CBA drama is massively overblown

Christopher Joye

In the AFR I argue that CBA's stock price has bounced back for good reason: the hysterical reaction to an isolated 2012 coding error that resulted in 53,000 delayed money laundering reports has been massively overblown. CBA is not going to pay a business-threatening fine, its outstanding chief executive Ian Narev will not lose his job, and the bank does not remotely have any cyber-security or financial crimes culture problems. Quite the contrary. If you speak to senior government security and intelligence officials, they will tell you that there is no better resourced or committed business in Australia than CBA when it comes to combating cyber-crime, fraud and information security threats. Excerpt below (AFR subs can read directly here):

No Australian business spends more money on, or has more people and technology resources dedicated to, thwarting financial crime, including money laundering.

And no business burns as much cash on corporate compliance, or is more heavily regulated by a multiplicity of government agencies, than CBA.

In fact, it now pays hundreds of millions of dollars a year in extra taxes via the new big bank levy precisely because it is one of the most important companies in the country.

For years the Australian Security Intelligence Organisation (ASIO) and the Australian Signals Directorate (ASD) have privately highlighted that CBA, and to a slightly lesser extent the other three major banks, have been best-of-breed in respect of their defences against digital crime.

A former senior ASIO cyber official, Scott Ceely, who is managing director of Seer Security, says he is "surprised by the news concerning CBA, as they are considered a leader in the Australian cyber-security sector".

"CBA's investment in cyber security over the past five or so years has been unmatched in our industry," Mr Ceely says.

Richard Byfield spent much of his career working in the upper echelons of the nation's electronic espionage agency, the Australian Signals Directorate, which is charged when protecting public assets from state and non-state hackers.

He says that "everybody in the security and intelligence worlds knows that CBA is first-rate when it comes to cyber-security, fraud-detection and the amount of money and people it pours into protecting its customers and preventing crimes".

"Security agencies often refer to CBA and the other major banks, alongside Telstra, as "islands of excellence" in regard to information security and their cultural commitments to mitigating cyber-crime," Mr Byfield, who runs Datacom Technical Security Services, says.

In its ASX announcement CBA explained that the 53,000 threshold transaction reports (TTRs) that were delayed in their transmission to AUSTRAC were attributable to "a single course of conduct".

This is crucially important in relation to the court's determination regarding penalties. In CBA's opinion, there will likely be one penalty for the coding error, not 53,000.

"Ultimately, a Court will seek to ensure that, overall, any civil penalties are just and appropriate and do not exceed what is proper having regard to the totality of established contraventions," the bank added.

Privately AUSTRAC is understood to have been blindsided by the media response to its claims and silly suggestions they might lead to penalties approaching one trillion dollars, which would destroy CBA almost 10 times over (and the Aussie banking system to boot).

Read full article at AFR here.


Comments

Please sign in to comment on this wire.
Avatar fallback

No one doubts the integrity and ethics of the Australian Banking sector, and the positive role it plays in our Country. But this is a blunder, and a substantial penalty must be applied. Should any of these unreported transactions be proven, to be linked to organised crime etc, then the public needs and apology too.

Avatar fallback

Ted Mulholland

If CBA are the epitome of excellence in relation to cyber security then we are all very much in trouble. Apparently they were warned by AFP that a problem existed but didn't follow up. I think the author is way out of step with the fury of the Australian populace.

Avatar fallback

Leigh Prossor

No business in the world can be totally immune from problems of this nature, given the fast paced changes in technology. It is a pity that Bill Shorten and his like blow this out of all proportion, trying to scare the public for their own political gain. If things are as bad as Bill claims, we might as well all move to a small South Pacific island, as there is no future in Australia. Is that what we all believe?

Avatar fallback

Leigh Prossor

No business in the world can be totally immune from problems of this nature, given the fast paced changes in technology. It is a pity that Bill Shorten and his like blow this out of all proportion, trying to scare the public for their own political gain. If things are as bad as Bill claims, we might as well all move to a small South Pacific island, as there is no future in Australia. Is that what we all believe?

Avatar fallback

Michael Whelan

If this had been a case of employee fraud, would the response be any different - refer NAB's FX Options and the fallout from that (Allen, Walter, Cicutto, Scholes, Erdos, Lewis, all went). Does the CBA CEO get the big pay packet etc to not be accountable for anything, in comparison ? It would appear so - ah well. Welcome to the world of banking, ex-management consultant. The reality is the Banks all spend sizeable amounts with investment budgets or c. A$1bio, of which a large portion are for regulatory requirements. CBA will live to fight another day but this event (along with their other well-publicised challenges and problems) will be regularly brought up.

See 2 more comments