PayPal battens down hatches, as AUSTRAC lines up next targets

International payments titan PayPal Holdings is ramping up its compliance remediation work as the Australian anti-money laundering regulator considers its next major enforcement targets.

The Australian Transaction Reports and Analysis Centre (AUSTRAC) said on Friday it is reallocating enforcement resources in the wake of the historic A$1.3 billion settlement with Westpac. 

The next enforcement action will be launched against a “major non-banking institution this financial year,” the agency’s chief executive told the Australian Financial Review in the wake of the Westpac settlement.

Company officials at PayPal are understood to be ramping up their compliance remediation program in the wake of the Westpac settlement in a bid to avoid formal enforcement action. 

The fintech pioneer has been involved in a major project to understand and resolve its compliance problems with International Funds Transfer Instruction (IFTI) reporting failures. As a global fintech player, the company’s complex cross-border business model does not fit easily into the IFTI reporting regime, which was designed around the activities of traditional banks.

In September last year, AUSTRAC ordered PayPal to hire an external auditor to review its compliance with the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Act 2006. Global consulting firm EY conducted the review, which was filed with AUSTRAC last month.

Self-disclosed breaches

The supervisory order came amid the largest suspected case of under-reporting in Australian history. The fintech titan had self-disclosed to AUSTRAC that it may have failed to report millions of transaction reports. The exact number of breaches was difficult to quantify, in view of the complexities of IFTI reporting when it comes to payment innovators.

The fact that PayPal holds a limited Authorised Deposit-Taking Institution (ADI) licence, making it technically an Australian bank, suggests it is not the target mentioned in Rose’s comments last week.

An AUSTRAC spokesperson said the agency could not comment on any of the details surrounding future enforcement actions. She said the agency was still considering the next steps it would take in the PayPal case. 

A final enforcement decision would be based on the company’s audit report, which was pushed back to the end of August 2020, following requests from PayPal. 

“AUSTRAC will use the final audit report to determine the extent of any compliance issues and whether further regulatory action is required,” the spokesperson said. 

“AUSTRAC continues to work with PayPal to assist them to strengthen their compliance capabilities.”

Remediation continues

The regulator’s comments indicate that it is still determining whether to use its onerous enforcement tools against PayPal. As such, the identity of the next major enforcement target is still a matter of industry speculation.

AUSTRAC has been focusing on IFTI reporting over the past 12 months as it attempts to improve its intelligence holdings on cross-border payments. It has issued infringement notices against State Street and remittance provider Compass Global Holdings for IFTI breaches, with a penalty of A$12,600 for each reporting failure. 

On Thursday AUSTRAC inked its largest ever enforcement agreement with Westpac for more than 23 million reporting offences, including more than 19.5 million late or missing IFTI reports.

Legal and compliance experts said the Westpac case had taken AML/CTF compliance to the top of the list when it comes to non-financial risk management.

“Every bank board and bank c-suite executive in Australia should be reflecting on this [Westpac] outcome,” said Helen Bird, corporate governance program director at Swinburne University’s law school. 

“Every bank relies on IT systems to perform their money laundering reporting obligations.  Westpac shows how deficient those systems often are and how easily problems get dismissed by management as ‘IT system issues’, rather than serious legal compliance ones with potentially repulsive outcomes, such as the money transfers to the Philippines.” 

Bird said the statement of agreed facts in the Westpac case makes it clear that Australian company boards cannot hide behind “IT problems” as an excuse to justify AML/CTF failures. 

“They must bring a chronic sense of unease to their oversight. The better question was why did they not suspect a problem?  If IT was not working, what else might be going wrong?” Bird said.

Open, honest and collaborative

AUSTRAC’s announcement that it is focusing its enforcement resources on a major “non-bank institution” has also come as a relief to National Australia Bank’s board and shareholders. 

NAB has been working closely with AUSTRAC to remediate its extensive financial crime compliance failures. Sources said the bank was filing regular, voluntary reports with AUSTRAC to keep it up to date with the ongoing remediation program.

Reporting entities have learned that being open, honest and collaborative with AUSTRAC, and resourcing the compliance remediation program properly, is the best way to avoid costly litigation.

Rose said the breaches at Westpac could have been avoided with “better assurance and oversight processes to identify ongoing reporting failures.”

The agency has reaffirmed its commitment to work alongside reporting entities in a partnership to combat financial crime, including in instances where compliance breaches need to be resolved. 

Rose said AUSTRAC wanted to work collaboratively with “all businesses we regulate, to support them to meet their compliance and reporting obligations, to ensure this doesn’t happen again in the future.”

Nathan Lynch is an experienced writer, public speaker, manager and technology enthusiast in the field of financial regulation and risk management. At Thomson Reuters, Nathan leads a team of experts who provide breaking news, deep analysis and practical guidance to risk practitioners in the global financial services sector.
Nathan manages Thomson Reuters’ award-winning Regulatory Intelligence team across the Asia-Pacific region, tracking developments in financial services law, regulation, financial crime and risk management.
Nathan has been involved in building innovative, tech-based businesses in the financial services “regtech” sector — including Complinet Australia and the Thomson Reuters Risk business.

Subscribe to Business Insight

Discover best practice and keep up-to-date with insights on the latest industry trends.