"You are empowered to have these very difficult, very complex conversations. The voice of risk has to become stronger than ever.

"If there are any issues call them out. Even if you make mistakes, it is better to call out anything you see."

(A Westpac spokesman didn't dispute the accuracy of the comments.)

Child exploitation

With the group collectively wondering "why isn't this fixed yet," Stephen wanted the team, which he warned would cop some of the blame for the AUSTRAC scandal, to know that, now more than ever, it is an important protector of the bank's reputation, customers and profits.

The presentation wasn't perfect. At one point Stephen used the acronym CSE, for child sexual exploitation, a reference to the pornography apparently purchased through the Westpac systems.

The phrase struck some of the compliance officers as inappropriately remote from the horror of raping children for profit – an obscene industry Westpac may have inadvertently facilitated.


A couple of days earlier, the bank demonstrated the new era of assertive compliance had arrived when it promoted a former Macquarie manager, T. Scott Saunders, to general manager for financial crime.

General manager is a big deal in Westpac. The GMs control individual businesses and report to the group heads who run the bank along with the CEO.

Saunders was hired by, and reported to, the chief compliance officer, Jamie Kelly, in April. He famously replaced the woman who admitted the breach to AUSTRAC, and managed the relationship with the regulator for 10 painful months, Amanda Wood. She was then told Westpac wanted someone more experienced.

Now, Saunders is Kelly's peer, and financial crime stands alongside credit and compliance as its own risk in need of measuring and managing.

A history of compliance

The shift marks an evolution in structure and philosophy. Compliance was once part of Westpac's legal department, reflecting a view that it was about fulfilling the demands of the law and regulators.

Under risk, compliance became more dynamic. Its mission – which failed spectacularly – was to identify legal threats before they turned into financial costs.

Now that financial crime is separate from compliance, one area staff expect it to concentrate on is the risk of breaking sanctions. The rules covering sanctions are complex, and the people and organisations covered change all the time.


As a bank that does business in the US and internationally, Westpac is bound by sanctions from Iran to North Korea enforced by famously litigious American regulators. The business also has responsibility for anti-money laundering, an area Westpac will presumably be watching closely from now on.

Westpac chief compliance officer Jamie Kelly.

Kelly and Saunders were present on Wednesday for Stephen's appearance. Perhaps in an effort to lighten the sombre mood, Kelly quipped that the scandal had been good for business at St George, a Westpac brand.

Some laughed. Others didn't.

There might be a lesson there. If compliance wants to be taken seriously across the bank, maybe the time for jokes has passed.