HSBC Case Study

To view updates 


God Bless America !

HSBC Case Study

HSBC Case Study. To examine the current money laundering and terrorist financing
threats associated with correspondent banking, the Subcommittee selected HSBC as a case study.
HSBC is one of the largest financial institutions in the world, with over $2.5 trillion in assets, 89
million customers, 300,000 employees, and 2011 profits of nearly $22 billion. HSBC, whose
initials originally stood for Hong Kong Shanghai Banking Corporation, now has operations in
over 80 countries, with hundreds of affiliates spanning the globe. Its parent corporation, HSBC
Holdings plc, called “HSBC Group,” is headquartered in London, and its Chief Executive
Officer is located in Hong Kong.

Its key U.S. affiliate is HSBC Bank USA N.A. (HBUS). HBUS operates more than 470
bank branches throughout the United States, manages assets totaling about $200 billion, and
serves around 3.8 million customers. It holds a national bank charter, and its primary regulator is
the U.S. Office of the Comptroller of the Currency (OCC), which is part of the U.S. Treasury
Department. HBUS is headquartered in McLean, Virginia, but has its principal office in New
York City. HSBC acquired its U.S. presence by purchasing several U.S. financial institutions,
including Marine Midland Bank and Republic National Bank of New York.

A senior HSBC executive told the Subcommittee that HSBC acquired its U.S. affiliate,
not just to compete with other U.S. banks for U.S. clients, but primarily to provide a U.S.
platform to its non-U.S. clients and to use its U.S. platform as a selling point to attract still more
non-U.S. clients. HSBC operates in many jurisdictions with weak AML controls, high risk clients,                                                                                                                       and high risk financial activities including Asia, Middle East, and Africa.

Over the past ten years, HSBC has also acquired affiliates throughout Latin America. In many of these
countries, the HSBC affiliate provides correspondent accounts to foreign financial institutions
that, among other services, are interested in acquiring access to U.S. dollar wire transfers, foreign
exchange, and other services. As a consequence, HSBC’s U.S. affiliate, HBUS, is required to
interact with other HSBC affiliates and foreign financial institutions that face substantial AML
challenges, often operate under weaker AML requirements, and may not be as familiar with, or
respectful of, the tighter AML controls in the United States. HBUS’ correspondent services,
thus, provide policymakers with a window into the vast array of money laundering and terrorist
financing risks confronting the U.S. affiliates of global banks.

The Subcommittee also examined HSBC because of its weak AML program. In
September 2010, the OCC issued a lengthy Supervisory Letter citing HBUS for violating Federal
AML laws, including by maintaining an inadequate AML program. In October 2010, the OCC
issued a Cease and Desist Order requiring HSBC to strengthen multiple aspects of its AML
program.7 The identified problems included a once massive backlog of over 17,000 alerts
identifying possible suspicious activity that had yet to be reviewed; ineffective methods for
identifying suspicious activity; a failure to file timely Suspicious Activity Reports with U.S. law
enforcement; a failure to conduct any due diligence to assess the risks of HSBC affiliates before
opening correspondent accounts for them; a 3-year failure by HBUS, from mid-2006 to mid-
2009, to conduct any AML monitoring of $15 billion in bulk cash transactions with those same
HSBC affiliates, despite the risks associated with large cash transactions; poor procedures for
assigning country and client risk ratings; a failure to monitor $60 trillion in annual wire transfer
activity by customers domiciled in countries rated by HBUS as lower risk; inadequate and
unqualified AML staffing; inadequate AML resources; and AML leadership problems. Since
many of these criticisms targeted severe, widespread, and longstanding AML deficiencies, they
also raised questions about how the problems had been allowed to accumulate and why the OCC
had not compelled corrective action earlier.

During the course of its investigation into HSBC’s AML deficiencies, the Subcommittee
issued multiple subpoenas and collected and reviewed over 1.4 million documents, including
bank records, correspondence, emails, and legal pleadings. The Subcommittee staff also
conducted over 75 interviews with officials at HSBC Group, HBUS, and other HSBC affiliates,
as well as with U.S. banking regulators. In addition, the Subcommittee received numerous
briefings from HSBC legal counsel, initiated inquiries with foreign banks that had HSBC
accounts, and consulted with experts on AML and terrorist financing issues. HSBC was fully
cooperative with the inquiry, producing documentation and witnesses from around the world,
including documents for which it could have claimed privilege.

As a result of its investigation, the Subcommittee has focused on five issues illustrating
key AML and terrorist financing problems that continue to impact correspondent banking in the
United States. They include opening U.S. correspondent accounts for high risk affiliates without
conducting due diligence; facilitating transactions that hinder U.S. efforts to stop terrorists, drug                                             traffickers, rogue jurisdictions, and other from using the U.S. financial system; providing U.S.
correspondent services to banks with links to terrorism; clearing bulk U.S. dollar travelers
cheques despite signs of suspicious activity; and offering high risk bearer share corporate
accounts. Avoiding the money laundering risks involved in these activities requires an effective
AML program, with written standards, knowledgeable and adequate staff, the infrastructure
needed to monitor account and wire transfer activity for suspicious transactions, effective AML
training, and a compliance culture that values obtaining accurate client information. In addition
to focusing on these five issues at HBUS, the Subcommittee investigation examined the
regulatory failures that allowed these and other AML problems to fester for years.

Servicing A High Risk Affiliate. In 2001, the Subcommittee’s investigation debunked
the notion that U.S. banks should open a correspondent account for any foreign bank with a
banking license, establishing instead the need to use due diligence to evaluate the money
laundering and terrorist financing risks posed by a specific foreign financial institution before
opening an account. Today, some U.S. affiliates of global banks engage in an equally ill-advised
practice, opening correspondent accounts for any affiliate owned by the parent holding
corporation, with no analysis of the AML or terrorist financing risks.

Until recently, HSBC Group policy instructed its affiliates to assume that all HSBC
affiliates met the Group’s AML standards and to open correspondent accounts for those affiliates
without additional due diligence. For years, HBUS followed that policy, opening U.S.
correspondent accounts for HSBC affiliates without conducting any AML due diligence. Those
affiliates have since become major clients of the bank. In 2009, for example, HBUS determined
that “HSBC Group affiliates clear[ed] virtually all USD [U.S. dollar] payments through accounts
held at HBUS, representing 63% of all USD payments processed by HBUS.”8 HBUS failed to
conduct due diligence on HSBC affiliates despite a U.S. law that has required all U.S. banks,
since 2002, to conduct these due diligence reviews before opening a U.S. correspondent account
for any foreign financial institution, with no exception made for foreign affiliates.

One HSBC affiliate that illustrates the AML problems is HSBC Mexico, known as
HBMX. HBUS should have, but did not, treat HBMX as a high risk correspondent client subject
to enhanced due diligence and monitoring. HBMX operated in Mexico, a country under siege
from drug crime, violence and money laundering; it had high risk clients, such as Mexican casas
de cambios and U.S. money service businesses; and it offered high risk products, such as U.S.
dollar accounts in the Cayman Islands. In addition, from 2007 through 2008, HBMX was the
single largest exporter of U.S. dollars to HBUS, shipping $7 billion in cash to HBUS over two
years, outstripping larger Mexican banks and other HSBC affiliates. Mexican and U.S.
authorities expressed repeated concern that HBMX’s bulk cash shipments could reach that
volume only if they included illegal drug proceeds. The concern was that drug traffickers unable
to deposit large amounts of cash in U.S. banks due to AML controls were transporting U.S.
dollars to Mexico, arranging for bulk deposits there, and then using Mexican financial
institutions to insert the cash back into the U.S. financial system.

In addition to its high risk location, clients, and activities, HMBX had a history of severe
AML deficiencies. Its AML problems included a widespread lack of Know Your Customer
(KYC) information in client files; a dysfunctional monitoring system; bankers who resisted
closing accounts despite evidence of suspicious activity; high profile clients involved in drug
trafficking; millions of dollars in suspicious bulk travelers cheque transactions; inadequate
staffing and resources; and a huge backlog of accounts marked for closure due to suspicious
activity, but whose closures were delayed. For eight years, from 2002 to 2010, HSBC Group
oversaw efforts to correct HBMX’s AML deficiencies, while those efforts fell short. At the
same time, HSBC Group watched HBMX utilize its U.S. correspondent account, without alerting
HBUS to the AML risks it was incurring.
HBUS compounded the AML risks it incurred from HBMX through its own AML
deficiencies, which included failing to investigate or evaluate HBMX’s AML risks. HBUS also
failed, from mid-2006 to mid-2009, to conduct any AML monitoring of its U.S. dollar
transactions with HSBC affiliates, including HBMX, despite the obvious well-known risks
attendant with large cash transactions. In addition, because HBUS deemed HBMX to be located
in a low risk country, HBUS failed until 2009, to monitor HBMX’s wire transfer or account
activity. HBMX illustrates the money laundering and drug trafficking risks that result when the
U.S. affiliate of a global bank serves as the U.S. gateway for a high risk affiliate allowed to
operate with no initial due diligence or ongoing monitoring.

Circumventing OFAC Prohibitions. The United States has devoted significant
resources to stopping some of the most dangerous persons and jurisdictions threatening the world
today from utilizing the U.S. financial system, including terrorists, persons involved with
weapons of mass destruction, drug traffickers, and persons associated with rogue jurisdictions
such as Iran, North Korea, and Sudan. To implement the law, the U.S. Treasury Department’s
Office of Foreign Assets Control (OFAC) has developed a list of prohibited persons and
countries which banks use to create an “OFAC filter” to identify and halt potentially prohibited
transactions. Transactions stopped by this filter typically undergo an individualized review to
see if the transaction can proceed or the funds must be blocked.

Because the OFAC filter can end up delaying or blocking transactions that are permitted
under U.S. law or by other jurisdictions, some non-U.S. financial institutions have used tactics to
circumvent it. Common tactics include stripping information from wire transfer documentation
to conceal the participation of a prohibited person or country, or characterizing a transaction as a
transfer between banks in approved jurisdictions, while omitting underlying payment details that
would disclose participation of a prohibited originator or beneficiary. In the case of Iran, some
foreign banks also abused what were known as “U-turn” transactions, which were allowable
transactions under Treasury regulations prior to November 2008. In recent years, the United
States has imposed steep penalties on banks that violated the OFAC prohibitions.

At HBUS, documents provided to the Subcommittee indicate that, for years, some HSBC
affiliates took action to circumvent the OFAC filter when sending OFAC sensitive transactions
through their U.S. dollar correspondent accounts at HBUS. From at least 2001 to 2007, two
HSBC affiliates, HSBC Europe (HBEU) and HSBC Middle East (HBME), repeatedly sent Uturn
transactions through HBUS without disclosing links to Iran, even though they knew HBUS
required full transparency to process U-turns. To avoid triggering the OFAC filter and an
individualized review by HBUS, HBEU systematically altered transaction information to strip
out any reference to Iran and characterized the transfers as between banks in approved
jurisdictions. The affiliates’ use of these practices, which even some within the bank viewed as
deceptive, was repeatedly brought to the attention of HSBC Group Compliance, by HBUS
compliance personnel and by HBEU personnel who objected to participating in the document
alteration and twice announced deadlines to end the activity. Despite this information, HSBC
Group Compliance did not take decisive action to stop the conduct or inform HBUS about the
extent of the activity. At the same time, while some at HBUS claimed not to have known they
were processing undisclosed Iranian transactions from HSBC affiliates, internal documents show
key senior HBUS officials were informed as early as 2001. In addition, HBUS’ OFAC filter
repeatedly stopped Iranian transactions that should have been disclosed to HBUS by HSBC
affiliates, but were not. Despite evidence of what was taking place, HBUS failed to get a full
accounting of what its affiliates were doing or ensure all Iranian transactions sent by HSBC
affiliates were stopped by the OFAC filter and reviewed to ensure they were OFAC compliant.
In addition, documents show that, from 2002 to 2007, some HSBC affiliates sent potentially
prohibited transactions through HBUS involving Burma, Cuba, North Korea, Sudan, and other
prohibited countries or persons. Other documents indicate that some HSBC affiliates may have
sent non-U.S. dollar messaging traffic through U.S. servers in which the OFAC filter was not
turned on or was restricted.
An outside auditor hired by HBUS has so far identified, from 2001 to 2007, more than
28,000 undisclosed, OFAC sensitive transactions that were sent through HBUS involving $19.7
billion. Of those 28,000 transactions, nearly 25,000 involved Iran, while 3,000 involved other
prohibited countries or persons. The review has characterized nearly 2,600 of those transactions,
including 79 involving Iran, and with total assets of more than $367 million, as “Transactions of
Interest” requiring additional analysis to determine whether violations of U.S. law occurred.
While the aim in many of those cases may have been to avoid the delays associated with the
OFAC filter and individualized reviews, rather than to facilitate prohibited transactions, actions
taken by HSBC affiliates to circumvent OFAC safeguards may have facilitated transactions on
behalf of terrorists, drug traffickers, or other wrongdoers. While HBUS insisted, when asked,
that HSBC affiliates provide fully transparent transaction information, when it obtained evidence
that some affiliates were acting to circumvent the OFAC filter, HBUS failed to take decisive
action to confront those affiliates and put an end to the conduct. HBUS’ experience
demonstrates the strong measures that the U.S. affiliate of a global bank must take to prevent
affiliates from circumventing OFAC prohibitions.

Disregarding Links to Terrorism. For decades, HSBC has been one of the most
active global banks in the Middle East, Asia, and Africa, despite being aware of the
terrorist financing risks in those regions. In particular, HSBC has been active in Saudi
Arabia, conducting substantial banking activities through affiliates as well as doing
business with Saudi Arabia’s largest private financial institution, Al Rajhi Bank. After
the 9/11 terrorist attack in 2001, evidence began to emerge that Al Rajhi Bank and some
of its owners had links to financing organizations associated with terrorism, including
evidence that the bank’s key founder was an early financial benefactor of al Qaeda. In
2005, HSBC announced internally that its affiliates should sever ties with Al Rajhi Bank,
but then reversed itself four months later, leaving the decision up to each affiliate. HSBC
Middle East, among other HSBC affiliates, continued to do business with the bank.

Due to terrorist financing concerns, HBUS closed the correspondent banking and
banknotes accounts it had provided to Al Rajhi Bank. For nearly two years, HBUS
Compliance personnel resisted pressure from HSBC personnel in the Middle East and
United States to resume business ties with Al Rajhi Bank. In December 2006, however,
after Al Rajhi Bank threatened to pull all of its business from HSBC unless it regained
access to HBUS’ U.S. banknotes program, HBUS agreed to resume supplying Al Rajhi
Bank with shipments of U.S. dollars. Despite ongoing troubling information, HBUS
provided nearly $1 billion in U.S. dollars to Al Rajhi Bank until 2010, when HSBC
decided, on a global basis, to exit the U.S. banknotes business. HBUS also supplied U.S.
dollars to two other banks, Islami Bank Bangladesh Ltd. and Social Islami Bank, despite
evidence of links to terrorist financing. Each of these specific cases shows how a global
bank can pressure its U.S. affiliate to provide banks in countries at high risk of terrorist
financing with access to U.S. dollars and the U.S. financial system.

Clearing Suspicious Bulk Travelers Cheques. Another AML issue involves HBUS’
clearing more than $290 million in bulk U.S. dollar travelers checks in less than four years for a
Japanese regional bank, Hokuriku Bank, despite evidence of suspicious activity. From at least
2005 to 2008, HBUS cleared bulk travelers cheques for Hokuriku Bank on a daily basis, at times
clearing $500,000 or more in U.S. dollars per day. The cheques were in denominations of $500
or $1,000, submitted in large blocks of sequentially numbered cheques, and signed and
countersigned with the same illegible signature. An OCC examination which determined that
HBUS was clearing travelers cheques with inadequate AML controls, discovered the stacks of
Hokuriku travelers cheques being processed on a daily basis, and directed HBUS to investigate.

When HBUS sought more information, Hokuriku Bank at first delayed responding, then
provided minimal information, and finally declined to investigate further, claiming to be
constrained by bank secrecy laws from disclosing client-specific information. HBUS eventually
learned that the travelers cheques were purchased by Russians from a bank in Russia, a country
at high risk of money laundering. HBUS also learned that the Japanese bank had little KYC
information or understanding why up to $500,000 or more in bulk U.S. dollar travelers cheques
purchased in Russia were being deposited on a daily basis into one of 30 different Japanese
accounts of persons and corporations supposedly in the used car business.

In October 2008, under pressure from the OCC, HBUS stopped processing the travelers
cheques, but continued the correspondent relationship, despite the Japanese bank’s poor AML
controls. Two years later, in 2010, an OCC examination uncovered the ongoing relationship,
between HSBC and Hokuriku, which the OCC thought had ended. In 2012, after the
Subcommittee inquired about the account, HBUS closed it. Since travelers cheques have been
misused by terrorists, drug traffickers, and other criminals, the HBUS experience shows how a
U.S. affiliate with ineffective AML controls can end up clearing suspicious bulk travelers
cheques and facilitating the movement of hundreds of millions of U.S. dollars across
international lines to unknown recipients.

Offering Bearer Share Accounts. Over the course of a decade, HBUS opened over
2,000 accounts in the name of bearer share corporations, a notorious type of corporation that
invites secrecy and wrongdoing by assigning ownership to whomever has physical possession of
the shares. At its peak, HBUS’ Miami office had over 1,670 bearer share accounts; the New
York office had over 850; and the Los Angeles office had over 30. The Miami bearer share
accounts alone held assets totaling an estimated $2.6 billion, and generated annual bank revenues
of $26 million. Multiple internal audits and regulatory examinations criticized the accounts as
high risk and advocated that HBUS either take physical custody of the shares or require the
corporations to register the shares in the names of the shareholders, but HBUS bankers initially
resisted tightening AML controls, and regulators took no enforcement action.

Two examples of the accounts illustrate the risks they posed. In the first, Miami Beach
hotel developers, Mauricio Cohen Assor and Leon Cohen Levy, father and son, used bearer share
accounts they opened for Blue Ocean Finance Ltd. and Whitebury Shipping Time-Sharing Ltd.
to help hide $150 million in assets and $49 million in income. In 2010, both were convicted of
criminal tax fraud and filing false tax returns, sentenced to ten years in prison, and ordered to pay
back taxes, interest, and penalties totaling more than $17 million. A second example involves a
wealthy and powerful Peruvian family which pressed HBUS to grant a waiver from its AML
requirements that bearer share corporations either register their shares or place those shares in
bank custody. Bank documents showed how HBUS bankers pressed Compliance personnel to
grant the waiver to please a wealthy client. These accounts demonstrate the AML risks
associated with bearer share accounts, whose owners seek to hide their identities. Today,
following an initiative that concluded in 2011, HBUS has reduced its bearer share accounts to
26, most of which are frozen, while at the same time maintaining a policy that allows                                                                      the bank to open new bearer share accounts in the future.

Regulatory Failures. HBUS’ severe AML deficiencies did not happen overnight; they
accumulated over time, even though its primary regulator, the OCC, conducted regular AML
examinations. Part of the reason HBUS’ AML problems were not cured is attributable to certain
peculiar and ineffective aspects of the OCC’s AML oversight effort.

First, unlike other U.S. bank regulators, the OCC does not treat AML deficiencies as a
matter of bank safety and soundness or a management problem. Instead it treats AML
deficiencies as a consumer compliance matter, even though AML laws and consumer protection
laws have virtually nothing in common. One consequence of this approach is that the OCC
considers AML problems when assigning a bank’s consumer compliance rating, but not when
assigning the bank’s management rating or its overall composite rating. As a result, AML
deficiencies do not routinely lower the ratings that national banks receive as part of their safety
and soundness evaluations, and so do not increase the deposit insurance that banks pay for
incurring heightened risk, contrary to how AML problems are handled at other Federal banking
agencies. At HBUS, after citing the bank for severe AML deficiencies, the OCC lowered its
consumer compliance rating but not its management rating.

A second problem is that the OCC has adopted a practice of foregoing the citation of a
statutory or regulatory violation in its Supervisory Letters and annual Reports of Examination
when a bank fails to comply with one of the four mandatory components of an AML program
The four minimum statutory requirements of an AML program are AML internal controls, an
AML compliance officer, AML training, and independent testing of the effectiveness of its AML

requirements as a “Matter Requiring Attention” instead of a legal violation, the OCC diminishes
the importance of meeting each requirement, sends a more muted message about the need for
corrective action, and makes enforcement actions more difficult to pursue if an AML deficiency
persists. In contrast, citing a violation of law when one critical component of a bank’s AML
program is inadequate sends a strong message to bank management that its AML program is
deficient, does not meet minimum statutory requirements, and requires remediation to ensure
compliance with the law. At HBUS, the OCC identified 83 Matters Requiring Attention over
five years, without once citing a legal violation of Federal AML law. It was only when the OCC
found HBUS’ entire AML program to be deficient that the OCC finally cited the bank for a legal

Additional problems illustrated by the HBUS case history include the OCC’s practice of
conducting narrowly focused AML examinations of specific banking units without also assessing
HBUS’ overall AML program; the OCC’s reluctance, despite mounting AML deficiencies, to
make timely use of formal and informal enforcement actions to compel improvements in HBUS’
AML program; and the practice by some OCC examiners to issue Supervisory Letters that
sometimes muted AML examination criticisms or weakened recommendations for AML reforms
at HBUS.

While the OCC insists that its AML approach has merit, the HSBC case history, like the
Riggs Bank case history examined by this Subcommittee eight years ago,9 provides evidence that
the current OCC system has tolerated severe AML deficiencies for years, permitted national
banks to delay or avoid correcting identified problems, and allowed smaller AML issues to
accumulate into a massive problem before OCC enforcement action was taken. An experienced
OCC AML examiner told the Subcommittee: “I thought I saw it all with Riggs but HSBC was
the worst situation I’d ever seen,” yet during the six-year period from 2004 to 2010, OCC
officials did not take any formal or informal enforcement action to compel HBUS to strengthen
its AML program, essentially allowing its AML problems to fester. In 2009, after learning of
two law enforcement investigations involving AML issues at the bank, the OCC suddenly
expanded and intensified an ongoing AML examination and allowed it to consider a wide range
of AML issues. The OCC examination culminated in the issuance, in September 2010, of a
blistering supervisory letter listing numerous, serious AML problems at the bank. In October
2010, the OCC also issued a Cease and Desist Order requiring HBUS to revamp its AML

In response, HBUS has announced a number of key organizational and policy initiatives
to improve its AML program in the United States and globally. While those initiatives are
promising, HBUS announced similarly promising AML reforms in 2003, when confronted with
an AML enforcement action by the Federal Reserve Bank of New York and New York State
Banking Department. Even before the OCC lifted that order in 2006, HBUS’ AML program
deteriorated. Both HBUS and the OCC will have to undertake a sustained effort to ensure the
newest round of changes produce a better AML outcome.

HSBC is the quintessential global bank, operating hundreds of affiliates in 80 countries,
with its U.S. affiliate acting as the gateway into the U.S. financial system for the entire network.
The OCC allowed AML problems at HBUS to build up until they represented major AML
vulnerabilities for the United States. Going forward, HBUS needs far stronger controls to ensure
it doesn’t leave AML risks to the U.S. financial system unattended; the OCC needs a much better
approach to resolve AML problems in a more effective and timely manner.

A. Findings

This Report makes the following findings of fact.

(1) Longstanding Severe AML Deficiencies. HBUS operated its correspondent
accounts for foreign financial institutions with longstanding, severe AML
deficiencies, including a dysfunctional AML monitoring system for account and
wire transfer activity, an unacceptable backlog of 17,000 unreviewed alerts,
insufficient staffing, inappropriate country and client risk assessments, and late or
missing Suspicious Activity Reports, exposing the United States to money
laundering, drug trafficking, and terrorist financing risks.

(2) Taking on High Risk Affiliates. HBUS failed to assess the AML risks associated
with HSBC affiliates before opening correspondent accounts for them, failed to
identify high risk affiliates, and failed for years to treat HBMX as a high risk

(3) Circumventing OFAC Prohibitions. For years in connection with Iranian U-turn
transactions, HSBC allowed two non-U.S. affiliates to engage in conduct to avoid
triggering the OFAC filter and individualized transaction reviews. While HBUS
insisted, when asked, that HSBC affiliates provide fully transparent transaction
information, when it obtained evidence that some affiliates were acting to
circumvent the OFAC filter, HBUS failed to take decisive action to confront those
affiliates and put an end to conduct which even some within the bank viewed as

(4) Disregarding Terrorist Links. HBUS provided U.S. correspondent accounts to
some foreign banks despite evidence of links to terrorist financing.

(5) Clearing Suspicious Bulk Travelers Cheques. In less than four years, HBUS
cleared over $290 million in sequentially numbered, illegibly signed, bulk U.S.
dollar travelers cheques for Hokuriku Bank, which could not explain why its clients
were regularly depositing up to $500,000 or more per day in U.S. dollar travelers
cheques obtained in Russia into Japanese accounts, supposedly for selling used
cars; even after learning of Hokuriku’s poor AML controls, HBUS continued to do
business with the bank.

(6) Offering Bearer Share Accounts. Over the course of a decade, HBUS opened
over 2,000 high risk bearer share corporate accounts with inadequate AML

(7) Allowing AML Problems to Fester. The OCC allowed HBUS’ AML deficiencies
to fester for years, in part due to treating HBUS’ AML problems as consumer
compliance matters rather than safety and soundness problems, failing to make
timely use of formal and informal enforcement actions to compel AML reforms at
the bank, and focusing on AML issues in specific HBUS banking units without also
viewing them on an institution-wide basis.

B. Recommendations

This Report makes the following recommendations.

(1) Screen High Risk Affiliates. HBUS should reevaluate its correspondent
relationships with HSBC affiliates, including by reviewing affiliate AML and
compliance audit findings, identifying high risk affiliates, designating affiliate
accounts requiring enhanced monitoring, and closing overly risky accounts. HBUS
should conduct a special review of the HBMX account to determine whether it
should be closed.

(2) Respect OFAC Prohibitions. HSBC Group and HBUS should take concerted
action to stop non-U.S. HSBC affiliates from circumventing the OFAC filter that
screens transactions for terrorists, drug traffickers, rogue jurisdictions, and other
wrongdoers, including by developing audit tests to detect undisclosed OFAC
sensitive transactions by HSBC affiliates.

(3) Close Accounts for Banks with Terrorist Financing Links. HBUS should
terminate correspondent relationships with banks whose owners have links to, or
present high risks of involvement with, terrorist financing.

(4) Revamp Travelers Cheque AML Controls. HBUS should restrict its acceptance
of large blocks of sequentially numbered U.S. dollar travelers cheques from HSBC
affiliates and foreign financial institutions; identify affiliates and foreign financial
institutions engaged in suspicious travelers cheque activity; and stop accepting
travelers cheques from affiliates and foreign banks that sell or cash U.S. dollar
travelers cheques with little or no KYC information.

(5) Boost Information Sharing Among Affiliates. HSBC should require AML
personnel to routinely share information among affiliates to strengthen AML
coordination, reduce AML risks, and combat wrongdoing.

(6) Eliminate Bearer Share Accounts. HBUS should close its remaining 26 bearer
share corporate accounts, eliminate this type of account, and instruct financial
institutions using HBUS correspondent accounts not to execute transactions
involving bearer share corporations. U.S. financial regulators should prohibit U.S.
banks from opening or servicing bearer share accounts.

(7) Increase HBUS’ AML Resources. HBUS should ensure a full time professional
serves as its AML director, and dedicate additional resources to hire qualified AML
staff, implement an effective AML monitoring system for account and wire transfer
activity, and ensure alerts, including OFAC alerts, are reviewed and Suspicious
Activity Reports are filed on a timely basis.

(8) Treat AML Deficiencies as a Matter of Safety and Soundness. The OCC should
align its practice with that of other Federal bank regulators by treating AML
deficiencies as a safety and soundness matter, rather than a consumer compliance
matter, and condition management CAMELS ratings in part upon effective
management of a bank’s AML program.

(9) Act on Multiple AML Problems. To ensure AML problems are corrected in a
timely fashion, the OCC should establish a policy directing that the Supervision
Division coordinate with the Enforcement and Legal Divisions to conduct an
institution-wide examination of a bank’s AML program and consider use of formal
or informal enforcement actions, whenever a certain number of Matters Requiring
Attention or legal violations identifying recurring or mounting AML problems are
identified through examinations.

(10) Strengthen AML Examinations. The OCC should strengthen its AML
examinations by citing AML violations, rather than just Matters Requiring
Attention, when a bank fails to meet any one of the statutory minimum
requirements for an AML program; and by requiring AML examinations to focus
on both specific business units and a bank’s AML program as a whole....