Macquarie fined $10m for fraud control failures

ASIC Macquarie Court fine breach

The Federal Court has issued Macquarie Bank with a $10 million fine for its failure to prevent and detect unauthorised third-party fee withdrawals from customer cash management accounts.

The Court found that the bank, Australia’s fifth biggest by market cap, did not have effective controls to monitor whether third-party bulk transactions under the bank’s fee authority (which enables third-party firms such as financial advisers, accountants and administrators to withdraw their fees from clients’ cash accounts) were actually for legitimate fees.

The alleged contraventions occurred between 1 May 2016 and 15 January 2020.

According to regulator ASIC, which pursued the court action, these failures enabled disgraced financial adviser Ross Hopkins to fraudulently withdraw around $2.9 million, over three years and 167 separate unauthorised transactions, from his customers’ accounts without being detected by Macquarie.

The regulator said that Macquarie had enabled its customers to give third parties, such as financial advisers, stockbrokers and accountants, different levels of authority to transact on their accounts, including a limited authority to withdraw the third party’s fees.

Macquarie also made available to third parties a bulk transacting tool to make multiple withdrawals across multiple customer accounts simultaneously.

Macquarie conceded that it had failed to do all things necessary over the more three-year period to ensure that the financial services covered by its financial services licence were provided efficiently, honestly and fairly by failing to implement effective controls to prevent or detect transactions conducted by third parties through its bulk transacting system that were outside the scope of the fee authority conferred on them, including those carried out by Mr Hopkins.

ASIC Chair Joe Longo said the court action “sends an important message to financial institutions and other financial service licensees that they must have appropriate controls in place.”

Longo added that, since January 2020, Macquarie had implemented effective controls for third-party withdrawals. The facility has also been renamed the Third-Party Authority with new consent requirements.