Macquarie Bank Fined $10 Million for Inadequate Controls on Unauthorized Fee Transactions

Macquarie Bank, a major financial institution in Australia, has been fined $10 million by the Federal Court for failing to have adequate controls in place to monitor and detect unauthorized fee transactions carried out by third parties, such as financial advisors, on customer accounts. The fine was imposed by the Australian Securities and Investments Commission (ASIC) due to Macquarie Bank's lack of proper systems and processes to monitor and prevent these unauthorized fee transactions between May 2016 and January 2020. "Macquarie Bank provided a bulk transacting tool to third parties, such as financial advisors, to make multiple withdrawals across several customer accounts simultaneously. However, between May 2016 and January 2020, the bank failed to implement adequate controls to monitor whether these third-party bulk transactions were actually for authorized fees," ASIC stated.

The lack of controls allowed financial adviser Ross Hopkins to fraudulently withdraw around A$2.9 million from his customers' accounts without being detected by Macquarie Bank. Hopkins made 167 unauthorized transactions on 13 of his clients' accounts through Macquarie's bulk transaction system. Macquarie Group, which controls the bank, has fully reimbursed the affected clients after Hopkins failed to compensate them for their losses. The bank has agreed to pay the $10 million fine imposed by ASIC.

Why this matters: This case highlights the importance of financial institutions having robust internal controls and oversight mechanisms to protect their clients from unauthorized activities by third parties. The significant fine imposed on Macquarie Bank sends a strong message to the financial industry about the need for proper systems and processes to prevent and detect fraudulent transactions.

ASIC Chair Joe Longo emphasized the importance of fraud controls for financial institutions, stating, "This case sends an important message to financial institutions that they must have appropriate fraud controls in place." Since January 2020, Macquarie Bank has implemented effective controls for third-party withdrawals and renamed the facility the Third-Party Authority with new consent requirements. The bank admitted that it contravened its obligation to provide its financial services efficiently, honestly, and fairly by not implementing effective controls to prevent or detect transactions conducted by third parties that were outside the scope of the fee authority conferred on them.

Key Takeaways

• Macquarie Bank fined $10M for failing to monitor unauthorized fee transactions by third parties.
• Lack of controls allowed a financial advisor to fraudulently withdraw $2.9M from client accounts.
• ASIC emphasized the need for financial institutions to have robust fraud controls in place.
• Macquarie has since implemented new controls for third-party withdrawals and renamed the facility.
• Macquarie admitted to contravening its obligation to provide services efficiently, honestly, and fairly.