Australia’s financial crime regulator has accused Westpac Banking of committing over 23 million breaches of the country’s anti-money laundering and counter-terrorism financing rules.

The bank is alleged to have failed to report some A$11 billion (U.S. $7.35 billion) worth of transactions since 2013 to the Australian Transaction Reports and Analysis Centre (AUSTRAC) that may have posed a risk of funding terrorism.

By law, Australian banks are required to report International Funds Transfer Instructions (IFTIs) to the regulator within 10 days of receipt as part of an effort to clamp down on suspicious transactions. In some circumstances, however, Westpac is accused of taking six years to report them.

The bank also allegedly failed to retain records and perform certain due diligence functions with potentially high-risk overseas banks or sanctioned countries, including Iraq, Ukraine, and Zimbabwe.

As a result, AUSTRAC has applied to the Federal Court of Australia for civil penalty orders against the bank for “systemic non-compliance” with the county’s 2006 Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act.

Each breach carries a maximum a penalty of A$21 million (U.S. $14 million).

The regulator said Westpac, Australia’s second largest banking group, contravened the regulations on 23 million occasions due to systemic failures in its control environment; indifference by senior management; and inadequate oversight by the board. These shortcomings, said AUSTRAC, were the result of Westpac’s failure to properly resource the AML and counter-terrorism financing functions; invest in appropriate IT solutions; and remediate known compliance issues in a timely manner because the bank “adopted an ad hoc approach to money laundering and terrorism financing risk management and compliance.”

AUSTRAC chief executive Nicole Rose said Westpac’s failure to properly report the transfers undermined “the integrity of Australia’s financial system” and “hindered its ability to track down the origins of financial transactions when required to support police investigations.”

In particular, AUSTRAC says Westpac failed to:

  1. Appropriately assess and monitor the ongoing money laundering and terrorism financing risks associated with the movement of money into and out of Australia through correspondent banking relationships. Westpac allowed correspondent banks to access its banking environment and the Australian Payments System without conducting appropriate due diligence on those correspondent banks and without appropriate risk assessments and controls on the products and channels offered as part of that relationship.
  2. Report over 19.5 million IFTIs to AUSTRAC over nearly five years for transfers both into and out of Australia.
  3. Pass on information about the source of funds to other banks in the transfer chain, which deprived the other banks of information they needed to understand the source of funds to manage their own AML/CTF risks.
  4. Keep records relating to the origin of some of these international funds transfers.
  5. Carry out appropriate customer due diligence on transactions to the Philippines and South East Asia that have known financial indicators relating to potential child exploitation risks.

In a statement, Westpac Group’s Chief Executive Officer Brian Hartzer said: “These issues should never have occurred and should have been identified and rectified sooner. It is disappointing that we have not met our own standards as well as regulatory expectations and requirements.”

The bank also said it had self-reported the potential breaches to AUSTRAC and it had previously disclosed the investigation to shareholders in its annual results. It says it is “carefully reviewing” the claim and “will be working constructively with Austrac to resolve the matter.”

Westpac is a member of the Fintel Alliance, a private-public partnership set up by AUSTRAC to tackle serious financial crime, including money laundering and terrorism financing.

Westpac is not the only bank to face censure for lax money laundering controls in a sector that has been strongly criticized for its poor compliance record.

Last year, Australia’s Commonwealth Bank paid A$700 million (U.S. $468 million) in fines for similar breaches, while the country’s banking sector has also been the subject of a Royal Commission—Australia’s highest form of public inquiry—that earlier this year exposed widespread wrongdoing in the industry and a lack of meaningful enforcement by the regulator.

The final report found “too often … banks searched for their ‘share of the customer’s wallet,’” adding that “much more often than not, when misconduct was revealed, little happened beyond apology from the entity, a drawn-out remediation program and protracted negotiation with the Australian Securities and Investments Commission [ASIC] of a media release, an infringement notice, or an enforceable undertaking that acknowledged no more than that ASIC had reasonable ‘concerns’ about the entity’s conduct.”