Compliance lessons: U.S. Senate report on HSBC AML failings

By Guest Contributor
July 20, 2012

By Susannah Hammond

LONDON/NEW YORK, July 20 (Thomson Reuters Accelus) - The United States Senate Permanent Sub-Committee on Investigations has published a report into U.S. Vulnerabilities to Money Laundering, Drugs, and Terrorist Financing using HSBC Group plc as a case history. The report does not detail enforcement action taken, though there are several likely fines being considered by a number of U.S. authorities regarding HSBC’s anti-money laundering (AML) failings; it is however a valuable insight into the operations and associated compliance, risk and AML issues arising in a global financial services firm. The detailed 300 page plus report makes a number of findings of fact, offers opinions and comment throughout and makes 10 recommendations, some aimed at HSBC and some aimed at the Office of the Comptroller of the Currency (OCC) which is HSBC’s regulator for AML in the U.S. HSBC is recommended to:

  • Screen high risk affiliates
  • Respect the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) prohibitions
  • Close accounts for banks with terrorist financing links.
  • Revamp travellers cheque AML controls
  • Boost information sharing among affiliates
  • Eliminate bearer share accounts, and
  • Increase AML resources.

The OCC is recommended to

  • Change its supervisory approach to AML deficiencies and align its practice with that of other federal bank regulators by treating AML deficiencies as a “safety and soundness” issue, rather than a consumer compliance matter
  • Act on multiple AML problems by establishing a policy directing the Supervision Division to coordinate with the Enforcement and Legal Divisions to conduct an institution-wide examination of a bank’s AML program and consider use of formal or informal enforcement actions, whenever a certain number of “matters requiring attention” or legal violations identifying recurring or mounting AML problems are found through examinations.
  • Strengthen AML examinations by citing AML violations, rather than just matters requiring attention, when a bank fails to meet any one of the statutory minimum requirements for an AML program, and, in addition, by requiring AML examinations to focus on both specific business units and a bank’s AML program as a whole.

Overall, from the Senate Committee’s report using HSBC’s approach to AML as a case study there are a number of compliance lessons for firms, both large and small, to consider.


HSBC is one of the biggest and most geographically diverse financial institutions in the world which has grown organically and by purchasing other firms. By most standards the business is complex. Complexity is not, in and of itself, a problem but it becomes an issue when the systems and controls infrastructure is not sufficiently well designed or resourced to manage the complexity effectively. A key element of system and controls is well resourced risk, compliance and AML functions which have sufficient specifically skilled employees deployed with appropriate authority to act. The report shows that HSBC sought for instance to cut costs, including AML and compliance costs, while the business was growing leaving AML and other risks unmanaged. In a similar vein HSBC bought a bank in Mexico which had “no functioning compliance programme”.

The bank in Mexico was known to be a high-risk entity in a high-risk jurisdiction but despite the fact it took more than three years and repeated attempts to introduce an appropriate control framework, HSBC’s Mexican bank was treated as low risk for AML purposes. Enormous volumes of business (the focus of the report being U.S. dollar-denominated business) flowed in and out of the various HSBC group entities around the world but it would appear that the sheer size and complexity of the business hindered a clear line of sight to both identifying risks themselves and then the ability to manage or offset those risks.

Firms need to ensure that no matter how large or geographically diverse the business becomes that risk management does not suffer. Further, given the speed of risk contagion, it is critical that firms are able to evidence to their supervisors that all potentially significant risks remain identified, managed and followed up no matter where in the world they arise.


In many ways culture and complexity are linked — a strong compliance culture would not permit a firm to become so complex that it out grew an appropriate systems and controls infrastructure. Throughout the report compliance issues are highlighted which call in to question the standing of the risk, compliance and AML functions within HSBC.

A U.S. compliance officer was exited for requesting additional resources, compliance and AML efficacy in Mexico was questioned while the local chief executive officer was promoted, HSBC group compliance appear to have only been able to give “advice” rather than to instruct action to be taken, inexperienced compliance officers were knowingly appointed to key roles, consultants were relied on to fill compliance knowledge gaps, when instructions to say close accounts were given it often took months to implement and issues highlighted by the OCC were repeatedly not remediated, to name but a few.

While the report gives selected highlights it paints a picture of a business where compliance was knowingly poorly resourced in terms of skills and numbers, the business routinely over-ruled risk-based decisions and a “please the client” approach was paramount. It is perhaps also telling that the head of group compliance at HSBC resigned during the Senate hearing which accompanied the publication of the report. This is not to say that HSBC took a decision to be deliberately non-compliant but rather that there would appear to have been more focus on keeping clients happy rather than promoting a compliant culture uniformly throughout the firm

Following the financial crisis and with regulators themselves under increasing pressure all financial services firms need to be able to demonstrate consistently that they have not only understood their regulatory obligations but have complied with them. Around the world regulatory obligations are not limited to knowledge of a particular rule-book but require sufficient skilled risk, compliance and AML resources, a strong, management-led compliance culture as well as the diligent follow up of any and all remedial actions found to be required. In a big complex firm this is easier said than done but it should be seen as nothing less than a core competency.


The report itself recommends that HSBC affiliates share more information amongst themselves and while this is specifically in the context of data on high AML risk clients and accounts the recommendation holds true in a much wider context. HSBC is one of the 29 globally systemically important financial institutions (G-SIFIs) as named by the Financial Stability Board (FSB) in November 2011. G-SIFI is not just about the management of the too-big-to-fail issue but also formalizing the development of international regulatory cooperation and data sharing. In simple terms, a key feature of the FSB’s work has been to open and encourage communication channels so that regulators around the world can share data on G-SIFIs operating in their jurisdictions and then use that shared pool of knowledge to better inform their local supervisory approach, including any additional prudential measures required.

It is more than likely that in future regulators will seek to share data at an early stage and then also seek to act on it in a coordinated manner. All firms and particularly those which are deemed to be G-SIFIs need to be aware of the genuine costs of widespread non-compliance. Whereas in the past regulatory issues and concerns could often be limited to and dealt with domestically, the contagion risk within global financial services firm groups seen at the height of the financial crisis has meant that the future will be one of supervisory sharing across borders.

This change in supranational supervisory approach should also drive a change in the dynamic of the governance and compliance of global firms themselves. In contrast to the report’s findings which found an approach which was “left in the dark by own colleagues” and sharing to be “guarded rather than automatic”, policies should be implemented, evidenced and controlled carefully whereby any, and all, substantive discussions with and information submissions to local regulators are shared within the global firm. This routine sharing should go down to the level of risk alerts regarding clients, accounts and products and should expressly include the closure of a business relationship for any kind of risk-related reason.

One global standard

In April 2012, HSBC announced internally the intention of the bank to use the highest global compliance standards for every HSBC affiliate. The internal note stated: “We must adopt and enforce the adherence to a single standard globally that is determined by the highest standard we must apply anywhere. Often, this will mean adhering globally to U.S. regulatory standards, but to the extent another jurisdiction requires higher standards, then that jurisdiction’s requirements must shape our global standard.”

In the view of the report the new approach “could represent a groundbreaking approach for the bank if it, in fact, pushes its affiliates toward uniform and high compliance standards.”

As a G-SIFI and as a truly global firm, HSBC’s decision to launch a single standard for compliance based on the highest standards around the world is ambitious but, if executed well, could set the benchmark for all G-SIFIs. Other firms which operate in a number of jurisdictions would be well advised to consider the ramifications of adopting a similar approach and should be prepared to discuss the concept with local regulators.

Regulatory forbearance

Undue regulatory forbearance or the lack of will by regulators to act, for whatever reason, has featured prominently in discussions of the supervisory response to the financial crisis. It has also featured heavily in the Senate committee’s report which criticized in detail both the OCC’s approach to and execution of AML supervision with regard to HSBC in the U.S. It is clear that undue regulatory forbearance helps no one — not the firm, not the regulator and not the jurisdiction in which compliance failings persist.

All firms should be aware that there is likely to be much less regulatory forbearance in future. Regulators are not only likely to insist on higher-quality and more detailed evidence to demonstrate how issues have been resolved on a timely basis but also to consider any issues found in a wider context. Firms need to ensure that they are geared up to respond to an increasingly intrusive and intensive supervisory approach. Having been criticized themselves, regulators are much less likely to be tolerant of any instances of repeat issues being found or lack of skilled dedicated compliance resources to be in place.

Regulatory investigations

The scale of the U.S. Senate’s investigation is sweeping and a clear warning of a willingness to deploy substantial resources to consider risk, compliance and AML issues. During the course of the investigation multiple subpoenas were issued and more than 1.4 million documents were collected and reviewed including bank records, correspondence, emails, and legal pleadings. More than 75 interviews were conducted with officials at HSBC as well as with U.S. banking regulators. In addition, numerous briefings from HSBC legal counsel were received, inquiries with foreign banks initiated and experts on AML and terrorist financing issues consulted. It is to HSBC’s credit that it produced documentation and witnesses from around the world, including in particular documents for which it could have claimed privilege.

HSBC has again set another potential benchmark for other firms with regard to cross-border regulatory investigations. The FSB’s expectations with regard to regulators sharing knowledge amongst themselves is one thing but for a firm to cooperate so fully with an inquiry that it effectively waives privilege on a global basis has set a regulatory expectation for the future behaviour of other firms. While there are occasional redactions in the evidence referred to in the report it is clear that the HSBC handed over vast swathes of relevant information even when it did not paint the bank in a favourable light. Firms will need to factor in the impact of HSBC’s approach when setting their own strategy for responding to regulatory or other similar inquiries.

(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. <a href=” ions/regulatory-intelligence/compliance- complete/” target=_new”>Compliance Complete</a> provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 230 regulators and exchanges.)

(Susannah Hammond is a regulatory intelligence expert in the Compliance, Audit and Risk division of Thomson Reuters Governance Risk and Compliance; the views expressed are her own.)


We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see

Incredible quest there. What occurred after? Take care!|

This is really interesting, You are a very skilled blogger. I have joined your rss feed and look forward to seeking more of your fantastic post. Also, I’ve shared your site in my social networks!

I do consider all the ideas you have offered on your post. They’re very convincing and can certainly work. Nonetheless, the posts are very short for beginners. Could you please lengthen them a bit from subsequent time? Thank you for the post.

Touche. Sound arguments. Keep up the great spirit.|

Hello! Do you know if they make any plugins to help with SEO? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results. If you know of any please share. Thanks!|

I simply could not go away your site before suggesting that I extremely loved the usual info a person provide in your visitors? Is going to be back continuously in order to inspect new posts

Excellent weblog right here! Additionally your site loads up fast! What host are you using? Can I get your affiliate hyperlink in your host? I wish my site loaded up as quickly as yours lol

I precisely needed to thank you very much again. I’m not certain what I might have created in the absence of the type of information shared by you over this topic. It had been an absolute troublesome situation in my opinion, but witnessing this expert mode you treated the issue took me to leap with gladness. I’m just happier for this information and even believe you really know what a powerful job your are putting in educating many people thru your blog post. I am certain you have never come across all of us.

Good post. I will be dealing with some of these issues as well..|

This is a very good tip especially to those new to the blogosphere. Simple but very precise information… Many thanks for sharing this one. A must read post!|

I don’t even know the way I ended up right here, but I thought this post was great. I don’t realize who you are however certainly you’re going to a famous blogger when you are not already. Cheers!|

I keep listening to lotopyeer the news speak about getting free online grant applications so I have been looking around for the most excellent site to get one. Could you tell me please, where could i find some?

As a Newbie, I am permanently exploring online for articles that can be of assistance to me. Thank you

This piece of writing will assist the internet visitors for setting up new web site or even a blog from start to end.|

My brother recommended I might like this web site. He was totally right. This post actually made my day. You cann’t imagine simply how much time I had spent for this information! Thanks!

I wish to voice my admiration for your generosity in support of those people that have the need for help with your content. Your very own dedication to passing the message across turned out to be extraordinarily invaluable and have regularly helped men and women like me to reach their goals. Your amazing warm and helpful suggestions indicates much a person like me and additionally to my mates. Thanks a lot; from everyone of us.

Usually I do not read article on blogs, however I wish to say that this write-up very pressured me to try and do so! Your writing style has been surprised me. Thanks, very nice post.

I like the helpful information you provide in your articles. I’ll bookmark your weblog and check again here regularly. I’m quite sure I’ll learn many new stuff right here! Good luck for the next!

I think this is among the most important information for me. And i’m glad reading your article. But wanna remark on few general things, The site style is wonderful, the articles is really great : D. Good job, cheers

It¡¦s really a nice and helpful piece of information. I am happy that you shared this useful information with us. Please stay us up to date like this. Thanks for sharing.

Thanks , I’ve just been searching for info about this topic for a long time and yours is the best I have discovered till now. But, what in regards to the bottom line? Are you sure concerning the source?

Definitely believe that which you said. Your favorite justification appeared to be on the internet the easiest thing to be aware of. I say to you, I definitely get annoyed while people consider worries that they just don’t know about. You managed to hit the nail upon the top as well as defined out the whole thing without having side-effects , people can take a signal. Will likely be back to get more. Thanks

You could definitely see your expertise within the paintings you write. The sector hopes for more passionate writers like you who are not afraid to mention how they believe. All the time go after your heart.

For hottest news you have to go to see world-wide-web and on the web I found this web page as a best web site for most recent updates.|

My brother recommended I would possibly like this web site. He was entirely right. This publish actually made my day. You can not imagine simply how much time I had spent for this information! Thank you!|

Wow, this paragraph is pleasant, my sister is analyzing such things, so I am going to inform her.|

Nice post. I study one thing more challenging on totally different blogs everyday. It is going to all the time be stimulating to learn content material from other writers and apply a bit of something from their store. I’d prefer to use some with the content on my weblog whether or not you don’t mind. Natually I’ll give you a link on your net blog. Thanks for sharing.

I am no longer positive the place you’re getting your info, but great topic. I must spend some time studying much more or understanding more. Thanks for great info I was in search of this information for my mission.

Hey, you used to write fantastic, but the last several posts have been kinda boring¡K I miss your great writings. Past few posts are just a little bit out of track! come on!

You can definitely see your skills within the work you write. The world hopes for more passionate writers such as you who aren’t afraid to mention how they believe. All the time go after your heart.

I as well as my buddies happened to be following the good ideas on your website and so then developed an awful suspicion I never expressed respect to the web blog owner for those strategies. Most of the men were definitely consequently passionate to see all of them and have in effect certainly been taking advantage of these things. Thanks for actually being considerably thoughtful and then for picking such cool areas most people are really desirous to understand about. Our honest regret for not expressing gratitude to earlier.

You completed a few good points there. I did a search on the topic and found a good number of folks will have the same opinion with your blog.

hello!,I really like your writing so much! proportion we keep up a correspondence more approximately your article on AOL? I require a specialist on this house to resolve my problem. Maybe that is you! Taking a look forward to see you. |

I would like to convey my love for your generosity supporting all those that require guidance on that content. Your very own dedication to passing the solution along turned out to be exceptionally beneficial and has all the time permitted girls much like me to reach their endeavors. Your entire important help denotes a whole lot a person like me and still more to my office workers. Thanks a ton; from all of us.

Attractive section of content. I just stumbled upon your web site and in accession capital to assert that I acquire actually enjoyed account your blog posts. Any way I will be subscribing to your augment and even I achievement you access consistently quickly.

Hello, i think that i saw you visited my web site so i came to “return the favor”.I am attempting to find things to improve my website!I suppose its ok to use a few of your ideas!!