Compliance lessons: U.S. Senate report on HSBC AML failings

By Guest Contributor
July 20, 2012

By Susannah Hammond

LONDON/NEW YORK, July 20 (Thomson Reuters Accelus) - The United States Senate Permanent Sub-Committee on Investigations has published a report into U.S. Vulnerabilities to Money Laundering, Drugs, and Terrorist Financing using HSBC Group plc as a case history. The report does not detail enforcement action taken, though there are several likely fines being considered by a number of U.S. authorities regarding HSBC’s anti-money laundering (AML) failings; it is however a valuable insight into the operations and associated compliance, risk and AML issues arising in a global financial services firm. The detailed 300 page plus report makes a number of findings of fact, offers opinions and comment throughout and makes 10 recommendations, some aimed at HSBC and some aimed at the Office of the Comptroller of the Currency (OCC) which is HSBC’s regulator for AML in the U.S. HSBC is recommended to:

  • Screen high risk affiliates
  • Respect the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) prohibitions
  • Close accounts for banks with terrorist financing links.
  • Revamp travellers cheque AML controls
  • Boost information sharing among affiliates
  • Eliminate bearer share accounts, and
  • Increase AML resources.

The OCC is recommended to

  • Change its supervisory approach to AML deficiencies and align its practice with that of other federal bank regulators by treating AML deficiencies as a “safety and soundness” issue, rather than a consumer compliance matter
  • Act on multiple AML problems by establishing a policy directing the Supervision Division to coordinate with the Enforcement and Legal Divisions to conduct an institution-wide examination of a bank’s AML program and consider use of formal or informal enforcement actions, whenever a certain number of “matters requiring attention” or legal violations identifying recurring or mounting AML problems are found through examinations.
  • Strengthen AML examinations by citing AML violations, rather than just matters requiring attention, when a bank fails to meet any one of the statutory minimum requirements for an AML program, and, in addition, by requiring AML examinations to focus on both specific business units and a bank’s AML program as a whole.

Overall, from the Senate Committee’s report using HSBC’s approach to AML as a case study there are a number of compliance lessons for firms, both large and small, to consider.


HSBC is one of the biggest and most geographically diverse financial institutions in the world which has grown organically and by purchasing other firms. By most standards the business is complex. Complexity is not, in and of itself, a problem but it becomes an issue when the systems and controls infrastructure is not sufficiently well designed or resourced to manage the complexity effectively. A key element of system and controls is well resourced risk, compliance and AML functions which have sufficient specifically skilled employees deployed with appropriate authority to act. The report shows that HSBC sought for instance to cut costs, including AML and compliance costs, while the business was growing leaving AML and other risks unmanaged. In a similar vein HSBC bought a bank in Mexico which had “no functioning compliance programme”.

The bank in Mexico was known to be a high-risk entity in a high-risk jurisdiction but despite the fact it took more than three years and repeated attempts to introduce an appropriate control framework, HSBC’s Mexican bank was treated as low risk for AML purposes. Enormous volumes of business (the focus of the report being U.S. dollar-denominated business) flowed in and out of the various HSBC group entities around the world but it would appear that the sheer size and complexity of the business hindered a clear line of sight to both identifying risks themselves and then the ability to manage or offset those risks.

Firms need to ensure that no matter how large or geographically diverse the business becomes that risk management does not suffer. Further, given the speed of risk contagion, it is critical that firms are able to evidence to their supervisors that all potentially significant risks remain identified, managed and followed up no matter where in the world they arise.


In many ways culture and complexity are linked — a strong compliance culture would not permit a firm to become so complex that it out grew an appropriate systems and controls infrastructure. Throughout the report compliance issues are highlighted which call in to question the standing of the risk, compliance and AML functions within HSBC.

A U.S. compliance officer was exited for requesting additional resources, compliance and AML efficacy in Mexico was questioned while the local chief executive officer was promoted, HSBC group compliance appear to have only been able to give “advice” rather than to instruct action to be taken, inexperienced compliance officers were knowingly appointed to key roles, consultants were relied on to fill compliance knowledge gaps, when instructions to say close accounts were given it often took months to implement and issues highlighted by the OCC were repeatedly not remediated, to name but a few.

While the report gives selected highlights it paints a picture of a business where compliance was knowingly poorly resourced in terms of skills and numbers, the business routinely over-ruled risk-based decisions and a “please the client” approach was paramount. It is perhaps also telling that the head of group compliance at HSBC resigned during the Senate hearing which accompanied the publication of the report. This is not to say that HSBC took a decision to be deliberately non-compliant but rather that there would appear to have been more focus on keeping clients happy rather than promoting a compliant culture uniformly throughout the firm

Following the financial crisis and with regulators themselves under increasing pressure all financial services firms need to be able to demonstrate consistently that they have not only understood their regulatory obligations but have complied with them. Around the world regulatory obligations are not limited to knowledge of a particular rule-book but require sufficient skilled risk, compliance and AML resources, a strong, management-led compliance culture as well as the diligent follow up of any and all remedial actions found to be required. In a big complex firm this is easier said than done but it should be seen as nothing less than a core competency.


The report itself recommends that HSBC affiliates share more information amongst themselves and while this is specifically in the context of data on high AML risk clients and accounts the recommendation holds true in a much wider context. HSBC is one of the 29 globally systemically important financial institutions (G-SIFIs) as named by the Financial Stability Board (FSB) in November 2011. G-SIFI is not just about the management of the too-big-to-fail issue but also formalizing the development of international regulatory cooperation and data sharing. In simple terms, a key feature of the FSB’s work has been to open and encourage communication channels so that regulators around the world can share data on G-SIFIs operating in their jurisdictions and then use that shared pool of knowledge to better inform their local supervisory approach, including any additional prudential measures required.

It is more than likely that in future regulators will seek to share data at an early stage and then also seek to act on it in a coordinated manner. All firms and particularly those which are deemed to be G-SIFIs need to be aware of the genuine costs of widespread non-compliance. Whereas in the past regulatory issues and concerns could often be limited to and dealt with domestically, the contagion risk within global financial services firm groups seen at the height of the financial crisis has meant that the future will be one of supervisory sharing across borders.

This change in supranational supervisory approach should also drive a change in the dynamic of the governance and compliance of global firms themselves. In contrast to the report’s findings which found an approach which was “left in the dark by own colleagues” and sharing to be “guarded rather than automatic”, policies should be implemented, evidenced and controlled carefully whereby any, and all, substantive discussions with and information submissions to local regulators are shared within the global firm. This routine sharing should go down to the level of risk alerts regarding clients, accounts and products and should expressly include the closure of a business relationship for any kind of risk-related reason.

One global standard

In April 2012, HSBC announced internally the intention of the bank to use the highest global compliance standards for every HSBC affiliate. The internal note stated: “We must adopt and enforce the adherence to a single standard globally that is determined by the highest standard we must apply anywhere. Often, this will mean adhering globally to U.S. regulatory standards, but to the extent another jurisdiction requires higher standards, then that jurisdiction’s requirements must shape our global standard.”

In the view of the report the new approach “could represent a groundbreaking approach for the bank if it, in fact, pushes its affiliates toward uniform and high compliance standards.”

As a G-SIFI and as a truly global firm, HSBC’s decision to launch a single standard for compliance based on the highest standards around the world is ambitious but, if executed well, could set the benchmark for all G-SIFIs. Other firms which operate in a number of jurisdictions would be well advised to consider the ramifications of adopting a similar approach and should be prepared to discuss the concept with local regulators.

Regulatory forbearance

Undue regulatory forbearance or the lack of will by regulators to act, for whatever reason, has featured prominently in discussions of the supervisory response to the financial crisis. It has also featured heavily in the Senate committee’s report which criticized in detail both the OCC’s approach to and execution of AML supervision with regard to HSBC in the U.S. It is clear that undue regulatory forbearance helps no one — not the firm, not the regulator and not the jurisdiction in which compliance failings persist.

All firms should be aware that there is likely to be much less regulatory forbearance in future. Regulators are not only likely to insist on higher-quality and more detailed evidence to demonstrate how issues have been resolved on a timely basis but also to consider any issues found in a wider context. Firms need to ensure that they are geared up to respond to an increasingly intrusive and intensive supervisory approach. Having been criticized themselves, regulators are much less likely to be tolerant of any instances of repeat issues being found or lack of skilled dedicated compliance resources to be in place.

Regulatory investigations

The scale of the U.S. Senate’s investigation is sweeping and a clear warning of a willingness to deploy substantial resources to consider risk, compliance and AML issues. During the course of the investigation multiple subpoenas were issued and more than 1.4 million documents were collected and reviewed including bank records, correspondence, emails, and legal pleadings. More than 75 interviews were conducted with officials at HSBC as well as with U.S. banking regulators. In addition, numerous briefings from HSBC legal counsel were received, inquiries with foreign banks initiated and experts on AML and terrorist financing issues consulted. It is to HSBC’s credit that it produced documentation and witnesses from around the world, including in particular documents for which it could have claimed privilege.

HSBC has again set another potential benchmark for other firms with regard to cross-border regulatory investigations. The FSB’s expectations with regard to regulators sharing knowledge amongst themselves is one thing but for a firm to cooperate so fully with an inquiry that it effectively waives privilege on a global basis has set a regulatory expectation for the future behaviour of other firms. While there are occasional redactions in the evidence referred to in the report it is clear that the HSBC handed over vast swathes of relevant information even when it did not paint the bank in a favourable light. Firms will need to factor in the impact of HSBC’s approach when setting their own strategy for responding to regulatory or other similar inquiries.

(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. <a href=” ions/regulatory-intelligence/compliance- complete/” target=_new”>Compliance Complete</a> provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 230 regulators and exchanges.)

(Susannah Hammond is a regulatory intelligence expert in the Compliance, Audit and Risk division of Thomson Reuters Governance Risk and Compliance; the views expressed are her own.)


We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see

There are actually numerous particulars like that to take into consideration. That is a great level to deliver up. I supply the ideas above as general inspiration but clearly there are questions like the one you carry up the place crucial thing might be working in sincere good faith. I don?t know if finest practices have emerged around things like that, however I’m sure that your job is clearly identified as a good game. Each boys and girls feel the impression of only a second’s pleasure, for the rest of their lives.

I’d like to thank you for the efforts you’ve put in penning this blog. I am hoping to check out the same high-grade content by you in the future as well. In fact, your creative writing abilities has encouraged me to get my own blog now ;)|

Wow, amazing blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your site is excellent, as well as the content!|

I always used to study article in news papers but now as I am a user of net therefore from now I am using net for articles or reviews, thanks to web.|

hi!,I really like your writing very so much! share we keep up a correspondence more approximately your article on AOL? I need a specialist on this area to resolve my problem. May be that is you! Looking ahead to see you. |

Yes! Finally something about %keyword1%.|

Saved as a favorite, I love your site!|

Ahaa, its fastidious discussion regarding this paragraph here at this webpage, I have read all that, so at this time me also commenting at this place.|

I got this web page from my pal who told me about this website and at the moment this time I am visiting this site and reading very informative content here.|

Wow! This could be one particular of the most beneficial blogs We have ever arrive across on this subject. Basically Fantastic. I am also a specialist in this topic therefore I can understand your hard work.

Great weblog here! Also your website quite a bit up fast! What web host are you the use of? Can I am getting your affiliate hyperlink in your host? I desire my site loaded up as quickly as yours lol

I¡¦ve learn a few excellent stuff here. Definitely price bookmarking for revisiting. I surprise how so much attempt you put to make one of these excellent informative website.

I really wanted to compose a brief word to express gratitude to you for those magnificent facts you are showing at this site. My particularly long internet lookup has at the end of the day been compensated with wonderful tips to share with my great friends. I ‘d assume that many of us readers are extremely endowed to live in a perfect place with very many special people with beneficial hints. I feel very much privileged to have encountered the webpages and look forward to really more excellent times reading here. Thanks once more for a lot of things.

I¡¦ve read a few excellent stuff here. Certainly value bookmarking for revisiting. I wonder how so much effort you set to make this sort of great informative web site.

I would like to express my thanks to the writer just for bailing me out of this incident. Because of surfing through the the web and meeting thoughts which were not pleasant, I believed my life was gone. Existing without the answers to the problems you have fixed as a result of this blog post is a serious case, as well as the ones that could have adversely damaged my career if I had not encountered your web site. Your personal understanding and kindness in handling every item was excellent. I’m not sure what I would have done if I had not encountered such a solution like this. It’s possible to at this moment look forward to my future. Thanks so much for the expert and sensible guide. I will not be reluctant to refer your web page to any individual who ought to have care about this problem.

Thankfulness to my father who told me regarding this website, this web site is genuinely amazing.|

I like the helpful info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I’m quite certain I will learn lots of new stuff right here! Good luck for the next!

I have recently started a website, the information you offer on this site has helped me tremendously. Thanks for all of your time & work.

you’re in point of fact a excellent webmaster. The web site loading pace is incredible. It kind of feels that you’re doing any unique trick. Also, The contents are masterwork. you have done a wonderful process in this subject!

I wanted to post a small comment so as to appreciate you for all the amazing techniques you are sharing on this site. My rather long internet lookup has finally been recognized with incredibly good facts to exchange with my great friends. I ‘d declare that many of us website visitors actually are undeniably blessed to dwell in a great website with many lovely individuals with insightful points. I feel extremely happy to have discovered the site and look forward to many more thrilling times reading here. Thanks again for all the details.

This is very interesting, You are a very skilled blogger. I have joined your rss feed and look forward to seeking more of your fantastic post. Also, I’ve shared your web site in my social networks!

Have you ever thought about publishing an e-book or guest authoring on other websites? I have a blog based upon on the same ideas you discuss and would love to have you share some stories/information. I know my audience would appreciate your work. If you’re even remotely interested, feel free to shoot me an email.|

Every weekend i used to pay a visit this web site, for the reason that i want enjoyment, as this this web page conations in fact good funny material too.|

I am regular visitor, how are you everybody? This paragraph posted at this web page is genuinely fastidious.|

Posted by search engine optimization | Report as abusive

Wow! This can be one particular of the most useful blogs We’ve ever arrive across on this subject. Actually Wonderful. I am also a specialist in this topic so I can understand your hard work.

I¡¦ll right away grab your rss feed as I can not find your e-mail subscription hyperlink or e-newsletter service. Do you have any? Kindly permit me recognise so that I may just subscribe. Thanks.

Thank you for sharing excellent informations. Your website is very cool. I am impressed by the details that you¡¦ve on this website. It reveals how nicely you perceive this subject. Bookmarked this website page, will come back for extra articles. You, my pal, ROCK! I found just the info I already searched everywhere and simply couldn’t come across. What a perfect site.

Unquestionably believe that which you said. Your favorite justification seemed to be on the internet the simplest thing to be aware of. I say to you, I definitely get annoyed while people think about worries that they plainly do not know about. You managed to hit the nail upon the top and defined out the whole thing without having side effect , people could take a signal. Will likely be back to get more. Thanks

This is really interesting, You are a very skilled blogger. I have joined your rss feed and look forward to seeking more of your fantastic post. Also, I’ve shared your web site in my social networks!

I have been browsing online more than 3 hours these days, but I by no means found any interesting article like yours. It is beautiful worth sufficient for me. In my opinion, if all webmasters and bloggers made good content as you did, the web will probably be a lot more helpful than ever before.

you are in reality a good webmaster. The web site loading speed is incredible. It sort of feels that you’re doing any unique trick. Moreover, The contents are masterwork. you’ve performed a excellent process in this topic!

I have been reading out many of your stories and i can state nice stuff. I will definitely bookmark your website.

whoah this weblog is wonderful i love reading your posts. Stay up the good paintings! You recognize, many persons are looking round for this info, you can help them greatly.

I get pleasure from, lead to I discovered just what I was looking for. You’ve ended my 4 day long hunt! God Bless you man. Have a nice day. Bye

I think this is among the most significant info for me. And i’m glad reading your article. But want to remark on some general things, The web site style is ideal, the articles is really nice : D. Good job, cheers

Great article and straight to the point. I am not sure if this is in fact the best place to ask but do you people have any ideea where to employ some professional writers? Thx :)

I carry on listening to the news bulletin lecture about getting free online grant applications so I have been looking around for the top site to get one. Could you advise me please, where could i get some?

Hello, you used to write excellent, but the last several posts have been kinda boring¡K I miss your great writings. Past few posts are just a little out of track! come on!

Wow! This can be one particular of the most beneficial blogs We’ve ever arrive across on this subject. Actually Magnificent. I’m also a specialist in this topic so I can understand your hard work.

Thanks for some other informative site. The place else may just I get that type of info written in such an ideal method? I’ve a undertaking that I’m simply now running on, and I have been at the glance out for such info.|

Aw, this was a really nice post. In thought I want to put in writing like this additionally – taking time and precise effort to make a very good article… however what can I say… I procrastinate alot and on no account seem to get one thing done.