SYDNEY (Reuters) - The Commonwealth Bank of Australia (CBA) on Monday said a software error was behind most of the roughly 53,700 times it allegedly broke anti-money laundering law, in a case that could see the country’s biggest lender fined several billion dollars.

Pedestrians are reflected in a Commonwealth Bank of Australia logo which adorns the wall of a branch in Sydney, Australia, August 7, 2017. REUTERS/David Gray

Financial intelligence agency AUSTRAC filed a civil case on Thursday accusing the bank of several breaches of law including failing to identify, monitor and report money transfers over $10,000, in contravention of the anti-money laundering and counter-terrorism financing Act.

It also said the bank did not act upon police instruction to suspend accounts linked to criminal activity.

The following day, the bank’s share price saw its steepest one-day decline in 18 months.

CBA said intelligent deposit machines introduced in 2012 did not create so-called threshold transaction reports (TTRs), which would have alerted it to any suspicious activity, due to a coding error that went unnoticed until it was fixed in September 2015.

“Within a month of discovering it, we notified AUSTRAC, delivered the missing TTRs and fixed the coding issue,” CBA said in a statement on Monday. “The vast majority of the reporting failures alleged in the statement of claim (approximately 53,000) relate specifically to this coding error.”

As such, it said penalties should be just and appropriate.

CBA Chief Executive Officer Ian Narev told The Australian Financial Review he would work through the “difficult matters” and that it was for the board to decide whether his job was on the line.

Stephen Mayne, a director at the Australian Shareholders’ Association, which aggregates about A$500 million worth of CBA’s shareholders proxy votes, said the issue was a very serious challenge for the bank’s board.

“At this point, we don’t want to hear from management, but from the independent Chairman Catherine Livingstone, on what she and the board think about the allegations against management.”

The bank’s share price ended up 1 percent on Monday, in line with the benchmark index.

CRIMINAL ACTIVITY

AUSTRAC also said the bank failed on several occasions to follow instructions from law enforcement to suspend accounts flagged as suspicious and linked to criminal activity.

“We recognize that there are other serious allegations in the claim unrelated to the TTRs,” the bank said.

AUSTRAC said some accounts were used for “cuckoo smurfing”, a form of money laundering involving multiple people such as a syndicate that make numerous small deposits to avoid detection. The syndicate then obtains details of a bank customer to make seemingly legitimate money transfers in that customer’s name.

“These are really serious accusations,” said Daniel Smith, general manager at CGI Glass Lewis, which advises local funds with assets over A$1 trillion. “We are interested in how the board determines responsibility and how vigorously the bank disputes these accusations.”

The case comes less than half a year after AUSTRAC fined bookmaker Tabcorp Holdings Ltd almost A$420,000 ($333,000) for each of 108 breaches, resulting in the biggest civil penalty in Australian corporate history at A$45 million.

The maximum penalty per breach is A$18 million. Based on the Tabcorp case, analysts at wealth manager Shaw and Partners put CBA’s potential fine at A$22 billion.

Mayne said it would be appropriate for the bank to note a contingent liability for a potential fine in the financial accounts to be released on Wednesday.