The compliance lessons of HSBC's $1.9B fine

It's hard to believe that HSBC agreed to pay $1.9 billion to settle allegations of severe lapses in its AML compliance program.

Prosecutors allege that the because of these lapses, the bank ended up transacting on behalf of customers in sanctioned countries, the likes of Cuba, Iran, Libya and Sudan, not to mention possible drug lords. The Bank Secrecy Act requires banks to maintain internal controls to prevent money laundering and identify customers who may be banking on behalf of sanctioned entities. The remediation steps that HSBC has embarked on at the prodding of the government, include the following:

• A new leadership team in North America
• Clawbacks initiated against several executives
• About $244 million spent on AML activity in 2011, nine times more than in 2009
• 880 full-time employees and 267 consultants as of May 2012, compared with 92 full-time employees and 25 consultants in January 2010
• Separation of the legal and compliance team, with the AML director reporting directly to the CCO
• A revamped KYC program
• A new risk-based methodology to evaluate customers 
• An end to 109 correspondent relationships deemed too risky
• A new automated monitoring system
• An exit in high-risk businesses
• More than $290 million spent on remedial measures

At the holding company level, there were lots of changes as well, all aimed at monitoring, reducing and reporting risk across the entire enterprise. One might call this part of the costs of settlement. Others might call it good preventative medicine.

None of this is really novel. More banks  should embrace such steps proactively. If a lapse does occur, the company will likely get more lenient treatment given its proactive stance.

For more:
- here's the settlement
- here's an article from law.com