GoComply Sentinel · Historical Back-Test

We back-tested Westpac's 2020 AUSTRAC failure.
Here's what our methodology would have caught.

Five specific signals were present in Westpac's own data from November 2013 onward. None triggered an alert. AUSTRAC found the gaps, not Westpac. The result: a A$1.3B federal court penalty — the largest corporate civil penalty in Australian history, surpassing CBA's A$700M from 2018. 19.5 million IFTIs were never reported. 12 customers made payments for child exploitation material with no detection. Every fact on this page traces to the Statement of Agreed Facts (NSD 1914/2019) or the Federal Court judgment.

Scope: retrospective analysis of one public, court-filed case. Nothing on this page claims live monitoring of Westpac or any other institution. The diagnostic engagement runs the same methodology against your systems, not Westpac's.

Civil Penalty

A$1.3B

2020-10-21 · Beach J

Unreported IFTIs

19,502,841

s 45(2) AML/CTF Act

Day-1 Market Cap Loss

A$6.8B

Week of 20 Nov 2019

Breach Duration

72 mo

Nov 2013 – Nov 2019

CEM Customers

262

12 initial → 260 after expanded monitoring

Total Contraventions

~23M

AML/CTF Act 2006

Sentinel Back-Test

The five signals that would have fired

Each signal below was present in Westpac's own data at the time. Each maps to a specific SOAF-documented failure. Each is defined by a rule that, applied to the historical record in the back-test, would have fired on the date shown.

SIGNAL 1 / 5

IFTI Reporting Pipeline Gap

CRITICAL

Westpac's automated reporting pipeline excluded correspondent banking IFTI message formats from the AUSTRAC submission queue. The IFTI Reporting Gap signal is defined as the ratio of IFTIs received through a channel versus IFTIs reported to the regulator within the statutory 10-day window. Against Westpac's historical data, this signal would have fired on 1 Nov 2013 — the first day correspondent banking IFTIs were received but not reported.

Would Fire

2013-11-01

Days Missed

2211 days (6y 21d)

Evidence In Westpac Data

19,502,841 IFTIs received via 4 correspondent banking relationships, 0 reported to AUSTRAC

Expected Response

P0 alert within 24 hours; system fix within 7 days

SIGNAL 2 / 5

Coverage-Ratio Anomaly (IFTI Channel)

CRITICAL

The ratio of (IFTIs received via correspondent banking) / (IFTIs reported to AUSTRAC for correspondent banking) was 0.0 — zero coverage — for 5 years. The Coverage-Ratio signal is defined as (obligations_received / obligations_filed) per regulated channel. It fires on any > 50% drop against a rolling baseline. Against Westpac's data, this signal would have fired on 2 Nov 2013.

Would Fire

2013-11-02

Days Missed

2210 days (6y 20d)

Evidence In Westpac Data

ratio: IFTIs_received_correspondent / IFTIs_reported_correspondent = 0.0 (zero)

Expected Response

P0 alert within 24 hours; investigation within 72 hours

SIGNAL 3 / 5

New-Product Compliance Gate Missing

CRITICAL

Westpac launched LitePay in August 2016 without integrating IFTI reporting. The New-Product Compliance signal is defined as a gate that fires when a product handling regulated transactions enters production without the corresponding reporting pipeline configured. Against Westpac's product launch data, this signal would have fired in August 2016 — when LitePay went live with no IFTI reporting integration.

Would Fire

2016-08-01

Days Missed

1207 days (3y 112d)

Evidence In Westpac Data

LitePay product config: outgoing_ifti_reporting_enabled = false

Expected Response

Block product launch until reporting integration verified

SIGNAL 4 / 5

Child Exploitation Payment Pattern Detection

CRITICAL

12 Westpac customers made repeated small transfers (A$500-$3,000) to the Philippines matching known CEM purchasing patterns. Westpac had no transaction monitoring scenario for this pattern. The CEM Pattern Detection signal is defined as a rule-based scanner matching: repeated low-value international transfers to high-risk jurisdictions + customer profile indicators. Against Westpac's transaction data, this signal would have fired when the first customer's pattern exceeded the detection threshold.

Would Fire

2014-01-01

Days Missed

2150 days (5y 325d)

Evidence In Westpac Data

12 customers → 260 after expanded monitoring; 3 with prior CEM convictions

Expected Response

SMR filed within 24 hours; account frozen pending investigation

SIGNAL 5 / 5

Correspondent Banking ML/TF Risk Assessment Gap

HIGH

Westpac failed to assess the money laundering and terrorism financing risks associated with multiple correspondent banking relationships, as required by the AML/CTF Rules. The Risk Assessment Gap signal is defined as a compliance check that fires when a correspondent banking relationship exists without a current, documented ML/TF risk assessment. Against Westpac's records, this signal would have fired when the first un-assessed relationship was established.

Would Fire

2013-11-01

Days Missed

2211 days (6y 21d)

Evidence In Westpac Data

4 correspondent banking relationships without documented ML/TF risk assessment

Expected Response

Risk assessment within 30 days of relationship establishment; annual review

Root Cause

19.5 million IFTIs. 72 months of zero reporting.

Not malice. A systemic gap in the automated reporting pipeline — it simply did not include correspondent banking IFTI message formats. No one noticed for six years.

Correspondent banking IFTI reporting system failure

SOAF Part A · category: reporting_pipeline_gap

Westpac's automated reporting system did not report incoming International Funds Transfer Instructions received through four correspondent banking relationships to AUSTRAC within 10 business days, as required by s 45(2) of the AML/CTF Act. From November 2013 to September 2018, 19,502,841 IFTIs totalling over A$11 billion were never reported. The root cause was a systemic gap in the automated reporting pipeline — it simply did not include correspondent banking IFTI message formats.

LitePay product launched without IFTI compliance

SOAF Part B · category: new_product_compliance_gap

In August 2016, Westpac launched LitePay, a product enabling overseas transfers up to A$3,000 to the EU, UK, India and the Philippines. Between February 2017 and June 2019, LitePay processed 2,314 outgoing IFTIs that were never reported to AUSTRAC. The product was launched without integrating the mandatory IFTI reporting requirement — a new-product compliance gap.

Child exploitation transaction monitoring absent

SOAF Part D · category: transaction_monitoring_gap

Westpac failed to implement transaction monitoring detection scenarios for payments consistent with child exploitation material (CEM). 12 customers were identified by the AFP as making payments to the Philippines for CEM. Three had prior convictions. Westpac had no automated detection for the pattern: small repeated transfers (A$500-$3,000) to the Philippines/SE Asia matching known CEM purchasing behaviour. After widening monitoring, the count rose from 12 to 260 customers.

Timeline

From first unreported IFTI to A$1.3B penalty

The first correspondent banking IFTI went unreported in November 2013. AUSTRAC filed civil penalty proceedings on 20 November 2019. The Federal Court ordered the penalty on 24 September 2020. Seven years end-to-end.

2013-11

Correspondent banking IFTI breach period begins. Westpac receives incoming IFTIs via 4 correspondent banking relationships but does not report them to AUSTRAC. (SOAF Part A)

2016-08

Westpac launches LitePay product for overseas transfers up to A$3,000. No IFTI reporting integration. (SOAF Part B)

2017-02

LitePay IFTI reporting breaches begin (outgoing IFTIs not reported). (SOAF Part B)

2018-09

End of main correspondent banking IFTI breach period (19.5M IFTIs unreported). (SOAF Part A)

2019-06

LitePay IFTI reporting breaches end (2,314 IFTIs unreported). (SOAF Part B)

2019-11-20

🔴 AUSTRAC files civil penalty proceedings (NSD2140/2019) alleging 23 million contraventions. (AUSTRAC media release)

2019-11-20

🔴 Westpac share price falls ~7% over 3 trading sessions. A$6.78B market cap wiped. (Dynamic Business)

2019-11-26

🔴 CEO Brian Hartzer announces resignation. Peter King named acting CEO from 2 December. (Westpac ASX announcement)

2019-12-02

Peter King becomes acting CEO. Hartzer receives A$2.686M (12 months fixed remuneration). (SBS News)

2019-12-12

Chairman Lindsay Maxsted announces he will bring forward retirement to first half 2020. (Westpac ASX announcement)

2019-12-17

🔴 APRA imposes additional A$500M capital add-on (total now A$1B) and launches investigation. (APRA)

2020-04-08

Peter King confirmed as permanent CEO. (Westpac)

2020-09-24

🔴 AUSTRAC and Westpac announce agreed penalty of A$1.3B. (AUSTRAC media release)

2020-10-21

🔴 Federal Court (Beach J) orders A$1.3B civil penalty — largest corporate civil penalty in Australian history. ([2020] FCA 1538)

Now what?

Run Sentinel against your AI systems.

The Sentinel Assurance Diagnostic is a bounded 14-day engagement: signal-level back-test of your current AI governance posture, CPS 230 material-service-provider gap list for your AI vendor stack, and Privacy Act APP 1.7 readiness review. Board-pack-ready artefacts. Fixed fee.

Try Codebook-Drift now →

Fact-Check Notes

Every number on this page is defensible.

We've flagged the easy traps where secondary reporting gets it wrong. Use this section to verify our claims against the primary sources.

23 million vs 19.5 million

23 million is the approximate total contraventions across all categories. 19,502,841 is the specific count of correspondent banking IFTIs not reported under s 45(2). The difference (~3.5M) includes LitePay IFTIs (2,314), additional IFTI reporting failures (76,144), and child exploitation monitoring failures. Use '23 million total contraventions' for the headline; '19.5 million IFTIs' for the specific correspondent banking failure.

A$1.3B vs US$920M

International outlets (e.g. CNBC) reported US$920M. The actual penalty ordered by the Federal Court was A$1,300,000,000 (AUD). Always cite in AUD.

12 customers vs 260 customers (child exploitation)

AUSTRAC initially identified 12 customers making payments for CEM. After Westpac widened its monitoring from the Philippines to all of SE Asia and Mexico, the count rose to 260 customers. Use '12 customers initially identified by AFP' for the SOAF-cited figure; '260 after expanded monitoring' for the broader finding.

Hartzer 'resigned' vs 'fired'

Officially, Hartzer resigned on 26 November 2019. He received a A$2.7M payout. Some media characterised this as a forced resignation, but the formal record says resignation.

Largest penalty qualifier

A$1.3B is the largest corporate civil penalty in Australian history as of October 2020, surpassing CBA's A$700M from June 2018. Always include the date qualifier.

Judge is Beach J, not Jagot J

Multiple secondary sources incorrectly attribute this case. The judgment [2020] FCA 1538 was delivered by Justice Beach. Confirm via the judgment header or CaseNote AU.

Judgment date is 21 October 2020, not 24 September 2020

24 September 2020 is when the SAFA and proposed penalty were filed with the Court. The Court ORDER was made on 21 October 2020. Many sources conflate these dates.

File number is NSD 1914/2019, not NSD 2140/2019

Per CaseNote AU and the SAFA itself. Some secondary sources cite the wrong file number.

APRA DID impose a A$1B capital add-on

A$500M in July 2019 (pre-AUSTRAC, from Risk Governance Self-Assessment) + A$500M on 17 December 2019 (triggered by AUSTRAC allegations) = A$1B total. Not fully removed until October 2025. Comparable to CBA's A$1B add-on.