Global Markets and Suspicious Activity Reporting
In carrying out online research before committing letters to screen for this piece, I came across an article entitled: “Preventing Anti-money Laundering in a Global Market.” Yes, really! Not “Anti-money laundering in a Global Market” or “Preventing Money Laundering…” and for me, that just about sums up where we are on our anti-money laundering (AML) strategies today.
On the one hand, you have governments enacting AML reforms and new requirements, but on the other, there are very active governments imposing huge fines whilst continuing to allow large enterprises to operate even though they offend repeatedly in money-laundering and other financial irregularity.
In the United States (US), for several years HSBC was able to continue to carry out business whilst evading financial services regulatory controls designed to counter money laundering. This was compounded by inconsistent governmental actions which allowed HSBC to make an inappropriate choice of strategy and assessment of money laundering risk as revealed to the US Senate Subcommittee for Investigations in 2012.
Rather than applying a standard that satisfied the soft law codes of the international standard setting bodies (SSBs), HSBC’s London-based head office operated its subsidiary network by exploiting the advantages of regulatory arbitrage. HSBC’s de-centralised, entity-based corporate structure, together with its indefensible risk analysis of AML inaccurately minimised risk in its jurisdictions, products and services.
The HSBC in-house AML risk assessment placed Mexico, standing at 100 out of 183 countries on the Transparency International Corruption Perceptions Index 2011, as “low risk” for AML controls, at the same time as HSBC was allowing billions of US dollars of drugs money to be laundered from Mexico through its US outlets, “playing fast and loose with U.S. banking rules.”[1] Here, both the HSBC board and management required affiliates not to carry out their own due diligence on the potential risks of transactions, but to accept the “low risk” classification as applied by head office.
This active failure of HSBC to control the risk of being used as a vehicle through which to launder the proceeds of crime and actually to enable it continued for a number of years. During this time HSBC had the attention of regulators regarding its operations in the US and Mexico: in 2003 HSBC was in enforcement with the Federal Reserve and the New York State Banking Department to improve its AML arrangements.
Again in 2010, HSBC was in enforcement with the Office of the Comptroller of the Currency (OCC), and was served with a Cease and Desist order requiring a second revamp of its US AML programme. In addition to this, HSBC was found to be circumventing requirements of the US Treasury Department’s Office of Foreign Assets Control.[2] This catalogue of HSBC senior management’s deliberate failure to comply with AML and counter terrorist financing requirements was in part enabled by the OCC’s failure of AML oversight of HSBC in the US (HBUS), when they issued weak supervisory letters,[3] tolerating:
“…the mounting AML problems at HBUS for five years, without taking any formal or informal enforcement action.”[4]
In this example, weakness on the part of the OCC allowed HSBC to manoeuvre around regulatory requirements and jeopardise their own achievement of risk mitigation. HSBC subsequently noted the importance of acknowledging international best practice to imply credibility by saying it will:
“…adopt and enforce adherence to a single standard globally that is determined by the highest standard we must apply anywhere.”[5]
Perhaps HSBC would have benefited from better oversight and stronger regulatory responses, or perhaps regulatory sanction and the huge fines issued by government bodies such as the US Department of Justice (DOJ) are something for which provision may be considered as part of the cost of doing business? Either way, the HSBC example was not a deterrent to other large banks from applying relaxed AML rules in making suspicious activity reports to competent authorities.
For example, Citigroup: in 2014 it paid agencies including the DOJ $7 billion for retail mortgage-related issues, and in 2015 it paid another $925 million for alleged foreign exchange manipulation together with a $140 million settlement with the Federal Deposit Insurance Corporation and Californian regulators because of deficiencies in money laundering controls at Banamex. Then in 2017, failures in Citigroup’s anti-money laundering arrangements in its Citibanamex subsidiary, with operations including bank branches along the US/Mexican border, amounted to over $97 million. That is a considerable amount of fines for provisioning!
The Wall Street Journal reported that the DOJ allegations included that via Banamex USA from 2007 to 2012 Citigroup processed over 30 million remittance transactions to Mexico with a total value of more than $8.8 billion. However, their suspicious activity reporting was minimal with only nine reports being filed even though their own monitoring identified over 18,000 alerts on more than $142 million in potentially suspicious transactions.
At the end of the day, there is a balance to be struck between putting in place adequate processes to mitigate the risk of money being laundered through a business to control the risk whilst still enabling the throughflow of business to take place, but the repeated behaviour of implementing lax AML controls across the US/Mexican border over the years via different entities calls into question the effectiveness of the US authorities in leading change.
For transaction reporting, automated systems are only as good as the red flag indicators and subsequent actions that support them, with real risk mitigation being established at the senior management level of the organisation.
Quite how far organisations and governments go to maintain legal and regulatory compliance is a matter that will affect investment levels and potential for growth. For example, the UK Government in delaying the issuance of the visa for Russian Oligarch Roman Abramovich has resulted in him immediately putting on hold his investment in the development of a new stadium for Chelsea Football Club.
As if that were not serious enough, the BBC reported that Kremlin spokesperson Dimitry Peskov said: “All I can say is that our businesses are often battling unfriendly and unprincipled behaviour. Investors in other countries will see what is happening in the United Kingdom. I would suggest that as far as investor attractiveness is concerned, this is a step backwards for the UK.” In the meantime, Russian president Vladimir Putin is paying a visit to Austria and hosting German and French leaders at VE Day celebrations in Moscow.
As long as there is competition amongst nations for trade there will be the development of AML laws and regulations providing controls for transactions in global markets. Competent authorities will provide sanctions in the form of fines and the removal of licenses to operate in the market, but equally, organisations will wish to find ways to flourish.
I suggest that Compliance leaders and Treasurers alike will need to keep alert for the signs of their systems being used by criminals to launder money and to ensure that their organisations keep on the right side of AML compliance controls in finding ways to best develop and grow their business.
References:
[1] Levin, op. cit. at 117, p 1
[2] 119 Ibid., p 4
[3] Ibid., p326-330
[4] Ibid., p 6
[5] Levey, Stuart, (Chief Legal Officer, HSBC Holdings plc) ‘Written Testimony for Senate Permanent Subcommittee on Investigations,’ (July 17, 2012) p 7