* The late filing of 53,506 suspicious matter reports for sums of $10,000 or more worth $625 million

* The failure to report additional transactions worth tens of millions of dollars on time or at all

* It did not monitor customer accounts even after it became aware of suspected money laundering

CBA money laundering scandal: how it happened ‘We made mistakes’, says CBA’s Ian Narev CBA AUSTRAC Inside the CBA Austrac money laundering case CBA settles AUSTRAC case Behind AUSTRAC’s ambush of CBA

The settlement, if approved by the Federal Court, will be the largest civil penalty in Australian history. Commonwealth Bank shares were up 90c or 1.3 per cent to $69.60 at the open.

AUSTRAC took CBA to court in August 2017 over claims its intelligent deposit machines (IDMs) had been exploited by criminals and terrorists.

As part of the settlement, CBA has admitted the late filing of 53,506 transaction reports, inadequate risk assessments of the IDMs at the centre of the allegations, and that 149 suspicious matter reports were filed late or not filed at all.

Chief executive Matt Comyn said that the settlement "brings certainty to one of the most significant issues we have faced".


Commonwealth Bank has settled its proceedings with AUSTRAC over anti-money laundering allegations for $700 million. Wayne Taylor

"While not deliberate, we fully appreciate the seriousness of the mistakes we made. Our agreement today is a clear acknowledgement of our failures and is an important step towards moving the bank forward. On behalf of Commonwealth Bank, I apologise to the community for letting them down."

AUSTRAC's chief executive Nicole Rose said this outcome sends a strong message to industry that serious non-compliance with anti money laundering and counter-terrorism financing laws will not be tolerated.

"As we have seen in this case, criminals will exploit poor business practices to launder the proceeds of their crimes," Ms Rose said.

"This has real impacts on the everyday lives of Australians and puts the community at risk by increasing opportunities for terrorists to support attacks here and overseas, and enabling organised crime groups to peddle drugs to our families and friends."

The Treasurer Scott Morrison said the size of the payout was a reminder about both how serious the breaches were and the government's determination to pursue companies that break the law.

Mr Morrison, who said executives who break the law should face jail time following the revelations of report tampering that led to the resignations of AMP's chairman and CEO, described the debacle as an "egregious episode".

"There are breaches which can put Australian security at risk" Mr Morrison said.


"Banks should be leaders in ensuring their systems cannot be compromised by criminals seeking to launder money or finance terrorist activities."

The minister for home affairs Peter Dutton was equally scathing but welcomed the bank's decision to come clean on its role in the debacle that allowed criminals to exploit its network of intelligent deposit machines.

"This very large number of breaches over several years is unacceptable and should never have been allowed to happen," Mr Dutton said.

The civil penalty of $700 million and costs of $2.5 million the bank has agreed to pay is almost double the amount the bank made provisions for at the half year result in February. At the time, it set aside $375 million for the AUSTRAC matter saying it was a "reliable estimate of the penalty the courts may impose".

The bank said it would now recognise a $700 million provision at the full year results to June 30 and announced on August 8. The bank had set aside a further $200 million at the half year for what it described as known regulatory, compliance and remediation issues which included the Hayne royal commission however there is speculation that this may also rise.

The $700 million penalty amounts to a fine of $13,000 per agreed breach. While the size of the penalty is unprecedented it compares favourably to a similar case involving Tabcorp, where the gaming giant paid a $45 million for 122 breaches of the Act, which amounted to a fine of $417,000 per breach.