ASIC takes Macquarie to court for anti-fraud system failures

ASIC Macquarie Bank court

Corporate watchdog ASIC has commenced civil proceedings against Macquarie Bank for alleged failures to adequately monitor and detect fraud in a number of third-party transactions.

ASIC contends that the failure of Macquarie’s fraud check system enabled disgraced financial adviser, Ross Andrew Hopkins, to make unauthorised withdrawals, through a ‘fee authority’, from his clients’ bank accounts.

A fee authority enables customers to authorise a financial professional (in this case, Hopkins) to withdraw their fees from their accounts.

Hopkins was able to snatch more than $2.9 million from his clients through this method.

The alleged offences occurred between May 2016 and January 2020, with 13 clients impacted. Hopkins, a self-managed superannuation fund adviser, was last year sentenced to six years’ imprisonment for the misappropriation of his clients’ funds.

While Hopkins was found clearly at fault, ASIC has also cast a significant portion of blame onto Macquarie, alleging the bank engaged in only “limited monitoring” of transactions made through its bulk transaction system (which is used by financial professionals to collect fees and make bulk payments from their clients’ accounts), enabling Hopkins to steal millions from his clients over the three and half year period.

Further, the regulator alleges that these transactions – 167 in total – failed to pass through a fraud monitoring system or undergo manual checks to confirm such transactions were, in fact, legitimately for fees.

Failure to monitor

In a submission to the Federal Court, ASIC contends that Macquarie’s bulk transacting system “involved inherent risks for customers as to fraudulent or unauthorised transactions”.

“Bulk transactions were automatically processed without notification to, or authentication by, customers,” according to the submission.

Moreover, it found that “no limits were placed upon amounts that could be paid through a fees bulk transaction.”

Macquarie’s bulk transaction system had deficient detection monitoring and controls, the regulator added, with either no or only limited transaction monitoring of payments.

Fees transactions were “pushed directly to Macquarie’s central ‘MIMS’ system”, the plaintiff says, with bulk transacting payment data not being fed into any fraud monitoring system.

While Macquarie designed its system to automatically generate email alerts to its fraud team as soon as a $10,000 fee was requested (known as a ‘$10k Alert’), the bank was also found to have had no follow-up practice or procedure to review or monitor such alerts.

“The $10k Alerts were not systemically reviewed against further transaction data (such as narratives or amounts), against information about the IFA [independent financial adviser], or at all”

ASIC added: “The $10k Alerts were not actively monitored to confirm that fees bulk transactions were for fees.”

At least 85 of the 140 fee withdrawals made by Hopkins were over $10,000, with the highest individual withdrawal of $150,000 made on a single day in December 2018.

Worse still, due to what was found to be “an inadvertent consequence of the decommissioning of a legacy system”, between 3 September 2019 to the end of January 2020, ‘$10k Alerts’ were no longer being generated at all.

Further, it was found that Macquarie’s systems made no provision to enable specific triggers to detect, identify and assess suspicious fees bulk transactions and did not provide push notifications or SMS alerts to notify customers that an IFA had conducted a fees bulk transaction.

ASIC also contends that Hopkins’ conduct should have been identifiable to Macquarie much earlier.

The bank was, the regulator noted, already aware that Hopkins had previously misused his fee authority in processing fees bulk transactions between 2012 and 2015, with Macquarie having repeatedly warned him as to his misuse.

Failure to comply

Under the terms of its Cash Management Account product (which is specially designed for investors with substantial clash flow requirements), ASIC notes that Macquarie was obligated to check whether any transaction made under a fee authority was, in fact, for the purpose of a fee.

Ultimately, the bank failed to do so, ASIC contends, with the regulator claiming the bank engaged in “false or misleading representations in [the product’s] promotion… of limited third-party access”.

“Macquarie failed to take measures to prevent or detect transactions made using its bulk transacting system that were outside the scope of a ‘fee authority’ given by a customer, including misappropriating, and attempts to misappropriate, customer funds,” it said.

“ASIC claims these failures by Macquarie breached its obligations as a financial services provider to ensure its financial services were provided efficiently, honestly and fairly”– a contravention of the Corporations Act.

ASIC deputy chair Sarah Court said the now-convicted financial adviser “misused Macquarie’s systems by processing transactions using his fee authority to steal client funds”.

She warned that Hopkins’ conduct “is an example of what can go wrong when banks do not properly monitor their systems and implement appropriate processes,” Court said.

ASIC said it is seeking declarations, pecuniary penalties and other relief from the Court, including a compliance order for an independent review of Macquarie’s fee authorities and fee transactions using its bulk transaction system.

Macquarie notes that it has fully cooperated with ASIC’s investigations. The bank confirmed it has also fully reimbursed all affected customers for their losses after Hopkins’ failure to compensate his clients.