes or 50 $200 notes or some combination such as 6 $1000 notes and 40 $100 notes. On the other hand, walking into a branch and slamming down 1,000 $10 notes would have been much more possible.
"In Canada the largest
is was $1000. However, any account with more than 10,000 cash is flagged regardless of transactions taking place."
And it looks as though any transaction involving old $1000 bills will get noticed. More info here:
I've never trusted Commonwealth Bank since they managed to lose $650000 of my money in 2001 (OK I got it back eventually)
When I emigrated in late 2000, I sold my house in England and, on the advice of my local adviser, I put the money on deposit at CBA. I didn't understand the process of buying a house in Australia so, when I bought a house over here, I trusted CBA to handle all the paperwork. About 2 months later I received an eviction notice! It appears they had set me up with a large line-of-credit mortgage. The money I had brought over from England had apparently vanished, so no repayments were coming in. When I called them, they apologised for a "small paperwork error" and promised to sort it all out. A month later I received another eviction notice, and the money from England was still nowhere to be seen. That's when I threatened to call the police, citing evidence of fraud. The reaction from my neighbours and colleagues was interesting, generally along the lines of "Yeah, mate, this happens all the time. Lots of immigrants lose all their money. You just have to put up with it". There was also some comment along the lines of "How dare you foreigners attack our great Australian banks". The bank's response was that I had obviously attempted some sort of currency fraud, and I only had myself to blame.
Eventually it was sorted out. It appears that my branch was closed just as the house purchase was going through, and some paperwork was mis-filed when my accounts were transferred to another branch. The $650000 was eventually found (in a non-interest-bearing account!), and I used it to pay off the mortgage, which I had never needed in the first place. I wasted thousands in stamp duty, conveyancer's fees, lost interest etc, but I finally got the deeds back in my hands. CBA never officially admitted any responsibility, although one branch manager told me, strictly unofficially, that she was "livid" with how the bank had treated me.
They put one last sting in the tail, which I only found out very recently. Last year I took out a mortgage to help my daughter buy her house. It turned out that CBA still had a caveat on my deeds, which they had "forgotten" to remove. That cost me a few hundred to fix.
CBA! Not happy!
P.S. The other banks over here aren't much better. Last year I donated $50 to the Mozilla Foundation from my Westpac account. Westpac responded to this "suspicious transaction" by freezing my account. They didn't give me any warning, or even tell me that they'd done it. I only found out when I started getting calls from people whose payments had bounced. When I phoned Westpac, their response was that I should be grateful for their "alertness" in responding to an unusual transaction.
I smell a bit of poo here.
As if you wouldn't have been paying very close attention to what you were doing here as opposed to just trusting everything was going to be just fine and dandy. You didnt keep an eye on your accounts to make sure your mortgage payments were going through? I mean come on who does that?
I am not saying that CBA have not screwed up but your complacency is a part of the problem here.
>quite clearly a business process failure.
More than that I think.
It may have been a business decision to provide minimum funding to these systems that doesn't make money for them, hence the business process failure. The system is there to comply with Australian financial regulation, and which the banks have to bear the cost of its development and running.
Had it been a system that does make money for the bank then they would have made sure that the system was verified and validated three times over.
Never underestimate the power of situation normal to cause issues to lie for a very long time. 3 years is well long enough for a missing report to become institutionalised as 'typical', get a bit of turnover in staff and like anything else, the knowledge is lost.
I can't tell if the bank is simply arrogant, grossly incompetent, negligent or genuinely complicit at this point. Perhaps it's a mixture. That's far far too long for it to be purely "a coding issue"; it's a SYSTEMIC issue, and heads should absolutely roll.
There's been some talk of people taking some pay cuts or some such, but making this all just go away with a "software glitch" excuse is hand-waving in the extreme. Not for 3 years, m8. That's just plain old fashioned negligence.
The bank has history at this point; so I have every expectation that there is more going on than a 'code issue'.
Not news to Australians perhaps, but... the opposition Labor party has promised that one of their first acts on getting in next time, will be to set up a standing Royal Commission (big government backed investigation) into banking and the finance industry. The Liberal National Coalition (The main Australian right-wing conservative party, who are currently in government) have howled and screamed that this is unnecessary and expensive and a waste and a nasty thing to do to their biggest donors...
On the same day this appeared in the papers, we had a report of a couple of Liberal Party people who used a phone, to bug a conversation, at a meeting. The meeting was to hand over a donation to the Liberals, from the Mafia. Now reports of that have partly been taken down again, due to a heavy-weight legal onslaught from the Liberal Party. Exactly where the truth lays, I'm not sure - but it was reported, even in the ABC, Australia's version of the Beeb.
At the same time, we are having a circus about same sex marriage. That would be alright, except there's more going on than meets the eye. The previous Lib PM, Tony Abbot, is trying to destabilise and replace the current Lib PM, Malcolm Turnbull, in as many ways and as many settings as he can, and the mess and the muddle over same sex marriage has become a political instrument for Tony Abbot to roll his boss, the man who rolled him. So we have Tony Abbot and his supporters doing every dirty sneaky trick they can think of, to sabotage the business of legalising gay marriage, and delay it, and put a spanner in the works, because it provides a backdrop for them to have a night-of-the-long-knives against the other Liberal faction who rolled them about a year and a half ago. All of which provides good political theatre, unless you're gay.
So, in one day, the Liberal Party are protecting the Commonwealth Bank, taking a bribe - sorry, donation - from the Mafia, (we have a recording) and using gay marriage to roll their current leader in favour of their previous leader.
And no, I don't know that the current Australian Labor Party are a whole lot better, but I will be extremely glad to see the back end of this set of clowns.
Biting the hand that feeds IT © 1998–2019