Coding Error To Blame In Breaches At Commonwealth Bank?

In regards to the Commonwealth Bank breaches — might it all have been due to coding errors?

As Reuters reports, the Commonwealth Bank of Australia (CBA) has announced news that software is to blame for the more than 53,000 times it broke laws tied to anti-money laundering.

The movement to blame technology comes in the wake of a civil case that was filed by AUSTRAC, billed by the newswire as a financial intelligence agency. That civil case focuses on legal transgressions, where the bank allegedly failed to trace and report money transfers over the $10,000 threshold, which runs afoul of laws governing anti-money laundering and counter terrorism activities. The same suit alleges that the bank did not suspend accounts that were tied to fraud.

The coding error pointed to by the bank was housed within intelligent deposit machines, brought on board in 2012. The error was not fixed until three years later, said the bank. In a statement, Commonwealth Bank said that within a month of discovering the human error, it notified AUSTRAC, delivered the missing TTRs and fixed the coding issue.

The vast majority of the reporting failures alleged in the statement of fraud (approximately 53,000) relate specifically to this human error. In addition, the bank noted that for the accounts that were unrelated to the transaction threshold violations, there was evidence of what is termed “cuckoo smurfing.” In that event, the money laundering involves several people making multiple deposits.  Legitimate customer data is used to make those money transfers.

The newswire reported that the penalties that can be levied per breach top out at A$18 million, and thus the firm could be on the hook for billions of Australian dollars.

Separately, in an interview with The Australian Financial Review, CBA CEO Ian Narev said that he would work to address these “difficult matters” and that the firm’s board should decide the ultimate fate of his job.