Australia’s financial intelligence agency, Austrac, began legal action against Westpac on Wednesday accusing it of failing to meet its obligations under anti-money laundering and counter-terror finance (AML-CTF) laws. Westpac is accused of more than 23m legal breaches in relation to transactions worth more than $11bn.

But the most damaging part of the lawsuit relates to relatively small amounts of money totalling less than $500,000 that a dozen Westpac customers paid to people in the Philippines.

Austrac says the payments should have been detected and stopped because they were consistent with the types of transfers made by people involved in child exploitation. One of the Westpac customers allegedly paid someone in the Philippines who was later charged with “live streaming of child sex shows and offering children for sex”. Another customer already had a conviction for child exploitation but was allegedly not properly monitored. Six of them repeatedly travelled to the Philippines or south-east Asia.

That sounds complicated – what are the basic details of what they did or didn’t do?

Banks and other financial institutions are supposed to have comprehensive programs in place to detect transactions that might be linked to crime or terrorism.

Austrac’s legal filings paint a picture of a bank that has failed to meet these requirements for years, and damns senior management for “indifference” to the issue despite warnings from staff that there were problems.

Westpac’s chief executive, Brian Hartzer, has said he accepted Austrac’s allegations – except for the bit about indifference. He maintains that he and other executives have been working hard on the problem, which he has pledged to fix.

How did Austrac find this out?

Westpac reported itself to Austrac last year about one set of problems, to do with how it dealt with low-value international transactions. The regulator uncovered the alleged child exploitation payments itself during its investigation.

What do we fear may have happened?

The fear is that Westpac customers, including the 12 identified by Austrac, have been using the bank’s systems to pay for live streaming of child exploitation – and possibly buying children.

Known providers of child exploitation material sold over the internet include a ring headed by an Australian, Peter Scully, who was arrested in the Philippines in November 2015 over allegations he raped, tortured and murdered children. He was sentenced to life imprisonment for rape and human trafficking last year; the status of other charges against him, including murder, is unclear.

Is it known how many children are involved?

No. But the length of time the payments went on raises concerns about the number of children involved and their fate.

For example, “Customer 1” paid $136,000 over five and a half years – including the money paid to the person in the Philippines charged with child exploitation offences.

Another Westpac client, “Customer 5”, paid $75,000 over four years and repeatedly travelled to south-east Asia.

How big a fine will Westpac have to pay?

We don’t know, but it is likely to be in the billions. Westpac raised $2.5bn from investors this month, so it will be hoping it is able to negotiate a fine equal to or less than that.

It will also be relying on the legal principle of a “course of conduct” to argue that the amount it pays should be reduced. The principle says multiple breaches of the law can be rolled up into just one contravention if they are part of the same course of conduct conducted by the defendant.

But the sky is the limit because AML-CTF breaches carry heavy fines of up to $21m a contravention.

The only comparison in the market is that the Commonwealth Bank paid $700m to settle 53,000 AML-CTF breaches last year.

On that basis, Westpac would be looking at a fine of about $300bn, or almost 44 years of profits. That also seems unlikely.

Are any other banks under scrutiny?

Yes. CBA has already been hauled over the coals by Austrac, and last week NAB admitted it also faces the prospect of a heavy penalty.

More broadly, the entire Australian finance sector is in the line of fire, including the new wave of fintech companies, because Austrac has become an increasingly aggressive regulator after a 2015 evaluation of Australia by an international body, the Financial Action Task Force, found that “important improvements are needed in a number of key areas”.

Questions have also been raised about AML-CTF practices at Crown Resorts after the independent MP Andrew Wilkie released footage of bricks of cash changing hands at the casino. The company says it has a strict compliance program.

More broadly still, the entire Australian economy is under close international scrutiny owing to the government’s failure to extend the AML-CTF regime to cover real estate agents and lawyers.

This was expected to be raised by the Financial Action Task Force in a follow-up evaluation due soon, but the body has decided to pause all its follow-up work – something it reportedly insists is “not an Australia-specific decision”.