Big Money
I like the sound of ~ONE TRILLION DOLLARS. As long as they pay off all the depositors first (excepting the level 1-2s) I say go for it. It would be very instructional. We have the same rules here.
Australia's Commonwealth Bank has blamed a software update for a money laundering scam that saw criminals send over AU$70m (US$55m, £42.5m) offshore after depositing cash into automatic teller machines. News of the Bank's involvement in the laundering scam broke last week, when Australia's financial intelligence agency AUSTRAC …
@eldakka - times have changed. Now you sick a wad of cash into a contraption that grabs it from you and counts it. But I think you can only stick a maximum of 50 bills in at one go, and I would suspect most money laundering isn't done with crisp, clean, large denomination bills. So you'd probably have to feed several stacks into the machine and wait as they are counted in order to hit the $10,000 mark.
And these crooks did it over 53,000 times without setting off the alerts. They must have been camped out in front of the ATMs for months at a time.
This post has been deleted by its author
I had two Bad Experiences of doing that.
(1) The bank got raided soon after I deposited my cheques, and I had to really moan at the bank to get my money credited (weeks later), even though I had proof of deposit. (The bank's excuse was that they are not insured against this kind of eventuality).
(2) Used one of those machines where it prints out copies of everything you submit. Ooh good! Except that the bank branch I submitted the cheques to was different to that on the printed receipt. Took an extra day for my account to be credited.
Since then I prefer to queue. Thank you.
I'm pretty sure that if the bank made a mistake whereby it lost $1T of funds it would be on the hook and the old "computer error" defence would not stop them being bankrupted. Also, I'd be very surprised if AUSTRAC needs to demonstrate criminal intent to nail the bank; incompetence alone should be enough.
From experience, the testing and validation of coding at the CBA has dropped off dramatically. There was a time when every code change was peer reviewed before it was implemented. The outsourcing of the IT meant that there were pressures on the outsourcer to cut their costs so "unnecessary" costs like code review and validation went out the window.
AC because I worked for CBA in their IT... and had to do periodic money laundering (and terrorist watch list) checks and independent verification of reporting code.
BTW, don't try to get around the $10000 mandatory reporting by doing multiple smaller transactions, certain patterns of transactions will flag the lower amounts...
"BTW, don't try to get around the $10000 mandatory reporting by doing multiple smaller transactions, certain patterns of transactions will flag the lower amounts."
In your day. On the basis of this report, maybe not now.
Oh, there are stories in the US of small business owners who been put out of business by the government (assets seized) because they kept doing $9000 deposits....
AUSTRAC notes all transactions over AUD$50, so running sub $10,000 transactions fools no-one. You may not be in the most watched category but every transaction should have been noted. It is one of the essential systems designed to find black money in our economy.
But to claim that it was software bug that went undetected for 3 years makes you wonder how competent the rest of their banking systems is. It beggars belief
It is inviting a case action.
"The news was not a good look for the Bank (CBA), because most of the cash was deposited into accounts established with fake drivers licences."
Software glitches aside what went on with the identity checking?
Given the Australian addiction to identity checking for almost everything (even worse, IMHO, than the UK - I was asked for proof of ID and address when buying a $750 camera lens with cash "to prevent guarantee fraud") the CB should be taken for task for not complying with ID requirements.
It begs the question as to how many other CB accounts are based on fake identity and are operating under the radar by just moving chunks $9000 around.
The identity check requirements only require someone to present the 100-point ID check documents to the bank staff creating the account. It doesn't require the bank staff to verify with the issuing agency the ID document.
So if the documents were either good enough forgeries such that they passed a quick visual inspection from a non-expert, or the ID is a genuinely issued ID but was obtained with fraudulent information (e.g. false information was provided to the DMV who issued the drivers licence with that fraudulent information), the bank would never know.
By "worse" you mean "thorough".
When someone is able to establish a bank account with a false identity it opens up a Pandora's box of problems for police, banks, government agencies and national security. It would be stupid for banks to slacken their identity verification processes.
This is why most criminal syndicates use mules with real identities. The mules wear the consequences when they are found out. This is a big hassle for crims which limits their operations.
"Given the Australian addiction to identity checking for almost everything (even worse, IMHO, than the UK"
You are not wrong there. When I first got to Australia 13 years ago, i went to Hardly Normals to buy a digital tv receiver. I was paying cash, and they asked for ID and proof of address. As I didn't have a permanent address yet or utility bills on me, there was a big debate amongst staff whether they could sell it to me.
They did eventually after much discussion. I still hate going to Harvey Normans, even for the simplest thing like an ink cartridge they want all your details.
Because Y'know, we're banks. We're special.*
This story smells all kinds of fishy. The ATM hardware is standard from various mfgs.
So is this a fault in the ATM code for transaction reporting at source, or a fail in the banks in house SW that crunches that data to produce a "suspect accounts list" ? Who writes ATM code? The banks provide the graphics but do they do detailed internal functions as well?
Wouldn't that be a pretty strange ATM reporting fault? Doesn't report some transactions, does report others? Keep in mind, those transactions are partly how the bank knows how much money is in a customers account. Sounds like the bank should be suing the ATM mfg. OTOH if it's in house they should sue their IT supplier.
*When I look at a bank I see a business. If it can't meet it's obligations due to fines then it's an ex business. It's customers need to find a new business to do their business through (after they've been compensated by the personal protection scheme most governments run) and shift their payments. It's loan book gets sold off and eventually everyone with a loan or mortgage through them gets a letter telling them the new arrangements.
What may complicate things is wheather they are still using that BS "insurance" process where by a claim on their "insurance" triggers multiple other bets (which is what they are) to fail.
It's way past time more banks were put out of their misery.
"Business without bankruptcy is like Heaven without Hell" as IIRC George Sorros put it.
There are reports that other Australian banks accept a maximum of $5,000 via similar ATMs. I suspect management at those banks were much happier after finding this out.
Yes, seriously, what's the deposit limit on these?
Now, I can understand in Canada where a $10k limit on an ATM is impractical because it would stop people from withdrawing enough to buy a cup of Tim Horton's, but still.
For 3 years there were no ATM reports and nobody normally getting them even blinked ? I mean, after a week at most somebody should have started asking questions.
I'm pretty sure they knew about the average number of reports they usually got. Seeing that drop to zero is a statistical impossibility.
3 years is a bloody long time to keep thinking "oh well, I might get a report next week".
But of course, blame the developers. We're used to that.
"Probably, nobody ever read the reports..."
Once had a customer whose contract demanded certain detailed reports sent to them on the first day of each month - otherwise there was a financial penalty.
Crunching the raw data to produce accurate reports was complicated and often required human intervention for reported exceptions. We managed to automate most of it with some customised software. A human still had to be in the office on the 1st of a month at the crack of dawn to oversee the run - no matter what day of the week or season.
After a few years it turned out that the customer's staff just filed the reports without anyone even understanding or looking at them.
Ah yes, the "One bad developer"
You would just not believe how many jobs this person has had traveling the globe as they ply their trade.
All distinguished by the level of s**t code they leave behind. :-(
The day they retire world software quality will rise dramatically.
As if.
The fact the issue was not detected by asking, why am I not reporting these any more (would expect it to be tracked just for a measure of business operations), and that nobody attempted to identify the transactions via other means (they are only simple transactions after all) suggests a deep rooted systemic failure.
Yes, testing should have caught it, %$(t happens - but this was long standing, undetected, and unmitigated.
Not a goo show at all I am afraid.
@Spotswood.
" including sales of insurance policies that covered almost nothing and predatory financial advisors who lined their own pockets by dishing out poor advice to investors. The Bank was also at the centre of the bribery allegations made against CSC subsidiary ServiceMesh"
yep, it's the CBA for sure.
While I generally believe in the adage "Never attribute to malice anything that can be accomplished by incompetence," this sounds a little too convenient to be accidental ... did someone have a quiet word with the offshore developers and suggest that they quietly add a semi-colon in the wrong place? It could have been quite profitable for everyone.
It can be a bit of both. Someone spots the mistake. They realise they are in big trouble for seeing it. Even if they do not even work in IT. Even if they are just a desk worker. How do they convince their boss? Who will believe them when the accuse the multi million dollar IT staff of making a mistake?
Then finally, they realize their pay check and bonus is being paid through the processing charges and other things involved, so they just get on with their day job and don't make any noise.
"Today the bank has explained the reason for its failure: “a coding error” that saw the ATMs fail to create reports of $10,000+ transactions. The error was introduced in a May 2012 update designed to address other matters, but not repaired until September 2015."
No-one noticed or cared that the report for large transactions weren't coming through and it takes three years to find it and fix it.
WOW, just WOW!
It is one thing that within the bank controls failed. Buy the regulator also took 3 years to spot the issue? They also should have been surprised that (only) one bank had no large deposits. So they have to review their own checks and in my opinion have no ground to put up a fine at all.
It may simply have been that they thought that no one was depositing $10000 at a time through an ATM. As a previous poster pointed out, the machines only accept 50 notes at a time, which means that to deposit $10,000 in a single transaction, ie stuffing sufficient notes in for a single counting episode, would require 10 $1,000 notes, or 20 $500 notes or 50 $200 notes or some combination such as 6 $1000 notes and 40 $100 notes. On the other hand, walking into a branch and slamming down 1,000 $10 notes would have been much more possible.