APRA and AUSTRAC have acted after an independent review uncovered significant deficiencies in Bendigo Bank’s risk management and AML controls.
The regulators have announced coordinated actions after an independent review uncovered significant deficiencies in Bendigo and Adelaide Bank’s money laundering and broader non-financial risk management practices.
The review by Deloitte followed suspected money laundering at a Bendigo Bank branch, which the bank reported to AUSTRAC.
Deloitte’s findings pointed to substantial shortcomings in the bank’s identification, mitigation and management of money laundering and terrorism financing risk.
Bendigo Bank responded to Deloitte’s findings in an ASX note released on 25 November 2025, stating the bank’s board was “very disappointed with the findings and is fully committed to ensuring that the Bank undertakes the necessary enhancements to its systems, processes and frameworks to ensure it is fully compliant with its obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)”.
The review focused on activity within the branch between 1 August 2019 and 1 August 2025.
In a statement released on the ASX today, Bendigo Bank said it will “continue to engage constructively with AUSTRAC”.
“The bank continues to work on uplifting its approach to risk management, in particular non-financial risk and acknowledges the need to intensify its efforts.”
Bendigo Bank chair, Vicki Carter, said the bank recognises that “robust risk management practices are critically important to ensure the bank can continue to protect its customers and deliver on its purpose of feeding into the prosperity of customers and communities”.
CEO and managing director, Richard Fennell, said the banks has taken a number of steps toward improving risk capabilities over the last 12 months.
“…however I recognise the need to intensify our focus and our efforts,” Fennell added.
APRA stated it was concerned the weaknesses may extend across the bank’s operations, with AUSTRAC sharing this view.
As a result, APRA will require Bendigo Bank to undertake a root cause analysis to assess the extent of non-financial risk management issues beyond money laundering and terrorism financing.
APRA will also impose a $50 million operational risk capital add-on, while AUSTRAC has commenced an enforcement investigation into the bank’s compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
APRA chair John Lonsdale said: “Although Bendigo and Adelaide Bank is financially sound and comfortably above its core capital and liquidity requirements, we are concerned there may be significant gaps in its risk management framework that need to be addressed urgently.
“While the non-financial risk, anti-money laundering spaces are a priority in light of the recent independent report, APRA is concerned that similar weaknesses may exist across the bank.
“The measures we are announcing today alongside AUSTRAC aim to ensure that fundamental deficiencies in
Bendigo Bank’s risk management framework are identified and addressed and those responsible are held to account as appropriate.”
AUSTRAC acting CEO Katie Miller said AUSTRAC has been closely monitoring the bank’s compliance with its AML/CTF obligations.
“This enforcement investigation follows supervisory engagement with Bendigo Bank and the bank’s recent disclosure of deficiencies in its approach to the identification, mitigation, and management of money laundering and terrorism financing risks,” she said.
“Our investigation will examine Bendigo Bank’s compliance with the AML/CTF Act and inform any further AUSTRAC action.”
APRA said the capital add-on will remain until Bendigo Bank completes remedial measures and addresses broader concerns to the regulator’s satisfaction.
The agencies said today’s actions do not preclude further steps being taken in the future.
