Australian Regulators Step In After Deloitte Review Flags Risk Management Gaps at Bendigo Bank

Key Takeaways

• Independent Review Raised Red Flags: A Deloitte review into suspected money laundering at a Bendigo Bank branch found significant AML and CTF risk management deficiencies.
• Regulators See Wider Issues: APRA and AUSTRAC believe the weaknesses may extend beyond a single incident and reflect broader non-financial risk and cultural issues.
• Capital Add-On Imposed: APRA has required the bank to hold an operational risk capital add-on of approximately $33 million (AUD 50 million) until remediation is complete.
• AUSTRAC Investigation Underway: AUSTRAC has launched an enforcement investigation into compliance with the AML/CTF Act.

Deep Dive

Australia’s banking and financial crime regulators have moved to tighten oversight of Bendigo and Adelaide Bank after an independent Deloitte review uncovered serious shortcomings in how the lender manages money laundering and broader non-financial risks.

The coordinated action by the Australian Prudential Regulation Authority (APRA) and AUSTRAC follows the bank’s own disclosure of suspected money laundering activity at one of its branches. Deloitte was commissioned to review the incident and found significant deficiencies in Bendigo Bank’s approach to identifying, mitigating, and managing money laundering and terrorism financing risks.

While the findings stemmed from a specific case, regulators are now concerned the problems may run deeper.

APRA said the weaknesses identified in the review may be indicative of broader issues across the bank’s operations, a concern shared by AUSTRAC. Together, the agencies say the response is designed to force a closer examination of the bank’s risk culture and non-financial risk controls, not just its anti-money laundering framework.

A Coordinated Regulatory Response

As part of the action announced Thursday, APRA will require Bendigo Bank to conduct a root cause analysis to determine the full extent of its non-financial risk management weaknesses. The review must go beyond money laundering and terrorism financing risks and assess whether similar gaps exist elsewhere in the organisation.

APRA has also imposed an operational risk capital add-on of approximately $33 million (AUD 50 million), a measure intended to reflect the heightened risk profile identified by supervisors. The additional capital requirement will remain in place until APRA is satisfied that the bank has completed remediation and addressed wider concerns.

Alongside APRA’s intervention, AUSTRAC has commenced an enforcement investigation to examine whether Bendigo Bank has complied with its obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

Regulators Signal Broader Concerns

APRA Chair John Lonsdale stressed that the action is not about the bank’s financial strength, but about weaknesses in its governance and control environment.

“Although Bendigo and Adelaide Bank is financially sound and comfortably above its core capital and liquidity requirements, we are concerned there may be significant gaps in its risk management framework that need to be addressed urgently,” Lonsdale said.

He noted that while anti-money laundering and non-financial risks are the immediate focus following the Deloitte review, APRA is concerned similar shortcomings could exist across other parts of the bank’s operations.

“The measures we are announcing today alongside AUSTRAC aim to ensure that fundamental deficiencies in Bendigo Bank’s risk management framework are identified and addressed and those responsible are held to account as appropriate,” Lonsdale said.

AUSTRAC Acting Chief Executive Katie Miller said the agency has been closely monitoring Bendigo Bank’s AML and CTF compliance and that the enforcement investigation follows ongoing supervisory engagement.

“This enforcement investigation follows supervisory engagement with Bendigo Bank and the bank’s recent disclosure of deficiencies in its approach to the identification, mitigation, and management of money laundering and terrorism financing risks,” Miller said. “Our investigation will examine Bendigo Bank’s compliance with the AML/CTF Act and inform any further AUSTRAC action.”

Both regulators made clear that Thursday’s announcements are not the end of the matter. The capital add-on will remain in place until remediation is complete to APRA’s satisfaction, and neither agency has ruled out further supervisory or enforcement steps as the investigations continue.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.