Failed Compliance and False Comfort -- Unwarranted Reliance on Corporate Affiliates and Anti-Money Laundering Risks: The HSBC Case Study

Alerts / January 13, 2011

This fall, HSBC Bank USA, N.A. (“HSBC USA” or the “Bank”) entered into a cease and desist order (the “Order”) with the Office of the Comptroller of the Currency (“OCC”) ending the regulator’s examination and investigation of HSBC USA’s Bank Secrecy Act (“BSA”) and anti-money laundering (“AML”) compliance programs. The OCC’s examination and investigation revealed widespread deficiencies in BSA/AML compliance in several of HSBC USA’s businesses related to wire transfers, payment systems and bulk cash transactions. The examination and investigation also found that the Bank failed to timely “disposition” or resolve transaction monitoring alerts. Ultimately, the OCC concluded that HSBC USA’s deficiencies constituted a BSA/AML program violation under 12 U.S.C. § 1818(s) and 12 C.F.R. § 21.21 relating to maintaining an adequate BSA compliance program; 12 C.F.R. § 21.11 regarding filing suspicious activity reports; and 31 U.S.C. § 5318(i) and 31 C.F.R. § 103.176 regarding correspondent banking.

While many commentators expected that this investigation would result in the largest fine against a bank in U.S. history,[1] HSBC USA so far has escaped without any monetary penalties. However, the OCC required HSBC USA to undertake a broad remediation, including changing the structure of its Board of Directors, hiring a new BSA Officer, conducting a look back of suspicious activity over an unspecified period and filing suspicious activity reports (“SARs”) as needed, strengthening its overall BSA/AML program, instituting an improved transaction monitoring system and retaining an independent consultant to advise the Bank on BSA/AML compliance.

Scrutiny of HSBC

The examination and investigation of HSBC USA’s AML program has its origins in two wider reviews, one with its origins in the United States Senate, the other part of a Justice Department investigation.

On February 4, 2010, Sen. Carl Levin of Michigan presented four case studies of corrupt foreign government officials moving millions into or through U.S. bank accounts at hearings held by the Senate Permanent Subcommittee on Investigations.[2] Sen. Levin described how the head of the Angolan Central Bank twice tried to transfer $50 million in Angolan government funds to private accounts in the U.S., once with the assistance of HSBC USA. As a result, other U.S. banks, such as Citibank, closed their accounts for the Angolan Central Bank; however, HSBC USA continued to provide correspondent banking services and an HSBC affiliate even provided an offshore account in the Bahamas for the Central Bank.[3]

HSBC USA also provided correspondent banking services for an Angolan private bank called Banco Africano de Investimentos (“BAI”) despite BAI’s refusal to provide basic information to HSBC USA such as its AML procedures and the identities of several of its owners. (BAI’s largest shareholder is Angola’s state-owned oil company and many of BAI’s customers are Angolan government officials.)[4]

Adding to the scrutiny, several HSBC customers were being investigated for tax evasion. Lynnley Browning, “U.S. Widens Tax Inquiry Into HSBC,” New York Times (July 9, 2010). The Bank was taking steps to hide its undeclared offshore services for American clients following the UBS tax evasion inquiry; however, some of the Bank’s customers were pleading guilty to the charges and reportedly cooperating with the government.

One example of these cooperators was Dr. Andrew B. Silva of Sterling, Virginia. Dr. Silva inherited $250,000 in 1997 and deposited it with a Swiss HSBC affiliate in an account held in the name of Liechtenstein trust. In August 2009 the Swiss HSBC bank closed the account because it was closing all such accounts held for the benefit of Americans. A Swiss lawyer advised Dr. Silva not to create a trail by wiring the money to the United States; instead he suggested he mail cash home to himself. Dr. Silva went to Switzerland, withdrew the funds in the account, receiving a brick of $100,000 in new $100 bills and a second set of bills totaling $15,000 in October 2009 and the remainder in November. He mailed the money to himself in increments of less than $10,000 to avoid reporting requirements and hand carried a portion home through Dulles Airport. Lynnley Browning, “Case Is Said to Link HSBC to U.S. Tax Evasion Inquiry,” New York Times (Feb. 16, 2010).

In a second case, two property developers sold a luxury apartment-style hotel in Midtown Manhattan for $33 million but avoided paying any taxes on the proceeds by routing them through sham entities in Panama, the British Virgin Islands, Liechtenstein, Switzerland and the Bahamas, allegedly with the assistance of HSBC entities. Lynnley Browning, “2 Charged in International Tax Evasion Scheme Said to Involve HSBC,” New York Times (Apr. 15, 2010).

Media reports suggest that the Justice Department has begun to focus on HSBC USA itself, looking for assistance to American tax evaders in the same style and on the same scale as UBS. Lynnley Browning, “U.S. Widens Tax Inquiry Into HSBC,” New York Times (July 9, 2010).

New and Notable Findings by the OCC: Reliance on an Affiliate’s AML Program Requires Diligence

HSBC, which bills itself as the “world’s local bank,” has an extensive presence in North America, Europe and Asia through a network of affiliates, the parent of which is HSBC Holdings plc, headquartered in London. These HSBC affiliates, referred to as the “Group Entities” in the Order, accessed services provided by HSBC USA’s foreign correspondent banking unit and its Global Banknotes business, which provided bulk transfers of cash. Notably, of the five (5) major violations of failures identified by the OCC’s cease and desist order, two (2) related to HSBC USA’s failure to monitor Group Entities’ actions: “(B) During mid-2006 through mid-2009, the Bank did not perform BSA/AML monitoring for banknote (or “bulk cash”) transactions with Group Entities . . . ; (C) The Bank has not collected or maintained customer due diligence (“CDD”) or enhanced due diligence (“EDD”) information for Group Entities. The Bank has transacted extensive wire transfers and purchases of United States bulk cash with Group Entities. The lack of due diligence information has inhibited the Bank’s assessment of customer risk and the identification of suspicious activity in Group Entity accounts.” Art. I(1).

These findings highlight that a financial institution has an obligation to conduct customer due diligence and surveillance on all of its customers, regardless of their affiliation or familiarity with them. In today’s regulatory climate, an American bank cannot rely on corporate affiliation to provide comfort that its customer is adhering to its own AML program, much less global or American anti-money laundering standards. This raises particular issues for U.S. institutions, such as HSBC, that have affiliates located in bank secrecy jurisdictions such as Bermuda, Switzerland, Luxembourg and the British Virgin Islands, which often have lax compliance standards compared to the U.S. The U.S. institution cannot rely on its affiliate’s AML program unless it reviews the program and gains assurances that the program is being followed. This admonition applies equally to U.S. bank subsidiaries of foreign financial institutions and U.S. parent institutions with significant overseas holdings.

However, even if the U.S. institution is comfortable with its foreign affiliate’s AML program, it is still obligated to conduct surveillance and transaction monitoring on the affiliate’s activity. The Order noted a failure to determine anticipated transaction volume, the purpose of the affiliate’s correspondent account, and consistency between the anticipated volume and purpose of the account and the actual transaction activity in the account. Art. I(2). The HSBC USA Order suggests that an affiliate’s account must be subjected to the same degree of surveillance as any other customer’s account. “Unwarranted” reliance on an affiliate’s AML program and failure to conduct surveillance of its transaction activity can have broad consequences.

Basic Pillars of AML Compliance

The Order prescribes an extensive and resources-intensive remediation. Some of the provisions are unique to HSBC USA’s deficiencies, but many of the remediation provisions represent the fundamental building blocks of any solid AML compliance program, including:

  • Oversight by the board of directors, particularly a committee containing significant representation of independent directors
  • Strong management support in the form of an effective head of compliance and a well-qualified BSA officer
  • Management information systems (“MIS”) to enable management to timely identify, monitor, and manage BSA risks
  • Customer due diligence that enables the bank to keep potential money launderers and financial criminals out
  • Transaction monitoring that identifies suspicious activity passing through the bank, including screening for individuals on OFAC lists
  • A process to ensure that the bank files SARs within the period of time required by applicable statutes and regulations and also identifies activity that should be referred to law enforcement immediately upon detection
  • Education for all bank employees on AML, terrorist financing and sanctions screening
  • Independent testing and review by auditors within the bank’s internal audit department who are knowledgeable about BSA/AML topics

The Future of AML Compliance

This Alert is not intended to suggest that reliance on a foreign affiliate’s AML program is per se unreasonable; however, a United States-based bank should not blindly rely on its affiliate’s policies and programs without conducting a minimum level of diligence into the standards, processes and outcomes of that program. “Unwarranted” reliance without verification will prove little use when regulators come calling with examinations and enforcement actions.

An American bank cannot presume reliance if the U.S. bank intends to build significant portions of its AML program around such reliance, where the reliance is geared toward preventing money laundering from occurring in the institution. This level of diligence, coupled with the appropriate level of transaction monitoring based on an assessment of the risks associated with the customer and account, are requirements of an effective AML program.

For more information, please contact John J. Carney ( or 212.589.4255), Lauren J. Resnick ( or 212.589.4241), George A. Stamboulidis ( or 212.589.4211) or Brian K. Esser ( or 212.589.4236). We hope you find this information helpful.

[1] Brian Monroe, “Expected HSBC AML Fine Could Be Largest Ever: Sources,” (Sept. 7, 2010).
[2] Keeping Foreign Corruption Out of the United States: Four Case Histories, Majority and Minority Staff Report, Senate Committee on Homeland Security and Governmental Affairs, Permanent Subcommittee on Investigations (2010).
[3] Id. at 301.
[4] Id. at 301-17.

Baker & Hostetler LLP publications are intended to inform our clients and other friends of the Firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience. © 2011 Baker & Hostetler LLP