Detailed OCC Cease and Desist order against HSBC, 2010



The Comptroller finds, and the Bank neither admits nor denies, the following:
(1) The OCC’s examination findings establish that the Bank has deficiencies in its BSA/AML compliance program. These deficiencies have resulted in a BSA/AML compliance program violation under 12 U.S.C. § 1818(s) and its implementing regulation, 12 C.F.R. § 21.21 (BSA Compliance Program). In addition, the Bank has violated 12 C.F.R. § 21.11 (Suspicious Activity Report Filings); and 31 U.S.C. § 5318(i) and its implementing regulation, 31 C.F.R. § 103.176 (Correspondent Banking).
The Bank has failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements, including, in particular, internal controls for customer due diligence, procedures for monitoring suspicious activity, and independent testing. The Bank’s compliance program and its implementation are ineffective, and accompanied by aggravating factors, such as highly suspicious activity creating a significant potential for unreported money laundering or terrorist financing.
Some of the critical deficiencies in the elements of the Bank’s BSA/AML compliance program include the following:

(A) The Bank has excluded from automated BSA/AML monitoring wire transfers initiated by customers domiciled in countries risk rated as “standard” or “medium,” representing two-thirds of total dollar volume for PCM. While the Bank has employed other methods for monitoring wire transactions for customers located in countries risk rated standard or medium, these alternatives have provided limited coverage, have not been effective, and have not mitigated the BSA/AML risks posed;

(B) During mid-2006 through mid-2009, the Bank did not perform BSA/AML monitoring for banknote (or “bulk cash”) transactions with Group Entities (defined as the Bank’s foreign affiliates in which the Bank’s parent, HSBC Holdings plc,
London, England (“HSBC Group”), holds a majority interest);

(C) The Bank has not collected or maintained customer due diligence (“CDD”) or enhanced due diligence (“EDD”) information for Group Entities. The Bank has transacted extensive wire transfers and purchases of United States bulk cash with Group Entities. The lack of due diligence information has inhibited the Bank’s assessment of customer risk and the identification of suspicious activity in Group Entity accounts;

Detailed link for report: here