APRA, AUSTRAC accept BoQ’s enforceable undertaking, with $50 million surety attached

Bank of Queensland BoQ Enforceable Undertaking

Regulators APRA and AUSTRAC have each accepted separate enforceable undertakings (EUs) from the Bank of Queensland (BoQ) to review its operational risk and compliance culture as well as its adherence to anti-money laundering and counterterrorism financing (AML/CTF) laws, after the bank was found to have breached several prudential and AML/CTF standards across 2022 and 2023.

The court enforceable undertakings follow APRA’s identification, this year and last, of risk management and risk culture deficiencies within the bank. AUSTRAC, Australia’s financial crimes investigation unit, also separately identified “concerns relating to the adequacy of BoQ’s AML/CTF systems and controls”.

APRA will also impose a $50 million “operational risk capital add-on” (effectively, a surety) on BoQ until the bank has delivered the remedial action plan it has promised in its CEU, to the regulator’s satisfaction.

As part of the CEU, BoQ will draft a remediation plan (due within 120 days) detailing all activities the bank has done to address the identified weaknesses (identified in its risk management practices, controls, systems, governance and risk culture), as well as set out a timeline for implementation of remediation action. BoQ will also be required to appoint an independent reviewer to assess whether the root causes of these material deficiencies have been addressed.

AUSTRAC has imposed similar requirements on BoQ to meet its EU to uplift its AML/CTF program.

APRA and AUSTRAC, while engaging in separate actions against BoQ, noted that they have “worked closely together to ensure that their respective actions are appropriately coordinated and avoid unnecessary duplication”.

APRA chair John Lonsdale acknowledged that while the bank remains “financially sound and comfortably above its core capital and liquidity requirements, there are significant gaps in its risk management framework that must be addressed as a priority”.

“The CEUs announced today, combined with the capital overlay that APRA has applied, provide a strong platform and clear incentives for BOQ to deliver on this important remediation agenda,” Lonsdale said.

AUSTRAC chief executive Nicole Rose said the regulator has “been working with BoQ to harden their processes”.

“I am pleased with BoQ’s cooperation over the past six months, and their commitment to taking remedial action to ensure they meet their obligations under the AML/CTF Act.”

BoQ chair Warwick Negus said the bank had acknowledged the regulators’ concerns, adding that it remains to “uplift” its risk culture, frameworks, processes and controls as part of its $42 million, multi-year Integrated Risk Program.

The program, aimed to strengthen the bank’s non-financial resilience, will also be independently reviewed.

Negus added BoQ’s digital transformation is complementary to the risk program, with the bank saying it will move to decommission multiple legacy systems and reduce its reliance on manual processes.