HSBC: Only partial compliance after $680 million spend
The latest quarterly status report for HSBC’s anti-money laundering (AML) and sanctions compliance program offers a glimpse into the challenges large banks face when implementing an AML program.
An independent corporate compliance monitor noted that HSBC continues to make significant steps toward implementing an effective AML program throughout its operations, including:
- Allocating more than $680 million to its Financial Crime Compliance program;
- Hiring an additional 2,584 compliance personnel;
- Beginning to deploy an upgraded customer sanctions screening system;
- Deploying AML detection scenarios used to monitor individual customers, corporate customers, correspondent accounts and counter-parties; and
- Improving the bank’s Know Your Client (KYC) practices in some countries.
There was also an indication that the “tone at the top,” has shifted toward a culture of compliance. However, certain areas need more attention:
- The development of the Financial Crime Compliance program has been slow or even hampered at the business and local levels due to a lack of influence within the organization.
- There is still some immaturity in the AML monitoring and testing capabilities.
- There are deficiencies in the KYC program in some countries, such as neglecting to collect necessary customer information when an account is opened, or to regularly update customer profiles or after significant changes to customers’ risk ratings.
- Certain affiliates’ sanction screening systems are inadequate due to the compliance technology.
The report listed some specific examples of where the compliance program may not detect high-risk or suspicious transactions:
- If there was a formatting mismatch between HSBC’s settlement and clearing system and the SWIFT payment system, certain data would be truncated or omitted in outgoing SWIFT messages.
- Some local sanctions screening systems were not being fed sufficient data, impeding their ability to detect high-risk transactions.
- Some exception alert scenarios required further refinement to more effectively detect high-risk transactions.
- In the review of one country, it was found that the affiliate did not detect banking-nested activity, partly because its system mistakenly identified the correspondent account as a different type of account. This could potentially impede those affiliates from detecting and preventing risky transactions.
While HSBC responded to the monitor’s recommendations and continues to make improvements to its AML program, the report highlights the technology, process and cultural complexity of implementing a large financial crime-risk mitigation program. Fortunately, there is a steady rise of maturing technology solutions that provide more comprehensive transaction monitoring, KYC compliance, sanctions list screening and regulatory reporting capabilities. Contact us to learn more about our solution.
About Andrew Simpson
Andrew Simpson (LinkedIn | Twitter) is Chief Operating Officer at CaseWare RCM and has more than 20 years of experience building businesses in the fields of information systems audit and security, data analytics, Anti-Money Laundering and forensics. He is a regular contributor to conferences and a recognized thought leader in financial crime management.