The CBA sought to assure clients that there was no evidence it found of suspicious activity.

Commonwealth Bank of Australia, the lender that is under fire for compliance failings, has added to its woes by confirming it lost 19.8 million accounts and chose not to immediately tell clients. The case also highlights continued problems in the country’s financial services sector.

There is no evidence client data has been compromised or of suspicious activity taking place since an “incident” in 2016, CBA said in a statement late last week, adding that its monitoring of accounts showed clients did not need to act.

There had been a report of an incident where the bank could not confirm the scheduled destruction by a supplier of two magnetic tapes containing historical customer statements. The tapes contained customer names, addresses, account numbers and transaction details from 2000 to early 2016. The tapes did not contain passwords, PINs or other data which could be used to enable account fraud, CBA said.

The announcement adds to troubles for Australia’s banking system following findings of compliance lapses and misconduct arising from a judicial inquiry. Regulators have told CBA to keep an additional A$1 billion ($750 million) in cash reserves because of alleged AML breaches, which the bank contests. A number of high-ranking managers are, or have, left CBA. (See details here.)

Last August, Austrac (Australian Transaction Reports and Analysis Centre) started legal action against CBA, linked to claims that the lender breached AML and counter-terrorism financing controls. CBA said it has provided A$375 million for a civil penalty based on latest information and advice. In a separate case, CBA has provided $200 million for expected costs of regulatory, compliance and related matters, it said. In January this year, CBA faced fresh woes, with Australia’s national financial regulator, ASIC, saying it had started legal proceedings against the bank for “unconscionable conduct” and rate rigging, adding to actions authorities have taken against other banks in the country.

Explaining the latest issue, CBA said: “The 2016 incident was not cyber-related and there has been no compromise of CBA’s technology platforms, systems, services, apps or websites.”

“The Office of the Australian Information Commissioner and the Australian Prudential Regulation Authority (APRA) were both notified of the incident and a briefing was provided on the results of the investigation. The decision not to notify customers was made in light of the investigations findings and the account monitoring in place. An independent forensic investigation was conducted, recommendations were made and acted upon to ensure a similar incident would not happen again,” it said.

Acting Group Executive Retail Banking Services Angus Sullivan defended the bank’s decision not to immediately tell clients of the lost data: “We concluded, given the results of the investigation, that we would not alert customers. We discussed this course of action with the OAIC who subsequently advised that it did not intend to take any further action in relation to the matter. We have however been contacted by the OAIC this week for additional information about this matter and the actions CBA undertook in 2016.”

Scandals
Australia’s banking and wider financial industry has been hammered by a series of scandals, with details emerging from a recent royal commission probe into the sector. The chief executive of Australia’s largest wealth manager, AMP, for example, recently resigned after a probe revealed his firm had engaged in widespread misconduct. Craig Meller, who had held the position since 2014, stepped down. The revelations were concurrent with practices at ANZ, which earlier in April was ordered to pay A$3 million and submit regular reviews of its systems and processes after billing thousands of wealth management clients for services they didn’t receive. 

The Australian Securities and Investments Commission has been hot on the heels of crooked advisors. Since launching its wealth management project in October 2014, the watchdog has banned 45 advisors and one director from the industry.

Day by day, the Royal Commission, which began in February and is expected to last around a year, is unearthing more malpractice in Australia.

(Editor's note: Various Australian regulators, and now the Royal Commission, have unearthed examples of widespread wrongdoing and incompetence in the financial services industry, including wealth management. While it is the case that some of the matters are still contested, already there is considerable hard evidence of a sector that needs massive reform. A key point is that Australia, with features such as compulsory saving for retirement, is sometimes held up as a model to emulate, as this writer remembers when the issue of low retail savings was addressed in the UK in the early Noughties. Some Australian banks, such as ANZ, and investment firms, such as AMP, have international reach. It is therefore crucial that sharp remedial action is taken to prevent Australia's reputation suffering lasting damage.)