Special Report: HSBC's money-laundering crackdown riddled with lapses
NEW YORK (Reuters) - Executives of HSBC Holdings Plc and its U.S. subsidiary are scheduled to testify Tuesday before a Senate panel about how the London-based banking behemoth, after years of run-ins with U.S. authorities over alleged anti-money laundering lapses, has cleaned up its act.
In anticipation of the hearing, HSBC Chief Executive Stuart Gulliver sent a message to employees earlier this week: "Between 2004 and 2010, our anti-money laundering controls should have been stronger and more effective, and we failed to spot and deal with unacceptable behavior," Gulliver wrote. "It is right that we are held accountable and that we take responsibility for fixing what went wrong."
Gulliver's memo implies that the bank's problems ended in 2010. But a Reuters investigation has found persistent and troubling lapses in the bank's anti-money laundering compliance since then.
Moreover, the problems arose in the very operation meant to show regulators that the bank could effectively monitor the trillions of dollars flowing annually through its offices in 80 countries and territories.
In a sprawling, low-rise building abutting pasture land in New Castle, Delaware, HSBC's anti-money laundering staff review customer transactions and so-called alerts generated when the bank's monitoring systems spot a suspicious transaction. It also housed the "look-back" at thousands of old transactions that the U.S. Comptroller of the Currency ordered in 2010, after citing the bank for multiple anti-money laundering failures.
Former employees in the New Castle office describe a febrile boiler-room environment overseen by managers uninterested in investigating transactions with possible links to drug trafficking, terrorist financing, Iran and other countries under U.S. sanctions, and other illegal activities. Instead, they say, the single-minded focus was on clearing out the paperwork as fast as possible.
"There were multiple backlogs" of alerts, said Everett Stern, who worked in the New Castle building from October 2010 to November 2011. "The name of the game was to close as many as you possibly can."
Stern was a 26-year-old with a master of business administration degree when he joined HSBC as a compliance officer "to find suspicious activity," as he put it. Within months, he was named a department specialist in Middle Eastern transactions.
A NOVICE WATCHDOG
"I'm not an expert" in money laundering in the Middle East, Stern said. His appointment, he said, was symptomatic of larger disregard for investigative rigor in the office. "Anybody who submitted their name for something basically got approved for that specialty."
Stern said that in the course of his work, he came across many suspicious transactions. Some involved parties he suspected of having ties to Hezbollah and Hamas - Islamist groups that the U.S. considers to be terrorist organizations. When he alerted his superiors to these dealings, he said, his concerns were dismissed.
At one point, Stern said, he decided to take action on transactions linked to Palestine that he and some of his colleagues had noticed.
Stern sent an email to two superiors with the subject line, "Compliance error." In the email, Stern wrote: "I believe investigators in the department are unknowingly making a major compliance error. Over the last couple of months investigators have approached me about cases in the Middle East, especially in Palestine.… It appears that most investigators do not understand that the government of Palestine is the terrorist organization Hamas."
One of the bosses, Jeff Kraft, an anti-money laundering compliance manager, came bursting out of his cubicle. "Are you out of your f------ mind?" he said, according to Stern's recollection. "I should fire you right now."
Kraft insisted that Hamas was not a terrorist organization and that if government officials saw the email, the New Castle office would be shut down, according to Stern.
Hamas, which governs the Gaza Strip of the Palestinian Territories, has been designated a terrorist organization by the U.S. since 1995.
Kraft could not be reached for comment.
Stern was part of the New Castle operation employing regular HSBC staff to monitor current transactions and tackle a backlog of alerts. A second section comprised a task force - largely staffed with former law-enforcement officials working under contract - that was conducting the look-back the OCC ordered in 2010, investigating transactions up to several years old.
'JUST A FACTORY'
Several of these contractors, echoing Stern, said the effort was more cosmetic than concrete. One said that when an investigator couldn't track down information on a counterparty to a particular transaction, the investigator was told to close the case even if it seemed suspect.
"I was extremely, extremely disappointed with the ethical part of how they were handling it," said one former task force contractor. "It was just a factory the way it was handled. There was a lot of pressure to get investigations closed."
The contractor added: "If Congress and the regulators actually knew what was going on, they would have a fit."
Another contractor said supervisors "wanted quantity, not quality."
In response to questions about the work at New Castle, HSBC spokesman Robert Sherman said: "The quality of work in Delaware has been and still is consistent with our high expectations. … We have had and continue to have very high quality control and assurance procedures." Those procedures, he said, include regular reviews of the New Castle work by senior management and quality-assurance teams. A spokesman for the OCC, which ordered the look-back, declined to comment.
At Tuesday's hearing, the U.S. Senate Permanent Subcommittee on Investigations plans to deliver a withering review of problems at HSBC and transactions tied to Iran, terrorist financing and drug cartels, according to people familiar with a report the panel has drafted on its investigation.
Among those scheduled to testify is Stuart Levey, HSBC's London-based chief legal officer. Levey, a former top Treasury Department official skilled in terrorism finance, was hired in January in what was widely seen as a signal that the bank was serious about improving its anti-money laundering efforts.
The Senate investigation is only one of many in recent years to target HSBC's internal policing. In 2003, the Federal Reserve Bank of New York and New York state bank regulators ordered HSBC to better monitor suspect transactions. The Justice Department, the Federal Reserve, the OCC, the Manhattan district attorney and the Office of Foreign Assets Control have all been scrutinizing client activities and anti-money laundering compliance, the bank said in a May regulatory filing.
On May 3, Reuters reported that U.S. Attorney offices in West Virginia and New York had been investigating the bank, and that the West Virginia probe had found widespread anti-money laundering problems, including a backlog of nearly 50,000 alerts of suspicious transactions.
In confidential documents reviewed by Reuters, a report on the investigations excoriated HSBC's anti-money laundering program for its "gullible, poorly trained, and otherwise incompetent personnel who were incapable of recognizing blatantly suspicious money laundering activities."
HSBC said in its May filing that it was likely to face criminal or civil charges related to the probes. People familiar with the situation said the Justice Department investigation could soon yield a fine that dwarfs the record $619 million Dutch bank ING agreed in June to pay to settle similar accusations.
The New Castle look-back, overseen by consultants Deloitte LLP, was manned by more than 100 former law-enforcement officials, bank examiners and others. Many of them were working under contract with outside anti-money laundering consulting firms.
The gig paid well - between $65 and $125 an hour - and some contractors said they were making upwards of $200,000 a year.
Typically - and in accordance with U.S. rules - banks use various computer-based systems to monitor transactions and trigger alerts on certain details - a high-risk country of origin, for example, or round dollar amounts. If the bank determines after further review that an alert warrants official scrutiny for potentially illegal activity, it files a suspicious activity report, or SAR, to U.S. authorities. If the bank determines that a SAR isn't necessary, the alert is deemed "cleared," and the case is closed.
In the HSBC look-back, one contractor said, many suspicious cases were "buried."
In one case, the contractor wanted to find out why 13 parties had wired a total of $1.3 million into an HSBC account in Hong Kong on the same day. He said that when he asked a Deloitte supervisor to request that the Hong Kong office provide information about the customer, he was told that decision rested with the HSBC manager in charge of the account.
'RIGOROUS AND THOROUGH'
The information never was provided, and the same contractor said he was later fired for not clearing enough alerts.
The look-back team held brief weekly meetings at which Deloitte overseers ticked off how many cases had been cleared and complained about delays. Several contractors said that investigators deemed slow on the job were fired.
"Deloitte's work for HSBC was rigorous and thorough," spokesman Jonathan Gandal said via email. "We cannot further comment on confidential client matters."
Saskia Rietbroek, an anti-money laundering consultant at AML Services International in Miami who was not involved in the New Castle operation, said the regulatory framework for look-backs can give banks an incentive to shirk.
"The bank is ordered to find suspicious transactions that should have been reported. The more unreported transactions they find, the higher the fine," she said. "So, do you think they will dig and dig until they find everything? It is more likely going to be a cursory review. It is a conflict of interest."
On October 18, 2010, 12 days after the OCC ordered the look-back, Everett Stern reported for work as a compliance officer in New Castle. Assigned to a "target monitoring team," his task was to plow through wire transfers and identify any that were suspicious.
Employees were given 60 days to resolve alerts, either by closing the case, placing the transaction "on watch," or filing an SAR. Stern said colleagues would intentionally focus on alerts from countries considered low-risk, such as Canada or France.
POACHING THE EASY TASKS
Employees competed for those files. "People would come in early just to poach from you," Stern said. Anything that originated from Latvia, Estonia, Russia, the Middle East or other areas deemed high-risk, "you just didn't want it - major headache."
Stern said many of his colleagues were even less experienced and less prepared for the job than he was. Some had worked in the same building when it was an HSBC credit-card processing center, he said, and had been hired directly afterward to help out with anti-money laundering compliance.
Stern plunged in, tapping his proficiency in computers and spreadsheets to find ways to review transactions and investigate alerts. He ordered a couple of books to learn more about money laundering.
"They didn't like all this digging around," Stern said.
In December 2010, the Treasury Department announced that it was targeting a financial network tied to Hezbollah. HSBC's Levey, then the Treasury's undersecretary for terrorism and financial intelligence, said at the time that the network included brothers Ali and Husayn Tajideen. A third brother, Kassim Tajideen, is a financier for Hezbollah. The directive also cited two companies tied to the brothers: a trade and real estate concern called Tajco and an African grocery-store chain called Kairaba Supermarket.
Aware of that announcement, Stern in January 2011 double-checked to confirm that the names were in a filter designed to catch specific names and words associated with wire transfers. The names were in place, and it appeared that the bank had no transactions linked to Tajco or Karaiba.
But digging further, and employing a spreadsheet he had developed on his own, he found transactions involving Tajco and Kairaba. Then he found the reason they had been missed by the filter: It catches only correctly spelled names, and in these dealings, Tajco was spelled Tajc.o.
When he told his superiors, one asked, " 'How much time did you spend on the Excel analysis?' " Stern recalled. "I was not commended for my efforts."
In May 2011, Stern offered to design a template for producing uniform reports about alerts. The next morning, his superior said in an email reviewed by Reuters: "I appreciate the effort, like the product, however what I will say is this: I struggle with the fact you indicate (Everett) you spent the entire morning working on this. The only thing we should be focusing on right now is clearing alerts (productivity + quality = SARS)."
In July 2011, Stern's office marked a milestone: Thousands of transactions had been cleared. A catered lunch was served.
Stern's frustration with his job grew, and he left the bank in November 2011. "I came into this job with such energy," he said. "I was like a balloon that got popped. I was really excited for the job."
(Reporting by Carrick Mollenkamp of Reuters and Brett Wolf of the Compliance Complete service of Thomson Reuters Accelus. Editing by John Blanton.)