Two British banks recently agreed to pay significant penalties to settle allegations of violations of the Bank Secrecy Act and U.S. sanctions programs, with deficiencies in each bank’s Bank Secrecy Act/anti-money laundering (“BSA/AML”) compliance program underlying each case. On December 10, Standard Chartered Bank (“SCB”) reached a $132 million settlement with the Office of Foreign Assets Control (“OFAC”). On December 11, HSBC reached a collective settlement with the Financial Crimes Enforcement Network, the Department of Justice, OFAC, the Federal Reserve Board and the Office of the Comptroller of Currency, with penalties assessed against HSBC totaling more than $1.9 billion.

The SCB settlement arose primarily out of SCB’s dealings with Iranian banks and entities. OFAC’s director states the SCB settlement was the result of an investigation into SCB’s “attempts to violate U.S. sanctions programs through the ‘stripping’ from payment messages of critical information.” OFAC alleged that SCB had interfered with the implementation of U.S. economic sanctions through such practices as “omitting or removing material references to U.S.-sanctioned locations or entities from payment messages sent to U.S. financial institutions,” “replacing the names of ordering customers on payment messages” and “sending payment messages to or through the United States without references to locations or entities implicating U.S. sanctions.”

SCB’s London office had released a Quality Operation Procedure which instructed London payments staff on the omission of the bank identifying code of Iranian remitting banks and had instructed staff to use cover payment to effect Iranian bank payments. As early as 2005, SCB’s head of legal compliance had expressed concern over these procedures. SCB’s Dubai office operated USD accounts for a number of Iranian banks and customers and “did not have adequate controls in place to prevent prohibited payments from being sent through the United States . . . nor did it have adequate controls in place to ensure” payments contained the information necessary for U.S. correspondents to assess the transfers. Electronic funds transfers were also processed for the benefit of persons in Burma, Sudan and Libya and for “specially designated narcotics traffickers.” SBC voluntarily disclosed the apparent violations and cooperated with OFAC in conducting a historical review of transactions.

The settlement against HSBC represents the largest bank settlement in U.S. history. HSBC was accused of “deliberately channel[ling] hundreds of millions of dollars” of prohibited transactions through its U.S. arm by “laundering money from Mexican drug trafficking and processing banned transactions on behalf of Iran, Libya, Sudan and Burma.” U.S. Assistant Attorney General Lanny Breuer characterized HSBC’s conduct as “stunning failures of oversight.” Federal regulators found that HSBC had “failed to adopt and implement a program that adequately covers the required BSA/AML program elements, including, in particular, internal controls for customer due diligence, procedures for monitoring suspicious activity, and independent testing” and had “severely understaffed its AML compliance function.”

Some of the “critical deficiencies” in HSBC’s compliance program highlighted by federal regulators include:

  • Excluding wire transfers initiated from customers in countries risk rated as “standard” or “medium” from its automated BSA/AML monitoring. 
  • Inadequate collection and analysis of customer due diligence (“CDD”) information, including not collecting or maintaining CDD or enhanced due diligence information for Group Entities. 
  • Not performing BSA/AML monitoring for banknote transactions with Group Entities (HSBC’s foreign affiliates). 
  • Inadequate monitoring of the accounts and funds transfer activity of Group Entities and correspondents. 
  • Unwarranted reliance on Group Entities following HSBC’s BSA/AML policies. 
  • Not appropriately designating customers as “high-risk” for purposes of BSA/AML monitoring. 
  • Failing to report suspicious activity on time, caused by inadequate procedures to ensure the timely reporting of suspicious activity and inadequate staffing and procedures in the alert investigations unit that resulted in a significant backlog of alerts. 
  • The closure of alerts based on ineffective review.

A “look-back” review of account and transaction activity resulted in the late-filing of 890s SARs concerning activity in the amount of $6.34 billion. Federal regulators stated that HSBC “benefited from [the BSA/AML] violations of law by conserving funds it should have expended in order to maintain a robust BSA/AML compliance program.” HSBC has now spent more than $200 million to improve its money-laundering prevention policies.

SCB and HSBC join a list of other foreign banks operating in the U.S. (including Credit Suisse, Barclays and Lloyds) that have made payments to settle allegations of BSA/AML violations since 2009.

These recent settlements serve as an important reminder that foreign banks with U.S. subsidiaries are subject to U.S. laws and regulations, including BSA/AML regulations, and that violations of such laws are treated very seriously. The settlements also demonstrate that it is imperative for all financial institutions subject to U.S. law to develop and effectively implement a robust BSA/AML compliance program.

A public statement by OFAC regarding the SCB settlement can be found here:

Public statements by federal regulators concerning the HSBC settlement can be found here: