The US Government’s Office of the Comptroller of Currency (OCC) recently released a formal Consent Order related to HSBC compliance failures on the BSA/AML (Bank Secrecy Act/anti-money laundering).
…violations and failures were the result of a number of factors, including, among others, (i) inadequate staffing and procedures in the alert investigations unit that resulted in a significant backlog of alerts; (ii) the closure of alerts based on ineffective review; (iii) inadequate monitoring of Group Entities correspondent accounts for purpose and anticipated activity, anti-money laundering record, or consistency between actual and anticipated account activity; (iv) unwarranted reliance on Group Entities following HSBC Group BSA/AML policies; (v) inadequate monitoring of funds transfers; (vi) inadequate procedures to ensure the timely reporting of suspicious activity; (vii) failure to adequately monitor Group Entities banknote activity, (viii) inadequate monitoring of correspondent funds transfer activity; and (ix) inadequate collection and analysis of CDD [customer due diligence] information, including inadequate monitoring of PEPs [politically-exposed persons].
This is an ironic development given that HSBC was also recently in the cross-hairs of multi-national regulators for an incident involving insider access and database breach.
In that case an employee gained unauthorized access and then tried to sell information on account holders to tax authorities (e.g. Germany could see what their citizens were keeping in Swiss accounts). Some agencies were looking at the opportunity to purchase secret information, while other government authorities demanded access to the same or similar information for free under BSA/AML.
HSBC was did not have sufficient secrecy on one hand while on the other hand it had too much. The problem in both cases was a lack of monitoring for violations related to laws and regulations.