National Australia Bank (NAB) has agreed to an enforceable undertaking (EU) with Australia’s financial intelligence agency, AUSTRAC, following concerns raised around the bank’s anti-money laundering and counterterrorism financing (AML/CTF) controls.

The enforceable undertaking follows an investigation (and formal assessment) by AUSTRAC in June last year which identified concerns within the bank’s AML/CTF program, systems and controls. NAB also volunteered “self-disclosures” to the financial crimes regulator of potential AML/CTF compliance concerns.

At the time of investigation, AUSTRAC expressed “serious concerns” with NAB’s compliance obligations.

The NAB entities identified in the process are National Australia Bank Limited, JBWere Limited, Wealthhub Securities Limited, Medfin Australia Pty Ltd, and AFSH Nominees Pty Ltd.

NAB has agreed to implement a comprehensive remedial action plan, which AUSTRAC said would see improvements to the group’s systems, controls and record-keeping.

Under the terms of the EU, NAB and the relevant members of the group are required to complete a Remedial Action Plan (RAP) approved by AUSTRAC by 31 December 2024.

An independent auditor will report to AUSTRAC annually on NAB’s progress, with a final report to be provided by March 2025.

According to a statement issued by AUSTRAC, a civil penalty proceeding was not deemed appropriate at the start of the investigation, with the regulator noting that no information subsequently came to light during its investigation that would change that view.

Last year, Westpac agreed to a $1.3 billion federal court ordered penalty following an investigation by AUSTRAC that identified serious AML/CTF breaches, including a failure to report 19.5 million International Funds Transfer Instructions (IFTIs) amounting to more than $11 billion dollars to the regulator – an obligation under the AML/CTF Act 2006.

CBA also agreed to pay $700 million back in 2018 for AML/CTF Act breaches resulting from the misuse by customers of ‘smart’ deposit machines.

NAB chief executive Ross McEwan conceded that its AML/CTF controls have taken “longer to fix… than [they] should have”, but stressed the bank would “continue to work closely with AUSTRAC as we deliver the agreed further actions”.

“We welcome AUSTRAC’s acknowledgement that NAB has undertaken significant work to date – and we accept that there is more to do.”

NAB said that activities required under the RAP, such as improvements to NAB’s AML/CTF program and remediation of the high-risk customers the subject of the Customer Identity Remediation program, have already commenced and are expected to be delivered within the next 12 months.

AUSTRAC chief executive, Nicole Rose, said that the enforceable undertaking aims to ensure that NAB continues with its remediation program to uplift its compliance and combat the risks of serious and organised crime.

“National Australia Bank has demonstrated a commitment to uplifting its AML/CTF controls, and has undertaken significant work identifying and implementing improvements to its programs,” she said.

“NAB has worked collaboratively with AUSTRAC throughout the investigation, and this enforceable undertaking will help to ensure NAB meets its compliance and reporting obligations.”

AUSTRAC also acknowledged efforts made by the bank since 2017 to “significantly improve its technology platforms, processes and procedures”, investing significantly in programs of work to mature its financial risk capability.

NAB noted last year that it had invested around $800 million since 2017 as part of a multi-year program to boost its financial crime and fraud controls, with more than 1,200 people dedicated to managing financial crime risks.

Last year, AUSTRAC released the Major banks in Australia risk assessment, which found the overall money laundering and terrorism financing risk for the industry is ‘high’.