The Commonwealth Bank's ongoing woes around alleged systematic money laundering operations by criminal gangs and terrorists have deepened, with fresh claims the contraventions are continuing.

Key points: AUSTRAC alleges CBA is continuing to contravene money laundering and terrorism funding reporting procedures

AUSTRAC alleges CBA is continuing to contravene money laundering and terrorism funding reporting procedures 100 new alleged breaches added to more than 53,000 existing issues raised by AUSTRAC

100 new alleged breaches added to more than 53,000 existing issues raised by AUSTRAC AUSTRAC says it is still not being informed about many suspicious transactions despite its recent legal action

The allegations were raised as AUSTRAC filed a further 100 alleged breaches of Anti-Money Laundering/Counter Terrorism Financing (AML/CTF) as part of the existing Federal Court proceeding being run by the Government's financial transactions watchdog.

The damning new evidence alleges the CBA's breaches of AML/CTF laws have continued longer than first thought and AUSTRAC still was not being told about suspicious matter transactions well into this year.

The investigation centres on CBA's ATM network, or "intelligent deposit machines" (IDMs), and the bank's failure to monitor risks within the system.

Alleged terrorist funder gets heads up before AUSTRAC

In one case, a client who had been convicted of terrorism charges in Lebanon, and was known to have tried to organise funding for terrorist acts in Australia, was given 30 days' notice of the closure of his CBA account before AUSTRAC was even alerted.

He also managed to withdraw funds from the account more than a week after it was supposedly closed.

"On 20 July 2017, CommBank erroneously processed a transfer of $5,000 from CommBank Account 184 [the alleged terrorist funder] to an account held by Person 138 [his brother] in Lebanon in spite of suspecting terrorism financing in relation to an identical attempted transfer on 19 June 2017," AUSTRAC's new court statement alleged.

"Even though this was the second attempted international money transfer to Beirut that was suspected to be linked to terrorism financing, CommBank did not put a stop on CommBank Account 184 at this point.

"In spite of concluding on 26 June 2017, that potential terrorism financing was being conducted on CommBank Account 184, a stop was not put on CommBank Account 184 until 9 August 2017."

Even after that, nine days after the account was supposedly closed, $6,225 was withdrawn from the account of 184 at CBA's Bankstown Central branch.

Drugs and firearms 'money mules'

In another instance, CBA failed to notify AUSTRAC about the actions of a drugs and firearms syndicate, which allegedly laundered $42 million through CBA ATMs and IDMs between 9 March 2016 and 8 August 2016.

NSW Police allege that the money mules would launder the money by making cash deposits into numerous bank accounts through branches, ATMs and IDMs.

"The money mules made structured cash deposits into the CommBank accounts identified ... to launder the funds of the drug and firearms syndicate," AUSTRAC alleged.

AUSTRAC argued that by May this year CBA would have had reasonable suspicions about the alleged "cuckoo smurfing" operation, particularly as the New South Wales Police Organised Crime Squad had already demanded transaction histories from the bank.

Under the act, CBA is required to alert AUSTRAC's chief executive within three days of any suspicious transactions brought to its attention.

The police received the details of the suspicious transactions on May 3. AUSTRAC is still waiting.

"At no time has CommBank given the AUSTRAC CEO an SMR [suspicious matter report] in relation to the matters," the statement noted.

Systemic non-compliance

The 100 new alleged contraventions take the total number of breaches under scrutiny to 53,800.

While not a big percentage increase, the worry for the bank is AUSTRAC's very dim view of work being done to remedy the systemic problem.

"After IDMs were first rolled out in May 2012 there were at least six periods of time within which CommBank should have, but did not, follow the procedures set out [for money laundering/terrorism funding risk management]," AUSTRAC's statement argued.

"The contravention is ongoing."

The new statement of claim also highlights a number of new instances where AUSTRAC was not informed of suspicious transactions, despite demands from state police for details of a number of suspicious transactions and red flags being raised within the bank itself.

That was in June this year.

"These allegations are very serious and reflect systemic non-compliance over approximately six years", AUSTRAC chief executive Nicole Rose said.

Four key fresh allegations

The fresh allegations follow many of the themes pursued in the original 600 page statement of claim, but are distilled down to four key points according to AUSTRAC:

CBA failed to report two suspicious matters within 24 hours of forming a suspicion relating to the financing of terrorism.

CBA failed to report two suspicious matters within 24 hours of forming a suspicion relating to the financing of terrorism. CBA failed to report 54 suspicious matters either on time or at all in relation to accounts and individuals that were the subject of two further law enforcement operations.

CBA failed to report 54 suspicious matters either on time or at all in relation to accounts and individuals that were the subject of two further law enforcement operations. Even after CBA became aware of suspected terrorism financing, money laundering and/or structuring on CBA accounts, in 38 instances it did not appropriately monitor its customers to mitigate and manage money laundering and terrorism financing (ML/TF) risk, including the ongoing ML/TF risks of doing business with those customers.

Even after CBA became aware of suspected terrorism financing, money laundering and/or structuring on CBA accounts, in 38 instances it did not appropriately monitor its customers to mitigate and manage money laundering and terrorism financing (ML/TF) risk, including the ongoing ML/TF risks of doing business with those customers. In six instances additional to those in the original statement of claim, CBA did not comply with the requirements of its own AML/CTF program to identify, mitigate and manage the ML/TF risks associated with intelligent deposit machines (IDMs).

The maximum penalty for each individual contravention alleged in the amended statement of claim is up to $21 million.

Compliance has improved: CBA

CBA said it will review the amended statement of claim and update the market as appropriate.

"We will file an amended defence in due course," CBA said in a statement released to stock exchange.

Despite AUSTRAC's assertions that breaches were ongoing, the bank said it had significantly upgraded and expanded its operations to ensure compliance with the AML/CTF Act.

"During 2017 we have stepped up the rigour and intensity of the program and extended it across all aspects of financial crime obligations and all business units to further strengthen regulatory compliance," CBA said.

In its response to AUSTRAC's initial allegations, the bank admitted it had failed to properly assess money laundering and terrorist funding risk adequately and issue suspicious matter reports in a timely matter before October 2015.

"CBA will submit that the extent of that harm should be assessed in the context of the significant number of SMRs issued in respect of the customers in question above and the fact that a number of the SMR contraventions relate to information itself derived from law enforcement," the bank said in a submission filed with the Federal Court.

Terrorism funding allegations 'a large escalation'

AML/CTF law specialist and Latrobe University professor Louis de Koker said it was dangerous to speculate about what CBA should have done or what AUSTRAC would do.

"[However] some of CBA's risk management failures were basic and serious," Professor de Koker said.

He said CBA's admissions it failed to comply with an agreed program to manage and mitigate ML/TF risk were a particular concern.

"Those admissions are extraordinary," he said.

Thomson Reuters regional head of regulatory intelligence Nathan Lynch said the latest allegations around terrorist funding were a large escalation of the issue for the CBA.

"These are the most important issues to report under the AML/CTF regime and businesses have to file these with AUSTRAC within 24 hours," Mr Lynch said.

He argued the expansion of AUSTRAC's claim would ratchet up the pressure on CBA to settle.

"It's highly likely that both parties are already in discussions about the appropriate penalty and any other remedies the bank might have to undertake," he said.

"CBA has already admitted to the vast majority of the breaches, so there would be little to be gained for either side by taking this to trial.

"Any settlement with AUSTRAC would be dependent on the board overhauling the ambivalent risk culture that it believes had permeated the bank.

"Reading the claim, the regulator seems to think that culture built up over a period of years."

Editor's Note: While the CBA does not dispute a convicted terrorist used its accounts on two occasions to transfer money to Beirut, Lebanon, the transaction was reversed a week later after a CBA search revealed the potential terrorism link.