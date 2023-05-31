APRA and AUSTRAC have agreed to a court enforceable undertaking (CEU) following weakness in the bank's risk management and money laundering controls.

APRA said it's acted following several beaches or its prudential standards and a review that exposed issues within the Bank of Queensland's (BOQ) operational risk, compliance and risk culture.

As part of the action taken against the bank, APRA will require it to hold an operational risk capital add-on of $50 million to take effect from May 30.

The capital add-on will remain in place until BOQ has delivered the remedial action plan under the CEU to APRA's satisfaction, it said.

APRA said BOQ has acknowledged the weaknesses set out in the CEU and has agreed to several requests, including preparing a remediation plan that details all activities BOQ is undertaking, or will undertake, to address the weaknesses, with a clear timeline for implementation, and that specifies the accountable and responsible persons for each activity.

It will also submit the remediation plan to APRA for approval and address concerns it may have.

The bank has further agreed to appoint an independent reviewer to provide written reports on the implementation of the remediation plan, whether it is sustainable and whether further work is necessary to ensure the root causes of the material weaknesses are addressed.

AUSTRAC said issues within BOQ's anti-money laundering and counter-terrorism financing (AML/CTF) laws are its main concern following a compliance inspection it undertook.

The regulator said the enforceable undertaking binds BOQ to an ongoing remedial action plan to improve its AML/CTF program, which AUSTRAC will monitor to ensure it is completed within agreed timeframes.

As part of the enforceable undertaking, BOQ will engage an external auditor who will report back to AUSTRAC, it added.

AUSTRAC acknowledged that the action coincides with separate regulatory activity by APRA.

In turn, APRA also noted the announcement by AUSTRAC and said the two have worked closely together to ensure that their respective actions are appropriately coordinated and avoid unnecessary duplication.

APRA chair John Lonsdale said although BOQ is financially sound and comfortably above its core capital and liquidity requirements, there are significant gaps in its risk management framework that must be addressed as a priority.

"The CEUs announced today, combined with the capital overlay that APRA has applied, provide a strong platform and clear incentives for BOQ to deliver on this important remediation agenda," he said.

"I have communicated APRA's concerns directly to the BOQ chair and chief executive. They understand what we require, have taken important steps towards being able to deliver that in recent months, and we look forward to receiving and approving a final, comprehensive remediation plan that will address the underlying issues raised."

AUSTRAC chief executive Nicole Rose added the actions taken by the two regulators in relation to BOQ highlight government efforts to maintain the integrity of Australia's financial systems.

"Businesses which do not have a strong AML/CTF program in place are vulnerable to exploitation by criminals, which is why AUSTRAC has been working with BOQ to harden their processes," she explained.

"I am pleased with BOQ's cooperation over the past six months, and their commitment to taking remedial action to ensure they meet their obligations under the AML/CTF Act."

In response the BOQ Chairman Warwick Negus said the bank has acknowledged the concerns raised by APRA and AUSTRAC.

"BOQ remains committed to its multi-year Integrated Risk Program to build a stronger and simpler bank with an uplift in risk culture, frameworks, processes and controls," he said.

"This program will be independently reviewed as previously announced and we will continue to work proactively and transparently with APRA and AUSTRAC. Our digital transformation is complementary to this strategic priority as we decommission multiple complex legacy systems and reduce our reliance on manual processes."