CBA, AUSTRAC and our Orwellian privacy laws

Ok, so I understand all the paranoia, however my experience in one instance was the opposite. My bank alerted me during a $50k transaction I was about to make. Its teams scrutiny of transfer documents and director authorities prevented a scam where I would not have had tittle to the goods purchased. This was a last minute check, at the branches, by a teller, who pulled me aside from the other party. So suck it up everybody, if you're dodgy you'll get caught out, if not the extra security might just save your bacon.

Whilst reading further comments of more reader experiences a week later, mind went to news item last year, purportedly a building materials supplier hacked re invoice system, fake invoice for $900,000 odd due was sent to customer re " Please Pay" with slight digit difference of real payee's bank a/c number for payment, the customer paid to digit - different a/c so therefore to hacker which throws up customer fault for not checking a/c number to past records of supplier but also throws up despite all the info banks collect they evidently don't have a high bar for checking all large payments other than reporting $10,000 & above so seems Austrac rules have not improved all-round general security of bank clients' payments. Can't believe A/cs Payable staff pay off any invoice without re-checking a regular supplier's a/c number every time as I do but perhaps this is what scammers rely on, that people are lazy about checking & a slight digit difference will be overlooked. Heaven knows how scammer manages to get an a/c number so close in every other way in order to receive scammed payment but it was somehow possible. Presumably banks & Austrac working on how to prevent such things despite all we think has been done already re pesky repeat requests for ID. Still of opinion it requires a criminal mind to stamp out.

Well, it seems that we are all caught up in this overkill by zealots who think that just because they have some degree of control over your finances that they can demand all the personal information that they want. I am currently locked in negotiations with one Bank who wants to share my personal data with a company called "Equifax".
Here is the published background on Equifax: -
"As one of the major credit reporting agencies in the United States, Equifax held sensitive information on more than 800 million individuals and 88 million businesses worldwide. The breach exposed the personal data of more than 40 percent of the population of the United States (approximately 145 million people). (8 Dec 2024)
The Federal Court has ordered that Equifax Australia Information Services and Solutions Pty Ltd (Equifax) pay penalties totaling $3.5 million for misleading and deceptive conduct and unconscionable conduct in relation to credit report services following joint submissions by Equifax and the ACCC. (2 Oct 2018)
Between November 2018 and December 2021, the Australian Financial Complaints Authority received 1558 complaints about Equifax, making it one of the most complained-about medium-size financial businesses in the country."
Now why would anyone want to deal with Equifax? No-one is the answer!
But this Bank wants to give my personal data to them even though I have no loans or debts owing to anyone.
Will I submit to that? Not a chance!
The basis for all this intrusion into your personal affairs lies with an Australian organisation called AUSTRAC.
Now there is nothing really wrong with AUSTRAC, as a matter of fact their approach to the matter of identification is quite reasonable according to their documentation in the url below:-
https://www.austrac.gov.au/sites/default/files/2020-09/Identifying%20Individual%20Customers%20for%20remittance%20service%20providers.pdf
So, it appears that some financial organisations and banks in Australia seem to believe that they have the right to extend the AUSTRAC requirements well beyond the original and carelessly place our personal data at great risk.
There is only one solution to this affront and that is to vigorously object and resist the intrusion ceaselessly.

I also had this problem with my SMSF superannuation account. NAB demanded that I provide the identity of ALL people in my fund. A grand total of 1, just me. I was also told the account would be frozen until I complied. This is in spite of the fact that as the only member, I was required to get a director's number not all that long before this DEMAND was sent. My personal information was also said to be able to be distributed to 3rd parties BUT there was no information about the 3rd parties, available to me???
I had to supply suitable identification to obtain my director's number, exactly the same identification as NAB required. I was hounded for months. The only reason (perhaps) for this intrusion was that I was withdrawing money $10,000 at a time BECAUSE the RBA in their 'wisdom had started to increase the interest rates on borrowing and without paying down the loan amount, my daughter would lose her property, that we were paying for the previous 10 years.
I was more than a little aggravated because the loan we got was obtained when the borrowing rate was 0.1% and the final hike stopped at around 4.5% meaning that we were paying the loan off at mid 6% to 7% at the finish.
My SMSF account was no longer viable after I spent the majority of my savings, so I wound up my fund and I am living off the remaining cash - when it runs out so do I as I will have too much equity in the property to any form of pension, when I approached Centrelink. The $400,000 plus I paid off the loan was passed down to my NAB ACCOUNT linked to the property payments and each $10,000 could be seen to be paying ONLY THE LOAN - I don't think this qualifies as money laundering BUT STILL I NEEDED TO SHOW THAT I WAS ME! I settled a deal with the NAB people who were hounding me, and they were willing to accept that I did not include my photo ID (no way I would supply this BUT the local branch Manager would not send this document to the 'hounders', he was and still is so arrogant. I did close the deal with NAB but it was not easy.
GOOD LUCK to anyone who has a win over this stupidity.
Lose the property or pay it down

Similar experience with the ANZ. Multiple emails, texts and threats, even after we had gone into our local branch, passports in hand, to prove we are who we are. (after being with the ANZ for 48 years!) What is happening to our country, and what is going through the minds of those who rule us?

Just received what I thought was a hoax KYC email from CommSec:
- claiming that (unspecified) account details were missing, incomplete or incorrect;
- providing a link to a form;
- seeking a scammer’s wish list of personal identity and financial information, business and account numbers etc;
- imposing a short response deadline to create a sence of urgency;
- threatening account closure, HIN closure, CHESS termination and tax consequences;
- ending with ‘We apologise for any inconvenience this may cause’
- signed off generically by the Team with no name or position given.

But it was not a hoax, phishing email or data harvesting exercise for marketing. Just CommSec wanting to know its customer and seeking to comply with draconian Austrac AML legislation, passed by our short-sighted Parliament, resulting in every one of us now being suspected and treated as a potential money laundering financer of international terrorism.
As the author states, This isn’t just about me—it’s about all of us.

I chair a small not for profit charity that holds an annual chamber music festival. We bank with NAB and currently have around $10,000 in the bank. I got all the same questions as others I expect, though not the one about cash at home. They did ask did we have funds with any other financial instiutution and if so please provide details. That's none of their business. We do have a small term deposit with another bank as trying to open one with NAB was too diifficult. Also, how many volunteers, what is our donor base, source of funds (ticket sales and donations) and on and on. In the end I rang them and quickly went through the questions indicating where some of them were just ridiculous and invasive etc. But there you go. We are regulated by the charity regulator and are fully up to date with what's required. That should be the end of it. I wonder how many small outfits like ours just give up!

This is really fcked up, but I wonder what took you so long to get caught in this dragnet created by Austrac, our beloved crime stoppers? Many of us have to do this every year. Blocking investment in bitcoin is a clear indicator our banks don't want us moving away from their low return deposits and use AML as an excuse to protect us from ourselves. There needs to be a Royal Enquiry into the implementation of AML/KYL/CRS.

And it appears Austract don't produce any results of benefit except to frighten and control everyday honest Australians. If they di achieved anything of note you would've certainly seen it in the media but nothing in the 20 years since they ramped up their globalist KYC/AML requirements after 911. The Australian government signed global agreements to collect this information and much of it is being sent overseas via the ATO and CRS treaties. Welcome to dystopia Australia.

I have been through this with a number of banks and none of them has yet asked if I hold cash at home. How daft. Of course I would answer no even if I did. The KYC laws are annoying but completely useless because you can give whatever answer you like, the bank has no way of verifying your answers. If the government actually wanted to solve whatever problem the legislation purports to address they could just match up all bank transactions and get the answers without the banks having to waste their own and their customers time.

It would be good if all property brought in Australia had to be transacted via an ADI (Australian bank) as it might reduce the huge amount of laundered money going into our property market. The banks would be responsible for the KYC rules. This would take the responsibility from the poor real estate agent, lawyers and accountants having to report “unusual behaviour “.

This growth of unnecessary oversight/intrusion has also infected the process of withdrawing cash from your own account at your bank branch. All (in they say) in the interests of protecting us from fraud.

Reminds me of the good old days. I was living in the US and had credit card statements mailed from my local branch in country NSW as the address field for credit cards didn't allow an overseas address. Eventually we were coming home and I noticed the card was going to expire around the same time, so I rang the bank branch(from the US) just to ask them to hang on to the new card and I would pick it up when I got back to Aus. She asked me a security question (date of birth) which they had the wrong date in their system! I said "but that's wrong, this is my date of birth" and she changed the date to the correct one. But it was a security question........ It helped, but also left me scratching my head!
The nanny state reminds me of a quote from Clive James where he said the problem is Australia was not that we were descended from convicts, but that we were descended from prison guards. Never thought of it that way before!

A similar, though not quite draconian experience with the NAB. My wife and I had to re-identify ourselves notwithstanding we are account holders for over 20 years. I used the NAB App but my wife who doesn't have the App had to stand in line at a branch.
However, threats to close our accounts continued through multiple texts and a letter. I had to resolve the matter by waiting in-line for a NAB call center (in India) response.
Outcome: resolved through the call center which indicated that the NAB had my information provided through the App but had not acted on it!
Irony: NAB has my email, mobile number and residential address and were able to contact me through multiple channels but claimed they did not know me and needed me to identify myself.

These stories take me back 23 yrs (client 38yrs at time) re o/seas account to choose time wished to transfer money re Xchange rate when rec'd 9 page form to 're-identify self', 4 yrs later same again, & 4 yrs later again re anti launder. No details changed, on 3rd time closed account. Then 2 yrs ago discovered as P of A for sister, account (same bank) used when travels there & withdraws holiday cash, closed without notice. I picked up on statement with large amount as 'Account Closure Balance', guessed probably lack of re-ID. Contacted together by mobile & she ID'd & I heard her answers, reason was as surmised, she client 67yrs. Sent all they wanted, she not received closing balance. Tried again 1yr ago, together on same mobile so number they have comes up same, her ID answers same but denied access to talk, did 2nd time, denied again. How is customer supposed to deal with when already sent what bank required? My P of A is not worth paper written on for them (or the rigmarole of at Aus banks too). Decided easier for Executor of her will to claim it re estate when that time comes. Lucky she not need funds but monstrous it's allowed to happen when not even an address change in 40yrs. Added problem is returned Divs etc as closed bank a/c, all have to be chased for which same over-protective procedures to be done with EACH investment all with the same stupidly long rules. Oddly, one with 50,000 odd balance in their Suspense A/c was easiest to sort but think as Unit Trust had closed they glad to have it claimed by sound of it but incurred legal cost of an actual original signed P of A from solicitor but had to be sent by post! If not me doing she would need professional help, on hours spent reckon would be about $10,000 so far.

I had the same issue, acting as an enduring power of attorney for my son who is also a Canadian citizen. Bank wanted every detail updated although none had changed. We spoke with the bank (together) while I was in Canada but that wasn't good enough. Complicating the issue is that in Canada an attorney witnesses a document without actually signing it on the same page, but issues a separate letter to verify that the details are correct. This was apparently above and beyond the Australian bank's ability to comprehend.
Long story short, it took months to verify that the details they already had were current and correct, not only wasting their time but causing great frustration to everyone.

Jill, read your comment with interest, thanks. As above per my experience, frightful re banks, share/other investment registries even tho been/am customer of same so easy ID with no details change for 30 yrs and 50 yrs for sister, but they don't take any of that into account re stuff like this for you, me or ID of the person we act for, or the Power of Attorney legally granted so what is the point of Power of Attorney? It's waste of time far as I can see re P of A, one might accept that?
I'm starting to think that noone in authority or Govt Depts who make the laws re this are as clever as the scammers as they can't seem to stay ahead of them & so the public suffers this way. And as a couple of comments indicate, there's fewer branches of banks to actually go in to, to personally give hard copies.
I'm not against banks as I invest in them but I think they have to invest in the best IT brains at high cost for us to get past this for them to be the most brilliant & ahead of scammers working in a dark room somwhere.
I don't care if they find the best illegally in a dark room somewhere, but let the banks do something to make it better for an ordinary, honest person dealing with a bank.

Probably no coincidence a promoted “Related Article” dated 23/10/24 concerns the ‘recent’ AFCA ruling forcing “for the first time” reimbursement by a bank of scammed funds ?

Hi Louis,
Would you care to advise, in broad terms, how you responded to CBA's intrusive and overreaching questions ?
It might give readers and other commenters some ideas about handling their own situations that mirror yours.

Not wanting apps due to being in our late 70's, we had to go to an NAB branch (only 1 in Adelaide CBD) and go through the process of re-identifying ourselves for our U Bank a/c. Waiting for Comm Bank to hassle us - and probably have to spend a long waiting time in one of their 2 CBD branches in Adelaide. Lodging a term deposit for a Car Club recently at Bank SA took several hours, with all signatories having to re-identify themselves. Left me standing for over an hour at one interview -no respect for Seniors.

Austrac's performance and effectiveness needs an in-depth review by the Productivity Commission or by a Parliamentary inquiry. How many criminals have been caught and what is the benefit? What are the full costs imposed on business and the community of this flawed enforcement model and organisation.

The consequences of how the model operates and its punitive enforcement approach with financial institutions should have been obvious. To minimize risk these companies apply procedures even when risk is absolutely minimal. This is senseless.

It is inefficient with significant costs for companies and even more so for individuals.

It is over regulation and helps to cover up Austrac's and the Governments own inadequacies, exemplified by how long Austrac took to look into what was happening with high rollers in casinos, and recognise or do something about the obvious criminal opportunities in the use bitcoin and other "currencies" .

And Phil is correct - it increases cyber crime risks to individuals.

My wife and I are in our seventies and about to transfer our SMSF investments to a Family Trust with a corporate trustee. We have made two trusted family members as directors of the trustee company to allow for easy transfer of management of these funds when it becomes necessary. Macquarie Bank and Bell Direct have put all of us into nearly two months of stress trying to satisfy all of their information and ID demands. As existing clients, we nevertheless had to start from scratch. Our family were put through the grill despite having no current control over the new accounts. Asking where we all got our wealth from is ridiculous. They rely on AI and too few staff who take a long time to respond to emails. We are glad to get this done now, as it would be impossible to sort out our affairs if we lose mental capacity or die suddenly.

I had a similar experience with Bank Australia who would not let me send money into an account at a crypto trading platform, so I could invest in some crypto currencies.
It’s completely dystopian and (again) Orwellian that a bank is trying. To control how I invest my money and what I do with my money. I felt like a child trying to justify to may parents how I spend my pocket money before they would give it to me.

If I had wanted to withdraw money to take to the casino, they would have had no issue, however.

What’s next? Will my bank decide that Woolworths is unethical and then disallow any transactions at Woolworths so I can’t shop there??

The level of “Nanny State” and institutional overreach has become absurd and concerning.

Josh - CBA just cost me $2,300 in lost profits because they wouldn’t let me invest in Bitcoin. I’m an accountant and tax agent. I am financially aware! Our banks have gone mad relying on AI or something. There is something very scary happening right now.

Is it drawing too long a bow to posit that maybe the banks are deliberately acting this way to try and place pressure on the Govt. I dare say they would rather not have to spend time and money in this space, so could be in a passive aggressive manner trying to engineer a backlash

I work in FinTech and are currently navigating KYC. I agree in Christopher’s instance that the business should have no concern over his cash as the cash is outside the bank-client relationship. Are they going to ask how much his wife’s jewellery cost? Thanks for naming and shaming. Makes me wonder why someone along the line at CBA didn’t question this overreach.

I have been through this with Commsec. Despite fully complying with their demands, we receive regular email and mail Final Notices demanding that we comply by a certain date or our shares will be placed into a suspense account and my HINs cancelled. I also have a small margin loan and the threat is the shares will be sold without notice and trigger CGT. We have large holdings including companies and a superfund so each demand triggers absolute panic. When I contact commsec each time I’m told that we have fully complied but the notices cannot be turned off in their system. Apparently, the original notice was never sent so we only had a short period to comply. I’m never going to be able to confidently take a holiday or turn off my devices again!

Pamela, thanks for sharing, concerned your comment re shares/HINs if time frame so short re hols. from devices( & business) as I do 1x/y, get local sim wherever am to read map and a book but admit peep at share price once/ wk for peace of mind on hols. Never been asked re-ID on my platform in 25yrs but could happen, thus took note of ur post. Off-piste a bit re article but relevant re banks' responsibilities to stay ahead of technology re ID & theft/scams, I avoid by not much in accounts after friend said about 20yrs ago re i/net banking in infancy comparing notes how manage affairs, he said "I keep mortgage with bank and cash needs under bed so none of MY money at bank can be stolen, only the bank's". Had no mortgage but thought how sensible to avoid theft & stress if occurs, sorted tiny mortgage enough for shares if price low so a place to transfer income leaving accounts empty to avoid theft, use only Cr card paid ex mortgage a/c due date. When mortgage $10 owed, start all over with a share lot or if tradie bill to pay. And on tradies, most behind times re what scams happen as found again today re payment after work done. I won't transfer large $$ unless a $10 test to verify account no. I'd offered prior deposit, they said no. Won't pay cash re tax avoidance, more importantly, work traceable if problem. Once offered new gardener not trusting me, dinner of Roast Lamb and night in spare room with TV til $10 test cleared if he wished. He scarpered! Know these articles serious but sometimes we need a laugh & I'd have never turned down a free Roast Lamb when I was young.

CBA is still dealing from the $700m fine from AUSTRAC. Their behaviour in relation to my (now deceased) brother was just as intrusive - there were a handful of overseas transactions that he had no idea about, but they accused him of all sorts of things and closed his accounts immediately - absolute barstrardy. This is nothing more than overreach and when you go to the AUSTRAC website it shows quite clearly that there is no need for this action. I am continually harassed by NAB to provide identity details that they have been provided with on several previous occasions - these people are running scared or are morons - you choose!

And of course it risks unauthorised staff access who can sell data to crims for home invasions.

Phil, we never hear if that has occurred as would taint company image. I disapprove of agency staff being used in companies with millions of customers-- banks, airlines, M/care, phone companies, insurance companies etc if require access to customer details to do the job, and of work-from-home if allowed for permanent workers in some positions. Prefer to put up with slower but safe service if short of staff but be served by permanent staff members who passed in-house ID checks and not those which may have been sub-ied out by an agency.