In heated questioning, after the bank declined to provide all of the documents Senator O’Neil had requested, she alleged the report showed potential problems in its risk management were known by the bank before it was hit by the explosive money-laundering claims last November.
She quoted the 2017 EY report as saying: “We observed known ongoing IT risk issues within anti-money laundering and legacy systems across the group.”
“The complexity of the IT architecture environment contributes to the challenges in IT risk management, as highlighted in the recent APRA IT risk review. We observe that Westpac has a range of initiatives underway to modernise IT architecture, but recommend elevation of IT risk metrics and monitoring of associated tolerances,” she said, quoting the report.
Senator O’Neill highlighted that the document was from 2017, more than two years before Westpac was hit by the bombshell lawsuit from the financial intelligence agency, AUSTRAC.
Mr Stephen responded: “Senator, that question that you have asked in respect of a document that we provided on a confidential basis, from a report that is not an audit by an auditor, is very difficult for me to respond to, bearing in mind that all of these matters are subject to regulatory investigation and court actions.”
Earlier, Senator O’Neill expressed her “profound disappointment” at the bank’s refusal to provide “an extensive list of documents” relating to a risk management review and anti-money laundering compliance, which she had requested ahead of the hearing.
Senator O’Neill said she had asked for the documents on January 28, and she did not receive a formal reply in writing until Thursday evening. The documents the bank did provide were “extremely limited” and she received them on Friday morning, Senator O’Neill said.
Mr Stephen apologised for the bank’s late reply to the committee’s questions, but said there were various regulatory investigations and court proceedings into the issue, and it did not want to prejudice these.