US Senate PERMANENT SUBCOMMITTEE ON INVESTIGATIONS back to Saudi Arabia /911 home |
United States Senate PERMANENT SUBCOMMITTEE ON INVESTIGATIONS Committee on Homeland Security and Governmental Affairs Carl Levin, Chairman Tom Coburn, Ranking Minority Member U.S. Vulnerabilities to Money Laundering, Drugs, and Terrorist Financing: HSBC Case History MAJORITY AND MINORITY STAFF REPORT PERMANENT SUBCOMMITTEE ON INVESTIGATIONS UNITED STATES SENATE RELEASED IN CONJUNCTION WITH THE PERMANENT SUBCOMMITTEE ON INVESTIGATIONS JULY 17, 2012 HEARING SENATOR CARL LEVIN Chairman SENATOR TOM COBURN, M.D. Ranking Minority Member PERMANENT SUBCOMMITTEE ON INVESTIGATIONS ELISE J. BEAN Staff Director and Chief Counsel ROBERT L. ROACH Counsel and Chief Investigator LAURA E. STUBER Senior Counsel ALLISON ABRAMS Detailee ERIC WALKER Detailee KRISTIN GWIN Congressional Fellow BRIAN EGGER Detailee CHRISTOPHER J. BARKLEY Staff Director to the Minority KEITH B. ASHDOWN Chief Investigator to the Minority JUSTIN J. ROOD Senior Investigator to the Minority JAMIE BENCE Law Clerk BILL GAERTNER Law Clerk CURTIS KOWALK Law Clerk KATIE MARTIN-BROWNE Law Clerk WELLESLEY BAUN Law Clerk LAUREN ROBERTS Law Clerk MICHAEL WOLF Law Clerk ARIELLE WORONOFF Law Clerk TAMIR HADDAD Intern SOFIA KNUTSSON Intern NOELIA ORTIZ Intern JASWANT SINGH Intern MARY D. ROBERTSON Chief Clerk 7/16/12 Permanent Subcommittee on Investigations 199 Russell Senate Office Building – Washington, D.C. 20510 Majority: 202/224-9505 – Minority: 202/224-3721 Web Address: http://www.hsgac.senate.gov/subcommittees/investigationsi U.S. Vulnerabilities to Money Laundering, Drugs, and Terrorist Financing: HSBC Case History TABLE OF CONTENTS I. EXECUTIVE SUMMARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1A. Findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10(1) Longstanding Severe AML Deficiencies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 (2) Taking on High Risk Affiliates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 (3) Circumventing OFAC Prohibitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 (4) Disregarding Terrorist Links. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 (5) Clearing Suspicious Bulk Travelers Cheques. . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 (6) Offering Bearer Share Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 (7) Allowing AML Problems to Fester. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 B. Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11(1) Screen High Risk Affiliates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 (2) Respect OFAC Prohibitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 (3) Close Accounts for Banks with Terrorist Financing Links. . . . . . . . . . . . . . . . . . 11 (4) Revamp Travelers Cheque AML Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 (5) Boost Information Sharing Among Affiliates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 (6) Eliminate Bearer Share Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 (7) Increase HBUS' AML Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 (8) Treat AML Deficiencies as a Matter of Safety and Soundness. . . . . . . . . . . . . . . 12 (9) Act on Multiple AML Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 (10) Strengthen AML Examinations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 II. GENERAL BACKGROUND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13A. Background on HSBC Group and HBUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13B. HBUS AML Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19(1) HBUS Compliance and AML Leadership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 (2) HBUS AML Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 III. HBMX: PROVIDING U.S. ACCESS TO A HIGH RISK AFFILIATE . . . . . . . . . . . . 35A. HSBC Mexico . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36B. Mexico . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38(1) U.S. Assessment of AML Risk in Mexico . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 (2) HSBC Assessment of Risk in Mexico . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 C. HBMX’s History of Weak AML Safeguards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48D. HBMX High Risk Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79(1) High Risk Money Service Businesses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 (a) Casa de Cambio Puebla . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 (b) Sigue Corporation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 ii (2) Cayman Island U.S. Dollar Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 (3) Cashing U.S. Dollar Travelers Cheques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 E. Bulk Cash Movements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104(1) HBUS’ Global Banknotes Business . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 (2) HBMX U.S. Dollar Sales to HBUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 (3) Remedial Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 F. Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111IV. HSBC AFFILIATES: CIRCUMVENTING OFAC PROHIBITIONS . . . . . . . . . . . . 112A. Background on OFAC Prohibitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114B. Executing OFAC-Sensitive Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118(1) Transactions Involving Iran . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 (a) Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 (b) Concealing Iranian Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 (c) Pressuring HBUS on Iran . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 (d) Continuing Pressure on HBUS to Process Iranian Transactions . . . . . . . . . 132 (e) Reaching Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 (f) Processing the Iranian Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 (g) Establishing Group-wide Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 (h) Shifting Iranian Transactions from HBUS to JPMorgan Chase and and Back Again . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 (i) Getting Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 (j) Looking Back . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 (2) Transactions Involving Other Countries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 (a) 2005 and 2006 GCLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 (b) Transactions Involving Cuba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 (c) Transactions Involving Sudan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 (d) Transactions Involving Burma . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 (e) Transactions Involving North Korea . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 (f) Other Prohibited Transactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 (3) HBUS’ OFAC Compliance Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 (4) Server Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 C. Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187V. AL RAJHI BANK: DISREGARDING LINKS TO TERRORIST FINANCING . . . . 188A. Al Rajhi Bank . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189B. Saudi Arabia and Terrorist Financing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190C. Alleged Al Rajhi Links to Terrorism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193D. HSBC Relationship with Al Rajhi Bank . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202E. Al Rajhi Trading Establishment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204F. 2005 Decision to Sever Ties with Al Rajhi Bank . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205G. 2006: HBUS Banknotes Account Reinstated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210H. 2007 to 2010: Additional Troubling Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 221iii I. Servicing Other Banks with Suspected Links to Terrorism . . . . . . . . . . . . . . . . . . 225(1) Islami Bank Bangladesh Ltd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 (2) Social Islami Bank Ltd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 J. Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239VI. HOKURIKU BANK: CASHING BULK TRAVELERS CHECKS . . . . . . . . . . . . . . . 241A. Hokuriku Bank . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242B. Travelers Cheques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243C. 2005 Concerns About Hokuriku Travelers Cheques . . . . . . . . . . . . . . . . . . . . . . . . 245D. 2007 OCC Pouch Examinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246E. 2008 OCC Inquiry into Hokuriku Travelers Cheques . . . . . . . . . . . . . . . . . . . . . . . 249F. Absence of Hokuriku Bank KYC Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252G. 2008 Decision to Stop Cashing Hokuriku Travelers Cheques . . . . . . . . . . . . . . . . . 253H. Hokuriku Bank’s Continued Lack of Cooperation . . . . . . . . . . . . . . . . . . . . . . . . . 255I. 2010 OCC Discovery of Hokuriku Account Activity . . . . . . . . . . . . . . . . . . . . . . . . 258J. Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259VII. HBUS PRIVATE BANK AMERICAS: OFFERING BEARER SHARE ACCOUNTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261A. High Risk Corporate Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262B. Bearer Share Activity at HBUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264C. Two Examples of Bearer Share Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278D. Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282VIII. OCC: EXERCISING INEFFECTIVE AML OVERSIGHT . . . . . . . . . . . . . . . . . . . . . . 283A. Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285(1) Key Anti-Money Laundering Laws . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 (2) AML Oversight In General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 (3) OCC AML Oversight in General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 B. OCC Oversight of HBUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300(1) Chronology of OCC AML Oversight of HBUS . . . . . . . . . . . . . . . . . . . . . . . . . . 300 (2) Six Years of AML Deficiencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 C. OCC Systemic Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319(1) Treating AML Deficiencies As A Consumer Compliance Issue . . . . . . . . . . . . . 319 (2) Restricting Citations of AML Program Violations . . . . . . . . . . . . . . . . . . . . . . . . 322 (3) Using Narrowly Focused Exams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326 (4) Failing to Use Enforcement Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 (5) Issuing Weak Supervisory Letters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 D. Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334# # # U.S. VULNERABILITIES TO MONEY LAUNDERING, DRUGS, AND TERRORIST FINANCING: HSBC CASE HISTORY This Report examines the anti-money laundering (AML) and terrorist financing vulnerabilities created when a global bank uses its U.S. affiliate to provide U.S. dollars, U.S. dollar services, and access to the U.S. financial system to high risk affiliates, high risk correspondent banks, and high risk clients. This Report also offers recommendations to strengthen correspondent AML controls to combat money laundering, drug trafficking, and terrorist financing. I. EXECUTIVE SUMMARY Over the last decade, the U.S. Senate Permanent Subcommittee on Investigations has worked to strengthen U.S. AML efforts by investigating how money launderers, terrorists, organized crime, corrupt officials, tax evaders, and other wrongdoers have utilized U.S. financial institutions to conceal, transfer, and spend suspect funds. 1 In 2001, the Subcommittee focused,in particular, on how U.S. banks, through the correspondent services they provide to foreign financial institutions, had become conduits for illegal proceeds associated with organized crime, drug trafficking, and financial fraud. 2 Correspondent banking occurs when one financialinstitution provides services to another financial institution to move funds, exchange currencies, cash monetary instruments, or carry out other financial transactions. The Subcommittee’s 2001 investigation showed not only how some poorly managed or corrupt foreign banks used U.S. bank accounts to aid and abet, commit, or allow clients to commit wrongdoing, but also how U.S. financial institutions could protect themselves and the U.S. financial system from misuse. In response to that investigation and the money laundering vulnerabilities exposed by the 9/11 terrorist attack, Congress enacted stronger AML laws as part of the Patriot Act of 2002, including stronger provisions to combat the misuse of correspondent services. 3 Federal bankregulators followed with stronger regulations 4 and examination requirements51 See, e.g., U.S. Senate Permanent Subcommittee on Investigations, “Keeping Foreign Corruption out of the UnitedStates,” S.Hrg. 111-540 (Feb. 4, 2010); “Tax Haven Banks and U.S. Tax Compliance,” S.Hrg. 110-614 (July 17 and 25, 2008); “Tax Haven Abuses: The Enablers, The Tools and Secrecy,” S.Hrg. 109-797 (Aug. 1, 2006); “Money Laundering and Foreign Corruption: Enforcement and Effectiveness of the Patriot Act,” S.Hrg. 108-633 (July 15, 2004); “Role of U.S. Correspondent Banking in International Money Laundering,” S.Hrg. 107-84 (March 1, 2 and 6, 2001); and “Private Banking and Money Laundering: A Case Study of Opportunities and Vulnerabilities,” S.Hrg. 106-428 (Nov. 9 and 10, 1999). See also U.S. Senate Committee on Homeland Security and Governmental Affairs, “State Business Incorporation – 2009,” S.Hrg. 111-953 (June 18 and Nov. 5, 2009). to guard against 2 “Role of U.S. Correspondent Banking in International Money Laundering,” U.S. Senate Permanent Subcommitteeon Investigations, S.Hrg. 107-84 (March 1, 2 and 6, 2001)(hereinafter “2001 Subcommittee Hearing on Correspondent Banking”), at 1. 3 See, e.g., Sections 312, 313, and 319(b) of the USA Patriot Act (requiring due diligence to be conducted whenopening accounts for foreign banks, with enhanced due diligence for offshore banks and banks in high risk jurisdictions; prohibiting the opening of correspondent accounts for shell banks; and strengthening the ability of U.S. regulators to obtain correspondent account records). 4 See, e.g., 31 CFR §§103.175,103.176, 103.177, 103.185.5 See, e.g., 4/29/2010 “Bank Secrecy Act/Anti-Money Laundering Examination Manual,” issued by the FederalFinancial Institutions Examination Council, “Foreign Correspondent Account Recordkeeping and Due Diligence,” at 2 money laundering through correspondent accounts. In response, over the next ten years, U.S. banks substantially strengthened their correspondent AML controls. Before the 2002 Patriot Act, for example, most U.S. banks opened correspondent accounts for any foreign bank with a banking license; now, most U.S. banks evaluate the riskiness of each foreign bank’s owners, business lines, products, clients, and AML controls before agreeing to open an account. They also routinely monitor account activity and wire transfers for suspicious activity, with enhanced monitoring of high risk correspondents. In addition, before the 2002 Patriot Act, some U.S. banks readily opened accounts for foreign shell banks, meaning banks without any physical presence in any jurisdiction; today, in accordance with the Patriot Act’s ban on shell bank accounts, all U.S. banks take measures to ensure they don’t provide services to such banks, the ban on shell bank accounts has become an international AML standard, 6 and the thousands ofstand-alone shell banks licensed by the Bahamas, Cayman Islands, Nauru, and other jurisdictions have virtually disappeared. At the same time, the money laundering risks associated with correspondent banking have not been eliminated. Correspondent accounts continue to provide a gateway into the U.S. financial system, and wrongdoers continue to abuse that entryway. This investigation takes a fresh look at the U.S. vulnerabilities to money laundering and terrorist financing associated with correspondent banking, focusing in particular on the operations of global banks with U.S. affiliates that enable foreign financial institutions to gain access to the U.S. financial system. HSBC Case Study. To examine the current money laundering and terrorist financing threats associated with correspondent banking, the Subcommittee selected HSBC as a case study. HSBC is one of the largest financial institutions in the world, with over $2.5 trillion in assets, 89 million customers, 300,000 employees, and 2011 profits of nearly $22 billion. HSBC, whose initials originally stood for Hong Kong Shanghai Banking Corporation, now has operations in over 80 countries, with hundreds of affiliates spanning the globe. Its parent corporation, HSBC Holdings plc, called “HSBC Group,” is headquartered in London, and its Chief Executive Officer is located in Hong Kong. Its key U.S. affiliate is HSBC Bank USA N.A. (HBUS). HBUS operates more than 470 bank branches throughout the United States, manages assets totaling about $200 billion, and serves around 3.8 million customers. It holds a national bank charter, and its primary regulator is the U.S. Office of the Comptroller of the Currency (OCC), which is part of the U.S. Treasury Department. HBUS is headquartered in McLean, Virginia, but has its principal office in New York City. HSBC acquired its U.S. presence by purchasing several U.S. financial institutions, including Marine Midland Bank and Republic National Bank of New York. A senior HSBC executive told the Subcommittee that HSBC acquired its U.S. affiliate, not just to compete with other U.S. banks for U.S. clients, but primarily to provide a U.S. platform to its non-U.S. clients and to use its U.S. platform as a selling point to attract still more non-U.S. clients. HSBC operates in many jurisdictions with weak AML controls, high risk 117-129, 183-187, http://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_Man_2010.pdf. Prior versions of this Manual were issued in 2005 and 2007. 6 See “International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation:The FATF Recommendations,” issued by the Financial Action Task Force (2/2012), FATF Recommendation 13. 3 clients, and high risk financial activities including Asia, Middle East, and Africa. Over the past ten years, HSBC has also acquired affiliates throughout Latin America. In many of these countries, the HSBC affiliate provides correspondent accounts to foreign financial institutions that, among other services, are interested in acquiring access to U.S. dollar wire transfers, foreign exchange, and other services. As a consequence, HSBC’s U.S. affiliate, HBUS, is required to interact with other HSBC affiliates and foreign financial institutions that face substantial AML challenges, often operate under weaker AML requirements, and may not be as familiar with, or respectful of, the tighter AML controls in the United States. HBUS’ correspondent services, thus, provide policymakers with a window into the vast array of money laundering and terrorist financing risks confronting the U.S. affiliates of global banks. The Subcommittee also examined HSBC because of its weak AML program. In September 2010, the OCC issued a lengthy Supervisory Letter citing HBUS for violating federal AML laws, including by maintaining an inadequate AML program. In October 2010, the OCC issued a Cease and Desist Order requiring HSBC to strengthen multiple aspects of its AML program. 7 The identified problems included a once massive backlog of over 17,000 alertsidentifying possible suspicious activity that had yet to be reviewed; ineffective methods for identifying suspicious activity; a failure to file timely Suspicious Activity Reports with U.S. law enforcement; a failure to conduct any due diligence to assess the risks of HSBC affiliates before opening correspondent accounts for them; a 3-year failure by HBUS, from mid-2006 to mid- 2009, to conduct any AML monitoring of $15 billion in bulk cash transactions with those same HSBC affiliates, despite the risks associated with large cash transactions; poor procedures for assigning country and client risk ratings; a failure to monitor $60 trillion in annual wire transfer activity by customers domiciled in countries rated by HBUS as lower risk; inadequate and unqualified AML staffing; inadequate AML resources; and AML leadership problems. Since many of these criticisms targeted severe, widespread, and longstanding AML deficiencies, they also raised questions about how the problems had been allowed to accumulate and why the OCC had not compelled corrective action earlier. During the course of its investigation into HSBC’s AML deficiencies, the Subcommittee issued multiple subpoenas and collected and reviewed over 1.4 million documents, including bank records, correspondence, emails, and legal pleadings. The Subcommittee staff also conducted over 75 interviews with officials at HSBC Group, HBUS, and other HSBC affiliates, as well as with U.S. banking regulators. In addition, the Subcommittee received numerous briefings from HSBC legal counsel, initiated inquiries with foreign banks that had HSBC accounts, and consulted with experts on AML and terrorist financing issues. HSBC was fully cooperative with the inquiry, producing documentation and witnesses from around the world, including documents for which it could have claimed privilege. As a result of its investigation, the Subcommittee has focused on five issues illustrating key AML and terrorist financing problems that continue to impact correspondent banking in the United States. They include opening U.S. correspondent accounts for high risk affiliates without conducting due diligence; facilitating transactions that hinder U.S. efforts to stop terrorists, drug 7 On the same day, in coordination with the OCC, the Federal Reserve issued a Cease and Desist order to HBUS’holding company, HSBC North America Holdings, Inc. (HNAH), citing HNAH for an inadequate AML program and requiring it to revamp and strengthen both its program and that of HBUS. 4 traffickers, rogue jurisdictions, and other from using the U.S. financial system; providing U.S. correspondent services to banks with links to terrorism; clearing bulk U.S. dollar travelers cheques despite signs of suspicious activity; and offering high risk bearer share corporate accounts. Avoiding the money laundering risks involved in these activities requires an effective AML program, with written standards, knowledgeable and adequate staff, the infrastructure needed to monitor account and wire transfer activity for suspicious transactions, effective AML training, and a compliance culture that values obtaining accurate client information. In addition to focusing on these five issues at HBUS, the Subcommittee investigation examined the regulatory failures that allowed these and other AML problems to fester for years. Servicing A High Risk Affiliate. In 2001, the Subcommittee’s investigation debunked the notion that U.S. banks should open a correspondent account for any foreign bank with a banking license, establishing instead the need to use due diligence to evaluate the money laundering and terrorist financing risks posed by a specific foreign financial institution before opening an account. Today, some U.S. affiliates of global banks engage in an equally ill-advised practice, opening correspondent accounts for any affiliate owned by the parent holding corporation, with no analysis of the AML or terrorist financing risks. Until recently, HSBC Group policy instructed its affiliates to assume that all HSBC affiliates met the Group’s AML standards and to open correspondent accounts for those affiliates without additional due diligence. For years, HBUS followed that policy, opening U.S. correspondent accounts for HSBC affiliates without conducting any AML due diligence. Those affiliates have since become major clients of the bank. In 2009, for example, HBUS determined that “HSBC Group affiliates clear[ed] virtually all USD [U.S. dollar] payments through accounts held at HBUS, representing 63% of all USD payments processed by HBUS.” 8 HBUS failed toconduct due diligence on HSBC affiliates despite a U.S. law that has required all U.S. banks, since 2002, to conduct these due diligence reviews before opening a U.S. correspondent account for any foreign financial institution, with no exception made for foreign affiliates. One HSBC affiliate that illustrates the AML problems is HSBC Mexico, known as HBMX. HBUS should have, but did not, treat HBMX as a high risk correspondent client subject to enhanced due diligence and monitoring. HBMX operated in Mexico, a country under siege from drug crime, violence and money laundering; it had high risk clients, such as Mexican casas de cambios and U.S. money service businesses; and it offered high risk products, such as U.S. dollar accounts in the Cayman Islands. In addition, from 2007 through 2008, HBMX was the single largest exporter of U.S. dollars to HBUS, shipping $7 billion in cash to HBUS over two years, outstripping larger Mexican banks and other HSBC affiliates. Mexican and U.S. authorities expressed repeated concern that HBMX’s bulk cash shipments could reach that volume only if they included illegal drug proceeds.. The concern was that drug traffickers unable to deposit large amounts of cash in U.S. banks due to AML controls, were transporting U.S. dollars to Mexico, arranging for bulk deposits there, and then using Mexican financial institutions to insert the cash back into the U.S. financial system. In addition to its high risk location, clients, and activities, HMBX had a history of severe AML deficiencies. Its AML problems included a widespread lack of Know-Your Customer 8 See 9/9/2009 chart entitled, “HSBC Profile,” included in “HSBC OFAC Compliance Program,” a presentationprepared by HSBC and provided to the OCC, at HSBC OCC 8874197. 5 (KYC) information in client files; a dysfunctional monitoring system; bankers who resisted closing accounts despite evidence of suspicious activity; high profile clients involved in drug trafficking; millions of dollars in suspicious bulk travelers cheque transactions; inadequate staffing and resources; and a huge backlog of accounts marked for closure due to suspicious activity, but whose closures were delayed. For eight years, from 2002 to 2010, HSBC Group oversaw efforts to correct HBMX’s AML deficiencies, while those efforts fell short. At the same time, HSBC Group watched HBMX utilize its U.S. correspondent account, without alerting HBUS to the AML risks it was incurring. HBUS compounded the AML risks it incurred from HBMX through its own AML deficiencies, which included failing to investigate or evaluate HBMX’s AML risks. HBUS also failed, from mid-2006 to mid-2009, to conduct any AML monitoring of its U.S. dollar transactions with HSBC affiliates, including HBMX, despite the obvious well-known risks attendant with large cash transactions. In addition, because HBUS deemed HBMX to be located in a low risk country, HBUS failed until 2009, to monitor HBMX’s wire transfer or account activity. HBMX illustrates the money laundering and drug trafficking risks that result when the U.S. affiliate of a global bank serves as the U.S. gateway for a high risk affiliate allowed to operate with no initial due diligence or ongoing monitoring. Circumventing OFAC Prohibitions. The United States has devoted significant resources to stopping some of the most dangerous persons and jurisdictions threatening the world today from utilizing the U.S. financial system, including terrorists, persons involved with weapons of mass destruction, drug traffickers, and persons associated with rogue jurisdictions such as Iran, North Korea, and Sudan. To implement the law, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has developed a list of prohibited persons and countries which banks use to create an “OFAC filter” to identify and halt potentially prohibited transactions. Transactions stopped by this filter typically undergo an individualized review to see if the transaction can proceed or the funds must be blocked. Because the OFAC filter can end up delaying or blocking transactions that are permitted under U.S. law or by other jurisdictions, some non-U.S. financial institutions have used tactics to circumvent it. Common tactics include stripping information from wire transfer documentation to conceal the participation of a prohibited person or country, or characterizing a transaction as a transfer between banks in approved jurisdictions, while omitting underlying payment details that would disclose participation of a prohibited originator or beneficiary. In the case of Iran, some foreign banks also abused what were known as “U-turn” transactions, which were allowable transactions under Treasury regulations prior to November 2008. In recent years, the United States has imposed steep penalties on banks that violated the OFAC prohibitions. At HBUS, documents provided to the Subcommittee indicate that, for years, some HSBC affiliates took action to circumvent the OFAC filter when sending OFAC sensitive transactions through their U.S. dollar correspondent accounts at HBUS. From at least 2001 to 2007, two HSBC affiliates, HSBC Europe (HBEU) and HSBC Middle East (HBME), repeatedly sent Uturn transactions through HBUS without disclosing links to Iran, even though they knew HBUS required full transparency to process U-turns. To avoid triggering the OFAC filter and an individualized review by HBUS, HBEU systematically altered transaction information to strip 6 out any reference to Iran and characterized the transfers as between banks in approved jurisdictions. The affiliates’ use of these practices, which even some within the bank viewed as deceptive, was repeatedly brought to the attention of HSBC Group Compliance, by HBUS compliance personnel and by HBEU personnel who objected to participating in the document alteration and twice announced deadlines to end the activity. Despite this information, HSBC Group Compliance did not take decisive action to stop the conduct or inform HBUS about the extent of the activity. At the same time, while some at HBUS claimed not to have known they were processing undisclosed Iranian transactions from HSBC affiliates, internal documents show key senior HBUS officials were informed as early as 2001. In addition, HBUS’ OFAC filter repeatedly stopped Iranian transactions that should have been disclosed to HBUS by HSBC affiliates, but were not. Despite evidence of what was taking place, HBUS failed to get a full accounting of what its affiliates were doing or ensure all Iranian transactions sent by HSBC affiliates were stopped by the OFAC filter and reviewed to ensure they were OFAC compliant. In addition, documents show that, from 2002 to 2007, some HSBC affiliates sent potentially prohibited transactions through HBUS involving Burma, Cuba, North Korea, Sudan, and other prohibited countries or persons. Other documents indicate that some HSBC affiliates may have sent non-U.S. dollar messaging traffic through U.S. servers in which the OFAC filter was not turned on or was restricted. An outside auditor hired by HBUS has so far identified, from 2001 to 2007, more than 28,000 undisclosed, OFAC sensitive transactions that were sent through HBUS involving $19.7 billion. Of those 28,000 transactions, nearly 25,000 involved Iran, while 3,000 involved other prohibited countries or persons. The review has characterized nearly 2,600 of those transactions, including 79 involving Iran, and with total assets of more than $367 million, as “Transactions of Interest” requiring additional analysis to determine whether violations of U.S. law occurred. While the aim in many of those cases may have been to avoid the delays associated with the OFAC filter and individualized reviews, rather than to facilitate prohibited transactions, actions taken by HSBC affiliates to circumvent OFAC safeguards may have facilitated transactions on behalf of terrorists, drug traffickers, or other wrongdoers. While HBUS insisted, when asked, that HSBC affiliates provide fully transparent transaction information, when it obtained evidence that some affiliates were acting to circumvent the OFAC filter, HBUS failed to take decisive action to confront those affiliates and put an end to the conduct. HBUS’ experience demonstrates the strong measures that the U.S. affiliate of a global bank must take to prevent affiliates from circumventing OFAC prohibitions. Disregarding Links to Terrorism. For decades, HSBC has been one of the most active global banks in the Middle East, Asia, and Africa, despite being aware of the terrorist financing risks in those regions. In particular, HSBC has been active in Saudi Arabia, conducting substantial banking activities through affiliates as well as doing business with Saudi Arabia’s largest private financial institution, Al Rajhi Bank. After the 9-11 terrorist attack in 2001, evidence began to emerge that Al Rajhi Bank and some of its owners had links to financing organizations associated with terrorism, including evidence that the bank’s key founder was an early financial benefactor of al Qaeda. In 2005, HSBC announced internally that its affiliates should sever ties with Al Rajhi Bank, but then reversed itself four months later, leaving the decision up to each affiliate. HSBC Middle East, among other HSBC affiliates, continued to do business with the bank. 7 Due to terrorist financing concerns, HBUS closed the correspondent banking and banknotes accounts it had provided to Al Rajhi Bank. For nearly two years, HBUS Compliance personnel resisted pressure from HSBC personnel in the Middle East and United States to resume business ties with Al Rajhi Bank. In December 2006, however, after Al Rajhi Bank threatened to pull all of its business from HSBC unless it regained access to HBUS’ U.S. banknotes program, HBUS agreed to resume supplying Al Rajhi Bank with shipments of U.S. dollars. Despite ongoing troubling information, HBUS provided nearly $1 billion in U.S. dollars to Al Rajhi Bank until 2010, when HSBC decided, on a global basis, to exit the U.S. banknotes business. HBUS also supplied U.S. dollars to two other banks, Islami Bank Bangladesh Ltd. and Social Islami Bank, despite evidence of links to terrorist financing. Each of these specific cases shows how a global bank can pressure its U.S. affiliate to provide banks in countries at high risk of terrorist financing with access to U.S. dollars and the U.S. financial system. Clearing Suspicious Bulk Travelers Cheques. Another AML issue involves HBUS’ clearing more than $290 million in bulk U.S. dollar travelers checks in less than four years for a Japanese regional bank, Hokuriku Bank, despite evidence of suspicious activity. From at least 2005 to 2008, HBUS cleared bulk travelers cheques for Hokuriku Bank on a daily basis, at times clearing $500,000 or more in U.S. dollars per day. The cheques were in denominations of $500 or $1,000, submitted in large blocks of sequentially numbered cheques, and signed and countersigned with the same illegible signature. An OCC examination which determined that HBUS was clearing travelers cheques with inadequate AML controls, discovered the stacks of Hokuriku travelers cheques being processed on a daily basis, and directed HBUS to investigate. When HBUS sought more information, Hokuriku Bank at first delayed responding, then provided minimal information, and finally declined to investigate further, claiming to be constrained by bank secrecy laws from disclosing client-specific information. HBUS eventually learned that the travelers cheques were purchased by Russians from a bank in Russia, a country at high risk of money laundering. HBUS also learned that the Japanese bank had little KYC information or understanding why up to $500,000 or more in bulk U.S. dollar travelers cheques purchased in Russia were being deposited on a daily basis into one of 30 different Japanese accounts of persons and corporations supposedly in the used car business. In October 2008, under pressure from the OCC, HBUS stopped processing the travelers cheques, but continued the correspondent relationship, despite the Japanese bank’s poor AML controls. Two years later, in 2010, an OCC examination uncovered the ongoing relationship, between HSBC and Hokuriku, which the OCC thought had ended. In 2012, after the Subcommittee inquired about the account, HBUS closed it. Since travelers cheques have been misused by terrorists, drug traffickers, and other criminals, the HBUS experience shows how a U.S. affiliate with ineffective AML controls can end up clearing suspicious bulk travelers cheques and facilitating the movement of hundreds of millions of U.S. dollars across international lines to unknown recipients. Offering Bearer Share Accounts. Over the course of a decade, HBUS opened over 2,000 accounts in the name of bearer share corporations, a notorious type of corporation that invites secrecy and wrongdoing by assigning ownership to whomever has physical possession of the shares. At its peak, HBUS’ Miami office had over 1,670 bearer share accounts; the New 8 York office had over 850; and the Los Angeles office had over 30. The Miami bearer share accounts alone held assets totaling an estimated $2.6 billion, and generated annual bank revenues of $26 million. Multiple internal audits and regulatory examinations criticized the accounts as high risk and advocated that HBUS either take physical custody of the shares or require the corporations to register the shares in the names of the shareholders, but HBUS bankers initially resisted tightening AML controls, and regulators took no enforcement action. Two examples of the accounts illustrate the risks they posed. In the first, Miami Beach hotel developers, Mauricio Cohen Assor and Leon Cohen Levy, father and son, used bearer share accounts they opened for Blue Ocean Finance Ltd. and Whitebury Shipping Time-Sharing Ltd. to help hide $150 million in assets and $49 million in income. In 2010, both were convicted of criminal tax fraud and filing false tax returns, sentenced to ten years in prison, and ordered to pay back taxes, interest, and penalties totaling more than $17 million. A second example involves a wealthy and powerful Peruvian family which pressed HBUS to grant a waiver from its AML requirements that bearer share corporations either register their shares or place those shares in bank custody. Bank documents showed how HBUS bankers pressed Compliance personnel to grant the waiver to please a wealthy client. These accounts demonstrate the AML risks associated with bearer share accounts, whose owners seek to hide their identities. Today, following an initiative that concluded in 2011, HBUS has reduced its bearer share accounts to 26, most of which are frozen, while at the same time maintaining a policy that allows the bank to open new bearer share accounts in the future. Regulatory Failures. HBUS’ severe AML deficiencies did not happen overnight; they accumulated over time, even though its primary regulator, the OCC, conducted regular AML examinations. Part of the reason HBUS’ AML problems were not cured is attributable to certain peculiar and ineffective aspects of the OCC’s AML oversight effort. First, unlike other U.S. bank regulators, the OCC does not treat AML deficiencies as a matter of bank safety and soundness or a management problem. Instead it treats AML deficiencies as a consumer compliance matter, even though AML laws and consumer protection laws have virtually nothing in common. One consequence of this approach is that the OCC considers AML problems when assigning a bank’s consumer compliance rating, but not when assigning the bank’s management rating or its overall composite rating. As a result, AML deficiencies do not routinely lower the ratings that national banks receive as part of their safety and soundness evaluations, and so do not increase the deposit insurance that banks pay for incurring heightened risk, contrary to how AML problems are handled at other federal banking agencies. At HBUS, after citing the bank for severe AML deficiencies, the OCC lowered its consumer compliance rating but not its management rating. A second problem is that the OCC has adopted a practice of foregoing the citation of a statutory or regulatory violation in its Supervisory Letters and annual Reports of Examination when a bank fails to comply with one of the four mandatory components of an AML program. The four minimum statutory requirements of an AML program are AML internal controls, an AML compliance officer, AML training, and independent testing of the effectiveness of its AML program. By consistently treating a failure to meet one or even several of these statutory requirements as a “Matter Requiring Attention” instead of a legal violation, the OCC diminishes 9 the importance of meeting each requirement, sends a more muted message about the need for corrective action, and makes enforcement actions more difficult to pursue if an AML deficiency persists. In contrast, citing a violation of law when one critical component of a bank’s AML program is inadequate sends a strong message to bank management that its AML program is deficient, does not meet minimum statutory requirements, and requires remediation to ensure compliance with the law. At HBUS, the OCC identified 83 Matters Requiring Attention over five years, without once citing a legal violation of federal AML law. It was only when the OCC found HBUS’ entire AML program to be deficient that the OCC finally cited the bank for a legal violation. Additional problems illustrated by the HBUS case history include the OCC’s practice of conducting narrowly focused AML examinations of specific banking units without also assessing HBUS’ overall AML program; the OCC’s reluctance, despite mounting AML deficiencies, to make timely use of formal and informal enforcement actions to compel improvements in HBUS’ AML program; and the practice by some OCC examiners to issue Supervisory Letters that sometimes muted AML examination criticisms or weakened recommendations for AML reforms at HBUS. While the OCC insists that its AML approach has merit, the HSBC case history, like the Riggs Bank case history examined by this Subcommittee eight years ago, 9 provides evidence thatthe current OCC system has tolerated severe AML deficiencies for years, permitted national banks to delay or avoid correcting identified problems, and allowed smaller AML issues to accumulate into a massive problem before OCC enforcement action was taken. An experienced OCC AML examiner told the Subcommittee: “I thought I saw it all with Riggs but HSBC was the worst situation I’d ever seen,” yet during the six-year period from 2004 to 2010, OCC officials did not take any formal or informal enforcement action to compel HBUS to strengthen its AML program, essentially allowing its AML problems to fester. In 2009, after learning of two law enforcement investigations involving AML issues at the bank, the OCC suddenly expanded and intensified an ongoing AML examination and allowed it to consider a wide range of AML issues. The OCC examination culminated in the issuance, in September 2010, of a blistering supervisory letter listing numerous, serious AML problems at the bank. In October 2010, the OCC also issued a Cease and Desist Order requiring HBUS to revamp its AML controls. In response, HBUS has announced a number of key organizational and policy initiatives to improve its AML program in the United States and globally. While those initiatives are promising, HBUS announced similarly promising AML reforms in 2003, when confronted with an AML enforcement action by the Federal Reserve Bank of New York and New York State Banking Department. Even before the OCC lifted that order in 2006, HBUS’ AML program deteriorated. Both HBUS and the OCC will have to undertake a sustained effort to ensure the newest round of changes produce a better AML outcome. HSBC is the quintessential global bank, operating hundreds of affiliates in 80 countries, with its U.S. affiliate acting as the gateway into the U.S. financial system for the entire network. 9 See “Money Laundering and Foreign Corruption: Enforcement and Effectiveness of the Patriot Act,” U.S. SenatePermanent Subcommittee on Investigations, S.Hrg. 108-633 (July 15, 2004). 10 The OCC allowed AML problems at HBUS to build up until they represented major AML vulnerabilities for the United States. Going forward, HBUS needs far stronger controls to ensure it doesn’t leave AML risks to the U.S. financial system unattended; the OCC needs a much better approach to resolve AML problems in a more effective and timely manner. A. Findings This Report makes the following findings of fact. (1) Longstanding Severe AML Deficiencies. HBUS operated its correspondent accounts for foreign financial institutions with longstanding, severe AML deficiencies, including a dysfunctional AML monitoring system for account and wire transfer activity, an unacceptable backlog of 17,000 unreviewed alerts, insufficient staffing, inappropriate country and client risk assessments, and late or missing Suspicious Activity Reports, exposing the United States. to money laundering, drug trafficking, and terrorist financing risks. (2) Taking on High Risk Affiliates. HBUS failed to assess the AML risks associated with HSBC affiliates before opening correspondent accounts for them, failed to identify high risk affiliates, and failed for years to treat HBMX as a high risk accountholder. (3) Circumventing OFAC Prohibitions. For years in connection with Iranian U-turn transactions, HSBC allowed two non-U.S. affiliates to engage in conduct to avoid triggering the OFAC filter and individualized transaction reviews. While HBUS insisted, when asked, that HSBC affiliates provide fully transparent transaction information, when it obtained evidence that some affiliates were acting to circumvent the OFAC filter, HBUS failed to take decisive action to confront those affiliates and put an end to conduct which even some within the bank viewed as deceptive. (4) Disregarding Terrorist Links. HBUS provided U.S. correspondent accounts to some foreign banks despite evidence of links to terrorist financing. (5) Clearing Suspicious Bulk Travelers Cheques. In less than four years, HBUS cleared over $290 million in sequentially numbered, illegibly signed, bulk U.S. dollar travelers cheques for Hokuriku Bank, which could not explain why its clients were regularly depositing up to $500,000 or more per day in U.S. dollar travelers cheques obtained in Russia into Japanese accounts, supposedly for selling used cars; even after learning of Hokuriku’s poor AML controls, HBUS continued to do business with the bank. (6) Offering Bearer Share Accounts. Over the course of a decade, HBUS opened over 2,000 high risk bearer share corporate accounts with inadequate AML controls. 11 (7) Allowing AML Problems to Fester. The OCC allowed HBUS’ AML deficiencies to fester for years, in part due to treating HBUS’ AML problems as consumer compliance matters rather than safety and soundness problems, failing to make timely use of formal and informal enforcement actions to compel AML reforms at the bank, and focusing on AML issues in specific HBUS banking units without also viewing them on an institution-wide basis. B. Recommendations This Report makes the following recommendations. (1) Screen High Risk Affiliates. HBUS should reevaluate its correspondent relationships with HSBC affiliates, including by reviewing affiliate AML and compliance audit findings, identifying high risk affiliates, designating affiliate accounts requiring enhanced monitoring, and closing overly risky accounts. HBUS should conduct a special review of the HBMX account to determine whether it should be closed. (2) Respect OFAC Prohibitions. HSBC Group and HBUS should take concerted action to stop non-U.S. HSBC affiliates from circumventing the OFAC filter that screens transactions for terrorists, drug traffickers, rogue jurisdictions, and other wrongdoers, including by developing audit tests to detect undisclosed OFAC sensitive transactions by HSBC affiliates. (3) Close Accounts for Banks with Terrorist Financing Links. HBUS should terminate correspondent relationships with banks whose owners have links to, or present high risks of involvement with, terrorist financing. (4) Revamp Travelers Cheque AML Controls. HBUS should restrict its acceptance of large blocks of sequentially numbered U.S. dollar travelers cheques from HSBC affiliates and foreign financial institutions; identify affiliates and foreign financial institutions engaged in suspicious travelers cheque activity; and stop accepting travelers cheques from affiliates and foreign banks that sell or cash U.S. dollar travelers cheques with little or no KYC information. (5) Boost Information Sharing Among Affiliates. HSBC should require AML personnel to routinely share information among affiliates to strengthen AML coordination, reduce AML risks, and combat wrongdoing. (6) Eliminate Bearer Share Accounts. HBUS should close its remaining 26 bearer share corporate accounts, eliminate this type of account, and instruct financial institutions using HBUS correspondent accounts not to execute transactions involving bearer share corporations. U.S. financial regulators should prohibit U.S. banks from opening or servicing bearer share accounts. 12 (7) Increase HBUS’ AML Resources. HBUS should ensure a full time professional serves as its AML director, and dedicate additional resources to hire qualified AML staff, implement an effective AML monitoring system for account and wire transfer activity, and ensure alerts, including OFAC alerts, are reviewed and Suspicious Activity Reports are filed on a timely basis. (8) Treat AML Deficiencies as a Matter of Safety and Soundness. The OCC should align its practice with that of other federal bank regulators by treating AML deficiencies as a safety and soundness matter, rather than a consumer compliance matter, and condition management CAMELS ratings in part upon effective management of a bank’s AML program. (9) Act on Multiple AML Problems. To ensure AML problems are corrected in a timely fashion, the OCC should establish a policy directing that the Supervision Division coordinate with the Enforcement and Legal Divisions to conduct an institution-wide examination of a bank’s AML program and consider use of formal or informal enforcement actions, whenever a certain number of Matters Requiring Attention or legal violations identifying recurring or mounting AML problems are identified through examinations. (10) Strengthen AML Examinations. The OCC should strengthen its AML examinations by citing AML violations, rather than just Matters Requiring Attention, when a bank fails to meet any one of the statutory minimum requirements for an AML program; and by requiring AML examinations to focus on both specific business units and a bank’s AML program as a whole. 13 II. GENERAL BACKGROUND This section provides a general overview of HSBC Group, HSBC Bank USA (HBUS), and the HBUS compliance and anti-money laundering (AML) program. A. Background on HSBC Group and HBUS HSBC Group is one of the largest financial institutions in the world, with over $2.5 trillion in assets, 89 million customers, and 2011 profits of nearly $22 billion. 10 Its parentcorporation, HSBC Holdings plc, often referred to by the bank as “HSBC Group,” is headquartered in London. Despite its London headquarters, the principal office of the Group Chief Executive is located in Hong Kong. 11 Altogether, HSBC has about 300,000 employeesand 7,200 offices in over 80 countries, including North America, Europe, Asia, Latin America, the Middle East, and Africa. 12United States Operations. Among other entities, the Group owns HSBC Overseas Holdings (UK) Ltd. (“HSBC Overseas Holdings”), which oversees its operations in the United States and Canada. HSBC Overseas Holdings owns, in turn, HSBC North America Holdings Inc. (“HNAH,” pronounced “Hannah”), one of the ten largest bank holding companies in the United States. HNAH has assets of about $345 billion, is headquartered in New York City, and is overseen by the Federal Reserve. 13 Through various subsidiaries, HNAH owns three keyHSBC financial institutions in the United States: HSBC Bank USA N.A. (“HBUS”); HSBC Securities (USA) Inc. (“HSBC Securities”); and HSBC Finance Corporation. HBUS operates more than 470 bank branches throughout the United States, manages assets totaling about $210 billion, and serves around 4 million customers. 14 It holds a nationalbank charter and its primary regulator is the Office of the Comptroller of the Currency (OCC), which is part of the U.S. Treasury Department. Because it holds insured deposits, its secondary regulator is the Federal Deposit Insurance Corporation (FDIC). HBUS is the principal subsidiary of HSBC USA Inc. (“HUSI”), a bank holding company which is a wholly-owned subsidiary of HNAH. 15 HBUS is headquartered in McLean, Virginia, and has its principal office in New YorkCity. 1610 See “HSBC Holdings plc 2011 Results-Highlights,” (2/12/12), at 1-2, http://www.hsbc.com/1/PA_esf-ca-appcontent/content/assets/investor_relations/hsbc2011arn.pdf; “HSBC Holdings plc Annual Report and Accounts 2011,” at 1, http://www.hsbc.com/1/PA_esf-ca-app-content/content/assets/investor_relations/hsbc2011ara0.pdf (hereinafter “HSBC Group 2011 Annual Report”). 11 See “HSBC Announces New Leadership Team,” (9/24/10), media release prepared by HSBC,http://www.hsbc.com/1/2/newsroom/news/2010/hsbc-announces-new-leadership. 12 HSBC Group 2011 Annual Report at 1; “HSBC Announces New Leadership Team,” (9/24/10), media releaseprepared by HSBC, http://www.hsbc.com/1/2/newsroom/news/2010/hsbc-announces-new-leadership. 13 See “HSBC North America Holdings Inc. Fact Sheet,” at 1,http://www.us.hsbc.com/1/PA_1_083Q9FJ08A002FBP5S00000000/content/usshared/Inside%20HSBC/About%20 HSBC/Corporate%20Information/Corporate%20Facts/hnah_factsheet_0911.pdf. 14 “HSBC Bank USA, National Association Fact Sheet,” at 1,http://www.us.hsbc.com/1/PA_1_083Q9FJ08A002FBP5S00000000/content/usshared/Inside%20HSBC/About%20 HSBC/Corporate%20Information/Corporate%20Facts/hbus_factsheet_0911.pdf (hereinafter “HBUS Fact Sheet”). 15 Id.16 Id. at 2.14 HSBC Securities is a licensed broker-dealer regulated by the SEC. HSBC Finance Corporation, formerly subprime lender Household International, provides credit cards, automobile loans, consumer lending, and insurance products, and is overseen by several U.S. regulators including the Consumer Financial Protection Bureau. HNAH also owns an Edge Act corporation in Miami, HSBC Private Bank International. 17 The Edge Act allows U.S. national banks to form U.S. subsidiaries designed toengage solely in international banking operations, including holding deposits for non-U.S. persons. 18 Edge Act corporations are chartered and regulated by the Federal Reserve. Inaddition, HNAH sponsors the HSBC Latin American International Center, also referred to as “HSBC Miami Offshore,” in Miami. This center, like HSBC Private Bank International, is designed to help meet the needs of Latin American clients with banking needs in the United States. 19HNAH owns several other subsidiaries as well, including HSBC Trust Company, N.A., of Delaware, and HSBC Bank Nevada, N.A., of Las Vegas Nevada. HBUS Major Lines of Business. HBUS has six major lines of business in the United States. 20 The first is “Retail Banking and Wealth Management” which provides deposits,checking, savings, mortgages, loans, brokerage products, and certificates of deposit (“CDs”) to customers. 21 HSBC Premier is a product within the retail bank that provides services for moreaffluent clients. 22The HBUS “Private Banking” offers wealth management services for high net worth individuals and families with deposits of at least $1 million. 23 HSBC Private Bank providesbanking, investment, custody, wealth planning, trust and fiduciary, insurance, and philanthropic advisory services to its customers. 24 Clients receive a dedicated “relationship manager” tomanage their Private Bank accounts. 25The HBUS “Commercial Banking” offers global banking services to financial institutions, companies, governmental entities, and non-profit organizations worldwide. 26 Theseservices include deposits, checking, remote deposit capture, payments and cash management, pouch services, corporate loans and financing, merchant services, and insurance products. HBUS assigns each client a dedicated relationship manager to handle its accounts. 2717 See “FAQs – HSBC Money Laundering Enforcement Action,” attached to 10/6/2010 email from OCC JamesVivenzio to OCC colleagues, “HSBC FAQs,” OCC-PSI-00898845-857. 18 See the Edge Act, P.L. 102-242 (1919), codified at 12 U.S.C. § 611 et seq.19 See HSBC Latin American International Center website, https://www.us.hsbc.com/1/2/3/hsbcpremier/miamioffshore.20 HBUS Fact Sheet at 1-2. According to the OCC, HBUS has a total of 32 lines of business altogether.Subcommittee interviews of OCC examiners Joe Boss and Elsa de la Garza, January 30, 2012 and January 9, 2012. 21 See https://www.us.hsbc.com/1/2/3/hsbcpremier/miami-offshoreretail.22 HBUS Fact Sheet at 1.23 Id. at 2; Subcommittee interview of HSBC representatives (6/9/2011).24 HBUS Fact Sheet at 2.25 Need cite26 HBUS Fact Sheet at 1.27 Id.15 The HBUS “Global Banking and Markets” line of business, with offices in more than 60 countries, provides a wide range of “tailored financial solutions” to major government, corporate, and institutional clients. 28 This line of business includes an extensive network ofcorrespondent banking relationships, in which HBUS provides banks from other countries with U.S. dollar accounts to transact business in the United States. Due to its affiliates in over 80 countries, HSBC is one of the largest providers of correspondent banking services in the world. In 2010, it had about 2400 correspondent customers, including for more than 80 HSBC affiliates. 29 Among other services, HSBC provides financial institution clients with access to theU.S. financial system by handling international wire transfers, clearing a variety of U.S. dollar instruments, including travelers cheques and money orders, and providing foreign exchange services. HBUS Payment and Cash Management (PCM) is a key banking division, located in New York, that supports HBUS’ correspondent relationships. 30In addition, as part of this line of business, until 2010, HBUS housed the Global Banknotes Department, which used offices in New York City, London, Hong Kong, and elsewhere to buy, sell, and ship large amounts of physical U.S. dollars. 31 The BanknotesDepartment derived its income from the trading, transportation, and storage of bulk cash, doing business primarily with other banks and currency exchange businesses, but also with HSBC affiliates. 32 In addition, for a number of years, HBUS held a contract with the U.S. FederalReserve Bank of New York (FRBNY) to operate U.S. currency vaults in several cities around the world to assist in the physical distribution of U.S. dollars to central banks, large commercial banks, and businesses involved with currency exchange. 33 In June 2010, however, HBUS exitedthe wholesale U.S. banknotes line of business, later selling portions of the business to other banks. 34 It also did not renew its contract to operate FRBNY currency vaults.The HBUS “Global Asset Management” line of business offers worldwide investment management services to clients, and currently manages nearly $400 billion in assets. 35 It is oneof the largest investment businesses in the world. Finally, “HSBC Insurance” provides a wide variety of insurance products to customers in the United States and Canada. 36In addition to these major lines of business, in recent years, HBUS has become a leader in providing banking services to foreign embassies with a presence in the United States. HBUS 28 HBUS Fact Sheet at 2.29 See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering(‘BSA/AML’) Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335- 365, at 7. [Sealed Exhibit.] Subcommittee briefing by HSBC legal counsel (6/20/2012). 30 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering (‘BSA/AML’)Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335-365, at 341-342 [Sealed Exhibit.]; Subcommittee interview of Michael Gallagher (6/13/2012). 31 See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, OCC-PSI-00864335-365, at 341-342. [Sealed Exhibit.]32 Id. at OCC-PSI-00864342.33 See Form 10-Q filed by HSBC USA Inc. with the SEC for the quarter ending June 30, 2011, at 9-10.34 Id. In 2010, HSBC Holdings plc sold its U.S. wholesale banknotes business in Asia to United Overseas BankLimited (UOB) for $11 million, and in 2011, sold its European banknotes business to HSBC Bank plc. It recorded total closure costs of $14 million during 2010. Id. 35 HBUS Fact Sheet at 2.36 Id. at 2.16 began this business after Riggs Bank and Wachovia Bank stopped providing those services in 2005, and embassies began looking for a new financial institution. 37Through its correspondent banking and Payments and Cash Management (PCM) businesses, HBUS has become one of the largest facilitators of cash transfers in the world. Between 2005 and 2009, the total number of PCM wire transactions at HBUS grew from 20.4 million to 30.2 million transfers per year, with a total annual dollar volume that climbed from $62.4 trillion to $94.5 trillion. 38 In 2008, HBUS processed about 600,000 wire transfers perweek. 39 In 2009, PCM was the third largest participant in the CHIPS wire transfer service whichprovides over 95% of U.S. dollar wire transfers across U.S. borders and nearly half of all wire transfers within the United States, totaling $1.5 trillion per day and over $400 trillion in 2011. 40HSBC Affiliates. HSBC has hundreds of affiliates located in over 80 countries. At least 80 HSBC affiliates have turned to HBUS for access to U.S. dollars and the U.S. financial system. These affiliates typically interact with HBUS by opening a correspondent account at HBUS headquarters in New York. Many use the account to clear U.S. dollars wire transfers; some use the account to cash U.S. dollar instruments like travelers cheques or money orders; still others use the account for foreign exchange purposes. In addition, some opened a separate account to buy or sell physical U.S. dollars as part of HBUS’ wholesale banknotes business, until it was shuttered in 2010. HSBC affiliates have accounted for a large portion of HBUS’ U.S. dollar activities. In 2009, for example, HSBC determined that “HSBC Group affiliates clear[ed] virtually all USD [U.S. dollar] payments through accounts held at HBUS, representing 63% of all USD payments processed by HBUS.” 41 HSBC also calculated that, over an eight-year period, its U.S. dollarclearing business had increased over 200%, from processing an average daily amount of $185 billion in 2001, to $377 billion in 2009. 42 HBUS also executes transactions through HSBCaffiliates in other countries. It has been estimated that, in 2009, HBUS processed 19.4 million transactions, involving $45.9 trillion, through HSBC affiliates. 43One of the largest HSBC affiliates is The Hongkong Shanghai Banking Corporation Ltd., which is incorporated in Hong Kong and is Hong Kong’s largest 37 See 1/30/2006 OCC Supervisory Letter regarding HBUS Embassy Banking, OCC-PSI-00107529-736, at 529-530;“HSBC to Open D.C. Branch, Pursue Embassy Clients,” Washington Post, Terence O’Hara (10/5/2004)(quoting Riggs spokesperson: “As a service to our remaining embassy clients, Riggs is working closely with HSBC to ensure a smooth transition.”), http://www.washingtonpost.com/ac2/wp-dyn/A7285-2004Oct4?language=printer. 38 See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering(‘BSA/AML’) Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335- 365, at 7. [Sealed Exhibit.] 39 7/28/2008 OCC memorandum, “OFAC Examination – Payment and Cash Management (PCM),” OCC-PSI-01274962, at 4. [Sealed Exhibit.] 40 Id. See also The Clearing House website, “About CHIPS,” http://www.chips.org/about/pages/033738.php.41 See 9/9/2009 chart entitled, “HSBC Profile,” included in “HSBC OFAC Compliance Program,” a presentationprepared by HSBC and provided to the OCC, at HSBC OCC 8874197. 42 Id. at “USD Payment Statistics – Fact Sheet,” HSBC OCC 8874211.43 See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering(‘BSA/AML’) Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335- 365, at 7. [Sealed Exhibit.] 17 bank. 44 Established in 1865, when Hong Kong was part of the British empire, it is thefounding member of the HSBC Group, but now operates as a subsidiary of HSBC Holdings plc, the Group’s parent corporation. With more than 71,400 employees, it oversees a network of hundreds of HSBC affiliates in 20 countries throughout Asia and the Pacific Region, including Australia, Bangladesh, China, India, Japan, Malaysia, New Zealand, Thailand, and Vietnam. 45 It is sometimes referred to in internal HSBCdocuments as HBAP, an abbreviation for HSBC Bank Asia Pacific. A second key affiliate is HSBC Bank Middle East Ltd. (HBME). Incorporated in Jersey in the Channel Islands and owned through a chain of subsidiaries reaching back to the Group’s parent corporation in London, HBME oversees a network of financial institutions throughout the Middle East and North Africa. 46 With more than 5,000employees, HBME provides banking services through nearly 45 branches in Algeria, Bahrain, Jordan, Kuwait, Lebanon, Oman, Pakistan, Qatar, and the United Arab Emirates. 47 In 1998, HSCB Group established “HSBC Amanah,” a “global Islamicfinancial services division” designed to “serve the particular needs of Muslim communities” in compliance with Islamic law. 48A third affiliate discussed in this Report is HSBC Mexico S.A. Banco (HBMX), the principal operating company of Grupo Financiero HSBC, S.A. de C.V., which owns HSBC’s businesses in Mexico. HSBC’s Mexican group is one of Mexico’s largest financial service conglomerates, with over 1,000 branches throughout the country, nearly $2 billion in assets, and over 8 million clients. HBME offers Amanah banking services to many of its clients in the Middle East and North Africa. 49 HSBC purchased HBMX in 2002, when it operated under the name ofBanco Internacional, S.A. and was part of Grupo Financiero Bital, S.A. de C.V. 50 HBMX and itsMexican parent are headquartered in Mexico City and together have about 19,000 employees. 5144 See “Hongkong Shanghai Banking Corporation Limited Annual Report and Accounts 2011,” at 2,http://www.hsbc.com.hk/1/PA_1_3_S5/content/about/financial-information/financialreports/ bank/pdf/2011report.pdf. 45 Id.46 See “HSBC Bank Middle East Limited Annual Report and Accounts 2011,”http://www.hsbc.ae/1/PA_1_083Q9FJ08A002FBP5S00000000/content/uae_pws/pdf/en/annual_report_2011.pdf .47 See id. at 32. See also “HSBC Wins its Eighth Best Cash Management Bank in the Middle East Award,”http://www.hsbc.ae/1/2/about-hsbc/newsroom/eighth-best-cash-management, viewed 4/2/12; “HSBC Research Picks Up More Regional Awards,” (1/12/12), http://www.hsbc.ae/1/PA_1_083Q9FJ08A002FBP5S00000000/content/uae_pws/pdf/en/newsroom/euromoneyresearch- awards-jan-12.pdf, viewed 4/12/12. HSBC provides banking services in Saudi Arabia through both HSBC Saudi Arabia, in which it is a 49% shareholder, and Saudi British Bank (SABB), in which it is a 40% shareholder. See “HSBC Research Picks Up More Regional Awards,” (1/12/12), http://www.hsbc.ae/1/PA_1_083Q9FJ08A002FBP5S00000000/content/uae_pws/pdf/en/newsroom/euromoneyresearch- awards-jan-12.pdf, viewed 4/12/12. 48 See HSBC website, “About HSBC Amanah,” http://www.hsbcamanah.com/amanah/about-amanah.49 See HSBC website, Grupo HSBC México, http://www.hsbc.com.mx/1/2/grupo, viewed 4/2/12.50 “HSBC Consuma la Adquision de GF BITAL,” (11/25/02),http://www.hsbc.com.mx/1/PA_1_1_S5/content/home_en/investor_relations/press_releases/infpress/hsbc_consuma. pdf. 51 See HSBC website, Grupo HSBC México, http://www.hsbc.com.mx/1/2/grupo, viewed 4/2/12.18 HSBC Leadership. Over the last few years, HSBC leadership has undergone significant change. In 2010, HSBC Holdings plc appointed a new Chairman of the Board of Directors, Douglas J. Flint, replacing Stephen Green, who had become a U.K. Cabinet Minister. 52 A newGroup Chief Executive was also selected, replacing Michael Geoghegan, who retired, with Stuart T. Gulliver. In 2012, HSBC Holdings plc also appointed a new Chief Legal Officer, Stuart Levey, former Undersecretary for Terrorism and Financial Intelligence at the U.S. Treasury Department. Mr. Levey replaced the Group’s General Counsel, Richard Bennett. 53Also in 2010, Sandy Flockhart, became Chairman of Europe, Middle East, Africa, Latin America, Commercial Banking; as well as Chairman of HSBC Bank plc. 54 Mr. Flockhart, whofirst joined HSBC in 1974, is an emerging markets specialist and, among other posts, headed HBMX in Mexico for five years, from 2002 to 2007. 55 He was also appointed to the HSBCGroup Board of Directors in 2008, and became a director of HSBC Bank Middle East in July 2011. 56HNAH Leadership. At HNAH, the U.S. bank holding company, the persons holding leadership positions have often overlapped with those of HNAH’s key subsidiaries, HBUS, HSBC Securities, and HSBC Finance Corporation. HNAH’s current Chief Executive Officer (CEO), for example, is Irene Dorner, who is also the CEO of HBUS. 57 Her immediatepredecessor at HNAH, for less than a year, was Niall Booker, who was preceded by Brendan McDonagh, former Chief Operating Officer (COO) of HBUS. Before Mr. McDonagh, HNAH was headed by Siddharth (“Bobby”) N. Mehta, who was also head of HSBC Finance Corporation, but left the bank when HSBC Finance Corporation’s subprime mortgage portfolio incurred huge losses during the recent financial crisis. The current HNAH COO is Gregory Zeeman; the current General Counsel is Stuart Alderoty; and the current Chief Auditor is Mark Martinelli, each of whom currently holds the same position at HBUS. 58 HNAH’s Chief Risk Officer is Mark Gunton who holds the sameposition at both HBUS and HSBC Finance Corporation. HBUS Leadership. Over the last ten years, HBUS has undergone numerous changes in leadership, with the head of the bank turning over four times. 5952 See “HSBC Announces New Leadership Team,” (9/24/10), media release prepared by HSBC,http://www.hsbc.com/1/2/newsroom/news/2010/hsbc-announces-new-leadership. The current head is Irene Dorner 53 “HSBC appoints Chief Legal Officer,” (1/13/12), media release prepared by HSBC,http://www.hsbc.com/1/2/newsroom/news/2012/chief-legal-officer. Mr. Levey held his position at the Treasury Department from July 2004 to February 2011. Id. Mr. Bennett had headed HSBC Group’s Legal and Compliance department since 1998; in 2010, he had become General Counsel. 54 54 See “HSBC Announces New Leadership Team,” (9/24/10), media release prepared by HSBC,http://www.hsbc.com/1/2/newsroom/news/2010/hsbc-announces-new-leadership. 55 See HSBC Group “Board of Directors,” http://www.hsbc.com/1/2/about/board-of-directors (describing Mr.Flockhart as “a career banker, being an emerging markets specialist with over 35 years' experience with HSBC in Latin America, the Middle East, US and Asia”); interview??. 56 Id.57 See “Leadership: HSBC North America Holdings Inc.,”https://www.us.hsbc.com/1/2/3/personal/inside/about/corporate-information/leadership/hnah. 58 Id.59 Information on HBUS’ leadership is taken from its SEC annual reports.19 who serves as HBUS’ Chairman of the Board, President, and CEO. She was appointed to those positions in 2010, after having served as the CEO of HSBC Bank Malaysia and as a director on the HBUS Board. Her immediate predecessor was Paul J. Lawrence who headed HBUS from 2007 to 2010. His predecessor was Sandy L. Derickson who served in the post for less than one year and left the bank along with Mr. Mehta after HSBC Finance Corporation, where he was second-in-command, incurred substantial losses. His predecessor was Martin J.G. Glynn who headed HBUS from 2003 to 2006, and then retired. HBUS has a six-person Board of Directors. Its current members are Ms. Dorner; William R.P. Dalton, former CEO of HSBC Bank plc in London; Anthea Disney, former Executive Vice President of NewsCorporation; Robert Herdman former SEC Chief Accountant; Louis Hernandez, Jr., CEO of Open Solutions Inc.; and Richard A. Jalkut, CEO of TelePacific Communications. Within HBUS, the current Chief Operating Officer (COO) is Gregory Zeeman. 60 Hisimmediate predecessor was David Dew 61 who was preceded by Brendan McDonagh, who servedas the COO from 2004 to 2006. Some other key HBUS executives are Marlon Young, the head of Private Banking Americas; Kevin Martin, the head of Retail Banking and Wealth Management; and Mark Watkinson, the head of Commercial Banking. 62 Since 2007, the bank’sChief Auditor has been Mark Martinelli. From 2000 to 2011, the head of HBUS Payments and Cash Management (PCM) was Michael Gallagher. The head of Global Banknotes, from 2001 to 2010, was Christopher Lok. HBUS’ current General Counsel is Stuart A. Alderoty. 63 His predecessor was JanetBurak who served as the bank’s General Counsel from 2004 to 2010. In 2007, she was also made the Regional Compliance Officer for North America. 64B. HBUS AML Program The compliance and anti-money laundering (AML) programs at HBUS have undergone continual organizational and leadership changes since 2005. In April 2003, the Federal Reserve and New York State Banking Department, which oversaw HBUS’ predecessor bank, cited the bank for multiple, severe AML deficiencies and required it to enter into a written agreement to 60 See “Leadership: HSBC Bank USA, N.A.,” https://www.us.hsbc.com/1/2/3/personal/inside/about/corporateinformation/leadership/hbus. 61 Mr. Dew served as HBUS COO from March 2007 to 2008; prior to that, he served for a month as HBUS ChiefAdministrative Officer from February 2007 to March 2007; prior to that he served as audit head at HUSI and HSBC North America Inc from 2006 to 2007, and as Audit head of HSBC North America Holdings Inc. from 2004 to 2007. Mr. Dew currently works as Managing Director of the Saudi British Bank which is 40% owned by HSBC. Subcommittee interview of David Dew (3/5/2012). 62 “2011 HSBC Annual Report,” http://www.us.hsbc.com/1/2/3/personal/inside/about/corporateinformation/leadership/hbus, viewed 3/23/12. 63 See “Leadership: HSBC Bank USA, N.A.,” https://www.us.hsbc.com/1/2/3/personal/inside/about/corporateinformation/leadership/hbus. 64 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”)Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00000230-259, at 256. [Sealed Exhibit.] 20 revamp and strengthen its AML program. 65 It was at that time that HBUS renamed itself andconverted to a national bank charter under the supervision of the OCC. During its first year under OCC supervision, HBUS reorganized its AML program, revamping its AML controls, country and client risk assessment criteria, Know-Your-Customer (KYC) due diligence requirements, and systems for detecting and reporting suspicious activity. 66 HBUS also acquireda new system for monitoring account activity, called the Customer Activity Monitoring Program (CAMP) and established criteria to produce alerts requiring additional reviews. In addition, HBUS created a system of KYC client profiles with standard due diligence information requirements for each client and which was updated on a regular basis and had to be approved by compliance and other bank officials for an account to be kept open. HBUS also established a Financial Intelligence Group to conduct enhanced due diligence reviews. Although the OCC gave positive reviews to the bank’s initial efforts, 67 by 2010, the OCCissued a lengthy Supervisory Letter again citing the bank for numerous AML deficiencies and requiring HBUS to revamp its AML program a second time. In response, the bank issued an action plan to correct identified problems. HBUS has, for example, acquired a new AML monitoring system, NORKOM to replace CAMP, and is working to refine its parameters for detecting suspicious activity. In its first month of operation, NORKOM detected more than 100,000 transactions needing further review, demonstrating its ability to catch many transactions that went previously unchecked under CAMP. HBUS has also revamped its approach to HSBC affiliates, which make up an important segment of HBUS’ correspondent banking, wire transfer, and cash management businesses and previously operated without due diligence controls and at times with minimal or no AML monitoring. Among other changes, HBUS now requires all subsidiaries to conduct due diligence on all other HSBC affiliates, including by using internal audit information identifying their AML risks and AML controls; identifies affiliates posing high AML risks and treat them accordingly, thus ending all policies exempting affiliates from standard AML account and wire transfer monitoring. In addition, HBUS has revamped its country and client risk assessment criteria, which now identifies high risk clients in a more robust manner; reviewed its correspondent banking business to reduce the number of high risk financial institutions; and closed some high risk business lines including its U.S. banknotes program. HBUS has also hired new AML leadership and significantly expanded its AML staffing and resources. HBUS currently employs over 1,000 compliance personnel. 68Some of HBUS’ changes have been criticized by the OCC as inadequate. HBUS has been informed by the OCC that it must do additional work on its monitoring system in order to implement the requirements of the 2010 Cease and Desist Order. The individual hired by HBUS to serve as its Chief Compliance Officer was asked to leave by the bank shortly after starting in 65 See HSBC Bank USA, Federal Reserve Bank of New York, and New York State Banking Department, DocketNo. 03-012-WA/RB-SM (Board of Governors of the Federal Reserve System, Washington, D.C.), Written Agreement (4/30/2003), OCC-PSI-00907803-811. 66 See OCC Report of Examination of HBUS, for the examination cycle ending March 31, 2005, OCC-PSI-00423650. [Sealed Exhibit.] 67 Id. at 10-11 (describing the formal agreement).68 See 7/10/2012 HSBC Group News, “HSBC to Testify at U.S. Senate Hearing.” letter by HSBC Group ChiefExecutive Stuart Gulliver, PSI-HSBC-76-0001-002, at 002. 21 2010. Both HBUS and the OCC will have to work hard to ensure that the latest round of changes will produce a better AML outcome than the changes made in 2004. (1) HBUS Compliance and AML Leadership Over the last five years, HBUS has experienced high turnover in its Compliance and AML leadership, making reforms difficult to implement. Since 2007, HBUS has had four Compliance heads and five AML directors. Currently, both positions are held by the same person, Gary Peterson. Mr. Peterson has extensive AML experience and was hired in 2010, to be the AML director, but after the Compliance head was asked to leave in 2010, has since held both posts. In 2012, Mr. Peterson is expected to relinquish his duties as AML director to his deputy, Alan Schienberg, so that the top Compliance and AML positions at HBUS will each have a full time professional. 69The top compliance position at HBUS is the Chief Compliance Officer who oversees all compliance issues for the bank. In the AML field, HBUS has specified two posts which have been held by the same person, the Anti-Money Laundering (AML) Directorwho is tasked with ensuring bank compliance with U.S. AML laws and regulatory requirements. 70 HBUS’Compliance and AML leadership positions were relatively stable until 2007, after which the bank has struggled to hire and retain experienced compliance professionals. HBUS’ Chief Compliance Officer from 2000 to 2007 was Carolyn Wind. Prior to that position, Ms. Wind worked for Republic Bank of New York as a compliance officer and, before that, as an OCC bank examiner. For the first three years she held the job, Ms. Wind also served as the AML Director. In 2003, the bank hired a separate AML Director, Teresa Pesce, who served in that post for four years, from 2003 to 2007. Before taking the position at the bank, Ms. Pesce was a federal prosecutor with the U.S. Attorney’s office in New York. Ms. Pesce left the bank in 2007, after which Ms. Wind headed both the Compliance and AML Compliance functions until she left the bank later in 2007. As discussed below, Ms. Wind was dismissed by HBUS after raising the issue of inadequate AML resources with the audit committee of the board of directors of the bank’s holding company, HNAH. In 2007, as part of a “Compliance Transformation Initiative,” HSBC established a North America Compliance department at HNAH headed by a Regional Compliance Officer. 71 HNAHappointed Janet Burak, then Regional Legal Department Head for North America, to also serve as the Regional Compliance Officer; she held both positions from 2007 to 2010. 72 At the time,HSBC Group Compliance head David Bagley expressed concern about combining the two roles, arguing that each required too much effort for a single person, but was overruled. 7369 See HSBC website, “Leadership: HSBC Bank USA, N.A.,”https://www.us.hsbc.com/1/2/3/personal/inside/about/corporate-information/leadership/hbus. Two years 70 The AML Director also serves as HBUS’ Bank Secrecy Act Compliance Officer.71 See also Federal Reserve, at BOG-A-205485.72 See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering(‘BSA/AML’) Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335- 365, at 27. [Sealed Exhibit.] 73 See 6/21/2007 email from HSBC David Bagley to HSBC Richard Bennett, HSBC OCC 8873871-5 (conveying toHSBC Group’s most senior legal counsel, Richard Bennett, the concern of HBUS compliance personnel about “the 22 later, in March 2009, the Federal Reserve issued a negative critique of Ms. Burak’s performance, noting in particular that she did not have an adequate understanding of AML risk or controls. 74The OCC also later criticized her performance as well as the decision to combine the regional legal and compliance roles, noting in 2010, that Ms. Burak “has had to balance a wide range of legal and compliance duties, including establishing the strategic direction for both functions and representing both functions on senior committees at the Group level.” 75 The OCC stated that, asa consequence, Ms. Burak had “not regularly attended key committee or compliance department meetings” and had failed to keep herself and other bank executives “fully informed about issues and risks within the BSA/AML compliance program.” 76 It also placed some of the blame at herfeet for a recently discovered backlog of 17,700 alerts indicating possible suspicious activity at the bank, which had not been reviewed, noting that “[b]acklogged alerts needed to receive the highest level of attention from senior bank management at a much earlier stage to ameliorate the problem.” 77 Soon after this critique, Ms. Burak left the bank.In the two years she held the regional posts, Ms. Burak oversaw three functional compliance teams at HNAH called “Compliance Advisory,” “Compliance Center of Excellence,” and “Compliance Shared Services Utility.” 78 Each team was headed by a senior Compliancemanager: Curt Cunningham, Anthony Gibbs, and Lesley Midzain. Ms. Midzain was hired in 2007 to replace Carolyn Wind and so worked, not only for HNAH, but also for HBUS as both its Compliance head and AML director. She held these compliance posts for two years, from 2007 until 2009. Prior to being placed at the helm of the bank’s AML program, Ms. Midzain had no professional experience and little familiarity with U.S. AML laws. In December 2008, HNAH’s regulator, the Federal Reserve, provided a negative critique of Ms. Midzain’s management of the bank’s AML program. The Federal Reserve wrote that Ms. Midzain did “not possess the technical knowledge or industry experience capability of one person to manage a very large legal function and a compliance function” and that “compliance will be pushed down below Legal”). See also 7/28/2010 email from HSBC David Bagley to HSBC Michael Geoghegan, HSBC OCC 8873871-75 (expressing to HSBC CEO Michael Geoghegan, that with regard to the 2007 decision to combine the two roles into one: “I fully accepted that Brendan [McDonagh], Paul [Lawrence] and Richard [Bennett] had the right to make this call, although as I said to you in Vancouver I now wish I had been more vociferous and in the current way my role operates I am confident that I would have a far stronger say.”). 74 The March 2009 Federal Reserve’s Summary of Ratings stated: “Interviews conducted as part of our recentgovernance review revealed that Janet Burak, HNAH Legal and Compliance chief risk officer has only broad understanding of BSA/AML risk and relies on the HNAH BSA/AML officer [Midzain] to manage the risk. … Midzain, as previously stated has weak BSA/AML knowledge and industry experience. Burak’s heavy reliance on the inexperienced Midzain is a concern. An example of Burak’s limited management oversight of BSA/AML was revealed when we recently met with her to clarify a few items from our Governance review she was unable to respond to the question about the distribution and the purpose of annual AML statements. She subsequently communicated via email that she does not review the annual AML statements provided to her by the HNAH/BSA/AML officer (Midzain). Burak forwards the statements to Group.” 3/25/2009 “Summary of Ratings for HSBC North America Holdings,” Federal Reserve Bank of Chicago, OCC-PSI-00899234. 75 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering (‘BSA/AML’)Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335-365, at 27. [Sealed Exhibit.] 76 Id.77 Id.78 Id. See also Federal Reserve, at BOG-A-205485.23 to continue as the BSA/AML officer.” 79 It noted that she “was interviewed by OCC examinersfrom another team and they supported the conclusion of the OCC resident staff that Midzain’s knowledge and experience with BSA/AML risk is not commensurate to HNAH’s BSA/AML high risk profile, especially when compared to other large national banks.” 80In 2009, the OCC also concluded that Ms. Midzain did not have the requisite AML expertise for her position. An OCC Supervisory Letter echoed the criticisms leveled earlier by the Federal Reserve: “Ms. Midzain was selected as the Compliance Director and BSA Officer although she does not have the qualifications or the experience to manage a BSA program at an institution with the size and amount of BSA compliance risk that HBUS has. She is a Canadian lawyer (a barrister and solicitor) who formerly worked for HNAH. She is also a member of Group’s executive development program. … Ms. Midzain’s assignment as HBUS’ BSA Officer and Compliance Director has been her first assignment outside of Canada as a part of that program. … During its 2009 compliance management examination, the OCC determined that Ms. Midzain lacked the experience and expertise to be the BSA Officer, and the OCC included an MRA in its supervisory letter that required the bank to strengthen is BSA/AML compliance leadership by hiring a BSA Officer who is highly qualified and very experienced.” 81In response to the Federal Reserve and OCC criticisms, HBUS removed Ms. Midzain from the AML post, but retained her as head of HBUS’ Compliance department. In the fall of 2009, HBUS hired a new AML Director, Wyndham Clark, a former U.S. Treasury official, who assumed the post in the middle of an intensifying AML examination by the OCC and a host of serious AML problems facing the bank. Mr. Clark was required to report to Curt Cunningham, an HBUS Compliance official who freely admitted having no AML expertise, 82 and through himto Ms. Midzain, whom the OCC had also found to lack AML expertise. Shortly after he arrived, Mr. Clark began requesting additional resources. 83 After 30 days at the bank, Mr. Clark sent Mr.Cunningham a brief memorandum with his observations, noting that HBUS had an “extremely high risk business model from AML perspective,” had seen recent high turnover in its AML directors, and granted only limited authority to the AML director to remedy problems: “AML Director has the responsibility for AML compliance, but very little control over its success. 79 Federal Reserve Bank of Chicago Summary of Ratings for HSBC North America Holdings, March 25, 2009,OCC-PSI-00899234. 80 Id.81 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering (‘BSA/AML’)Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335-365, at 28. [Sealed Exhibit.] 82 Id. at 28.83 See, e.g., 10/19/2009 email exchange between HBUS Wyndham Clark and HBUS Debra Bonosconi, “OFACresources,” OCC-PSI-00162661 (Mr. Clark commented after Janet Burak had recently approved three new compliance personnel positions, “Clearly a positive, although I understand that these were requested quite a while ago. I hope that isn’t the typical response time.” Ms. Bonosconi responded: “Oh, this was express time. Trust me on that. Usually the response is ‘no.’”). 24 Operate under ‘crisis’ mode, actions are reactive rather than forward thinking. AML Director unable to manage at high level. Several AML Directors/BSA Officers in a short period of time.” 84As he continued his work, Mr. Clark grew increasingly concerned that the bank was not effectively addressing its AML problems. In February 2010, Mr. Clark met with the Audit Committee of the HNAH board of directors and informed the committee that he had never seen a bank with as high of an AML risk profile as HBUS. 85 He also informed them that AMLresources were “insufficient versus current risks and volumes,” and the bank’s systems and controls were “inconsistent with AML risk profile.” 86 On May 10, 2010, Mr. Clark wrote to amore senior HBUS Compliance official that with regard to the bank’s AML compliance program, “With every passing day I become more concerned…if that’s even possible.” 87In July 2010, less than a year after taking the post, Mr. Clark decided to resign. He sent an email to the head of HSBC Group Compliance David Bagley explaining that he did not have the authority or support from senior compliance managers needed to do his job as AML director: “[T]he bank has not provided me the proper authority or reporting structure that is necessary for the responsibility and liability that this position holds, thereby impairing my ability to direct and manage the AML program effectively. This has resulted in most of the critical decisions in Compliance and AML being made by senior Management who have minimal expertise in compliance, AML or our regulatory environment, or for that matter, knowledge of the bank (HBUS) where most of our AML risk resides. Until we appoint senior compliance management that have the requisite knowledge and skills in these areas, reduce our current reliance on consultants to fill our knowledge gap, and provide the AML Director appropriate authority, we will continue to have limited credibility with the regulators.” 88When asked about his experience at the bank, Mr. Clark told the Subcommittee that he did not have either the authority or resources needed as AML director. 89 After his departure, the bankhired Gary Peterson, who was then an AML consultant to the bank, appointing him as HBUS’ new AML director. 84 10/15/2009 HBUS memorandum from Wyndham Clark to HNAH Curt Cunningham, “30 Day Observations andRecommendations Report from AML Director,” HSBC PSI PROD 0065332. 85 Subcommittee interview of Wyn Clark (11/30/2011); 2/17/2010 “HNAH AML Program, Board Audit CommitteePresentation,” by HBUS Wyndham Clark to the Audit Committee of the HNAH board of directors, HSBC OCC 3900290. 86 2/17/2010 “HNAH AML Program, Board Audit Committee Presentation,” by HBUS Wyndham Clark to theAudit Committee of the HNAH board of directors, HSBC OCC 3900290. 87 5/10/2010 email from HBUS Wyndham Clark to HBUS Anne Liddy, “AML Townhall,” OCC-PSI-00672582.See also 5/9/2010 email from HBUS Wyndham Clark to HNAH Curt Cunningham, “AML Townhall,” OCC-PSI- 00672571 (“Essentially AML decisions are now being made without AML SME [subject matter expertise]. This will be very apparent to the regulators.”). 88 7/14/2010 email from HBUS Wyndham Clark to HSBC David Bagley, OCC-PSI-00676731. Mr. Clark formallyleft the bank in August 2010. Subcommittee interview of Wyndham Clark (11/30/2011). 89 Subcommittee interview of Wyndham Clark (11/30/2011). Mr. Clark told the Subcommittee that, prior to hisleaving, the bank finally approved a number of new AML hires. Id. 25 Around the same time that Mr. Clark left the bank in 2010, Ms. Midzain also departed, leaving open the post of Chief Compliance Officer. That post remained vacant until 2011, when HBUS hired Eric Larson. He left after fifteen months on the job. 90 HBUS then asked GaryPeterson to serve, not only as HBUS’ AML Director, but also as its Compliance head, and as HNAH’s Regional Compliance Officer following Ms. Burak’s departure in 2010. Mr. Peterson agreed and has served in all three posts since 2010. Altogether, these personnel changes meant that, over the last five years, HBUS has had four Chief Compliance Officers and five AML Directors. At HSBC Group, HBUS’ parent organization, for nearly ten years, from 2002 to the present, David Bagley has served as the HSBC Group’s head of Compliance. He is located in London and oversees both general and AML compliance issues. His second-in-command is Warren Leaming, Deputy Head of HSBC Group Compliance, who has been in that position since January 1, 2007. Susan Wright serves as the head of HSBC’s AML efforts. She is also located in London and has served in that position for more than a decade. John Root is a senior Group Compliance officer who has concentrated on compliance and AML issues in Mexico and Latin America. Compliance personnel work with Matthew King who has served as the head of HSBC Group Audit since 2002. (2) HBUS AML Program Federal law requires banks operating in the United States to have a minimum of four elements, an AML compliance officer in charge of the program, AML internal controls, AML training, and an independent testing of the AML program to ensure its effectiveness. 91 HBUS’AML program must address a wide range of AML issues, from customer due diligence, to monitoring account and wire transfer activity, to reporting suspicious activity to law enforcement. It must also cover a wide range of business lines and products, including Correspondent Banking, International Private Banking, Domestic Private Banking, Embassy Banking, Payment and Cash Management, and Banknotes services. Inadequate Staffing. Despite its high AML risks, millions of customers, and employment of more than 16,500 employees overall, from 2006 to 2009, HBUS’s entire Compliance Department numbered less than 200 full time employees; its AML Compliance staff was a subset of that and also included staff in India. 92 HBUS personnel told the Subcommitteethat inadequate AML staffing was one of the biggest problems they faced. 9390 Subcommittee interview of OCC Examiner Teresa Tabor (5/17/2012).OCC examinations also routinely identified inadequate staffing as a key AML problem, including with respect to 91 See 31 U.S.C. §5318(h); 12 C.F.R. §21.21.92 Subcommittee briefing by HSBC legal counsel (6/30/2011).93 Subcommittee interview of HBUS Debra Bonosconi (11/17/2011) (Ms. Bonosconi reported to the Subcommitteethat staffing was her biggest issue and that by March 2008 it was evident that more staff was needed. She made several requests for additional resources); Subcommittee interview of HBUS Anne Liddy (2/22/2012) (Ms. Liddy made a request for resources to Carolyn Wind, but was told that there was no appetite to bring on additional staff); Subcommittee interview of HBUS Carolyn Wind (3/7/2012); Subcommittee interview of HBUS Teresa Pesce (3/30/2012) (Ms. Pesce asked for business to provide funding for more AML Compliance positions because Compliance did not have the money). 26 unreviewed alerts, 94 PCM processing,95 Correspondent Banking,96 OFAC reviews,97 EmbassyBanking, 98 and the Compliance Review Unit that tested the bank’s AML controls.99Bank documents show that Compliance and AML staffing levels were kept low for many years as part of a cost cutting measure. In 2007, HBUS announced a “1509 Initiative,” to increase the bank’s return on equity by 2009, largely through cost cutting measures. One component of the plan was to ensure that 2007 and 2008 headcounts remained flat. This hiring freeze caused HBUS Compliance and the AML staffing requests to be denied or unanswered. At one point, HBUS Compliance and AML management resorted to requesting temporary staff when persistent AML alert backlogs grew to unmanageable levels. In 2007, HBUS fired its longtime AML head after she raised resource concerns with the HNAH Audit Committee; an AML director hired in 2009 left after being denied the authority and resources he considered necessary to do his job. After the OCC issued its lengthy Supervisory Letter criticizing multiple aspects of HBUS’ AML program, bank management began to significantly increase AML staff and resources. AML Staffing Problems. In 2006, HBUS Compliance was already struggling to “handle the growing monitoring requirements” associated with the bank’s correspondent banking and cash management programs, and requested additional staff. 100 In October 2006, HBUSCompliance officer Alan Ketley wrote that despite having very efficient processes, each month his Compliance team was “handling an average of 3,800 [alerts] per person and [was] becoming overwhelmed thus potentially placing the business and the bank at risk.” 101 Despite requests foradditional AML staffing, HBUS decided to hold staff levels to a flat headcount. 1021509 Initiative and Hiring Freeze. In 2007, against the backdrop of losses stemming from its troubled acquisition of Household International and the beginning of the global financial crisis, HBUS launched the 1509 Initiative which sought to achieve a 15% return on equity for the 94 3/3/2010 OCC Supervisory Letter HSBC-2010-03, “Backlog of Monitoring Alerts and Enhanced Due DiligenceRequests,” OCC-PSI-00851542-545. [Sealed Exhibits.] 95 3/18/2009 OCC Supervisory Letter HSBC-2008-40, “Payment and Cash Management BSA/AML Examination,”OCC-PSI-00107624-625. [Sealed Exhibit.] 96 3/3/2009 OCC Supervisory Letter HSBC-2008-34, “Correspondent Banking BSA/AML Examination,” OCC-PSI-00107618-620. [Sealed Exhibit.] 97 7/28/2008 OCC memorandum, “OFAC Examination – Payment and Cash Management (PCM),” OCC-PSI-01274962; 1/20/2009 OCC Supervisory Letter HSBC-2008-41, “Office of Foreign Asset Control Examination,” OCC-PSI-00000434-436. [Sealed Exhibits.] 98 See 3/19/2007 OCC Supervisory Letter HSBC-2006-30, “Government and Institutional Banking BSA/AMLExamination,” OCC-PSI-00107567-571; 1/30/2006 OCC Supervisory Letter regarding HBUS Embassy Banking, OCC-PSI-00107529-536. [Sealed Exhibits.] 99 See 6/14/2006 OCC Supervisory Letter HSBC-2006-16, “Compliance Review Unit Examination,” OCC-PSI-00000341-345. [Sealed Exhibit.] 100 See 10/31/2006 email from HBUS Alan Ketley to HBUS Michael Gallagher, Denise Reilly, and CharlesDelBusto, “Additional Compliance headcount needed to support PCM,” HSBC OCC 0616340-43, at 341. 101 Id. at HSBC OCC 0616342.102 See, e.g., 10/31/2006 email exchange between HBUS Michael Gallagher and HBUS Tony Murphy, CharlesDelBusto, Alan Ketley, and others, “Additional Compliance headcount needed to support PCM,” HSBC OCC 0616340-343; 9/25/2006 email exchange between HBUS Michael Gallagher and HBUS Teresa Pesce, Alan Ketley, Charles DelBusto, and others, “Additional monitoring resources,” HSBC OCC 7688655-657. 27 bank by 2009, primarily by cutting costs. One facet of 1509 was the “$100 Million Dollar Cost Challenge,” which set a goal of cutting costs of $100 million in 2007. 103The hiring freeze began in September 2007, when HBUS Compliance had a headcount of 198 full time employees, one below its December 2006 level. 104 When Compliance sought to fillsix open positions, David Dew, HBUS Chief Operating Officer (COO), informed Compliance head and AML director Carolyn Wind that the positions could not be filled: “This increase will be almost impossible to justify and therefore I must ask you to please cancel the open positions and ensure that your FTE as at 31 Dec 2007 does not exceed 199.” 105To make the case for increased staffing resources, in September 2007, HBUS Compliance personnel reached out to compliance peers at other banks and learned that at the three major banks that provided some information, each had a greater number of monitoring staff in the correspondent banking area than HBUS. 106 In addition, HBUS Compliance personnelnoted that HBUS Compliance filed many fewer Suspicious Activity Reports (“SARs”) than its competitors; 107 while HBUS filed three to four per month in the correspondent banking area, itspeers filed 30 to 75 per month, and one major international bank disclosed that it filed approximately 250 SARs per month. 108 Despite these statistics, the Compliance department andAML staff remained stagnant. Fired After Raising Staffing Concerns to Board. After being turned down for additional staff, Carolyn Wind, longtime HBUS Compliance head and AML director, raised the issue of inadequate resources with the HNAH board of directors. A month after that board meeting, Ms. Wind was fired. 103 See HSBC internal presentation entitled, “1509,” HSBC OCC 0616217-254, at 241-45.104 9/14/2007 email from HBUS David Dew to HBUS Carolyn Wind, Janet Burak, and Kathryn Hatem,“HEADCOUNT,” HSBC OCC 0616262. 105 Id.106 On 9/6/2007, Mr. Ketley wrote: “Every bank that responded and provided information about monitoring staff hasmore than HBUS.” 9/6/2007 email from HBUS Alan Ketley to HBUS Alan Williamson, Judy Stoldt, and George Tsugranes, “Correspondent survey,” HSBC OCC 0616384-385. See also 9/6/2007 HBUS chart, “Correspondent Banking Survey,” HSBC OCC 3400666. [Sealed Exhibit.] See also emails indicating HBUS Compliance personnel were not compensated at levels consistent with its competitors, and risked losing qualified personnel. See, e.g., 2/1/2007 email exchange among HBUS Carolyn Wind, HBUS Teresa Pesce and others, “MIP overages - URGENT,” HSBC OCC 0616314-316, at 314 (“We are not at market with our current comp[etitors” and “[t]hese officers and AML officers can get new jobs in a heartbeat”); 2/27/2007 email from HBUS Karen Grom to HBUS Carolyn Wind, Denise Reilly, Teresa Pesce, David Dew and others, “HUSI Compensation Review,” HSBC OCC 0616318 (“The banks who are approaching our employees have deep pockets and are willing to pay to get the talent. … In many cases, we are paying under the ‘market data point’ (50 th percentile).” and “The offers from head-huntersare in some cases double base salaries and double bonuses[.]”). 107 9/6/2007 email from HBUS Alan Ketley to HBUS Alan Williamson, Judy Stoldt, and George Tsugranes,“Correspondent survey,” HSBC OCC 0616384-385 (Mr. Ketley wrote “Our competitors all acknowledge filing more SARs than we do.”); 9/6/2007 HBUS chart, “Correspondent Banking Survey,” HSBC OCC 3400666. [Sealed Exhibit.] 108 8/27/2007 email from HBUS Alan Ketley to HBUS Michael Gallagher, Charles DelBusto, Chris Davies, andAlan Williamson, “Addressing negative information,” HSBC OCC 7688584-587, at 587. 28 On October 24, 2007, Ms. Wind met with the Audit Committee of the HNAH board of directors and, during the meeting, raised the staffing issue, particularly with respect to the Embassy Banking area which had been the subject of two recent OCC examinations uncovering severe AML deficiencies. Her supervisor, Regional Compliance Officer Janet Burak, also attended the Audit Committee meeting. The day after the meeting, in an email to HSBC Group Compliance head David Bagley, Ms. Burak expressed displeasure that Ms. Wind’s comments had caused “inappropriate concern” at the Audit Committee: “I indicated to her [Ms. Wind] my strong concerns about her ability to do the job I need her to do, particularly in light of the comments made by her at yesterday’s audit committee meeting …. I noted that her comments caused inappropriate concern with the committee around: our willingness to pay as necessary to staff critical compliance functions (specifically embassy banking AML support), and the position of the OCC with respect to the merger of AML and general Compliance.” 109A month after the board meeting, after seven years as HBUS’ Compliance head, Ms. Wind was fired. In a January 22, 2008 letter to the head of HBUS Human Resources, Ms. Wind wrote: “I was told on November 30, 2007 that I was being terminated effective 2/28/08, due to the fact that the Board had lost confidence in me. … If the Board has lost confidence in me based on my comments at the October, 2007 Audit Committee, why have I been allowed to continue to run this critical department without additional supervision or any direct follow-up from Group Compliance?” Ms. Wind also wrote: “David [Dew] and I disagree on the extent to which my organization can withstand cost cuts and still maintain an effective compliance risk mitigation program. I also believe in an open dialog with the Board and its committees, which may go against the desires of some in the organization.” 110 When asked about this document, Ms. Wind told theSubcommittee that she believed she was fired for telling the HNAH board about the need for additional Compliance resources. 111Hiring Freeze Continues. After her departure, the hiring freeze continued throughout 2008. 112 In February 2008, prior to her leaving the bank, Ms. Wind discussed the staffing freezewith HNAH COO Anthony Gibbs: 109 10/25/2007 email from Janet Burak to David Bagley, OCC-PSI-00704789.110 January 22, 2008 letter from Carolyn Wind to Jeanne Ebersole, HSBC OCC 7730334.111 Subcommittee interview of Carolyn Wind (3/07/2012). Anne Liddy also reported that Ms. Wind told her in 2007that she had been terminated due to Ms. Wind raising resource concerns to the board’s audit committee. Subcommittee interview of Anne Liddy (2/22/2010). Also see, Minutes of the Audit Committee Meeting, October 24, 2007, OCC-PSI-0070680. 112 On 1/17/08, Jeanne Ebersole, Executive Vice President HBUS Human Resources, wrote to the HBUS ExecutiveCommittee [EXCO], “Attached is a draft of the non-hiring freeze note to be sent to all GCBs 0, 1, 2 and the final headcount report for 2007 which we will discuss tomorrow at EXCO.” 1/17/2008 email from HBUS Jeanne Ebersole to HBUS Chris Davies, David Dew, Janet Burak and others, “Draft Materials for EXCO,” HSBC OCC 0616259-260, at 259. 29 “HBUS Compliance has been required to manage down overall FTE [full time employees] while at the same time redeploying resources to priority needs. We also are in the midst of a ‘hiring pause’ which means that approval from appropriate EXCO members is required to fill any open position. I do not expect a lot of support for overall HBUS Compliance headcount increasing even if a portion of the time is allocated to other affiliates.” 113In June 2008, a senior PCM operations manager emailed senior HBUS Compliance official Anne Liddy about growing backlogs in the OFAC Compliance program: “I have put forth the suggestion of hiring up some first level checkers for OFAC processing in the GSC…we’re strapped and getting behind in investigations (on OFAC cases) and have some of our key managers in the queues releasing items…I’m told I cannot hire first level staff unless it’s offshored…” 114An OCC examination later found that eight Compliance officers were under “rigorous pressure” to complete manual reviews of about 30,000 OFAC alerts per week. 115In July 2008, however, HSBC Group senior management determined that the hiring freeze would continue to the end of the year. CEO Michael Geoghegan wrote to HNAH CEO Brendan McDonagh and others: “We have agreed that we will have a headcount freeze until the end of the year.” 116HBUS Compliance personnel, with the support of their business units, attempted to obtain an exception to the hiring freeze. In a September 2008 email, Michael Gallagher, PCM head at HBUS, requested additional Compliance staff, explaining: “I have expressed considerable concern for some time over the lack of resources both in compliance and within pcm [Payments and Cash Management] to adequately support kyc [Know Your Customer] and related regulatory requirements.” 117 Lesley Midzain, then HBUS Chief Compliance Officer,echoed his concerns and requested four additional full time employees: “Given the hiring freeze in global businesses, I understand that it may also need approval by Paul Lawrence, but this has continued to be an area of notable risk and regulatory attention and which needs some stabilization for Compliance resources.” 118113 2/12/2008 email from HBUS Carolyn Wind to HBUS Anthony Gibbs, Curt Cunningham, Denise Reilly andothers, “Organizational Changes,” HSBC OCC 0616264. 114 See 6/19/2008 email exchanges among HBUS Anne Liddy and HBUS Nancy Hedges, “OFAC processing inGSC’s,” HSBC OCC 0616349-350, at 349. 115 7/28/2008 OCC memorandum, “OFAC Examination – Payment and Cash Management (PCM),” OCC-PSI-01274962 (“the bank’s Compliance teams are under rigorous pressure to process alerts and determin[e] a disposition in a timely manner”). [Sealed Exhibit.] 116 7/23/2008 email from HSBC Michael Geoghegan to HNAH Brendan McDonagh and others, “2nd Half Costs,”OCC-PSI-00727922. 117 See 9/4/2008 email exchanges among HBUS Michael Gallagher and HBUS David Dew, Lesley Midzain,Andrew Long, Chris Davies and others, “Kyc hires,” HSBC OCC 0616352-356, at 356. When asked about this document, Mr. Gallagher said that Mr. Dew had informed him that broader concerns in the U.S. and at Group necessitated a flat headcount. Subcommittee interview of Michael Gallagher (6/13/2012). 118 Id. at HSBC OCC 0616354.30 After expressing concern over how additional hires would impact operating expenses, Mr. Dew, HBUS COO, asked Ms. Midzain if “a couple of temps for two months” would “do the trick.” 119Hiring did not improve during 2009. Wyndham Clark, who had been hired in 2009, as the new HBUS AML director, noted in an email that Janet Burak had recently approved three new compliance positions. He wrote: “Clearly a positive, although I understand that these were requested quite a while ago. I hope that isn’t the typical response time.” A senior PCM operations officer responded: “Oh, this was express time. Trust me on that. Usually the response is ‘no.’” 120 The Subcommittee was told that in September 2009, the HBUSCompliance department had 130 full time employees handling AML compliance issues. 121OCC Examination. During late 2009 and the first half of 2010, the OCC expanded and intensified its examination of the bank’s AML program as a whole. Mr. Clark made increasing use of temporary employees and contractors to answer OCC inquiries and address AML deficiencies. In August, he left the bank. By then, he was using nearly 100 temporary employees and contractors and had requested 50 additional permanent full time Compliance personnel. 122 Even with those additional resources, the OCC’s September 2010 SupervisoryLetter identifying AML deficiencies at the bank criticized HBUS’ failure “to provide adequate staffing and resources to implement and maintain a BSA/AML compliance program commensurate with the bank’s high risk profile.” 123 The OCC Supervisory Letter also noted:“Management is still in the process of determining an appropriate level of resources as they consider recommendations from outside consultants and make strategic decisions about the business and risk on a prospective basis.” 124 By October 2010, the Compliance department hadincreased to over 400 full time employees. 125AML Monitoring Deficiencies. In addition to AML leadership problems and inadequate AML staffing, another key component of HBUS’ AML program involved its monitoring systems. During the period reviewed by the Subcommittee, dating from 2004, HBUS used a monitoring system called the Customer Activity Monitoring Program (CAMP). This system had many limitations and often required manual reviews by HBUS Compliance and AML staff. By 2006, as indicated earlier, HBUS Compliance was already struggling to handle the monitoring alerts generated by the bank’s growing correspondent banking and cash management programs and described its personnel as “becoming overwhelmed.” 126119 Id. at HSBC OCC 0616352.Backlogs of unreviewed 120 10/19/2009 email exchange between HBUS Wyndham Clark and HBUS Debra Bonosconi, “OFAC resources,”OCC-PSI-00162661. 121 Subcommittee briefing by HSBC legal counsel (6/30/2011).122 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering (‘BSA/AML’)Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335-365, at 29. [Sealed Exhibit.] 123 Id.124 Id.125 Subcommittee briefing by HSBC and HBUS executives (6/26/2012).126 See 10/31/2006 email from HBUS Alan Ketley to HBUS Michael Gallagher, Denise Reilly, and CharlesDelBusto, “Additional Compliance headcount needed to support PCM,” HSBC OCC 0616340-43, at 342. 31 alerts in different areas of the bank began to accumulate, including with respect to alerts generated by CAMP monitoring of client accounts and wire transfer activity; alerts triggered by the OFAC filter on transactions by potentially prohibited persons identified on OFAC lists of terrorists, drug traffickers, and other wrongdoers; and alerts related to potentially suspicious activity in Embassy Banking accounts. With respect to the general CAMP system alerts for PCM, HBUS Compliance set a goal that no more than 2% of AML alerts should remain in the system for over 120 days without being resolved. In addition, the system notified increasingly senior management if the backlog exceeded certain thresholds. For example, when the CAMP alerts hit 3%, bank compliance officials like Anne Liddy were alerted; when it hit 4%, higher level compliance personnel such as AML director Lesley Midzain were notified; if the backlog hit 6%, HNAH’s Regional Compliance Officer Janet Burak was notified. 127 In November 2009, the percentage of AMLalerts in the system for longer than 120 days spiked from four percent in October to nine percent. 128 The backlog remained at nine or ten percent for the next four months, fromDecember 2010 to February 2010, and then stayed around 6 or 7% from March to May 2010. 129In early 2010, as part of its expanded AML examination, the OCC discovered the CAMP backlog of more than 17,000 unreviewed alerts as well as a backlog of requests for enhanced due diligence (EDD) reviews. 130 On March 3, 2010, an OCC Supervisory Letter ordered the bank toeliminate the alert and EDD backlog by June 30, 2010. 131 The bank met the deadline using“offshore reviewers in India, HBUS staff in Delaware, HBUS temporary volunteers, [and] outside contractors.” 132 A subsequent review by the OCC, however, found “deficiencies in thequality of the work,” and required an independent assessment. 133 The independent assessmentfound that 34% of the alerts supposedly resolved had to be re-done. As Ms. Wind reported to the board in October 2007, backlogs were also an issue in Embassy Banking. A 2008 OCC examination identified a backlog of over 3,000 alerts identifying potentially suspicious activity in Embassy accounts that had yet to be reviewed. 134 Inresponse, HBUS initiated a concentrated effort to review and resolve those alerts prior to a followup OCC examination in July 2008. 135127 “Bankwide KRI AML Transaction Monitoring Alert Aging – K02854,” HSBC OCC 7688689.The followup examination found a backlog of about 128 Id.129 Id.130 3/3/2010 OCC Supervisory Letter HSBC-2010-03, “Backlog of Monitoring Alerts and Enhanced Due DiligenceRequests,” OCC-PSI-0085142. [Sealed Exhibit.] 131 Id.132 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering (‘BSA/AML’)Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335-365, at 9. [Sealed Exhibit.] 133 Id.134 8/14/2008 OCC memorandum, “Government and Institutional Banking Update,” OCC-PSI-00899227-233, at231. [Sealed Exhibit.] 135 July 31, 2008 Memorandum from HBUS Debra Bonosconi to HBUS David Dew, Lesley Midzain, and CamHughes. OCC-PSI-00409095. Also see 7/14/2008 Memorandum from HBUS Debra Bonosconi to HBUS David Dew, Lesley Midzain, Cam Hughes, “As shown in the chart below, we currently (as of 7/15) have a total of 1,793 open alerts which is a reduction of 1,519 from 3,312 on June 27 th. There are a total of 203 that are open in excess of120 days and 147 open in excess of 90 days (350 combined) and we are concentrating our efforts on reducing those first. We are closing an average of 84 alerts daily (including Saturday) and based upon current projections, we should have total of 1,499 pending alerts when the OCC arrives on July 21, 2008.” OCC-PSI-00285742 32 1,800 alerts, some of which dated from 2007. The OCC examiners recommended issuance of a cease and desist order to the bank in part due to the backlog, but the OCC instead issued a Supervisory Letter, identified the backlog as a Matter Requiring Attention by the bank, and required the backlog to be cleared by September 15, 2008. 136 The bank met that deadline.137A third category of alert backlog involved transactions that were stopped by the OFAC filter as possible violations of OFAC regulations. Each transaction had to be manually reviewed and resolved by two 4-person OFAC Compliance teams in New York and Delaware. In July 2007, HSBC introduced a new payment system, GPS, in the United States. 138 The system hadundergone several adjustments just prior to its launch, including changes to its OFAC filters, which caused unexpectedly large backlogs. 139 HBUS assigned a team to assist with clearing thebacklog, but the problem still took weeks to resolve. In December 2009, HBUS’ OFAC Compliance team in New York had accumulated a backlog of greater than 700 OFAC alerts. 140 The OFAC Compliance team requested five or sixpeople from PCM for ten days to help clear the backlog. 141 PCM responded that it had noresources to loan, and suggested asking the Compliance team in Delaware for help. The OFAC Compliance team in New York indicated the Delaware Compliance staff was already “fully deployed” dealing with general alerts from the CAMP monitoring system: “We have considered all options at this point[;] the Compliance team in DE is already fully deployed dealing with wire camp alerts and bank examiner requests for the current exam. There is no bandwidth there at all[;] they are behind on the current alert clearing process which we are also dealing with.” 142Understaffed, HBUS Compliance and AML staff constantly battled alert backlogs while requesting additional resources. These requests, if answered, generally resulted in additional temporary staff dispatched only when backlogs grew to unmanageable levels. As the backlog increased, tensions grew, and in February 2010, Mr. Clark, the AML Director who had been on the job only a few months, wrote: “[W]e are in dire straights [sic] right now over backlogs, and 136 See 9/4/2008 OCC Supervisory Letter HSBC-2008-07, “Government and Institutional Banking BSA/AMLExamination,” OCC-PSI-00107607-611. [Sealed Exhibit.] 137 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering (‘BSA/AML’)Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335-365, at 9. [Sealed Exhibit.] 138 See, e.g., 7/29/2007 email from HBUS Andrew Long to HBUS Michael Gallagher, “draft strawman,” HSBCOCC 7688680-682; 7/18/2007 email from HBUS Carolyn Wind to HBUS William Johnson, David Dew, Michael Gallagher, Andrew Long, David Bagley and others, “HBUS GPS Day 2 and 3 Update,” HSBC OCC 7688676-678, at 677. 139 Id.140 12/11/2009 email exchange among HBUS Camillus Hughes and HBUS Michael Gallagher, Charles DelBusto,Sandra Peterson, Thomas Halpin, Chris Davies, and Lesley Midzain, “OFAC Payments,” HSBC OCC 7688668-670, at 670. 141 Id.142 Id. at HSBC OCC 7688668.33 decisions being made by those that don’t understand the risks or consequences of their decisions!!!!” 143The problems with HBUS’ AML monitoring system were not limited to the backlogs. Additional issues involved an array of problematic decisions on what clients and countries should be designated high risk and subject to enhanced monitoring; what accounts and wire transfer activity should be subject to or excluded from routine AML monitoring; what parameters should be used to trigger alerts, including dollar thresholds, key words or phrases, and scenario rules that combine specified elements; and what “negative rules” should be used to decrease the number of alerts that would otherwise be generated for review. 144 The OCC’sSeptember 2010 Supervisory Letter identified multiple problems with each of these elements of HBUS’ AML monitoring systems. 145Current Status of HBUS AML Program. In the two years since the OCC issued its September 2010 Supervisory Letter and both the OCC and Federal Reserve issued October 2010 Cease and Desist Orders to HBUS and HNAH regarding the many AML deficiencies in their programs, both HBUS and HNAH, as well as HSBC, have made commitments to strengthen their AML programs, including by directing more resources to compliance needs. HBUS told the Subcommittee that Gary Peterson will remain as its Compliance head, and his deputy will take over the duties of AML director, to ensure both positions have a full time executive. 146HBUS also informed the Subcommittee that as of July 2012, it had increased its Compliance and AML staff to over 1,000 full time employees. 147 It is also in the process of replacing CAMP withan improved AML monitoring system, NORKOM. Additional reforms include scaling back its correspondent banking and embassy banking relationships by closing higher risk accounts, as well as closing its banknotes business in 2010. 148143 2/26/2010 email from HBUS Wyndham Clark to HBUS Debra Bonosconi, OCC-PSI-00165898. In anotheremail the next day, Mr. Clark wrote: “At this point the businesses are not accepting that they own the risk, I can think of one exception, making the difficult decisions and taking the necessary steps to mitigate the risk. My view is the risks are being ignored by the business, and they are simply waiting for compliance to tell them what the risks are and to convince them as to what actions need to be taken. If they don’t know what the risks are, then why are they opening accounts or continuing with the relationship?” On the same day, Anne Liddy responded: “[W]e spend a lot of energy pushing our point and holding our ground and certainly Group member referred relationships/transactions have increased our HBUS risk.” 2/27/2010 email exchange between HBUS Anne Liddy, Wyndham Clark, and Debra Bonosconi, OCC-PSI-00165932. With respect to HSBC affiliates, HBUS told the Subcommittee it has initiated due diligence reviews of all such affiliates to identify those that are high risk, enabled all affiliates to obtain internal audit findings and other information to 144 See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering(‘BSA/AML’) Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335- 365, at 10-21. [Sealed Exhibit.] 145 Id.146 Subcommittee briefing by HSBC and HBUS executives (6/26/2012).147 Subcommittee briefing by HSBC and HBUS executives (6/26/2012). See also, 7/10/2012 HSBC Group News,“HSBC to Testify at U.S. Senate Hearing.” letter by HSBC Group Chief Executive Stuart Gulliver, PSI-HSBC-76- 0001-002, at 002. 148 As of June 2012, HBUS had closed all banknotes accounts, 24 embassy accounts, and 326 correspondentrelationships. In August 2010, as part of this review to exit relationships, HBUS CEO Irene Dorner noted that she was recommending closing relationships with 121 international banks that the bank “to withdraw from those which do not meet either risk or return hurdles.” 9/20/2010 email from Irene Dorner to Andrew Long and others, HSBC OCC 8876103-106. 34 improve affiliate risk assessments, ended any limits on the monitoring of affiliates, and increased affiliate information sharing to strengthen AML compliance. 149In addition, on April 30, 2012, HSBC Group issued a new Group Circular Letter 120014, announcing the intention of the bank to use the highest global compliance standards for every HSBC affiliate. The HSBC GCL stated: “We must adopt and enforce the adherence to a single standard globally that is determined by the highest standard we must apply anywhere. Often, this will mean adhering globally to U.S. regulatory standards, but to the extent another jurisdiction requires higher standards, then that jurisdiction’s requirements must shape our global standard.” 150This new GCL could represent a groundbreaking approach for the bank if it, in fact, pushes its affiliates toward uniform and high compliance standards. These reforms, like those announced in 2004 after the bank’s last AML enforcement action, have the potential to resolve the AML deficiencies at the bank and push HBUS to an improved level of AML compliance. While HBUS has committed to making major changes, the bank made similar commitments under the 2003 enforcement action, which the OCC lifted in 2006, after which the bank’s AML program quickly deteriorated. On many occasions since then, HBUS responded to AML problems identified by the OCC by instituting new policies and procedures that appeared to be effective remedies. However, it has often been the case that regulators would subsequently cite HBUS for failing to comply with its own policies and procedures. In 2006, for example, when the OCC lifted the AML enforcement action, HBUS had already incurred over 30 AML-related Matters Requiring Attention, many of which cited AML problems similar to those that had formed the basis of the written agreement. In addition, not all of the AML reforms proposed since 2010 have proceeded smoothly. The new compliance head hired by the bank left after fifteen months. The bank’s new monitoring system has been the subject of OCC criticisms aimed at whether its monitoring parameters have been correctly set to identify suspicious activity and provide adequate AML oversight of client account and wire transfer activity. 151149 Id.While the recent GCL could represent an important advance in requiring bank affiliates to adhere to the highest AML standards globally, as this report documents, it can take months, if not years, for HSBC affiliates to come into compliance with HSBC GCL directives. The burden of proof is on HSBC Group to show that its latest directive is taking hold and its affiliates are complying with the highest AML stands, and on HBUS to show that it is moving from an ineffective AML program to one that safeguards the U.S. financial system from abuse. 150 GCL 120014 – HSBC Global Standards151 See 5/25/2012 OCC Supervisory Letter HSBC-2012-19, “Payments and Cash Management (PCM); BankSecrecy Act and Anti-Money Laundering (BSA/AML) System Examination,” PSI-OCC-37-0004. [Sealed Exhibit.] See also 6/25/2012 HSBC response letter, “Supervisory Letter HSBC 2012-19 Payments and Cash Management (PCM); Bank Secrecy Act and Anti-Money Laundering (BSA/AML) System Examination,” HSBC-PSI-PROD- 0200315-341. 35 III. HBMX: PROVIDING U.S. ACCESS TO A HIGH RISK AFFILIATE HBUS has opened correspondent accounts for approximately 80 HSBC affiliates around the world, providing them with access to the U.S. financial system through clearing U.S. dollar wire transfers, cashing U.S. dollar checks, buying and selling physical U.S. dollars, and other services. 152 Some of those HSBC affiliates operate in high risk countries, provide services tohigh risk clients, or offer high risk financial products. Until recently, HSBC Group policy, however, allowed its affiliates to assume that any HSBC affiliate owned 50% or more by the Group met Group AML standards, were low risk, and required no due diligence prior to opening a correspondent account. 153 In conformance with that HSBC Group policy, for years, HBUS didnot conduct any due diligence analysis or risk assessment of an HSBC affiliate prior to supplying it with a U.S. account. HBUS took that approach, even though U.S. statutory and regulatory requirements explicitly direct U.S. banks to conduct due diligence prior to opening a correspondent account for any foreign financial institution, with no exception for foreign affiliates. 154HBMX, an HSBC affiliate in Mexico, illustrates how providing a correspondent account and U.S. dollar services to a high risk affiliate increased AML risks for HBUS. HBMX was created when HSBC Group purchased a Mexican bank known as Bital in 2002. A pre-purchase review disclosed that the bank had no functioning compliance program, despite operating in a country confronting both drug trafficking and money laundering. For years, HSBC Group knew that HBMX continued to operate with multiple AML deficiencies while serving high risk clients and selling high risk products. HSBC Group also knew that HBMX had an extensive correspondent relationship with HBUS and that suspect funds moved through the HBMX account, but failed to inform HBUS of the extent of the AML problems at HBMX so that HBUS could treat HBMX as a high risk account. Instead, until 2009, HBUS treated HBMX as low risk. Contrary to its designation, HBMX engaged in many high risk activities. It opened accounts for high risk clients, including Mexican casas de cambios and U.S. money service businesses, such as Casa de Cambio Puebla and Sigue Corporation which later legal proceedings showed had laundered funds from illegal drug sales in the United States. HMBX also offered 152 As of February 2010, HBUS had about 2,400 clients in its Payments and Cash Management (PCM) department.See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering (‘BSA/AML’) Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335-365, at 7. [Sealed Exhibit.] In June 2012, HBUS had a total of nearly 1,200 correspondent clients, of which 80 were HSBC affiliates. The HSBC affiliates had 395 HBUS accounts, of which 7 or 8 related to HBMX. Subcommittee briefing by HSBC legal counsel (6/20/2012). 153 See, e.g., 4/9/2010 memorandum from OCC legal counsel to OCC Washington Supervision Review Committee,“Order of Investigation – HSBC Bank USA, N.A., New York, NY,” OCC-PSI-00899482-485, at 2 (citing HBUS’s 12/1/2008 AML Procedures Manual at 12: “The only exception to the KYC Profile requirement is any client who is an HSBC Group affiliate in which HSBC has an ownership interest of 50% or more.”). After the Setember 2010 OCC Supervisory Letter criticizing its practice, HSBC Group changed its policy and now requires all affiliates to perform due diligence on all other affiliates. 154 See, e.g., 4/9/2010 memorandum from OCC legal counsel to OCC Washington Supervision Review Committee,“Order of Investigation – HSBC Bank USA, N.A., New York, NY,” OCC-PSI-00899482-485, at 2 (“The Bank is obligated to conduct due diligence, and, where necessary, EDD [Enhanced Due Diligence], on foreign correspondent accounts. 31 U.S.C. § 5318(i)(1). … Section 5318(i) does not exempt foreign correspondent accounts that a bank maintains for its affiliates.”). 36 high risk products, including providing U.S. dollar accounts in the Cayman Islands to nearly 50,000 clients with $2.1 billion in assets, many of which supplied no KYC information and some of which misused their accounts on behalf of a drug cartel. HBMX was also the single largest exporter of U.S. dollars to HBUS, transferring over $3 billion in 2007 and $4 billion in 2008, amounts that far outstripped larger Mexican banks and other HSBC affiliates. Mexican and U.S. law enforcement and regulatory authorities expressed rconcern that HBMX’s bulk cash shipments could reach that volume only if they included illegal drug proceeds that had been brought back to Mexico from the United States. In addition, for a three-year period from mid- 2006 to mid-2009, HBUS failed to conduct any AML monitoring of its U.S. dollar transactions with HSBC affiliates, including HBMX, which meant that it made no effort to identify any suspicious activity, despite the inherent risks in large cash transactions. 155HBMX conducted these high risk activities using U.S. dollar correspondent and banknotes accounts supplied by HBUS. HBMX used those accounts to process U.S. dollar wire transfers, clear bulk U.S. dollar travelers cheques, and accept and make deposits of bulk cash, all of which exposed, not only itself, but also HBUS, to substantial money laundering risks. HBMX compounded the risks through widespread, weak AML controls, while HBUS magnified them by omitting the due diligence and account monitoring it applied to other accounts. HSBC Group also compounded the AML risks by failing to alert HBUS to HBMX’s ongoing, severe AML deficiencies. A. HSBC Mexico In November 2002, HSBC Group purchased Mexico’s fifth largest bank, Banco Internacional, S.A., then part of Grupo Financiero Bital, S.A. de C.V. (Bital), for about $1.1 billion. 156 At the time of the purchase, Bital had roughly 6 million customers and 15,400 staff.157This acquisition significantly increased HSBC’s banking presence in Mexico. 158 HSBC laterchanged the name of the bank to HSBC Mexico S.A. Banco (HBMX) and the name of the holding company to Grupo Financiero HSBC, S.A. de C.V. (GF HSBC). GF HSBC is now one of Mexico’s largest financial service conglomerates, owning not only HBMX but also a network of other financial firms. 159155 See 9/13/2010 OCC Supervisory Letter HSBC 2010-22, OCC-PSI-00000230, at 2. [Sealed Exhibit.]HBMX currently has over 1,100 branches, $2 billion in assets, and 156 See “HSBC Consuma la Adquision de GF BITAL,” (11/25/02),http://www.hsbc.com.mx/1/PA_1_1_S5/content/home_en/investor_relations/press_releases/infpress/hsbc_consuma. pdf; “HSBC Buys Mexican Bank Bital,” CNN.com (8/25/2002), http://archives.cnn.com/2002/BUSINESS/asia/08/21/uk.hsbc. 157 8/21/2002 “HSBC agrees to acquire Grupo Financiero Bital,” HSBC press release,http://www.hsbc.com/1/2/newsroom/news/2002/hsbc-agrees-to-acquire-grupo-financiero-bital. 158 Two years earlier, in 2000, HSBC had acquired a smaller bank in Mexico, Republic National Bank of New York(Mexico) S.A. See 10/21/2011“Doing Business in Mexico,” HSBC publication, at 34, http://www.hsbc.com/1/content/assets/business_banking/111021_doing_business_in_mexico.pdf. 159 Among other entities, GF HSBC owns a securities firm, insurance company, and pension fund. See HSBCMexico website, “Grupo HSBC Mexico,” http://www.hsbc.com.mx/1/2/grupo. Former HBMX head Paul Thurston told the Subcommittee that HBMX experienced rapid growth from its purchase in 2002. Subcommittee interview of Paul Thurston (5/1/2012). 37 over 8 million clients. 160 HBMX and its Mexican parent are headquartered in Mexico City andtogether have over 19,000 employees. 161 HSBC typically refers to its Mexican operations asHSBC Mexico. Since the purchase of Bital, three persons have served as the head of HSBC Mexico. The first was Alexander (Sandy) Flockhart who served as Chairman and Chief Executive Officer (CEO) of HBMX, and later also as CEO of HSBC’s Latin America operations, from 2002 to 2007. 162 After he was made Latin American regional head,163 Paul Thurston took the post ofHSBC Mexico CEO and later also served as the HSBC Latin America CEO. 164 Mr. Thurstonheaded the Mexico operations for just over a year, from February 2007 to May 2008. When he was promoted and relocated to London, 165 Luis Pena Kegel became the new HSBC Mexico CEOand remains in that post today. 166Mexican banks, including HBMX, are regulated by the Comision Nacional Bancaria y de Valores (CNBV) which oversees Mexican banks and securities firms. The Mexican central bank, Banco de Mexico, the Mexican Ministry of Finance, the Mexican Treasury Department (SHCP), and the Mexican Financial Intelligence Unit (FIU) also perform oversight functions. Mexico has a well-developed set of AML laws and regulations. Mexican regulators and law enforcement agencies work with their U.S. counterparts to combat drug trafficking and money laundering in both countries. HBMX is a large, sophisticated bank offering a full range of banking services, including deposits, checking, foreign exchange, commercial banking services, private banking and wealth management, and correspondent banking. HMBX offers correspondent accounts to a wide range of financial institutions. HBMX also maintains correspondent accounts for itself at other banks around the world, including in the United States. In 2002, at the time Bital was purchased, the bank had $647 million in correspondent banking deposits in Mexico, $700 million in the 160 See 10/21/2011“Doing Business in Mexico,” HSBC publication, at 6,http://www.hsbc.com/1/content/assets/business_banking/111021_doing_business_in_mexico.pdf; “Grupo HSBC México,” HSBC website, http://www.hsbc.com.mx/1/2/grupo. 161 See HSBC website, Grupo HSBC México, http://www.hsbc.com.mx/1/2/grupo, viewed 4/2/12.162 He was Group General Manager, Chairman and Chief Executive Officer of HBMX from 2002 to 2006, andGroup Managing Director Latin America from 2006 to July 2007. See his biography on the HSBC website, http://www.hsbc.com/1/PA_esf-ca-appcontent/ content/assets/newsroom/media_kit/biogs/100223_sandy_flockhart.pdf. HSBC also has affiliates in Colombia, Panama, Peru, and Uruguay, among other Latin American locations. 163 In July 2007, Mr. Flockhart was appointed CEO of The Hongkong and Shanghai Banking Corporation Limited.See his biography on the HSBC website, http://www.hsbc.com/1/PA_esf-ca-appcontent/ content/assets/newsroom/media_kit/biogs/100223_sandy_flockhart.pdf. 164 In May 2008, Mr. Thurston was appointed head of GF HSBC, and later co-head of the Latin American Region.See his biography on the HSBC website, http://www.hsbc.com/1/PA_esf-ca-app-content/content/ assets/newsroom/media_kit/biogs/101210_paul_thurston.pdf; “HSBC makes key international appointments,” (4/15/2008), http://www.hsbc.com/1/2/newsroom/news/2008/hsbc-makes-key-international-appointments. 165 In May 2008, Mr. Thurston was appointed Managing Director of UK Banking, in charge of HSBC’s retail andcommercial banking operations in the United Kingdom. See “HSBC makes key international appointments,” (4/15/2008), http://www.hsbc.com/1/2/newsroom/news/2008/hsbc-makes-key-international-appointments. 166 Mr. Pena was appointed head of GF HSBC. Id. Mr. Pena had previously headed Grupo Financiero Banorte andworked for 25 years at Banamax/Citigroup in Mexico. Id. Emilson Alonso was appointed Chief Executive of HSBC Latin America. Id. 38 Cayman Islands, and $143 million in New York. 167 According to CEO Paul Thruston, HBMXexperienced rapid growth in the early years after its acquisition. 168 HBMX also operates a branchin the Cayman Islands, HSBC Mexico S.A, which was established by Bital in 1980, with authority to offer customers U.S. dollar accounts. 169 At its peak in 2008, the Cayman branch,which has no offices or employees of its own and is run by HBMX personnel in Mexico, had nearly 50,000 client accounts and assets totaling $2.1 billion. 170HBMX has had an extensive relationship with HBUS, obtaining U.S. dollar services through both correspondent and banknotes accounts. HBMX used its HBUS correspondent account primarily to process international wire transfers and clear U.S. dollar monetary instruments such as travelers cheques. It also made use of HBUS’ Remote Deposit Capture service which enabled HBMX to send monetary instruments to HBUS electronically for processing. HBMX interacted at times with the HBUS Payment and Cash Management (PCM) division regarding this account. In addition, HBMX interacted with the HBUS Global Banknotes division, until the Global Banknotes business was discontinued in 2010. HBMX used its banknotes account primarily to sell U.S. dollars received from its customers to HBUS, which HBMX typically transported to HBUS via armed car or aircraft. In one three-month period from November 2006 to February 2007, HBMX shipped nearly $742 million in U.S. dollars to HBUS; at its peak, HBMX exported $4 billion in bulk cash shipments to HBUS over the course of one year, 2008. Until it sharply curtailed its U.S. dollar services in Mexico in January 2009, HBMX shipped more U.S. dollars to HBUS than any other Mexican bank or HSBC affiliate. B. Mexico To understand HBMX’s AML risks and, therefore, the risks HBUS incurred as its U.S. correspondent, it is necessary also to understand the AML risks in its home country, Mexico. From 2000 until 2009, HSBC Group and HBUS gave Mexico their lowest AML risk rating, despite overwhelming information indicating that Mexico was a high risk jurisdiction for drug trafficking and money laundering. In May 2009, HBUS suddenly increased its risk rating for Mexico by three notches, from its lowest to its highest risk level, where it remains today. 171HSBC Group did not follow suit until 2012 when it raised its risk rating for Mexico from “cautionary” to “high risk.” 172167 “Compliance Due Diligence Trip by John Root: Bital (Mexico City) – 4-8 Nov02,” prepared by HSBC JohnRoot, HSBC OCC 8877802-807, at 5. 168 Subcommittee interview of Paul Thurston (5/1/2012).169 This branch operates under a “Class B license,” which is given by the Cayman Islands Monetary Authority tooffshore banks authorized to do business only with non-residents of the Cayman Islands. See list of Cayman offshore banks at http://www.offshore-library.com/banking/cayman_islands/page_3; Subcommittee briefing by HSBC legal counsel on the Cayman accounts (4/20/2012). 170 See chart at HSBC OCC 8876787, attached to 9/12/2008 email from HSBC John Root to HSBC Adrian Cristiani,“Cayman Accounts,” HSBC OCC 8876784. 171 See 4/9/2010 memorandum from OCC legal counsel to OCC Washington Supervision Review Committee,“Order of Investigation – HSBC Bank USA, N.A., New York, NY,” OCC-PSI-00899482-485, at 484. 172 Subcommittee briefing by HSBC legal counsel (7/5/2012).39 (1) U.S. Assessment of AML Risk in Mexico INCSR Reports. In its annual International Narcotics Control Strategy Reports(INCSRs), which contain a country-by-country assessment of drug trafficking and money laundering risks, the U.S. State Department has consistently classified Mexico as a country of “primary” concern for money laundering, its highest risk rating. 173 In 2002, the StateDepartment described Mexico’s drug trafficking and money laundering risks as follows: “Mexico faces a myriad of drug-related problems that include the production and transshipment of illicit drugs, money laundering, consumption and illicit firearms trafficking. ... The Government of Mexico’s (GOM) longstanding commitment to combat drug trafficking and related crimes resulted in tangible successes against the Arellano Felix Organization (AFO), the Carrillo Fuentes Organization (CFO), and the Gulf Cartel – widely considered the top three drug groups in the country. … Mexico remains a major supplier of heroin, methamphetamine, and marijuana, and the transit point for more than one half of the cocaine sold in the U.S. … The industrial-scale drug trade has transformed narcotrafficking into one of Mexico’s deadliest businesses. … These organizations have demonstrated blatant disregard for human life as the executions of law enforcement personnel, government officials, and innocent bystanders have increased. … In recent years international money launderers have turned increasingly to Mexico for initial placement of drug proceeds into the global financial system.” 174The State Department also wrote: “The smuggling of bulk shipments of U.S. currency into Mexico and the movement of the cash back into the United States via couriers and armored vehicles, as well as through wire transfers, remain favored methods for laundering drug proceeds. Mexico’s financial institutions engage in currency transactions involving international narcotics-trafficking proceeds that include significant amounts of U.S. currency or currency derived from illegal drug sales in the United States. Although drug trafficking continues to be the principal source of the laundered proceeds, other crimes including corruption, kidnapping, firearms trafficking, and immigrant trafficking are also major sources of illegal proceeds.” 175Equally negative assessments of Mexico’s drug trafficking and money laundering risks appeared in the State Department’s annual INCSR reports over the next four years. In 2006, for example, the State Department wrote: “The illicit drug trade continues to be the principal source of funds laundered through the Mexican financial system. Mexico is a major drug producing and drug-transit country. Mexico also serves as one of the major conduits for proceeds from illegal drug sales 173 See, e.g., “2000 International Narcotics Control Strategy Report,” U.S. Department of State (hereinafter “2000INCSR”), at 621; 2002 INCSR at XII-60; 2006 INCSR Vol. II at 39; 2008 INCSR Vol. II at 62; 2012 INCSR Vol. II at 33. 174 2002 INCSR at V-27-V-28.175 Id. at XII-161.40 leaving the United States. Other crimes, including corruption, kidnapping, firearms trafficking, and immigrant trafficking are also major sources of illegal proceeds. The smuggling of bulk shipments of U.S. currency into Mexico and the movement of the cash back into the United States via couriers, armored vehicles, and wire transfers, remain favored methods for laundering drug proceeds. … According to U.S. law enforcement officials, Mexico remains one of the most challenging money laundering jurisdictions for the United States, especially with regard to the investigation of money laundering activities involving the cross-border smuggling of bulk currency from drug transactions. While Mexico has taken a number of steps to improve its anti-money laundering system, significant amounts of narcotics-related proceeds are still smuggled across the border. In addition, such proceeds can still be introduced into the financial system through Mexican banks or casas de cambio, or repatriated across the border without record of the true owner of the funds.” 176The State Department’s relentlessly negative assessments of Mexico’s drug trafficking and money laundering vulnerabilities continued unabated. In 2008, the State Department wrote that “U.S. officials estimate that since 2003, as much as U.S. $22 billion may have been repatriated to Mexico from the United States by drug trafficking organizations.” 177 Four yearslater, in 2012, the State Department wrote that drug cartels were using Mexican and U.S. financial institutions to launder as much as $39 billion each year: “According to U.S. authorities, drug trafficking organizations send between $19 and $39 billion annually to Mexico from the United States.” 178Warnings. The State Department is far from the only governmental agency to have warned about the money laundering risks in Mexico. The U.S. Congress has held repeated hearings over the years highlighting money laundering and drug trafficking problems in Mexico. 179 Witnesses have included the U.S. Justice Department, Homeland SecurityDepartment, Federal Bureau of Investigations, Drug Enforcement Administration (DEA), Financial Crimes Enforcement Network (FinCEN) of the U.S. Treasury Department, Internal Revenue Service (IRS), Customs and Border Patrol, and Coast Guard, among others. From 1996 to 2011, these hearings have painted the same grim picture drawn in the State Department’s annual reports regarding the drug trafficking and money laundering threats in Mexico. 176 2006 INCSR at 268-269.177 2008 INCSR at 327.178 2012 INCSR at 140.179 See, e.g., “Money Laundering Activity Associated with the Mexican Narco-Crime Syndicate,” U.S. HouseBanking and Financial Subcommittee on General Oversight and Investigations, Serial No. 104-72 (9/5/1996); “Drug Control: Update on United States-Mexican Counternarcotics Efforts,” Senate Caucus on International Narcotics Control, S.Hrg. 106-60 (2/24/1999); “Federal Strategies to End Border Violence,” Senate Judiciary Committee, S.Hrg. 109-556 (3/1/2006); “Antidrug Package for Mexico and Central America: An Evaluation,” Senate Committee on Foreign Relations, S.Hrg. 110-311 (11/15/2007); “Escalating Violence in Mexico and the Southwest Border as a Result of the Illicit Drug Trade,” House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security, Serial No. 111-25 (5/6/2009); “Exploring Drug Gangs’ Ever Evolving Tactics to Penetrate the Border and the Federal Government’s Ability to Stop Them,” Senate Homeland Security and Governmental Affairs Ad Hoc Subcommittee on Disaster Recovery and Intergovernmental Affairs, S.Hrg. 112-384 (3/31/2011). 41 In addition, warnings about money laundering problems in Mexico have been directed specifically to financial institutions operating in the United States. In 2005, multiple U.S. agencies worked together to produce a U.S. Money Laundering Threat Assessment which identified thirteen key money laundering methods and specifically identified Mexico as a high risk jurisdiction for several of them, including bulk cash smuggling, misuse of money orders, and suspicious funds sent through money service businesses. 180 In 2006, FinCEN issued an advisoryto all U.S. financial institutions to “better guard against an increasingly prevalent money laundering threat involving the smuggling of bulk U.S. currency into Mexico,” warning in particular against “the abuse of their financial services” by Mexican casas de cambio. 181 Theadvisory explained that drug traffickers were smuggling bulk cash from the United States into Mexico, then depositing the funds with casas de cambios who were sending the cash back to the United States via armored transport or by selling the U.S. dollars to U.S. banks. 182 The advisoryalso warned about multiple wire transfers that “bear no apparent business relationship” with a particular casa de cambio, and U.S. deposits by casas de cambio of sequentially numbered monetary instruments. 183Wachovia Prosecution. Criminal prosecutions also alerted U.S. financial institutions to the money laundering problems in Mexico. In 2008, for example, news articles warned how Mexican drug cartels sent millions of dollars in illegal drug proceeds through a major U.S. financial institution, Wachovia Bank. 184 In 2010, the United States filed a deferred prosecutionagreement detailing how Wachovia Bank had been used by Mexican foreign exchange businesses to launder at least $110 million in drug proceeds. 185 Filings in the case describe how,from 2003 to 2008, Wachovia Bank provided a variety of services for 22 Mexican casas de cambio (CDCs), despite evidence of suspicious activity. Those services included processing numerous U.S. dollar wire transfers for deposit into bank accounts around the world; 186 clearinglarge volumes of sequentially numbered U.S. travelers cheques; 187 and accepting numerous bulkcash shipments transported by armored car from the CDCs. 188 The filings report that, over athree-year period, the wire activity exceeded $374 billion and the bulk cash shipments exceeded $4.7 billion, far exceeding expected volumes. 189180 See Dec. 2005 “U.S. Money Laundering Threat Assessment,” issued by the Money Laundering ThreatAssessment Working Group, which included the U.S. Departments of Treasury, Justice, and Homeland Security, Federal Reserve, and Postal Service. Wachovia Bank also processed $20 billion in 181 “Guidance to Financial Institutions on the Repatriation of Currency Smuggled into Mexico from the UnitedStates,” FinCEN Advisory No. FIN-2006-A003 (4/28/2006), at 1. http://www.fincen.gov/statutes_regs/guidance/pdf/advis04282006.pdf. 182 Id. at 1-2.183 Id. at 2.184 See, e.g., “Wachovia Is Under Scrutiny in Latin Drug-Money Probe,” Wall Street Journal, Evan Perez, GelnnSimpson (4/26/2008)(describing AML cases involving not only Wachovia Bank, but also American Express International Bank, which forfeited $55 million as part of a 2007 federal deferred prosecution agreement, and Union Bank of California, which forfeited $21.6 million as part of a 2007 federal deferred prosecution agreement, both of which were also charged with inadequate AML programs and suspected of being used by Mexican drug cartels to launder funds). 185 See United States v. Wachovia Bank N.A., Case No. 10-20165-CR-Lenard (USDC SDFL), Deferred ProsecutionAgreement (3/16/2010) and Information (3/12/2010). 186 See id., Factual Statement, Exhibit A to Deferred Prosecution Agreement (3/16/2010), at ¶¶ 20, 24(1).187 Id. at ¶¶ 22, 24(2), 35.188 Id. at ¶ 21, 24(3).189 Id. at ¶ 23.42 sequentially numbered travelers cheques, the majority of which contained illegible names and unusual markings. 190 The deferred prosecution agreement and supporting factual statementcharged Wachovia Bank with willfully failing to maintain an effective AML program, 191detailing numerous AML deficiencies including a failure to conduct due diligence on high risk clients; a failure to monitor wire transfers, pouch activities, and bulk cash shipments; and a failure to report suspicious activity to law enforcement. 192 To avoid prosecution, WachoviaBank acknowledged responsibility for its conduct, paid $160 million in criminal and civil fines, and agreed to undertake significant AML reforms. 193 The Wachovia case received widespreadmedia attention, providing further notice of the money laundering dangers in Mexico. 194(2) HSBC Assessment of Risk in Mexico Despite the overwhelming information available about substantial money laundering risks in Mexico, from 2002 until 2009, HBUS gave Mexico its lowest risk rating for AML purposes. 195 As a consequence, under HSBC Group policy, clients from Mexico were notsubjected to enhanced monitoring by HBUS, unless they were also designated a Special Category Client (SCC), a relatively rare designation that indicates a client poses high AML risks. Had Mexico carried one of the two highest risk ratings, all Mexican clients at HBUS would have been subjected to enhanced due diligence and account monitoring. Instead, HBUS failed to conduct AML monitoring of most Mexican client account and wire transfer activity involving substantial funds. Risk Rating Process. Until recently, HSBC Group and HBUS issued AML country risk assessments using four categories of increasing risk, “standard,” “medium,” “cautionary,” and “high.” HSBC Group created a chart listing its country risk assessments, sent the chart to its affiliates characterizing its assessments as recommendations, and then allowed each HSBC affiliate to make its own assessment decisions. 196 At HBUS, the country risk assessments werecompiled every six months by an AML compliance officer who gathered information from a number of sources, assigned numerical scores to each source, and then compiled aggregate scores for over 200 countries. 197190 Id. at ¶ 35.191 See United States v. Wachovia Bank N.A., Case No. 10-20165-CR-Lenard (USDC SDFL), Deferred ProsecutionAgreement (3/16/2010), at ¶¶ 3-4. 192 See id., Factual Statement, Exhibit A to Deferred Prosecution Agreement (3/16/2010), at ¶¶ 28, 30-35.193 See id., Factual Statement, Exhibit A to Deferred Prosecution Agreement (3/16/2010), at ¶¶ 38-40; DeferredProsecution Agreement (3/16/2010); “Wachovia Enters into Deferred Prosecution Agreement,” U.S. Attorney’s Office for the Southern District of Florida press release, (3/17/2010), http://www.justice.gov/usao/fls/ PressReleases/100317-02.html. 194 See, e.g., “Wachovia is under Scrutiny in Latin Drug-Money Probe,” Wall Street Journal, Evan Perez and GlenSimpson, April 26, 2008; “How a big U.S. bank laundered billions from Mexico’s murderous drug gangs,” The Observer, Ed Vulliamy, (4/2/2011), http://www.guardian.co.uk/world/2011/apr/03/us-bank-mexico-drug-gangs. 195 See, e.g., Feb. 2009 “Rating 2009,” prepared by HBUS, HSBC-PSI-PROD-0096390-397 (rating over 235countries and territories). 196 Subcommittee interview of Ali Kazmy (2/29/2012).197 Subcommittee interview of Ali Kazmy (2/29/2012); Feb. 2009 “Rating 2009,” prepared by HBUS, HSBC-PSIPROD-0096390-397. 43 Those scores were then supposedly used to assign risk ratings. In fact, however, countries receiving similar scores often received different risk ratings. Those differences were attributable, in part, to an “HBUS discretion” factor which was listed as an official factor in the risk assessment process, included in the risk assessment chart, and used, according to the OCC, to alter the risk ratings for over 60 countries in 2009. 198 The OCC noted that HBUS offered “nodiscussion or documentation as to what constitute[d] permissible reasons to change the risk rating” using the HBUS discretion factor. 199 The OCC also found that HBUS did not apply itsrisk-rating methodology “in a consistent manner.” The OCC wrote that, in 2009, of 73 countries that received a zero risk assessment score: “32 (44 percent) were rated standard, 32 (44 percent) were rated medium, 1 (1 percent) was rated cautionary, and 8 (11 percent) were rated Unclassified. The OCC found no documentation or support for the difference between the final ratings and the scores. While the bank elevated the risk ratings versus the scores, the bank has not adopted a repeatable, standardized procedure.” 200The OCC criticized the HSBC country risk assessment process for not taking into account readily available country-specific information on money laundering and drug trafficking risks, including in the annual State Department INCSR reports. 201 Although INCSR informationwas often included in HBUS KYC client profiles, the INCSR country-specific risk ratings were inexplicably excluded from the official HBUS country risk assessment scoring matrix. 202Still another OCC criticism was the HSBC Group’s “unacceptable practice of assigning an overall risk rating to its non-SCC customers based solely on the risk rating that the bank has given the country where the customer is located.” 203 One result of this practice, according to theOCC, was that HSBC had excluded from its routine AML monitoring “more than $60 trillion of wire transfers each year for customers domiciled in countries risk rated as ‘standard’ or ‘medium,’ representing two-thirds of the total dollar volume” of wire transfers at HSBC. 204With respect to Mexico, the HSBC policy meant that, due to its low risk rating, all clients based in Mexico were considered low risk, unless rated an SCC, an outcome that the OCC viewed as a critical AML deficiency. One consequence was that high risk clients residing in low risk countries routinely escaped enhanced due diligence and account monitoring. 2009 Change in Mexico Risk Rating. In February 2009, HBUS issued a chart with its latest country risk assessments. 205198 See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering(‘BSA/AML’) Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335- 365, at 19. [Sealed Exhibit.] The chart provided risk scores and categories for 239 199 Id.200 Id.201 Id.202 See Feb. 2009 “Rating 2009,” prepared by HBUS, HSBC-PSI-PROD-0096390-397.203 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering (‘BSA/AML’)Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335-365, at 18. [Sealed Exhibit.] 204 Id. at 2.205 See Feb. 2009 “Rating 2009,” prepared by HBUS, HSBC-PSI-PROD-0096390-397.44 countries. 206 It assigned a score of “2” for Mexico, which was one of the lowest scores. Whenasked about this low score, the HBUS compliance officer then responsible for country risk assessments, Ali Kazmy, told the Subcommittee that, since 2006, HBUS’ assessments had inadvertently failed to take into account a 2006 FinCEN advisory related to Mexico that would have added 10 points to its score each year. 207 As a result of its low score, Mexico was rated a“standard” risk, the lowest of the four risk ratings. 208This low risk rating was awarded despite a May 2008 email from Susan Wright, AML Compliance head for the HSBC Group, singling out AML concerns related to Mexico. Referencing “RMM – Country Risk,” Ms. Wright wrote to HSBC Group Compliance head David Bagley and other colleagues: “I believe you have sight of our Country Reputational Risk Table but, as previously discussed, unless there are some specific concerns it is not proposed to highlight the highest risk countries as a matter of course. … Mexico – there are specific risks in relation to pressure from the US with regard to the laundering of the proceeds of drug trafficking through Mexican cas[a]s de cambios. HBMX have a number of customers who are cambios/money service businesses (MSBs) with links to the US and consequently payments from HBMX are made through HBUS. … [T]hese are notoriously difficult businesses to monitor …. [T]here is also US concern with regard to the amount of USD cash deposits and transactions between the US and Mexico and HBMX has been identified as one of the banks with the highest level of activity in this area.” 209This email shows that the head of HSBC AML Compliance was aware of and communicated to other Compliance personnel the serious AML risks related to Mexico involving drug trafficking, suspect casas de cambio, and bulk cash smuggling, yet the February 2009 HBUS country risk assessments again assigned Mexico the lowest possible risk rating. Three months after issuing the country risk assessments in February 2009, however, on May 1, 2009, HBUS suddenly revised Mexico’s risk rating, increasing it by three notches from the lowest to its highest risk rating. 210 When asked by the Subcommittee about the timing, Mr.Kazmy explained that, “in early 2009,” he had been asked by his supervisor, Anne Liddy, to take another look at Mexico’s risk rating due to OCC concerns. 211206 Id. The risk scores ranged from 0 to 28, and produced ratings of standard, medium, cautionary, and high.207 Subcommittee interview of Ali S. Kazmy (2/29/2012). See also Feb. 2009 “Rating 2009,” prepared by HBUS,HSBC-PSI-PROD-0096390-397. Mr. Kazmy took over the country risk rating process from Lynda Cassell who left HBUS in mid-2006. The FinCEN Advisory was issued in April 2006, just before Ms. Cassell left. 208 Mexico had received the same standard rating in 2008. See 2008 HBUS Country Risk Assessment for Mexico atHSBC-PSI-PROD-0096398-441 and 422. 209 5/14/2008 email from HSBC Susan Wright to HBUS David Bagley, HSBC Karl Barclay. HBEU DerekLeatherdale, and others, “RMM – Country Risk,” HSBC OCC 8873750. 210 See 4/9/2010 memorandum from OCC legal counsel to OCC Washington Supervision Review Committee,“Order of Investigation – HSBC Bank USA, N.A., New York, NY,” OCC-PSI-00899482-485, at 484. 211 Subcommittee interview of Ali S. Kazmy (2/29/2012).45 Ms. Liddy’s request coincided with an intensifying law enforcement interest in Mexican casas de cambio suspected of laundering illegal drug proceeds through U.S. financial institutions, including HBUS. In February 2008 and again in November 2008, as detailed below, Mexican regulators confronted HBMX with suspicions that drug proceeds were moving through its accounts at HBUS. In January 2009, according to an internal HBUS email, a U.S. Homeland Security Department’s Immigration and Customs Enforcement (ICE) agent met with HBUS about a money laundering investigation involving one of their clients in Mexico. 212 That samemonth, in response to Mexican AML regulatory concerns, HBMX stopped accepting U.S. dollar deposits at any of its Mexican branches. In June 2009, ICE also informed the OCC that ICE was investigating possible money laundering activity involving banknote accounts at HBUS. 213 ICE indicated that Mexican drugtraffickers appeared to be using the black market peso exchange in New York to transfer funds through a particular Mexican financial institution, which then sent the funds through its U.S. correspondent account at HBUS. 214 Dan Stipano, OCC Deputy Chief Counsel, explained thescheme to the OCC Examiner-In-Charge at HBUS as follows: “The scheme … is similar to activity that we have seen at Union Bank, Wachovia, and Zions. Basically, the way it works is that drug money is physically hauled across the border into Mexico, then brought back into the United States through wire transfers from casas de cambio or small Mexican banks, or else smuggled across the border in armored cars, etc., before being deposited in US. Institutions. According to AUSA [Assistant U.S. Attorney] Weitz, most U.S. banks, recognizing the risks involved, have gotten out of this business, but HSBC NY is one of the last holdouts (although, interestingly, he said that HSBC-Mexico will no longer accept U.S. currency).” 215What U.S. law enforcement officials had found was that, because drug traffickers in the United States were having difficulty finding a U.S. financial institution that would accept large amounts of cash, due to strict U.S. AML controls, many were instead transporting large volumes of U.S. dollars to Mexico, and depositing the dollars at Mexican financial institutions. The drug traffickers could then keep their deposits in U.S. dollars through the Mexican financial institution’s correspondent account at a U.S. bank, or exchange the dollars for pesos. The Mexican banks, casas de cambio, and other financial institutions that were the recipients of the cash typically shipped the physical dollars back to the United States for credit to their own U.S. dollar correspondent accounts at U.S. banks. HBUS’ awareness of the increasing U.S. law 212 See 1/19/2009 email from HBUS Denise Reilly to HBUS Lesley Midzain, “HBMX Banknotes Business – HSBCMexico Press Release and Q&A,” HSBC OCC 3633806-807. In a Subcommittee interview, HBUS AML Compliance officer Daniel Jack indicated that he attended the meeting, and the ICE agent expressed concern about possible money laundering through Consultoria, a former Mexican casa de cambio that had converted into a bank. Mr. Jack told the Subcommittee that HBUS closed the Consultoria account six months later. Subcommittee interview of Daniel Jack (3/13/2012). 213 See 9/29/2009 email from Dan Stipano to Sally Belshaw, at 3, OCC-PSI-00928758; 6/28/2009 notes of telephoneconversations, prepared by OCC Jim Vivennzio, OCC-PSI-00928759-761 (noting ICE agents had met with HBUS). [Sealed Exhibit.] 214 See 6/28/2009 notes of telephone conversations, prepared by Jim Vivenzio, OCC-PSI-00928759. [SealedExhibit.] 215 See 9/29/2009 email from Dan Stipano to Sally Belshaw, at 3,OCC-PSI-00928758.46 enforcement and regulatory interest in Mexico may have contributed to its decision to review and, ultimately, in May 2009, to increase its risk rating for Mexico. One key consequence of the higher risk rating for Mexico was that, under Group AML policy, HBUS was required to conduct enhanced monitoring of all of its Mexican clients. HBUS’ higher risk rating may have also put pressure on HSBC Group and other HSBC affiliates to boost their risk rating of Mexico as well. On June 18, 2009, Ms. Wright sent an email to Ms. Liddy asking her about the higher rating for Mexico. Ms. Wright wrote: “It has been drawn to my attention that in the latest US Country Risk Assessment Mexico has gone from a lower risk to high. I have received a number of queries from around the Group as to the reason for what they see as quite a dramatic change. Whilst I appreciate the risks involved in doing business with Mexico I would be grateful for some further and more detailed clarification as to why the change has been so dramatic. This will enable me to deal with a number of these queries.” 216In response, Ms. Liddy asked Mr. Kazmy, the AML officer responsible for compiling the country risk ratings, to write up the reasoning for the higher risk rating. He wrote: “A number of sources are reviewed, a majority of which are government and international agencies, such as World Bank, IMF, FATF, CFATF, BIS, Central Banks, Transparency International, etc. in order to determine risk levels …. The U.S. Department of State issues detailed annual assessment[s] of each country via the International Narcotics Control Strategy Report highlighting, inter alia, money laundering, terrorist financing, corruption, and regulatory regime/oversight. An excerpt of such a report on Mexico … is attached below. … As a result of events occurring in Mexico during the past several months with respect to drug trafficking and money laundering, as well as the general unrest these developments have caused, we have downgrade[d] Mexico to ‘high’ risk. The deteriorated situation is recognized by the Government of Mexico as evidence through the involvement of agencies tasked with the Anti-Money Laundering and Counter Financing of Terrorist (AML/CFT) efforts towards drafting an AML/CFT National Strategy … expect to be 216 6/18/2009 email from HSBC Susan Wright to HBUS Anne Liddy, “Group CRRT and US Country RiskAssessments,” OCC-PSI-00652829. See also 6/9/2009 email from HSBC David Bagley to HBMX Emilson Alonso, copies to HSBC Michael Geoghegan and others, “GMO Business reviews – LATAM,” HSBC OCC 8874895 (“I fully acknowledge the level of priority and focus that you and the team have given to these issues and the progress that has been made particularly in Mexico and have taken all of this into account. … The basis for the rating is however: The inherent AML risk in Mexico is still very high and [t]here are not many other parts of the Group that have what is effectively a drugs war being conducted on the streets and also have the risk posed by potential sting and other operations by the US authorities. We have of course remediated our high risk accounts, but the historic weak account opening processes mean that we have overall lower levels of KYC across the customer base as a whole. … Happy to discuss further.”). 47 issued sometime during 2009. … Our rating is in conformity with the view of the U.S. law enforcement.” 217Ms. Liddy asked him how Mexico had been rated by the State Department in 2009, and whether that rating was worse than in the previous report, apparently not realizing that the State Department had consistently given Mexico its highest risk rating for years. 218 Mr. Kazmy toldMs. Liddy, incorrectly, that the State Department INCSR report did not rate countries for risk, but also provided numerous details from the 2009 INCSR report indicating that money laundering and drug trafficking risks had increased. 219In 2010, when the OCC sent HBUS a supervisory letter on AML deficiencies at the bank, the letter included criticism of its country rating system. 220 Under the heading, “Inadequate andIneffective Procedures for Country Risk Ratings,” the OCC listed “significant flaws” with the scoring and risk rating methodology, as well as with HBUS’ decision not to monitor wire transfer activity for foreign financial institutions or other clients located in a standard or medium risk country, unless designated as an SCC client. The OCC wrote: “The bank’s country risk ratings for its PCM [Payment and Cash Management division] wire monitoring are critical, due to the bank’s unacceptable practice of assigning an overall risk rating to its non-SCC customers based solely on the risk rating that the bank has given the country where the customer is located. However, compounding this deficiency, the bank’s procedures for determining the critical country risk ratings are inadequate and ineffective. To determine the country risk rating, the bank employs a point system based on fifteen factors. HBUS’ methodology appears straightforward … [h]owever … there are significant flaws in the implementation of the point system. … The bank’s failure to risk rate countries appropriately has a significant impact on HBUS’ BSA [Bank Secrecy Act] compliance, because customers’ risk ratings affect a number of variable requirements relating to due diligence for foreign correspondents. For example, these variable requirements include the frequency with which the bank conducts site visits (every 12 months versus every 24 months) and the level of due diligence performed on beneficial owner and the senior management team.” 221217 6/19/2009 email from HBUS Ali Kazmy to HBUS Anne Liddy, “Group CRRT and US Country RiskAssessments,” OCC-PSI-00652829. 218 6/22/2009 email from HBUS Anne Liddy to HBUS Ali Kazmy, “Group CRRT and US Country RiskAssessments,” OCC-PSI-00652829. 219 6/24/2009 email from HBUS Ali Kazmy to HBUS Anne Liddy, “Group CRRT and US Country RiskAssessments,” OCC-PSI-00652829. 220 See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering(‘BSA/AML’) Examination – Program Violation (12 U.S.C. § 1818(s); 12 C.F.R. § 21.21),” OCC-PSI-00864335- 365, at 18-20. [Sealed Exhibit.] 221 Id. at 18, 20. See also 4/9/2010 memorandum from OCC legal counsel to OCC Washington Supervision ReviewCommittee, “Order of Investigation – HSBC Bank USA, N.A., New York, NY,” OCC-PSI-00899482-485, at 3-4. The problems with HBUS’ country risk assessments extended beyond Mexico to other countries as well. Some of the countries that should have been rated as having a high risk of money laundering, but were instead rated standard or medium, included Antigua, the Bahamas, Cayman Islands, and Switzerland. See Feb. 2009 “Rating 2009,” 48 When asked why past risk assessments of Mexico had been so low, Mr. Kazmy told the Subcommittee that he was unable to explain the low ratings prior to 2009. 222 He indicated thathe first saw the 2006 FinCEN advisory on Mexico in 2009. 223 He also indicated that, if he hadknown what he later learned, he would have increased the risk rating earlier. 224C. HBMX’s History of Weak AML Safeguards In addition to the substantial money laundering and drug trafficking risks plaguing Mexico for a decade, HBMX itself had a history of weak AML controls and a poor compliance culture, which the HSBC Group worked for years to improve, with limited success. While HSBC Group officials in London were well aware of HBMX’s AML deficiencies and immersed in an effort to strengthen them, it did not inform its worldwide affiliates, including HBUS, of the problems. From 2002 until recently, HBUS remained largely ignorant of the extent of HBMX’s AML and compliance deficiencies, despite providing HBMX with extensive correspondent services and giving it free access to the U.S. financial system. Non-Existent Compliance Function in 2002. In 2002, as part of its decisionmaking process to purchase Bital, HSBC Group reviewed Bital’s compliance function, found it wholly inadequate, and determined that a major effort would be needed for the new bank to meet Group standards. In an email to his colleagues, David Bagley, head of HSBC Group Compliance, put it this way: “Sandy [Flockhart, HSBC Mexico head,] acknowledges the importance of a robust compliance and money laundering function, which at present is virtually non-existent. … There is no recognizable compliance or money laundering function in Bital at present …. Sandy thinks it is important to look both at issues affecting Mexico City, but also closer to the border where there appears to be substantial cross-border flows of monies, including USD [U.S. dollars] in cash.” 225His comments followed a July 2002 audit performed by HSBC Group auditor prior to purchasing the Mexican bank providing a negative assessment of the bank’s compliance program. The HSBC internal audit report detailed a wide range of specific problems as well as broader AML deficiencies: • “FRBNY [Federal Reserve Bank of New York] review in 12/2000 identified that82 of the 248 accounts reviewed lacked full documentation. • A review … of documentation of accounts booked at the target’s Cayman Islandsbranch … found that 41% of the accounts reviewed (92 of 224 reviewed) lacked full client information. 37 files had no client information. … prepared by HBUS, HSBC-PSI-PROD-0096390-397. As a consequence, clients from those jurisdictions were treated as low risk, and wire transfers involving those countries were not routinely monitored by HBUS. 222 Subcommittee interview of Ali S. Kazmy (2/29/2012).223 Id.224 Id.225 7/10/2002 email from HSBC David Bagley to HSBC John Root, with copies to Sandy Flockhart and RichardBennett, “Bital,” HSBC OCC 8877797-798. 49 • The [monitoring] system does not have any capacity to aggregate transactionactivity for any period other than a given day … [and] does not identify high risk clients as such. … • Private banking operations per se, are not identified. …• GFB [Grupo Financiero Bital] was involved in Operation Casa Blanca, a USgovernment undercover sting operation undertaken to combat drug trafficking and money laundering activities in the US and Mexico. A former GFB account executive was found willing to establish fictitious accounts and moved illegal money through them. … GFB forfeited $3.1 [million] to the US government in 1998. … Conclusions The GFB Compliance effort is weak, and it appears that the target organization does not have a strong Compliance culture. • GFB does not, in reality, have a Compliance Department and one wouldhave to be established and implemented …. • Reviews of account opening procedures and client documentation aresporadic, and the reviews normally do not encompass large populations of client files or activities. This effort needs to be strengthened. • Client transaction and activity monitoring is very limited. The reliance onaccount managers to identify and report unusual and suspicious transactions of their clients is a serious internal control shortcoming. … High risk clients receive no special monitoring coverage. … • Internal and external audit recommendations, and issues raised inregulatory reports do not receive proper respect and action. ... • Measures to promote and ensure staff discipline are not satisfactory.GFB’s Code of Conduct lacks content, detail and spirit. …Appropriate staff related policies would have to be implemented immediately as part of the overall effort to install a dedicated Compliance and internal control culture throughout the organization.” 226Despite Bital’s weak compliance function, HSBC Group completed the purchase on November 22, 2002. 227Five Years of Effort. Over the next five years, from 2002 to 2007, HSBC Group initiated a number of efforts to strengthen Bital’s compliance and AML programs. While improvements were made, significant deficiencies persisted. In November 2002, immediately before purchasing Bital, John Root, a senior HSBC Group Compliance expert whom David Bagley asked to help work on AML issues at HBMX, visited the bank for a week and prepared a report cataloguing compliance issues and needed 226 July 2002 “Group Internal Audit: Due Diligence Review – Project High Noon,” HSBC audit of Bital, HSBCOCC 8873846 -852. 227 See 11/29/2002 minutes of HSBC Holdings plc Board of Directors, section 109.3, HSBC-PSI-PROD-0198570.50 initiatives. 228 Among other problems, his report noted the “lack of a ‘control culture’ atBital.” 229 The report also described a meeting with one of Bital’s chief Mexican regulators who“was extremely critical” of the bank, repeating a number of times that controls “do not exist.” 230The report noted that “some of his harshest criticism” were directed at the Bital Legal Department “which he averred was ‘not guilty of bad faith but extreme mediocrity.’” 231According to the report, the Mexican regulator recommended “sweeping changes in management.” 232The report noted that Bital had 83 correspondent relationships with other financial institutions, including 20 well known and reputable banks and some institutions that required additional KYC information. 233 Mr. Root recommended obtaining that added KYC informationor closing some of those accounts by March 2003. The report also noted that Bital had accounts lodged at its own Cayman branch office, which operated as an offshore shell entity and was managed by Bital employees in Mexico City. The report recommended undertaking an analysis of all of the correspondent banking deposits, “particularly those in the Cayman Islands,” by June 2003. It also recommended an analysis of “all existing Private Banking, with particular attention to USD [U.S. dollar] accounts and fund transfers to New York and the Cayman Islands.” 234 Inaddition, it recommended developing a better electronic screening system for all account activity to identify suspicious transactions and a better process for investigating suspicious activity “without any tipping off.” 235In 2002 and 2003, HSBC Group appointed a new Compliance head for HBMX, Ramon Garcia Gibson, formerly AML Director at Citibank’s Mexican affiliate, Banamax; established an HBMX Compliance Department; hired additional staff; and installed a new monitoring system known as Customer Account Monitoring Program (CAMP) to detect suspicious activity. HBMX also hired a Money Laundering Deterrence (MLD) Director Carlos Rochin. Nevertheless, in 2003, two inspection reports from Mexican authorities in January and August identified ongoing problems with the detection of suspicious transactions and the adequacy of the bank’s Money Laundering Deterrence (MLD) handbook, which HSBC was then in the process of revamping. 236228 “Compliance Due Diligence Trip by John Root: Bital (Mexico City) – 4-8 Nov02,” prepared by HSBC JohnRoot, HSBC OCC 8877802-807. See also 11/25/2002 email from HSBC John Root to HSBC Richard Bennett and HSBC Matthew King transmitting the report, HSBC OCC 8877800 (“There is very little of what we would call a Compliance function. … I did not encounter anybody at Bital who I thought immediately capable of building a Compliance department.”). 229 “Compliance Due Diligence Trip by John Root: Bital (Mexico City) – 4-8 Nov02,” prepared by HSBC JohnRoot, HSBC OCC 8877802-807, at 1. 230 Id.231 Id.232 Id. at 2.233 Id. at 4.234 Id. at 6. Mr. Root told the Subcommittee that he became aware of the HBMX Cayman accounts at that time, butthought they were servicing Cayman residents. Subcommittee interview of John Root (4/26/2012). 235 Id. at 4-5.236 See 1/22 and 26/2004 email exchanges among HBMX Ramon Garcia and HSBC John Root, Susan Wright, andDavid Bagley, “MLD Regulatory Report,” HSBC OCC 8873393-394 51 In January 2004, HSBC Group’s Board of Directors met in Mexico to allow Board members to familiarize themselves with HBMX. 237 During the meeting, the Board’s AuditCommittee reviewed HBMX’s ongoing internal control issues. The Audit Committee’s minutes stated that, “after being part of the Group for some 15 months,” HBMX had made “very significant progress in raising the standards of its controls. It will, however, probably take another two years to fully reach Group standards. From experience with other acquisitions this is not unexpected.” 238Five months later, in May 2004, HBMX’s internal auditors filed a report containing a number of criticisms of the bank’s compliance and AML efforts, indicating that much still needed to be done to cure its AML deficiencies. 239 Finding HBMX’s AML function to beoperating “Below Standard,” the internal audit report stated: “HBMX has insufficient controls to detect money laundering transactions in all areas of the Group in a timely manner. The implementation of the CAMP system is in process yet it only includes the Bank’s transactions that have been registered in the Hogan system and fails to monitor those registered in other IT systems/HBMX subsidiaries. Direccion de Prevencion de Lavado de Dinero [Direction of Money Laundering Deterrence] has identified high-risk areas of money laundering transactions, which are not being monitored. The communication between LCOs [Local Compliance Officers] and Compliance does not enable the timely detection of the needs and weaknesses of the areas and subsidiaries. There are inadequate internal controls over the IT systems used to send information to the regulator on suspicious or relevant transactions to authorities. In our opinion, based upon the foregoing, the Direction of Money Laundering Deterrence is operating with a BELOW STANDARD level of Control Risk.” 240Three months later, in August 2004, John Root, HSBC Group Compliance head for Latin America, again visited HBMX to examine the status of its compliance and AML efforts, prepared a report, and sent it to senior officials at both HBMX and HSBC Compliance. 241 Thereport indicated that, while substantial progress had been made over the past 18 months, AML deficiencies remained: 237 1/30/2004 minutes of HSBC Holdings plc Board of Directors, section 04/7, HSBC-PSI-PROD-0198571-572.238 Id. at 2.239 May 2004 “Informe General de Auditoria HBMX GAQ 040026 Compliance-Money Laundering,” prepared byHSBC Group’s internal audit (“Auditoria Interna Del Groupo”), HSBC OCC 8874376-381. 240 Id. at 4 (emphasis in original).241 “HBMX Jul04 GHZ CMP Visit Report,” prepared by HSBC John Root, HSBC OCC 8875567-575. See also8/10/2004 email from HSBC John Root to HSBC David Bagley, Richard Bennett, Matthew King, David Leighton, and Susan Wright, and HBMX Sandy Flockhart and Ramon Garcia, transmitting the report, HSBC OCC 8875565- 575. 52 “Senior management has made significant progress in introducing Group Compliance Policy and Standards in HBMX. The head of the Compliance department, Ramon Garcia Gibson, has set the foundation for an effective Compliance function. HBMX controls are much improved from the situation that existed 12-18 months ago[.] However, Treasury back-office operations are a source of major regulatory concern, as is accurate and timely reporting to regulators. … [O]ne of the five commissioners of the CNBV … states, ‘In the business area [of HBMX], the resources have arrived. In the area of controls, the resources have not arrived.’ The CNBV gave us a ‘fact sheet’ in English with the following ‘main concerns’ …. Anti-money laundering processes – Although improvements have been seen, some concerns remain regarding deficiencies in process (no system for unusual operations detection and a poor identification of public figures and high risk customers) and over control of Panama’s branch operations. … In a wide-ranging discussion, CNBV regulators commented that any outsourcing must be able to be audited from Mexico. They do not want outsourcing to jurisdictions with strong banking secrecy. … The Trusts department is struggling to improve the poor condition of its files. Notwithstanding a senior manager’s optimism [‘Most of them, KYC is okay’ and ‘Most deficiencies are not related to KYC’], by far the greatest problem is missing KYC documentation. Of a total of 15,434 trusts, only 6,868 (41%) have completed documentation. 2,955 (20%) of trusts have no documentation at all. ... Around USD 16 billion arrive from the United States each year, mostly through the branch network. Money laundering risk is mitigated by several factors: (1) remittances are generally small (US200-300), according to two senior managers; (2) due diligence appears to be adequate on the AML procedures of US third-party money services businesses; and (3) CAMP Retail, a software programme to detect suspicious transactions, is scheduled to be installed in the branch network in NOV04. Recommendation: HBMX CMP [Compliance] should sample periodically remittances from the United States to determine if, in fact, remittances are generally small and in the ordinary course of business.” 242In September 2004, the CNBV conducted an inspection of HSBC’s AML efforts and, contrary to the more positive tone described by HBMX internally, found them unsatisfactory. 242 “HBMX Jul04 GHZ CMP Visit Report,” prepared by HSBC John Root, HSBC OCC 8875567-575 (emphasis inoriginal). 53 According to an internal HBMX compliance report, a CNBV report summarizing the 2004 inspection criticized HBMX for: “not considering the risk exposure of the customer to determine the appropriate visitation process, not implementing procedures to update annually the files of high-risk customers and politically exposed persons, not defining internal criteria to determine customers’ risk exposure and a delay in formalizing the Communication and Control Committee … responsible for sending SARs to the CNBV … and issuing money laundering deterrence policies.” 243The Communication and Control Committee (CCC Committee, also called the Money Laundering Deterrence or MLD Committee), which was mandated by a 2004 Mexican law, was intended to act as the bank’s primary internal unit to deter money laundering, so the delay in getting the committee underway was seen as a major AML deficiency. CNBV later fined HBMX more than $75,000 for the AML deficiencies identified in 2004, a fine which HBMX CIBM Compliance proposed contesting. 244In early 2005, an internal HBMX whistleblower hotline disclosed that HBMX compliance officials had fabricated records of mandatory monthly meetings by the CCC Committee, and provided the false records to a local CNBV regulator. 245 An HBMXinvestigation determined that the false records consisted of attendance sheets and minutes for CCC meetings that should have taken place from July to December 2004, but did not. 246 Theywere fabricated by a junior employee at the direction of the HBMX Money Laundering Deterrence Director, Carlos Rochin, who then tendered his resignation and left the bank. 247Ramon Garcia, head of HBMX Compliance and the CCC Committee chair, received a written warning and was barred from receiving what would have been a substantial bonus for his work in 2004. David Bagley, head of HSBC Group Compliance, wrote: “Overall RG [Ramon Garcia] has performed credibly, has worked very hard, and would otherwise be hard to replace. In the circumstances whilst we will need to keep his position under review at this stage I endorse the decision to retain his services given that his failure is limited to one of failing to supervise a very senior and trusted subordinate.” 248243 “1Q07 Compliance Report to the CIBM Audit Committee,” prepared by the HBMX Corporate, InvestmentBanking and Markets (Private) Audit Committee, HSBC OCC 8873286-287 (describing CNBV criticisms). 244 Id.245 See 1/21/2005 email from HSBC David Bagley to HSBC Stephen Green and Richard Bennett, “ComplianceException,” HSBC OCC 8873671. 246 See 2/16/2005 email from HSBC David Bagley to HSBC Stephen Green and Richard Bennett, “Disclosure Line– HBMX CMP,” HSBC OCC 8873673; Feb. 2005 “HSBC Whistleblower Item 15 – HBMX: Investigation Report – Executive Summary,” prepared by Head of Group Audit Mexico (GAQ)(hereinafter “Whistleblower Report”), HSBC OCC 8877877-885. 247 Whistleblower Report at 5-6.248 2/16/2005 email from HSBC David Bagley to HSBC Stephen Green and Richard Bennett, “Disclosure Line –HBMX CMP,” HSBC OCC 8873673. 54 Mr. Bagley’s internal report found that the HBMX AML staff was riven by dissension and resentment and may have “exact[ed] retribution” against the MLD director for the dismissal of a colleague. His report concluded that Mr. Garcia would have to rebuild a “shattered Money Laundering Section.” 249 It also noted that CNBV “reiterated … that, by comparison with otherMexican financial institutions, HBMX CMP [Compliance] appeared to be understaffed” and urged the bank to hire additional compliance personnel. 250In May 2005, John Root, HSBC Group Compliance head for Latin America, made another visit to HBMX for several days to evaluate its compliance and AML efforts. As before, he later prepared a report and provided it to colleagues at HSBC Group and HBMX. In a separate email transmitting the report six weeks later, Mr. Root noted that the HBMX MLD director who resigned in January 2005, had not been replaced despite the passage of six months, and a new director needed to be appointed “as soon as possible in order to reorganize promptly a demoralized department and improve AML controls.” 251 The email noted the importance of “anindependent, effective professional in the sensitive role of head of AML in Mexico.” He also observed that “[p]rojects are started but seldom completed, perhaps because of the many ministerial tasks that have accrued since the departure” of the MLD director. Mr. Root wrote: “As you of course know, the work has piled up in the Compliance department, and Ramon needs help with the backlog. It is true that we have increased staff in the department, but they are mostly entry-level analysts in need of direction. It is important we hire an MLCO [Money Laundering Control Officer] as quickly as possible, and perhaps also a sort of ‘operating officer’ for Ramon to enable him to bring the department up to Group Standards.” 252Mr. Bagley forwarded the Root email to a colleague and commented that “until we have the right amount and mix of resources I cannot see [how] Ramon can make progress.” 253 Later that year,Leopoldo R. Barroso was appointed MLD director for HMBX. In November 2005, Richard Bennett, then HSBC Group General Manager of Legal and Compliance and the person to whom David Bagley, head of HSBC Group Compliance, reported, paid a brief visit to HMBX. 254 While there, he met with the bank’s CNBV regulators who raiseda variety of compliance issues. According to an email sent by Mr. Bagley, the concerns included the nature of the HBMX accounts in the Cayman Islands; the referral of clients to Mexico by other HSBC affiliates, especially in France; and access to HBMX AML information from other countries, in particular the United Kingdom. 249 Whistleblower Report at 7.250 Id. at 8.251 7/6/2005 email from HSBC John Root to HSBC David Bagley, Susan Wright, and David Leighton, “Visit toHBMX – 18 – 25 May 2005,” HSBC OCC 8876670-671. 252 Id.253 7/6/2005 email from HSBC David Bagley to HSBC Richard Bennett, “Visit to HBMX – 18 – 25 May 2005,”HSBC OCC 8876670. 254 See 11/15/2005 email from HSBC David Bagley to HSBC John Root, “HBMX – Compliance Issues,” HSBCOCC 8873264-266. 55 In December 2005, HBMX’s internal audit group produced a 55-page report identifying a host of compliance and AML problems at the bank. 255 It found that HBMX Compliance hadimproved, but still rated it “Below Accepted Levels.” Major deficiencies included a failure to make full use of the new CAMP monitoring system, a failure to ensure its monitoring parameters met local requirements, inefficient monitoring processes which made detection and analysis of alerts difficult, failure to apply CAMP to foreign remittances and HBMX subsidiaries, inadequate SCC risk profiles, failure to complete a MLD work plan, and inadequate training. 256The audit report was actually issued to HBMX in the spring of 2006, and its findings were hotly contested by the HBMX MLD Director, Leopoldo Barroso. 257 He communicated hisviews to HSBC Group Compliance and complained that the bank would be required to forward the audit report to the CNBV, which would not only create a “misleading” impression, but also would contradict a recent presentation HBMX had made on how its AML controls had improved. 258 John Root, senior HSBC Group Compliance officer, forwarded HBMX AML’sresponse to the audit findings to Susan Wright, head of AML and David Bagley, head of Compliance for HSBC Group. 259 Mr. Root commented:“[T]he audit points are being strongly rejected by HBMX AML. AML is also alleging errors of procedure …. Many, if not most, of the recommendations were ‘rejected’ or downgraded in importance by AML, which is certainly a heartfelt, but rather unusual formal reaction, to an audit. Most of just accept audit recommendations, whether perceived to be ‘fair’ or not, and proceed to implement them. I have let the dust settle a bit, as AML management clearly feel aggrieved, but closer monitoring is warranted on the specific audit recommendations. … [T]he one that most sticks out is apparent lack of monitoring of the (relatively few) AML staff in the field. This raises a ‘red flag’ in a place like Mexico, where the drug cartels are very powerful and ubiquitous. … To aver, as the audit does, that ‘we do not really know what our man in the field is doing’ is a warning sign, if true. AML of course vigorously deny this.” Mr. Barroso’s email responding to the internal audit noted that HBMX MLD had also recently been audited by CNBV and expected to receive a satisfactory rating, with only two requirements for improvements and several recommendations. 260HSBX’s internal audit group continued to conduct compliance and AML examinations of HBMX offices and branches. In September 2006, for example, it examined operations at four 255 See Dec. 2005 “Informe de Auditoria General: HBMX – Direccion de Compliance,” prepared by Mexico GroupAudit, HSBC OCC 8876223-280. 256 Id., Executive Summary.257 See 5/17/2006 email from HSBC John Root to HSBC Susan Wright and David Bagley, “Internal Audit Reports,”attaching 5/8/2006 email from Leopoldo Barroso and a chart entitled, “Internal Audit Main Findings to MLD,” HSBC OCC 8874383-392. 258 Id. at HSBC OCC 8874392259 Id. at HSBC OCC 8874383.260 Id. at HSBC OCC 8874384.56 HBMX district offices, each with more than 15 branches, located in the cities of Puebla, Morelos, and Juarez. 261 All four district offices were found to be operating “Below Standard”with respect to their risk controls, which was the same low rating each had received the prior year. For example, all four were found to have KYC and “file integrity” issues that “failed to comply with Group policies.” 262 One district office was found to lack knowledge of theprocedures to identify Special Category Clients (SCCs). 263 All four district offices had five orsix repeat recommendations from prior audits that had yet to be resolved. All four summary reports were circulated to HSBC Group Compliance senior officials. 264In October 2006, HBMX’s Compliance head Ramon Garcia informed HSBC Group Compliance that HBMX’s Money Laundering Deterrence (MLD) Committee had adopted a policy that would require HBMX to consider closure of an account after four Suspicious Activity Reports (SARs) had been filed with respect to an account’s activity. 265 In response, John Root,senior HSBC Group Compliance officer, responded: “4 SARs seems awfully indulgent, even by local standards. At any rate, it is against Group policy, as Susan [Wright] points out, so you will need to seek an official dispensation.” 266 A “dispensation” was needed, because HSBC GroupPolicy No. GPP25 required accounts to be closed after two SARs were filed. The next day, HBMX informed HSBC Group Compliance that, rather than seek an official exception, it had decided to adopt the Group policy and would consider account closure after two SARS were filed, rather than four. 267Unimed and Ye Gon Scandal. In 2007, HBMX learned that one of its longstanding clients was accused of involvement with illegal drug trafficking. On March 15, 2007, in a joint effort with the U.S. Drug Enforcement Administration (DEA), the Mexican Government seized 261 See September 2006 “Group Audit Mexico Audit Report Summary Schedule: GHQ Reportable Audits,” for PFSPuebla Z01 C31 District Office (with 17 branches), PFS Puebla Z01 C23 District Office (17 branches), PFS Morelos Z01 A20 District Office (19 branches and 1 Module), and PFS Ciudad Juarez Z03 B02 District Office (21 branches and 1 custom module), HSBC OCC 8876717-720. 262 Id.263 Id. at HSBC OCC 8876718.264 See 10/9/2006 email from HSBC David Bagley to HSBC John Root, forwarding message from HSBC MatthewKing, “HBMX B/S and U Audit Report Summary for SEP06,” HSBC OCC 8876715 (transmitting audit report summaries). See also August 2005 “General Audit Report: HBMX – PFS Torreon District (Z04 C01),” prepared by Group Audit Mexico, HSBC OCC 8876677-680 (finding a district office with 22 branches operating “Below Standard,” with “[n]o significant progress … since the previous audits and 11 repeat recommendations”). 265 See 10/17-18/2006 email exchanges among HBMX Ramon Garcia and Leopoldo Barroso and HSBC John Root,David Bagley, Susan Wright, and Emma Lawson, “2Q06 HBMX Compliance Report,” and “Compliance with GPP 25,” HSBC OCC 8876711-713. 266 10/17/2006 email from HSBC John Root to HBMX Ramon Garcia, with copies to HSBC David Bagley andSusan Wright, “2Q06 HBMX Compliance Report,” HSBC OCC 8876713. 267 See 10/17-18/2006 email exchanges among HBMX Ramon Garcia and Leopoldo Barroso and HSBC John Root,David Bagley, Susan Wright, and Emma Lawson, “Compliance with GPP 25,” HSBC OCC 8876711-713. GPP 25 stated: “Where the customer is the subject of more than one validated suspicious transaction/activity report, then serious consideration should be given to closure of the relevant account/s and any other connected accounts.” Despite adopting the Group policy generally to close an account after two SARs, HBMX apparently did a poor job of implementation. In November 2007, Mr. Garcia revealed at an HSBC conference that HBMX had “numerous cases of accounts with multiple SARs (16 in one case!!) in Mexico that remain open.” In response, Ms. Wright asked Warren Leaming to “follow up with Ramon” to strengthen compliance with the Group policy on closing accounts with SARs. 11/16/2007 email from HSBC Susan Wright to HSBC Warren Leaming, copy to David Bagley, “Mexico,” HSBC OCC 8875423. 57 over $205 million in U.S. dollars, $17 million in Mexican pesos, firearms, and international wire transfer records from the residence of a wealthy Chinese-Mexican citizen, Zhenly Ye Gon. 268The cash, which had been hidden in a secret locked room in the residence, 269 was described asthe largest cash seizure in a drug-related case in history. 270Mr. Ye Gon, a prominent businessman, was the owner of three Mexican corporations involved in the pharmaceutical field, Unimed Pharm Chem Mexico S.A. de C.V.; Constructora e Inmobiliaria Federal S.A. de C.V.; and Unimed Pharmaceutical, S.A. de C.V. 271 He was accusedof using his corporations to import, manufacture, and sell chemicals to drug cartels for use in manufacturing methamphetamine, an illegal drug sold in the United States. 272 He was alsoaccused of displaying “significant unexplained wealth,” despite reporting no gross income for his companies for the years 2005, 2006, and 2007. 273 In June 2007, Mr. Ye Gon was indicted inMexico on drug, firearm, and money laundering charges, but could not be located. 274 In July2007, he was arrested in the United States, imprisoned, and indicted by U.S. federal prosecutors for aiding and abetting the manufacture of methamphetamine. 275 Two years later, in 2009, U.S.prosecutors dismissed the charges, after a witness recanted key testimony. 276 Mr. Ye Gon hasremained imprisoned, however, subject to proceedings to extradite him to Mexico to stand trial. 277 Since his arrest, he has continually proclaimed his innocence.278Mr. Ye Gon and his corporations were longtime clients of HBMX as well as other banks and casas de cambio in Mexico. One news article reported that the Mexican Ministry of Finance and Public Credit (SHCP) had determined that, from 2003 to 2006, Mr. Ye Gon and his 268 See In re Zhenly Ye Gon, Case No. 1:07-cr-00181-EGS (USDC DC), Complaint for Arrest with a View TowardsExtradition (9/15/2008) (hereinafter “Ye Gon Extradition Complaint”), at 13; “Mexican Fugitive and Co- Conspirator Arrested on U.S. Drug, Money Laundering Charges,” U.S. Drug Enforcement Administration press release (7/24/2007), http://www.justice.gov/dea/pubs/states/newsrel/wdo072407.html. 269 See Ye Gon Extradition Complaint at 13.270 See, e.g., “Mexico seizes $205.6M from luxury house,” Associated Press, Joan Grillo (3/22/2007).271 See Ye Gon Extradition Complaint at 6.272 See Ye Gon Extradition Complaint at 6-15; “Mexican Fugitive and Co-Conspirator Arrested on U.S. Drug,Money Laundering Charges,” U.S. Drug Enforcement Administration press release (7/24/2007), http://www.justice.gov/dea/pubs/states/newsrel/wdo072407.html. See also DEA testimony, “Violence Along the Southwest Border,” (3/24/2009), at 8, before the U.S. House Appropriations Subcommittee on Commerce, Justice, Science and Related Agencies (describing seizures from a “pharmaceutical company CEO who facilitated the importation of metric-ton quantities of ephedrine for the Sinaloa cartel’s methamphetamine-manufacturing operations”). 273 Ye Gon Extradition Complaint at 12. The extradition complaint stated that in addition to transferring millions ofdollars in U.S. currency abroad, Mr. Ye Gon engaged in a “lavish lifestyle, which included purchasing expensive cars and jewelry, and gambling (and losing a net sum of approximately $125 million U.S. dollars) in Las Vegas, Nevada.” Id. at 12-13. 274 Ye Gon Extradition Complaint at 3-6 (describing Mexican Criminal Case No. 25/2007); “Mexican Fugitive andCo-Conspirator Arrested on U.S. Drug, Money Laundering Charges,” U.S. Drug Enforcement Administration press release (7/24/2007), http://www.justice.gov/dea/pubs/states/newsrel/wdo072407.html. 275 In re Zhenly Ye Gon, Case No. 1:07-cr-00181-EGS (USDC DC), Indictment (7/26/2007).276 See id., Order (8/28/2009); “Mexico, the DEA, and the Case of Zhenli Ye Gon,” Washington Post, JorgeCarrasco (10/29/2008), http://www.washingtonpost.com/wp-dyn/content/article/ 2008/10/28/AR2008102801364_pf.html .277 See Ye Gon Extradition Complaint.278 See, e.g., “Mexico, the DEA, and the Case of Zhenli Ye Gon,” Washington Post, Jorge Carrasco (10/29/2008),http://www.washingtonpost.com/wp-dyn/content/article/2008/10/28/AR2008102801364_pf.html .58 companies moved $90 million through 450 transactions involving four major Mexican banks, HBMX, Banamex, BBV Bancomer, and Banco Mercantil Del Norte, and multiple currency exchanges, including Casa De Cambio Puebla and Consultoria Internacional Casa De Cambio. 279The March 2007 seizure of cash and weapons from Mr. Ye Gon’s residence triggered an intense review of his accounts by HBMX and HSBC Group. 280 According to internal HBMXdocuments, the Unimed accounts were opened by Bital, retained by HBMX, and housed in HMBX’s Personal Financial Services (PFS) division, even though the official clients were corporations and should not have been serviced by the PFS division. 281 The accounts were notdesignated as high risk, despite unusual transactions that had attracted bank attention several times from 2003 to 2007. 282 John Root told the Subcommittee that during the 2003-2004timeframe, the Unimed account had attracted the attention of HBMX regulators, and Susan Wright had instructed HBMX to terminate the relationship altogether. 283 He said that the HSBCGroup did not realize the account was still open, until he and Ms. Wright saw the press articles regarding Unimed in 2007. When the scandal broke, Paul Thurston, who had been appointed in February as HSBC Mexico CEO after the former head, Alexander Flockhart, was promoted, wrote: “This is a very serious, and high profile, case which has potential reputational damage to the HSBC Group, and must be given the highest priority.” 284Mr. Thurston personally oversaw an extensive review of the accounts and HMBX’s AML controls. 285 When the head of HSBC Latin American internal audits, Graham Thomson, wasasked to summarize the AML deficiencies that contributed to the bank’s maintaining such a high risk account, Mr. Thomson wrote in part: “The main systemic weaknesses in HBMX, which I believe remain outstanding, are as follows: KYC as identified in branch and continuous audit reports. The lack of adequate documentation and filing systems which remain from the former Bital days …. 279 10/13/2007 “Reportan ruta de Ye Gon para ‘blanquear’ dinero” (“Ye Gon reported path to ‘launder’ money”), ElUniversal, Francisco Gómez, http://www.eluniversal.com.mx/nacion/155016.html, cited in 7/18/2008 Report of Findings (Update) for Consultoria Inernacional Banco, prepared by HBUS Financial Intelligence Unit, HSBC OCC 1822420-434, at 422. 280 See 4/19-20/2007 email exchanges among HBMX Paul Thurston, Sandy Flockhart, Graham Tomson, RamonGarcia and others and HSBC David Bagley, Matthew King, and others, “Management Letter: HBMX-[subject redacted by HSBC],” HSBC OCC 8875010-014. 281 See 3/20/2007 email from HBMX Leopoldo Barroso to HSBC Paul Thurston and others, “[subject redacted byHSBC],” HSBC OCC 8874315-16. 282 See, e.g., 3/16/2007 email from HBMX Leopoldo Barroso to HSBC David Leighton and HBMX Ramon Garcia,“[subject redacted by HSBC],” HSBC OCC 8874317-18; 4/20/2007 email from HSBC Matthew King to HSBC Michael Geoghegan, and copy to David Bagley, “Managerial Letter: HBMX-[redacted by HSBC],” HSBC OCC 8874762. 283 Subcommittee interview of John Root (4/26/2012).284 3/20/2007 email from HMBX Paul Thurston to Leopoldo Barroso, Sandy Flockhart and others, [subject redactedby HSBC], HSBC OCC 8874316-17. 285 See, e.g., March and April 2007 email exchanges involving HBMX Paul Thurston and multiple HBMX andHSBC colleagues, “[subject redacted by HSBC],” HSBC OCC 8874315-330 and HSBC OCC 8875010-014. 59 Lack of a compliance culture ….” 286His criticisms about the lack of a compliance culture and poor KYC documentation echoed the criticisms made five years earlier, when HSBC first purchased Bital. HBMX’s internal review determined that, in 2005 and several times thereafter, concerns about suspicious activity involving the Unimed account had been brought to the attention of the HBMX Money Laundering Deterrence Communication and Control Committee (“CCC Committee”). 287 The CCC Committee apparently initially advocated closing the account, butthen relented, in part because the Personal Financial Services (PFS) division where the account was located had, as one HBMX email put it, “argued that the client was fine, properly documented, and known by the business.” 288 The key PFS official who vouched for the clientapparently later claimed he’d been “lied to” by other bank personnel. 289 The review alsouncovered falsified “KYC visit reports,” documenting site visits to the client which had not actually taken place. 290 In addition, the review criticized poor analysis of the alerts which hadspotted the “unusual” account activity. 291 One email noted that other Mexican banks withUnimed accounts “had not reported the customer to the authorities, despite hosting apparently unusual transactions similar in nature to those recorded by HBMX.” 292As a result of the Unimed scandal, Mr. Thurston developed seven action items to strengthen HBMX’s AML and KYC efforts. 293286 4/2/2007 email from HBMX Graham Thomson to HSBC Matthew King and others, “Group Audit Committee –APR07,” HSBC OCC 8874328-329. They included reviewing the personnel assigned to the HBMX CCC committee and reminding CCC members of the need to take “an independent view” and to be “prepared to challenge their colleagues”; ensuring CCC minutes clearly identified the decisions taken; revamping KYC “analysis, assessment and reporting procedures” to ensure “higher risk cases are brought to senior management attention”; providing additional training on KYC assessment reports; transferring all corporations out of the Personal Financial 287 See, e.g., 4/20/2007 email from HBMX Graham Thomson to HSBC Matthew King and others, “ManagementLetter: HBMX-[subject redacted by HSBC],” HSBC OCC 8875010-011; 3/20/2007 email from HBMX Leopoldo Barroso to HBMX Paul Thurston and others, “[subject redacted by HSBC],” HSBC OCC 8874315-16; 3/16/2007 email from HBMX Leopoldo Barroso to HSBC David Leighton and HBMX Ramon Garcia, “[subject redacted by HSBC],” HSBC OCC 8874317-18. 288 3/16/2007 email from HBMX Leopoldo Barroso to HSBC David Leighton and HBMX Ramon Garcia, “[subjectredacted by HSBC],” HSBC OCC 8874317-18. 289 4/20/2007 email from HBMX Graham Thomson to HSBC Matthew King and others, “Management Letter:HBMX-[subject redacted by HSBC],” HSBC OCC 8875010-011. See also 4/18/2007 email from HSBC Matthew King to HBMX Graham Tomson, “Managerial Letter: HBMX-[redacted by HSBC],” HSBC OCC 8875013-014. 290 See 4/20/2007 email from HBMX Graham Thomson to HSBC Matthew King and others, “Management Letter:HBMX-[subject redacted by HSBC],” HSBC OCC 8875010-011; 4/18/2007 email from HSBC Matthew King to HBMX Graham Tomson, “Managerial Letter: HBMX-[redacted by HSBC],” HSBC OCC 8875013-014; Subcommittee interview of Paul Thurston (5/1/2012). 291 See 4/20/2007 email from HBMX Graham Thomson to HSBC Matthew King and others, “Management Letter:HBMX-[subject redacted by HSBC],” HSBC OCC 8875010-011; 4/18/2007 email from HSBC Matthew King to HBMX Graham Tomson, “Managerial Letter: HBMX-[redacted by HSBC],” HSBC OCC 8875013-014. 292 4/20/2007 email from HBMX Graham Thomson to HSBC Matthew King and others, “Management Letter:HBMX-[subject redacted by HSBC],” HSBC OCC 8875010-013. 293 See 4/19/2007 email from Paul Thurston to multiple HBMX colleagues, “[subject redacted by HSBC],” HSBCOCC 8875011-014. 60 Services division; and dismissing all branch staff involved with completing the falsified KYC reports. 294 Mr. Thurston also described the need to bring individual initiatives to improve KYCprocedures, account opening and file maintenance into “one coherent programme” with “appropriate emphasis.” 295 In addition, he described holding a special CCC Committee meetingwithin a week to review cases with similar patterns and other high risk cases. 296 He also directedthe internal audit group to conduct a review of HBMX’s AML and CCC processes. 297The most senior levels of HSBC Group were kept informed about the case. On April 20, 2007, for example, Matthew King, head of HSBC Group Audits, sent an email to HSBC Group CEO Michael Geoghegan with this update: “I am told the Mexican authorities are taking a relatively benign attitude to our involvement with this customer, which is fortunate because the review has revealed a number of weaknesses. A series of inaccurate, and possibly fabricated, visit reports seem to have been filed by the business which resisted any reporting of suspicions a number of times. For its part, the Moneylaundering Department failed to act as a proper check and balance. I have suggested a thorough review of processes within the Moneylaundering Department and of the Moneylaundering Committee to ensure they are robust. … There are also a number of personnel decisions to be taken.” 298Neither HBMX nor HSBC Group informed HBUS about the case. 299The Unimed scandal broke nearly five years after HSBC first began working to strengthen HBMX’s AML controls and create a compliance culture. It showed that, while progress had been made, HBMX still had multiple AML deficiencies and a poor compliance culture. 2007 AML Efforts. For the rest of 2007, HSBC Group Compliance devoted attention and resources to strengthening AML controls at HBMX, with limited success. One step taken was to task the new HBMX Chief Operating Officer, John Rendall, with overseeing HBMX’s KYC remediation effort for existing client files, an effort mandated by CNBV authorities but far behind schedule. 300294 Id. at HSBC OCC 8875012.Mexican regulators had given Mexican banks until 295 Id.296 Id. at HSBC OCC 8875012-13. HBMX did not identify any other corporate clients with a similar profile.Subcommittee interview of Paul Thurston (5/1/2012). 297 This review produced an audit report in December 2007, discussed below. See Dec. 2007 “General &Transactional Banking Audit: HBMX – Money Laundering Deterrence,” prepared by Group Audit Mexico, HSBC OCC 8874802-810. 298 4/20/2007 email from HSBC Matthew King to HSBC Michael Geoghegan, and copy to David Bagley,“Managerial Letter: HBMX-[redacted by HSBC],” HSBC OCC 8874762. 299 Subcommittee interview of Paul Thurston (5/1/2012).300 See, e.g., 2/27/2008 email from HBMX Paul Thurston to HSBC Michael Geoghegan and others, “CNBV/FIUUpdate,” HSBC-PSI-PROD-0198510-511. 61 2007, to update the KYC information in all customer files; HBMX had obtained an extension until May 2008, but expected to be hard pressed to meet the new deadline. 301In June 2007, David Bagley, HSBC Group Compliance head, visited HBMX for several days, met with CNBV officials, and circulated a report on the outstanding compliance and AML issues. In an email transmitting his report, Mr. Bagley wrote: “[T]here do appear to be a number of issues to be resolved, particularly those relating to accurate ongoing account opening, prompt effective and complete remediation in accordance with CNBV requirements for existing accounts, and completion of the recommended enhancements to the working of the MLD committee. … [W]e will need on an ongoing basis to consider the nature and extent of the resources currently available in CMP [Compliance]. … I suspect we are already stretched given the apparent growth that has already, or is intended to take place in this area which appears to be growth of both volume and complexity.” 302His five-page report detailed a number of compliance and AML problems. 303 First wasHBMX’s anticipated failure to meet a Mexican regulatory deadline for reviewing the KYC information for all existing accounts to ensure compliance with regulatory requirements. The report noted: “There appeared to be differing opinions as to how many accounts were affected, how many accounts were outstanding and therefore no real tracking of the progress being made.” The report recommended reaching a consensus on the method for tracking accounts and completing the task. The report also expressed concern about KYC weaknesses in opening new accounts. It noted: “If we are opening new accounts badly it will only add to the remediation exercise required by CNBV …. Accurate and complete account opening is a key AML control, particularly in emerging markets.” A third key issue was “confusion as to the stated aims and purpose of the MLD Committee.” A fourth was that “the CAMP monitoring system produces significant numbers of ‘false’ alerts. This is a feature of all AML monitoring systems. Having said this, steps are being taken across the Group to seek to minimize this,” and recommended that similar steps be taken in Mexico. A fifth concern was that the compliance team was “lightly resourced.” The report also discussed a “cordial” meeting held with CNBV regulators. It said that the regulators were “overall extremely positive about the bank” but also “had a fairly lengthy list of issues,” most of which focused on compliance matters other than AML issues. 304301 See 7/27/2007 minutes of LAM Regional Audit Committee, HSBC OCC 8875086-088, at 3 (“CNBV has granteda 1-year extension to MAY08 for HBMX to regularize customer identification files for account[s] opened or contracts signed before MAY04.”); 12/2007 audit of “HBMX-Money Laundering Deterrence (MLD),” No. HBMX GAQ 070086, prepared by HSBC Group Audit, Executive Summary, HSBC OCC 8876347 (“HBMI has been given an extension by the Regulator from May 07 to May 08 to ensure that a portion of the client files (known as the UBA project – about 1.8m customers) are completed.”). Paul Thurston, head of HSBC Mexico, thanked Mr. Bagley for the “constructive report.” He wrote: 302 6/27/2007 email from HSBC David Bagley to HBMX Paul Thurston and others, “Visit Report,” HSBC OCC8874967-968. Mr. Bagley visited Mexico and Panama from June 11 to June 14, 2007. See 7/27/2007 Minutes of LAM Regional Audit Committee, HSBC OCC 8875086-090, at 3. 303 June 2007 “Summary of Compliance Issues – Mexico,” report prepared by David Bagley, HSBC OCC 8874970-974. 304 Id. at 3.62 “I agree with your comment that we need to review the role and resources in the Compliance function. … For all Ramon’s strengths, I have equally seen weaknesses in addressing key issues … and in my view the jury is out on his ability to do all that we need in HBMX, let alone try to oversee other countries in the region. … [W]e should review between the three of us in a few month’s time, when we see what progress is being made.” 305The very next month, July 2007, John Root, head of Latin American Compliance, sent a blistering email to Ramon Garcia condemning HBMX’s CCC Committee for “rubber-stamping unacceptable risks”: “A number of items jump out from your most recently weekly report (02JUL-06JUL) but everything pales in comparison with the ML items on page 4. It looks like the business is still retaining unacceptable risks and the AML committee is going along after some initial hemming and hawing. I am quite concerned that the committee is not functioning properly. Alarmed, even. I am close to picking up the phone to your CEO. [Redacted by HSBC] looks like another [Unimed 306] type of situation – what on earth isan ‘assumption responsibility letter’ and how would it protect the bank if the client is a money launderer? Please note that you can dress up the USD10 million to be paid … to the US authorities as an ‘economic penalty’ if you wish but a fine is a fine is a fine, and a hefty one at that. What is this, the School of Low Expectations Banking? (“We didn’t go to jail! We merely signed a settlement with the Feds for $ 10 million!”) … So, [Unimed 307] is strike one. [Redacted by HSBC] is strike two. Let’s now look at strikethree. (I hope you like baseball.) The same person who is giving the sancrosanct ‘assumption responsibility letter’ for [Redacted by HSBC] … is being asked by the CEO to explain why he retained the [Casa De Cambio Puebla 308] relationship after USC11 million was seized by the authority in[Puebla 309] account with Wachovia in Miami. What?! The business was okay with this?The AML Committee just can’t keep rubber-stamping unacceptable risks merely because someone on the business side writes a nice letter. It needs to take a firmer stand. It needs some cojones. We have seen this movie before, and it ends badly.” 310305 6/29/2007 email from HBMX Paul Thurston to HSBC David Bagley and John Rendall, “Visit Report,” HSBCOCC 8874965. 306 Although the client name was redacted from the document by HSBC, John Root confirmed that Mr. Thurston wasreferring to Unimed. Subcommittee interview of John Root (4/26/2012). 307 Id.308 Although the client name was redacted from the document by HSBC, the reference to a seizure of $11 millionfrom Wachovia Bank in Miami indicates that the client is Casa de Cambio Puebla. See discussion below. 309 Id.310 7/17/2007 email from HSBC John Root to HBMX Ramon Garcia, with copies to Susan Wright, David Bagley,and Warren Leaming, “Weekly Compliance Report 02JUL-06JUL07,” HSBC OCC 8875925-927. 63 Mr. Garcia responded that he was escalating the two cases involving high risk clients as part of a revised AML procedure in the CCC Committee. 311 He explained that Mexican lawessentially required the CCC committee to give great weight to the opinion of the business side of the bank, because “they are the ones that really know the customer.” He said that he had escalated the cases to the HBMX CEO, because MLD had “a different opinion” from the business “about reporting the case to authorities.” Essentially, he said that the final decision belonged to the HBMX CEO, rather than the CCC Committee. The next week, Paul Thurston, HSBC Mexico CEO, supported the CCC Committee’s recommendation to close one of the accounts, but not the other. He supported closing the account of Casa de Cambio Puebla, which had been a client for more than 20 years, but whose funds at Wachovia Bank had been seized by the U.S. Justice Department and Drug Enforcement Administration (DEA). 312 Mr. Thurston cautioned John Rendall, the HBMX Chief OperatingOfficer, to alert CNBV and to ensure CNBV had “no objection.” 313 Mr. Rendall also suggestedalerting their US counterparts since HBUS had the same relationship with the client. 314 Thesecond account involved a U.S. money services business, Sigue Corporation, which specialized in remitting funds from the United States to Mexico and Latin America. Mr. Thurston, on the advice of Mr. Rendall and the commercial banking division, kept that account open. 315Later in July, the HSBC Latin American (LAM) Regional Audit Committee held a meeting in Mexico. 316 Participants included HSBC Group Compliance officials BrianRobertson, David Bagley, and Matthew King; LAM/HBMX officials Paul Thurston, Emilson Alonso, and Graham Thomson; HBMX Compliance head Ramon Garcia; and others from HSBC affiliates throughout Latin America. Mr. Thomson, head of LAM Internal Audit, discussed risk and compliance issues in several countries, and noted that Regional CEOs were now required to “take disciplinary action should a manager record 2 consecutive Below Standard control risk assessments or record significant repeat recommendations.” 317 With respect to Mexico, Mr.Thomson noted that although 96% of HBMX electronic records reportedly met regulatory requirements, there was a “high level of exceptions and variance between the paper and electronic records” which would require “a large rectification effort” to meet the regulatory deadline of May 2008. 318311 7/18/2007 email from Ramon Garcia to HBC David Bagley, “Weekly Compliance Report 02JUL-06JUL07,”HSBC OCC 8875925. He also noted that branch offices were not sufficiently familiar with SCC requirements, and criticized the CCC Committee for failing to followup on instructions to close client accounts. Mr. Thurston noted that the CCC Committee was introducing an 312 See July 2007 email exchanges among HBMX Paul Thurston, John Rendall, Ramon Garcia, and others, “[subjectredacted by HSBC], HSBC OCC 8875132-135. 313 Id. at HSBC OCC 8875132.314 Id.315 See 2/4/2008 email from HBMX John Rendall to HBMX Paul Thurston, “[redacted by HSBC],” HSBC OCC8875139. Six months later, in January 2008, Sigue Corporation entered into a deferred prosecution agreement with the U.S. Justice Department, admitting that some of its agents had been laundering drug proceeds. See United States v. Sigue Corp. and Sigue LLC, Case No. 4:08CR54 (USDC EDMO), Deferred Prosecution Agreement Factual Statement (1/28/2008). HBMX’s relationship with Sigue Corporation is discussed further below. 316 See 7/27/2007 Minutes of LAM Regional Audit Committee, HSBC OCC 8875086-090.317 Id. at 2.318 Id.64 escalation process to senior management to resolve disputes over closing accounts. 319 RamonGarcia also reported that automation problems were causing delays in the issuance of Suspicious Activity Reports (SARs), but that interim manual reviews had not detected activity requiring any SARs to be filed. 320 He also described a new pilot project at 94 HBMX branches to centralizemanagement and control of account documentation using electronically imaged documents. CNBV Escalates Concerns. Two months later, in October 2007, the CNBV asked to meet with Paul Thurston, the HSBC Mexico CEO, to express ongoing concerns about HBMX’s compliance and AML efforts. Mr. Thurston summarized the meeting in an email to the HSBC Group CEO Michael Geoghegan. 321 He wrote:“At their request, I met today with the Head of Banking Supervision, and the Supervisor for HSBC, from our regulator, the CNBV, following their on site examination of various aspects of our business, including cards, money laundering, and treasury operations. … They walked me through a presentation pack which firstly set out specific points … but then moved on to more general concerns of the CNBV with HSBC in Mexico. These centered on: – weaknesses in internal controls … slow progress in tackling KYC data problems and anti money laundering procedures. – corporate culture, where they comment that … HSBC has driven growth in credit products and launched new products without adequate controls. … They also expressed concerns at senior management having dual responsibilities for Mexico and the region, stating that ‘there are many concerns on how management will be able to implement strong controls within the bank in Mexico, while keeping an eye on other countries.’ ... I indicated to them we were aware of these issues and were progressively tackling them.” 322His email then outlined the steps he told CNBV that HBMX was taking, including new hires, “customer file centralizing and imaging which would give us more robust KYC data for anti-money laundering,” and working to change the culture of the bank which “would not happen over night.” 323319 Id. Mr. Thurston explained that if compliance and business personnel disagreed over closing an account, thedispute would be escalated to the HBMX COO, and then to the CEO. In addition if a business wanted to close an account, a higher ranking Executive Director would have to make the decision. Subcommittee interview of Paul Thurston (5/1/2012). Mr. Thurston wrote that the CNBV officials told him that was “what they wanted to hear and that they would report back positively” to the head of the CNBV. Mr. Geoghegan 320 Id. at 3.321 10/23/2007 email exchange between HBMX Paul Thurston and HSBC Michael Geoghegan, “CNBV Inspection,”HSBC OCC 8873338-342. 322 Id.323 Id. at HSBC-OC-8873341.65 responded: “This is disturbing and clearly we will need to look at the management structure and practices. … I am copying this to the Group Chairman and Matthew King for their information.” 324In December 2007, the internal audit group for Mexico issued a report that had been ordered earlier on HBMXs AML efforts. 325 It found HBMX’s AML controls to be “BelowStandard” and to pose an overall “high” risk. 326 It detailed multiple problems, including“[r]egulatory breaches in KYC issues such as the large number of incomplete client files and the inadequate process of SCC identification and monitoring across the network.” 327 It noted thatHBMX had a May 2008 deadline for bringing files into compliance with KYC regulations set by the CNBV, and that regulators had been told 86% of client files already met regulatory requirements, while audit work over the past year suggested a much lower percentage, “as low as 46%.” The audit report also noted that the KYC effort was remediating only 1.8 million files involving high risk, excluding another almost 6 million clients “that the Group has in Mexico which are subject to HSBC’s own MLD policies.” 328The 2007 audit report also disclosed SAR filing and alert review backlogs. It noted “4,890 accounts that reported unusual transactions that took place between APR [April] and AUG07,” but which had yet to be reported to Mexican authorities, “thereby breaching the regulations.” 329 It attributed the delay to changed internal criteria for reporting transactions,resulting in an increase in the number of cases to be reported, and “slow decision-making.” 330The report also noted 7,217 alert warnings of which 858 (12%) had not been reviewed at all, “posing a potential risk that criminal transactions may not be identified which may have an adverse reputational effect on the Institution.” 331 The audit report stated that the failure toreview these alerts had been going on for one year due to “insufficient Operations staffing.” The report also criticized “Senior Management” for attending few AML committee meetings, delaying decisions on cancelling accounts, and delaying the imposition of sanctions when cases were not reported to the CNBV on time. 332 The report also noted a lack of “sufficientunderstanding” of the AML IT systems and inadequate AML training as evidenced by the “failures regularly identified in branch audits.” 333 In light of the “number and in many casesseriousness of the weaknesses identified,” the report recommended creating an HBMX Money Laundering Committee to undertake the effort needed to address the widespread AML shortcomings. 324 Id. at HSBC-OC-8873338.325 See 12/2007 “General & Transactional Banking Audit: HBMX – Money Laundering Deterrence,” No. HBMXGAQ 070086, prepared by Group Audit Mexico, HSBC OCC 8874802-810. 326 Id. at HSBC OCC 8874810.327 Id.328 Id.329 Id. at HSBC OCC 8874807.330 Id. at HSBC OCC 8874807, 810.331 Id. at HSBC OCC 8874808.332 Id. at HSBC OCC 8874807.333 Id. at HSBC OCC 8874810.66 Confronted by this long list of AML deficiencies, HSBC Group sent Warren Leaming, HSBC Group Compliance Deputy Head, to Mexico to help determine what should be done. 334CNBV and FIU Dissatisfaction Deepens. As 2007 drew to a close, HSBC Group and HBMX worked to strengthen HBMX’s AML efforts, but CNBV dissatisfaction with the bank seemed to deepen and the list of AML concerns broaden in 2008, encompassing for the first time concerns about HBMX’s participation in bulk cash services. In February 2008, Mr. Thurston, HSBC Mexico CEO, met again with CNBV officials, at their request, along with the Mexican Financial Intelligence Unit (FIU). 335 According to anemail he sent summarizing the meeting, CNBV handed him a draft report detailing multiple compliance concerns. 336 Mr. Thurston wrote:“It is clear in this that our Head of Compliance is not as highly regarded by the CNBV as had been thought by local and Group management, and indeed appears to have misled us about the extent to which the CNBV have been informed of, and/or are satisfied with, our actions.” 337HSBC Group CEO Geoghegan responded: “This is most disturbing and we will need to have the most thorough of investigations.” 338The report provided by the CNBV stated that “[a]s a result of the increase in bank’s operations, there has been an increase in deficiencies in internal control.” 339 It described avariety of problems. With respect to AML issues, the report concluded that “little improvement” in AML controls had occurred since the prior year’s on-site inspection. 340 It noted that, of 110client files reviewed, “55 files (50%) were incomplete,” and 5 files were not provided at all. It noted a “[l]ack of closer supervision to high profile risk clients”; a lack of risk criteria to classify clients during the account opening process; and missing client updates for high risk customers and politically exposed persons. 341334 See, e.g., 12/6/2007 email from HSBC John Root to HSBC Warren Leaming and others, “Warren LeamingHBMX DEC Visit Issues,” HSBC OCC 8875837 (“I am keeping a list of issues that you might want to raise during your December visit to HBMX,” including deteriorating audits of treasury operations, resourcing concerns, “Sinaloa massive money-laundering scheme (+USD 100 million),” “HBMX Trusts backlog,” “Banistmo business in regulatory and tax havens,” and “AML systems integration”). Another deficiency was that the CAMP and HOGAN monitoring systems did not collect transaction profiles for new accounts, as required by law, and 335 See 2/18/2008 email from HBMX Paul Thurston to HSBC Michael Geoghegan, with copies to Richard Bennettand Matthew King, “Confidential – CMBV/FIU Meeting,” HSBC OCC 8873331-333. 336 Id. at HSBC OCC 8873333.337 2/18/2008 draft report entitled, “Internal Control, HBC Mexico, S.A.,” prepared by CNBV, HSBC OCC8966021-026, at 6. [Sealed Exhibit.] 338 2/18/2008 email from HSBC Michael Geoghegan to HBMX Paul Thurston and others, including HSBC GroupChairman Stephen Green, “Confidential – CMBV/FIU Meeting,” HSBC OCC 8873331. 339 2/18/2008 draft report entitled, “Internal Control, HBC Mexico, S.A.,” prepared by CNBV, HSBC OCC8966021-026, at 1. [Sealed Exhibit.] 340 Id. at 2.341 Id. at 3.67 the CCC Committee delayed closing suspicious accounts, citing the example of a $2.8 million account kept open for an entire year after it was supposed to be closed. 342The report also described a number of AML deficiencies identified by the FIU, stating: “Evidence obtained by the Financial Intelligence Unit of Mexico (UIF) on a frequent basis has seriously raised its concern on the very high level of ML risk that HSBC may be incurring.” 343 Itprovided a chart showing that HSBC had much more bulk cash transactions using U.S. dollars than other Mexican banks, and expressed U.S. and Mexican law enforcement concern that the cash represented illegal drug sale proceeds from the United States. 344 The FIU also noted thatHBMX frequently failed to provide requested information, claiming the files or basic account documents could not be located, providing a chart showing HBMX’s response record was worse than other Mexican banks. 345 The FIU also noted that “in the majority of the most relevant MLcases” it had investigated in 2007, “many transactions were carried out through HSBC,” and in some cases, the FIU detected ML transactions that HSBC had not reported. 346 The FIU alsonoted that it had been able to obtain copies of account documents that HBMX had claimed it could not locate. “These last cases may imply criminal responsibility of HSBC and its personnel – such as that relating to false statements to administrative authorities and complicity – that the law enforcement and judicial authorities must investigate.” 347Internal HBMX and HSBC Group documents indicate that senior management immediately began to investigate the allegations. HSBC Group CEO Michael Geoghegan spoke to HSBC Group Chairman Stephen Green, as well as senior HSBC Group and HBMX personnel, and asked David Bagley to lead the review of HBMX Compliance. 348 Mr. Bagley left forMexico immediately for a two-week stay. Mr. Thurston directed the head of Latin American Security to investigate certain allegations, and the head of Latin American internal audit to examine the other CNBV and FIU complaints. 349 Mr. Thurston promised an updated report toMr. Geoghegan prior to an upcoming HSBC Group Board meeting. Three days later, on February 22, 2008, Matthew King composed a draft email as a way to organize the information that should be conveyed to Mr. Geoghegan in a telephone call, and circulated his self-described “brain dump” to Mssrs. Thurston, Bagley, Bennett, and Graham Thomson for their thoughts. 350342 Id.The email indicated that the AML concerns raised by the CNBV were “pretty similar” to issues raised earlier, but the CNBV had “suddenly become more aggressive.” The email speculated on whether that was due to political pressure, FIU concerns, or possibly a separate disagreement with the FIU regarding reimbursing a public utility for a 343 Id. at 5.344 Id.345 Id. at 5-6.346 Id. at 6. Recent examples of such cases included Zhenly Ye Gon, Casa de Cambio Puebla, and SigueCorporation. 347 Id.348 2/19/2008 email from HSBC Michael Geoghegan to Paul Thurston, Richard Bennett, Matthew King, with copiesto Stephen Green and David Bagley, “HBMX – ML Review,” HSBC-PSI-PROD-0198506-507. 349 2/19/2008 email from HBMX Paul Thurston to HSBC Michael Geoghegan and others, “HBMX – ML Review,”HSBC-PSI-PROD-0198505-506. 350 2/22/2008 email from HSBC Matthew King to HBMX Paul Thurston, HBMX Graham Thomson, with copies toHSBC Richard Bennett and HSBC David Bagley, “CNBV,” HSBC-PSI-PROD-0198508-509. 68 fraud. Mr. King also wrote: “It is also the case that Mexico is suffering a major problem with drugs dealers and the Government is being very robust about dealing with them.” The King email then went through the issues. It noted that the December 2007 internal AML audit of HBMX was “Below Standard,” and that the AML Director Leopolodo Barroso would be replaced, “albeit the FIU apparently regard him as trustworthy” so his replacement would have to be “carefully explained.” 351 The email said that the “biggest immediate concern”was account KYC, which had been “a systematic problem for some time.” Among other matters, the email noted that a pilot project to centralize account documentation through electronic imaging was underway, but “Audit is continuing to identify a high level of exceptions for that process also (around 30%).” 352 Mr. King wrote:“Given the concerns now raised by the CNBV and FIU (which apparently includes tapes of a drug lord recommending HBMX as the place to bank) we now have to decide: whether the imaging process can be made to work to everyone’[s] satisfaction[;] how quickly it can be rolled ou[t] across the whole network[; and] in the meantime, whether we can continue to open accounts using the old, flawed process.” 353The email also described account documentation as “a problem since we bought Bital,” and noted that CNBV had again questioned having HBMX personnel handle compliance issues for the Latin American region in addition to Mexico. 354 On “cross-border cash,” the email indicatedthat trends still needed to be clarified, but he thought the United States had “a general concern rather than a specific one about us.” The next day, February 23, 2008, Paul Thurston sent an email to Michael Geoghegan with additional information. He wrote: “Firstly, to answer your question of why is this being raised now? The intelligence that we have been able to gather is that with President Felipe Calderon declaring war on the drugs gangs, crime and corruption the judicial authorities have heightened the focus on financial investigations and have been putting increasing pressure on the bank regulators because the banks have been seen as not providing good enough support. … HSBC has historically, and continues to have, a worse record than the other banks, so we have become a focus of attention. The new Head of the FIU has told us that his staff have told him that HSBC has been the most difficult bank to obtain accurate and timely data from for the past 4 years.” 355351 Id. at 1.352 Id.353 Id. at 1-2. Both David Bagley and Paul Thurston told the Subcommittee that they asked the CNBV for a copy ofthe purported tapes, but none was provided. Subcommittee interviews of David Bagley (5/10/2012) and Paul Thurston (5/1/2012). 354 Id. at 2.355 2/23/2008 email from HBMX Paul Thurston to HSBC Michael Geoghegan, with copies to Stephen Green,Matthew King, Richard Bennet and David Bagley, “CNBV/FIU Update,” HSBC-PSI-PROD-0197872-873. 69 Mr. Thurston wrote that HBMX had taken more corrective action than the regulators were aware of. 356 He acknowledged an account documentation problem which would beaddressed, in part, by a new centralized electronic imaging procedure which was taking effect Mexico-wide that month. In addition, he wrote that “stronger disciplinary procedures” were being put in place for branch managers who signed off on account openings without personally ensuring all documents were obtained. 357 He also noted that HBMX received more than 1,000letters per week from the CNBV asking for account information, and that more resources had to be dedicated to responding to them. Finally, on the bulk cash issue, Mr. Thurston wrote that the United States had a general concern, “not aimed specifically at HSBC,” about the flow of U.S. banknotes from Mexico and the potential linkage to drug related activity.” 358 He wrote that HBMX had undertaken its ownanalysis of the cash flows, and initial indications were that its handling of U.S. dollars “had been slowly declining in recent years, rather than rising.” 359On February 27, 2008, Mr. Bagley conducted an exit interview with the HBMX AML Director Leopoldo R. Barroso, who was being replaced. Mr. Barroso provided a negative view of HBMX AML performance. According to a meeting summary written by Mr. Bagley, Mr. Barroso said that, while in his position, he had felt civil and criminal “litigation exposure” due to “the continued poor controls in the bank, the fact that there were allegations of 60% to 70% of laundered proceeds in Mexico went through HBMX and because he did not think that senior management had any commitment to robust AML controls.” 360 Mr. Barroso indicated that “itwas only a matter of time before the bank faced criminal sanctions and cited a number of cases.” Mr. Bagley wrote: “It was clear that LRB [Leopoldo R. Barroso] felt very strongly that relevant business heads within HBMX had absolutely no respect for AML controls and the risks to which the Group was exposed and had no intention of applying sensible or appropriate approaches. Again he cited a number of examples where despite strong recommendations with the CMP [Compliance] business heads had failed or refused to close accounts or indeed on occasions file SARs. He thought that there was a culture that pursuing profit and targets at all costs and in fact had seen no recent improvement in the standard of controls or the types of decisions being taken. He was critical of the level of resources in his team and felt that his team had done much to keep the bank out of trouble by working extra hours against impossible deadlines and handling significant volumes of alerts including those from CAMP. … [H]e thought he needed at least 35 new headcount.… 356 Id. at 1.357 Id. at 1-2.358 Id. at 2.359 See also 2/27/2008 email exchange between HBMX Paul Thurston and HSBC Michael Geoghegan, “CNBV/FIUUpdate,” HSBC-PSI-PROD-0198510-512. 360 2/27/2008 “Meeting Attendance Note,” prepared by David Bagley, HSBC OCC 8874824-825.70 He was extremely critical of RG [Ramon Garcia] who he described as being indecisive, weak and desperate to retain his job and lacking any understanding of AML matters.” 361Mr. Bagley later forwarded his summary of the meeting to Mr. Thurston who responded that “the jury is still out on Ramon” and a discussion was needed on structuring the Latin American regional and Mexican compliance responsibilities. 362On March 3, 2008, HBMX issued a 12-page response to the internal control issues raised by the CNBV in its draft report of February 27. 363 The response detailed multiple “correctiveactions” being taken by the bank to address each concern. Among the actions discussed were the new centralized process for ensuring account opening documentation was obtained and electronically recorded; a new effort to centralize PEP files, obtain missing documentation, and strengthen annual PEP reviews; new disciplinary procedures for opening accounts with incomplete documentation; the re-engineering and strengthening of the alert reporting process; replacement of the AML director; and strengthening of the AML staff. The response also indicated that management changes had been made to split responsibilities for Mexico from the rest of the Latin American region. On the issue of U.S. banknotes, the response indicated that HBMX U.S. dollar volumes had not increased, but were marginally lower than in 2003. It also announced a new policy, effective immediately, to deem all customers who deposit more than $100,000 in a month as SCC clients subject to enhanced due diligence. The response said that 312 customers met that criteria and were being subjected to a KYC review. Mr. Thurston and Mr. Bagley met with CNBV and FIU officials on March 4, 2008, to deliver the response and discuss the bank’s actions. They reported to Mr. Geoghegan that the meeting was “extremely cordial” and the bank’s corrective efforts were “well received.” 364 AfterMr. Bagley returned to London, he also discussed the matter with the Financial Services Authority (FSA), HSBC’s UK regulator, which had communicated with CNBV. Mr. Bagley reported that “CNBV confirmed that they were satisfied with the reaction and steps we have taken although will watch implementation closely.” 365 In April 2008, at a meeting of the HSBCGroup Board of Directors, Mr. Bagley briefed the HSBC Group Audit Committee about HBMX, indicating that regulators had “expressed their satisfaction with the Group’s reaction.” 366Restoration Project. HBMX spent the next six months working to carry out the corrective actions outlined in its March response to CNBV. HBMX also underwent personnel changes. In May 2008, Paul Thurston was promoted and returned to London, having spent a little more than one year in Mexico. Luis Pena Kegel took over as HSBC Mexico CEO and head of HBMX. Emilson Alonso was appointed head of HSBC Latin America, carrying out the 361 Id.362 3/7/2008 email exchange among HSBC David Bagley and HBMX Paul Thurston and John Rendall, “HBMX,”HSBC OCC 8874821-822. 363 3/3/2008 “Internal Control, HSBC Mexico SA,” prepared by HBMX, HSBC OCC 8966027-038.364 3/5/2008 email from HSBC David Bagley to HSBC Michael Geoghegan and others, “CNBV/FIU Meeting,”HSBC-PSI-PROD-0198513. 365 3/15/2008 email from HSBC David Bagley to HBMX Paul Thurston and others, “CNBV,” HSBC OCC 8875171.366 4/25/2008 Board of Directors minutes for HSBC Holdings plc, HSBC-PSI-PROD-0198539-540.71 commitment made to CNBV to split the two sets of responsibilities. In the summer of 2008, a new HBMX AML director was also hired, Jaime Saenz. 367One key AML activity undertaken by the bank was to work on bringing the KYC documentation for existing accounts into compliance with CNBV requirements, an effort HBMX deemed “Projecto Restauracion” or the Restoration Project. HBMX was supposed to have completed the KYC effort by May 2008, after having obtained a one-year extension, but was far behind schedule. HBMX appointed John Rendall, HBMX COO, to oversee the new project. One step he took was to limit the project to high risk accounts. 368 He also assembled a team andbegan pressing branch personnel to complete their KYC updates. John Root, HSBC Group Compliance head for Latin America, attended a meeting of the Restoration Project team during a visit to Mexico in July, and was “very impressed” by the progress to date. 369Also in July 2008, Mr. Rendall provided a progress report to the Latin American regional audit committee on a number of AML and compliance efforts, outlining “9 workstreams.” He described several milestones, including implementing the centralized account opening process for all HBMX branches, initiating the KYC Restoration Project “focused on high risk accounts,” achieving a “90% reduction (from 34,700 to 3,300)” in the 2008 CAMP alert backlog, requiring enhanced KYC for customers with over $100,000 in U.S. dollar deposits, and improving FIU response procedures. 370On a more negative note in July, HBMX’s internal monitoring system generated a number of alerts identifying “significant USD [U.S. dollar] remittances being made by a number of customers to a US company alleged to have been involved in the supply of aircraft to drugs cartels.” 371 The alerts highlighted account activity in the HBMX Cayman branch.372 As a“precaution” pending review of the account activity, HBMX stopped opening new Cayman accounts. 373 The account activity also prompted HSBC Group to take a closer look at theCayman accounts. 374 HSBC Group Compliance head David Bagley wrote that the Caymanaccounts should be included in the Restoration Project “as a priority area,” and should “be seen as high-risk from an AML and reputational perspective.” 375In September 2008, HBMX’s internal audit group reviewed the Restoration Project and quickly identified multiple, growing problems. In an email describing the audit findings, Graham Thomson, head of the Latin American internal audit group, wrote: 367 See 7/30/2008 email from HSBC John Root to HSBC David Bagley and others, “HBMX Visit Update,” HSBCOCC 8873487-489. 368 See 6/7/2010 email from HBUS Paul Lawrence to HSBC Michael Geoghegan, “Mexico Banknotes/High-levelTimeline,” HSBC-PSI-PROD-0198514-516. 369 Id.370 See 6/7/2010 email from HBUS Paul Lawrence to HSBC Michael Geoghegan, “Mexico Banknotes/High-levelTimeline,” HSBC-PSI-PROD-0198514-516. 371 7/31/2008 email from HSBC David Bagley to HSBC Richard Bennett with copies to HSBC Michael Geogheganandothers, “HBMX – Cayman Accounts,” HSBC OCC 8874832-833. 372 Id.373 Id.374 Id.375 Id.72 “The key issues … include slow progress with remediating PEPs/SCCs and other high risk customers, with some 40% of the KYC records of PEPs/SCC customer segment … not yet remediated. These accounts are now in the process of closure by HBMX Legal. … [C]hecks done by CMP [Compliance] on visit reports … continue to reveal an unacceptable level of ‘manufactured’ visit reports.” 376Mr. Alonso, head of HSBC Latin America responded that the audit results were “disappointing” and “not what I was assured by HMBX management.” 377The audit report found that the Restoration Project had “major weaknesses … that could potentially hinder regulatory compliance and the achievement of the project’s overall goals.” 378It said that resources dedicated to the project “appeared insufficient to deliver the quality and timeliness required,” and clients engaged in high risk businesses “had not been identified for inclusion” in the project. 379 It noted that visit reports were incomplete and, in some cases,“created without visits being made.” 380 The audit report also stated:“The impact of account cancellation on the business, customers and costs should be analysed against the risks that have been mitigated and accepted, as this will allow having adequate balance between control and business, particularly where cancellations may be attributable to internal errors rather than to the customers.” 381This recommendation appears to suggest that some high risk accounts not be closed, even where the bank was unable to review the account by the regulatory deadline and KYC deficiencies might exist. Mr. Thomson’s email indicated, however, that unremediated files for PEP and SCC clients subject to the Restoration Project were already in the process of being closed. 382 In addition, Mr. Rendall reported to the Latin American regional audit committee that“7,941 KYC files for high risk customers had been reviewed & updated, or scheduled for closure.” 383 Mr. Rendall also reported that in the second phase of the project, “47,000 accountswith various risk flags” were being reviewed, with plans for a third phase to examine “83,000 accounts with historic CAMP alert profiles.” These figures were well below, however, the 1.8 million in high risk accounts that were supposed to be reviewed to ensure KYC documentation met CNBV requirements. November Meeting with CNBV. On November 26, 2008, a high level meeting took place between HSBC and CNBV. Michael Geoghegan, HSBC Group CEO, traveled to Mexico 376 10/28/2008 email from HBMX Graham Thomson to HBMX Emilson Alonso, Luis Pena, John Rendall andothers, “HBMX – Projecto Restauracion,” HSBC OCC 8873464-465. 377 10/28/2008 email from HBMX Emilson Alonso to HBMX Graham Thomson and others, “HBMX – ProjectoRestauracion,” HSBC OCC 8873463. 378 Nov. 2008 “Branch Audit Report: HBMX Special Review of Restoration Project,” prepared by HBMX GroupInternal Audit, HSBC OCC 8876417-424, at the Audit Report Summary Schedule, HSBC OCC 8876424. 379 Id.380 Id.381 Id. at HSBC OCC 8876419.382 10/28/2008 email from HBMX Graham Thomson to HBMX Emilson Alonso, Luis Pena, John Rendall andothers, “HBMX – Projecto Restauracion,” HSBC OCC 8873464-465. 383 6/7/2010 email from HSBC Paul Lawrence to HSBC Michael Geoghegan, “Mexico Banknotes/High-levelTimeline,” HSBC-PSI-PROD-0198514-516. 73 to attend. Along with Emilson Alonso, head of HSBC Latin America, and Luis Pena, head of HSBC Mexico, Mr. Geoghegan met with the President of CNBV, Guillermo Babtz; the head of CNBV bank supervision, Patricio Bustamante; and the head of CNBV AML oversight, Pablo Gomez. 384 The focus of the meeting was expected to be the actions taken by HBMX to addressthe CNBV concerns identified in February 2008. According to an email prepared by the Deputy Head of HSBC Group Compliance, Warren Leaming, who had accompanied Mr. Geoghegan to Mexico and remained there for several days, 385 the CNBV officials acknowledged the “significant progress” made by the bank,but remained “very concern[ed]” about the U.S. dollar accounts at HBMX’s Cayman branch, the slow KYC review of those accounts, and the “sheer volume of US Dollars that HBMX repatriates” to the United States. 386 The email noted that, between January and September 2008,HBMX had repatriated $3 billion to the United States, which represented 36% of the market and double what the biggest bank in Mexico, Banamax, had repatriated, even though HBMX was only the fifth largest bank in the country. 387 According to the email, CNBV officials were also“concerned that when-ever there is a serious MLD [Money Laundering Deterrence] scheme HSBC seems to be involved” and that “USA authorities are concerned at the very high levels.” 388Mr. Geoghegan told the Subcommittee that his meeting with the Mexican regulators did not go as he had expected, he told the CNBV that HBMX would address the issues raised, and he immediately took action to ensure that happened. 389Stopping U.S. Dollar Services. After the meeting, Mr. Alonso sent an email to Mr. Pena asking him to examine the “export of cash USD to the USA,” including the volumes of U.S. dollars being exported, the types of clientele using the HBMX branch network to make U.S. dollar deposits for remittance to the United States, and the branches involved in more frequent deposits or higher volumes. 390 He also called for the “[i]mmediate elimination of this kind ofservice in our branches. Corporate clients that require such service should be approved by you on a very exceptional basis.” 391Later that same night, Mr. Geoghegan sent an email to Mr. Alonso stating: “It occurs to me: We should stop any Dollar remittances or accept any Dollar payments unless they are done via a customer’s account. We should stop shipping Dollars.” 392384 See 11/27/2008 email from HSBC Warren Leaming to HSBC David Bagley and Richard Bennett, “Mexico,”HSBC OCC 8875605-607. He also wrote: “We should bench mark HBMX CAMP and other search engine systems with HBUS (they have some very 385 See 12/8/2008 email from HSBC Warren Leaming to HBMX Ramon Garcia and John Rendall, “Mexico Visit,”HSBC-PSI-PROD-0197874 (indicating Mr. Leaming visited HBMX from Nov. 25 to Nov. 28). 386 11/27/2008 email from HSBC Warren Leaming to HSBC David Bagley and Richard Bennett, “Mexico,” HSBCOCC 8875606. 387 Id.388 Id.389 Subcommittee interview of Michael Geoghegan (5/24/2012).390 11/26/2008 email from HBMX Emilson Alonso to HBMX Luis Pena, with copies to HSBC Michael Geogheganand others, “Visit to CNBV – Findings and Required Actions,” HSBC OCC 8874846-847. 391 Id.392 11/26/2008 email from HSBC Michael Geoghegan to HBMX Emilson Alonso, “Money Launderying,” HSBCOCC 8874849-850. Mr. Geoghegan told the Subcommittee that he made a unilateral decision to stop these U.S. dollar services. Subcommittee interview of Michael Geoghegan (5/24/2012). 74 sensitive behavior monitors) and see whether we are finding as many suspicious transactions as we should be.” Mr. Alonso forwarded the email to Mr. Pena, who responded the next day: “The two immediate actions we are taking are: Starting December 1. We will no longer buy or sell dollars in cash at ANY branch (customers or non customers). We will, as an alternative, offer travelers cheques to customers only. Also customers can withdraw dollars at HSBC ATMs located at airports or from any ATM in the world with their debit card. Starting January 1. We will no longer accept deposits of cash dollars to any dollar account at any branch. We are quantifying the impact of lost revenues. On the flipside, we will save the operating cost of transporting and exporting dollar bills. This should take care of the problem.” 393Mr. Pena also proposed continuing indefinitely the freeze on opening new U.S. dollar accounts through HBMX’s Cayman branch, and prohibiting the acceptance of new cash deposits for the existing Cayman accounts. 394 HSBC Group Compliance Deputy Head Warren Leamingnoted in an email to his supervisor, David Bagley, that when Mr. Pena commented that the actions being taken “could result in lost profits of many billions Mike[‘]s clear response [was] that nothing is worth risk to our reputation.” 395 Mr. Leaming also wrote that the proposedactions were “considered extremely sensitive here in Mexico and local management want to get their ducks in a row … so it will be much appreciated if the above could not be … disseminated without discussing further.” Account Closing Backlog. Mr. Leaming also noted that “there appears to be a huge back-log in closing accounts,” with customers continuing to use accounts in November that had been ordered closed eight months earlier in March. He wrote that those accounts, which were still being used by customers, may be “part of the reasons for multiple SARs” being filed for some accounts, potentially putting HBMX in breach of HSBC policy on account closure after multiple SARs. 396Mr. Bagley responded: “What I find most frustrating is the way in which new issues constantly emerge however much time is spent with HBMX.” 397 He continued: “The practice ofchanging USD in the branches pres[u]mably with little or no ID for non customers is in breach of Group policy. When looking at our USD exposure how can this have been missed.” He also asked Mr. Leaming to consider challenging the involvement of the Legal Department in the account closing process so that it could proceed more quickly. 393 11/27/2008 email from HBMX Luis Pena to HBMX Emilson Alonso, copy to HSBC Michael Geoghegan,“Money Launderying,” HSBC OCC 8874849. 394 11/27/2008 email from HSBC Warren Leaming to HSBC David Bagley and Richard Bennett, “Mexico,” HSBCOCC 8875605-607. 395 Id.396 Id.397 11/27/email from HSBC David Bagley to HSBC Warren Leaming and Richard Bennett, “Mexico,” HSBC OCC8875605. 75 The next day, November 28, 2008, Mr. Geoghegan sent an email to top HBMX and HSBC Group Compliance officials stating that it should be made clear to all HBMX personnel “that if there are persistent breaches of KYC in a particular branch, the branch will be closed and all staff dismissed regardless of how much business we will lose on account of it.” 398 He alsorequired HBMX’s compensation scorecard to include implementing the CAMP monitoring system to the maximum extent possible and closing accounts with two or more SARs. He wrote: “[I]f you demonstrate zero tolerance of lapses in implementing KYC then the operations standards of the whole business improves at the same time. What we are doing in Mexico needs to be copied everywhere else in the region.” 399AML Shock Plan. Mr. Pena responded that in January 2009, he was planning to close two branches and fire all staff “as exemplary measures” and was working to identify the branches. 400 This measure was later referred to as the “AML Shock Plan.”401 Mr. Pena alsowrote: “Last but not least, I will address the issue of funding. After all, Cayman and Mexican dollar accounts provide us with US$2.6 billion of cheap funding. We are likely to lose a big portion of this if we tell customers we no longer receive dollar notes. We have to provide an alternative to our customers for this: Miami accounts may be an alternative but we will have to talk to HBUS of how we get this ch[eap] funding back to Mexico to lend.” 402In December 2008, at the conclusion of his latest visit to Mexico, Mr. Leaming drafted a letter to Mr. Pena summarizing a number of AML issues and sought input from other HBMX officials before finalizing it. 403398 11/28/2008 email from HSBC Michael Geoghegan to HBMX Emilson Alonso with copies to HSBC DavidBagley, HBMX Luis Pena, and others, “Final draft for Mike’s Letter,” HSBC OCC 8874857. His draft letter discussed the late filing of SARs, the backlog in closing accounts, the failure to close accounts after two SAR filings, slow and weak decisions by the CCC Committee, the need to clarify transaction limits, and the need for further refinement of the CAMP alert system. He noted that the account closing backlog consisted of over 3,600 accounts, of which 675 involved suspicion of money laundering and had been ordered closed by the CNBV, yet were still open. He also noted that 16 of the accounts remaining open had been ordered closed in 2005, 130 in 2006, 172 in 2007, and 309 in 2008. He wrote that he’d been advised that the law did not permit the accounts to be blocked pending closure, which meant account activity was continuing. To speed up closures, he advised that his research had indicated the Legal Department did not have to participate and clients could be notified of the account closing by certified mail. Mr. Leaming also noted that 3,000 Cayman accounts had been proposed for closure which would further stress the process. In addition, he warned that the switch from U.S. dollar deposits to travelers cheques could also raise AML concerns, advised lowering the $25,000 ceiling on the amount of travelers cheques that could be purchased by a 399 Id.400 11/28/2008 email from HBMX Luis Pena to HBMX Emilson Alonso who forwarded it to HSBC MichaelGeoghegan, David Bagley, and Matthew King, “Final draft for Mike’s Letter,” HSBC OCC 8874856. 401 12/8/2008 email from HSBC Warren Leaming to HBMX Ramon Garcia and John Rendall with copies to HSBCDavid Bagley, John Root, Susan Wright, and others, “Mexico Visit,” HSBC-PSI-PROD-0197874-876. 402 Id.403 Id.76 customer, and creating a new limit on the amount of travelers cheques that could be deposited at one time to a client account. He recommended setting dollar limits on cashiers cheques as well. Later in December, HBMX prepared to implement the new AML policies and procedures and close suspicious accounts. 404 December 22 and 24 were set as the dates to close four HBMXbranches “as disciplinary actions,” with another 10 to 20 branches that, in January, would have all staff dismissed. 405 January 1, 2009 was set as the date to stop buying or selling U.S. dollars atHMBX branches. 406 It was also the date set for closing all accounts opened by casas de cambios.January 31 was set as the date to complete the Restoration Project and begin closing accounts that had incomplete documentation or were subject to at least two SAR filings. 407On December 22, 2008, an HBMX employee alerted the HBUS regional head of Banknotes, Gyanen Kumar to the HBMX’s plan to stop buying and selling U.S. dollars in the new year. 408 Mr. Kumar forwarded it to the Banknotes head Christopher Lok with the comment:“I have not been told anything firm as to why this decision is being taken as much as it is a drastic change. My instincts tell me that perhaps this has something to do with compliance.” 409HBMX apparently did not explain, leaving HBUS uninformed about the compliance and regulatory pressures and AML risks behind HBMX’s decision to end its U.S. dollar business. Law Enforcement and Regulators Converge. In January 2009, HBMX began implementing the planned AML changes. It stopped buying and selling U.S. dollars and began closing accounts held by casas de cambio. 410That same month, U.S. regulators began contacting HBUS to get clarification about HBMX’s decision to stop buying and selling U.S. dollars. 411 When asked, HBMX told HBUSthe decision had been based primarily on cost considerations, without mentioning the compliance and AML concerns that led to the decision. 412404 See 12/15/2008 email exchange among HBMX Ramon Garcia and HSBC Warren Leaming, Susan Wright, JohnRoot, David Bagley, and others, “Anti Money Laundering: Shock plan – Update 081215,” HSBC OCC 8875786- 790; 12/23/2008 email from HSBC Warren Leaming to HBMX Caterine Bussery, with copies to HSBC David Bagley, John Root, and Richard Bennet, “Anti Money Laundering: Shock plan – Update 081215,” HSBC OCC 8873474-476; 1/27/2009 email from HSBC David Bagley to HSBC Susant Wright with copy to Warren Leaming, “Press Release,” HSBC OCC 8873485. The regional head of HBUS’ Banknotes 405 12/15/2008 email exchanges among Ramon Garcia to HSBC Warren Leaming, Susan Wright, John Root, DavidBagley, and others, “Anti Money Laundering: Shock plan – Update 081215,” at HSBC OCC 8875786. 406 Id.407 Id. at HSBC OCC 8875786-787. Mr. Leaming expressed skepticism that the proposed closures could becompleted by the January 31 deadline. Id. 408 See 12/22/2008 email from HBMX Mario Langarica to HBUS Gyanen Kumar and others, “USD cash inMexico,” HSBC-PSI-PROD-0095869-870. 409 12/23/2008 email from HBUS Gyanen Kumar to HBUS Denis O’Brien and Christopher Lok, “USD cash inMexico,” HSBC-PSI-PROD-0095869. 410 An email suggests, however, that HBMX had decided to continue to offer U.S. banknotes products to severallarge reputable Mexican banks, Banamex, Banorte and Ixe, in effect making its first exceptions to the new policy. See 12/22/2008 email from HBMX Mario Langarica to HBUS Gyanen Kumar and others, “USD cash in Mexico,” HSBC-PSI-PROD-0095869-870. 411 See January 2008 email exchanges among HBUS Christopher Davies, Christopher Lok, Michael Gallagher, PaulLawrence, Gyanen Kumar, and others, “HBMX Banknotes business,” HSBC OCC 3633806-812. 412 Id. at HSBC OCC 3633810.77 department, Gyanen Kumar, who was traveling to Mexico the next week, was asked by his colleagues to get more information. 413 On January 13, HBMX sent HBUS a copy of its internalpress release describing its decision. 414 Based upon HBMX’s actions, HBUS decided to closebanknotes accounts used by two Mexican clients, but to retain accounts with the same clients in the Payments and Cash Management (PCM) division. 415 Closing the banknotes accounts meantthat the Mexican clients could no longer make bulk cash sales of their U.S. dollars to HBUS, but the continued operation of their PCM accounts meant that both Mexican clients could still deposit U.S. dollars, execute U.S. dollar transactions, exchange U.S. dollars for Mexican pesos, and access the U.S. wire transfer system. Around the same time, the Immigration and Customs Enforcement (ICE) arm of the U.S. Department of Homeland Security (DHS) held a meeting with HBUS in New York, and informed it that ICE was conducting an investigation of a particular Mexican casa de cambio that had accounts at both HBUS and HBMX. 416 HBUS apparently did not relay that information toHBMX. Six months later, in June 2009, HSBC Group increased its risk assessment for its Latin American operations to its highest risk rating. 417 When Emilson Alonso, HSBC Latin Americahead, protested, HSBC Group Compliance head David Bagley explained: “I fully acknowledge the level of priority and focus that you and the team have given to these issues and the progress that has been made particularly in Mexico and have taken all of this into account. … The basis for the rating is however: The inherent AML risk in Mexico is still very high and [t]here are not many other parts of the Group that have what is effectively a drugs war being conducted on the streets and also have the risk posed by potential sting and other operations by the US authorities. We have of course remediated our high risk accounts, but the historic weak account opening processes mean that we have overall lower levels of KYC across the customer base as a whole.” 418A week or so later, HBUS suddenly reclassified Mexico from its lowest to its highest risk rating. HBMX personnel in Mexico protested, but HBUS did not change its rating. One consequence was that its Mexican clients were automatically deemed to be located in a high risk country, triggering enhanced scrutiny. 413 Id. at HSBC OCC 3633811.414 Id at HSBC OCC 3633809.415 Id. at HSBC OCC 3633811, 807.416 Id at HSBC OCC 3633806. HSBC Group Compliance head David Bagley remarked near the end of January:“An obvious learning point for HBMX is that if they were contacted by US authorities then they should have thought to advise HBUS. They can go round the web, not just through the middle of the web. 1/30/2009 email from HSBC David Bagley to HSBC Susan Wright, “US issues – Various,” HSBC OCC 8873759. 417 See 6/9/2009 email from HSBC David Bagley to HBMX Emilson Alonso, copies to HSBC Michael Geogheganand others, “GMO Business reviews – LATAM,” HSBC OCC 8874895. 418 Id.78 Later in June 2009, ICE contacted HBMX about its investigation into a particular Mexican casa de cambio that had an account at the bank. 419 A few days later, ICE contactedHBUS’ primary U.S. regulator, the OCC, and alerted the OCC to its investigation. 420 As a result,the OCC began intensifying its regulatory scrutiny of HBUS, in particular with respect to its U.S. banknotes business, which U.S. regulators later said had increased as HBMX’s decreased. 421In the meantime, AML deficiencies continued to surface at HBMX. For example, in June 2010, HBMX noted that “certain transaction types were not being captured” by its AML account monitoring system, CAMP, and “therefore were not being monitored.” 422 HBMX also noted thatthe CAMP software had not been updated “since its installation in 2005.” In September 2010, the OCC issued a Supervisory Letter detailing massive AML deficiencies at HBUS, derived in part from its dealings with Mexico. The OCC followed with a cease and desist order in October. Eight Years of HBMX AML Deficiencies. HBMX and HSBC Group internal documents demonstrate that HBMX’s AML deficiencies were longstanding and widespread. Audit after audit detailed long lists of problems, including inadequate compliance resources, missing KYC information, manufactured site visits, inadequate account monitoring, unread alerts, poor training on the monitoring system and assigning SCC designations, internal disputes over closing accounts with suspicious activity, accounts left open despite multiple SARs and orders by regulators to close them, a SAR filing backlog, and an account closure backlog that spanned three years. AML leadership at HBMX was also weak. One AML director was dismissed for manufacturing notes of AML committee meetings that never took place; another was dismissed for inadequate performance; several long periods went by without any AML director in place at all. Even AML projects with resources and high level backing were unsuccessful, such as the Restoration Project which reported in 2008, that 75% of high risk client files still had inadequate KYC documentation. The evidence obtained by the Subcommittee shows that HSBC Group was fully aware of the years-long, substantial AML and compliance problems at HBMX, originating with the bank’s purchase in 2002. The evidence also indicates that HSBC Group executives and compliance personnel worked to build a compliance culture, but repeatedly faced a workforce in Mexico that disregarded the Group’s AML policies and procedures, delayed obtaining required KYC data, delayed closing suspect accounts, and delayed reporting suspicious activity to regulators. In 2009, under pressure from regulators, HSBC Group took drastic measures, including prohibiting HBMX branches from buying or selling U.S. dollars, shuttering entire branches with checkered histories, and scheduling for closure thousands of accounts with incomplete KYC 419 See 6/28-29/2009 summary of telephone conversations, prepared by OCC Joseph Boss, OCC-PSI-00928759-761.420 Id.421 Paul Thurston told the Subcommittee that, in retrospect, while HBMX’s banknotes business appeared to bedeclining, HBUS’ banknotes business with Mexico had been increasing at the same time, due to its banknotes business with HBMX and former clients of HBMX. Subcommittee interview of Paul Thurston (5/1/2012). 422 See 6/18/2010 email from HBUS Michael Anderson to HBMX Ken Harvey, with copy to Andrew Zissell,“RMM action point,” HSBC OCC 8875492-493 (attaching Compliance Report on Mexico, numbered 53.2.1). 79 documentation. Even with those actions, HSBC Group acknowledged internally that HBMX continued to pose a high risk of money laundering to the Group. 423The evidence also indicates that while HSBC Group was fully informed about HBMX’s AML and compliance deficiencies, little of that information was conveyed to HBUS, despite HBMX’ extensive correspondent relationship with HBUS. When asked about the lack of communication, HBMX CEO Paul Thurston indicated that he reported HBMX’s AML problems to HSBC Group and believed Group would communicate necessary information to HBUS. 424HSBC Group CEO Michael Geoghegan told the Subcommittee that HBMX problems were discussed at HSBC Group Management Business (GMB) meetings, which HBUS CEO Brendan McDonagh attended, so he thought HBUS was aware of the problems. 425 HSBC GroupCompliance head David Bagley told the Subcommittee that Group Compliance could have informed HBUS Compliance about the problems at HBMX, but “we did not think of it.” 426Instead, he reported the information to HSBC Group’s senior management. Several senior HBUS executives told the Subcommittee that the bank was not informed of the extent of AML problems at HBMX. The result was, at the same time HBUS was handling hundreds of billions of dollars in cash transactions for HBMX, processing U.S. dollar wire transfers, clearing U.S. dollar travelers cheques, and opening U.S. dollar accounts for HBMX clients, HBUS was left in the dark by its own colleagues about the extensive AML and compliance problems at HBMX. In addition, in conformance with HSBC Group policy and practice, HBUS conducted no due diligence assessment of HBMX, did not evaluate its riskiness, did not review its audit findings, and did not monitor its wire transfers, cash letter activity, or banknotes transactions for suspicious activity. HBUS had rendered itself blind to the fact that it was servicing a high risk financial institution. D. HBMX High Risk Clients HBMX made extensive use of its correspondent relationship with HBUS. From its acquisition in 2002, HMBX worked with HBUS’s Payments and Cash Management (PCM) division and, until 2010, with HBUS’ Global Banknotes division, both headquartered in New York. HBMX used its correspondent and banknotes accounts to process U.S. dollar wire transfers, clear U.S. dollar monetary instruments like travelers cheques, and deposit bulk cash shipments of U.S. dollars on behalf of itself and its clients. Three examples of HBMX high risk clients help illustrate how HBMX’s AML deficiencies also created risk for HBUS. They include high risk Mexican and U.S. money service businesses, clients using offshore U.S. dollar accounts in the Cayman Islands, and purchasers of millions of dollars in U.S. dollar travelers cheques. (1) High Risk Money Service Businesses Mexican casas de cambio (CDCs) are money service businesses licensed by the Mexican Treasury Department (SHCP), through the CNBV, to exchange foreign currencies for a fee. In 423 See, e.g., 6/9/2009 email from HSBC David Bagley to HBMX Emilson Alonso, copies to HSBC MichaelGeoghegan and others, “GMO Business reviews – LATAM,” HSBC OCC 8874895. 424 Subcommittee interview of Paul Thurston (5/1/2012).425 Subcommittee interview of Michael Geoghegan (5/24/2012).426 Subcommittee interview of David Bagley (5/10/2012).80 Mexico, CDCs are not licensed as banks and do not hold deposits, maintain checking or savings accounts, or provide other banking services. 427 Instead, CDCs are typically limited to acceptingcurrency from a customer, exchanging it for another currency, and then either handing it over to the customer or wiring it to a financial institution in another country, such as the United States. 428In the United States, some money service businesses perform similar cross-border services, enabling individuals in the United States to wire U.S. dollars to Mexico, where the dollars may be converted into Mexican pesos and paid out to a designated recipient. Those U.S. money service businesses are sometimes referred to as money remitters. Both Mexican CDCs and U.S. money service businesses often perform their services for walk-in customers, although they may also have established customers who use their services on a regular basis. In both Mexico 429 and the United States, 430 CDCs and money service businesses are legally required toestablish AML programs to safeguard against laundering criminal proceeds. (a) Casa de Cambio Puebla Until 2007, Casa de Cambio Puebla (Puebla) was a licensed casa de cambio, founded in 1985, with branch offices throughout Mexico. 431 On May 16, 2007, the United States obtained awarrant from a federal court in Florida and froze or seized all Puebla funds on deposit with Wachovia Bank in Miami, as well as with Wachovia Bank in London, affecting funds totaling over $11 million. 432 In July 2007, Puebla filed a civil complaint seeking the release of thosefunds. 433 In 2008, the United States indicted Puebla, two of its officers,434 and two otherindividuals on drug smuggling and money laundering charges. 435 In 2009, one of the defendantswas arrested and, in 2010, pled guilty to conspiracy to launder money, 436 and was sentenced to14 months in prison, while the other defendants, including Puebla, were placed on fugitive status. 437 In addition, in 2010, Wachovia Bank entered into a deferred prosecution agreementwith the U.S. Department of Justice for having failed to maintain an effective anti-money laundering program 438427 See United States v. Wachovia Bank N.A., Case No. 10-20165-CR-Lenard (USDC SDFL), Factual Statement,Exhibit A to Deferred Prosecution Agreement (3/16/2010), at ¶ 12. in connection with its casa de cambio business, including with respect to 428 See United States v. Wachovia Bank N.A., Case No. 10-20165-CR-Lenard (USDC SDFL), Factual Statement,Exhibit A to Deferred Prosecution Agreement (3/16/2010), at ¶ 11. 429 See Article 95 bis of the General Law of Auxiliary Credit Organizations.430 See 31 USC § 5318(h)(1) and § 5312(J) and (R).431 Casa de Cambio Puebla, S.A. v. United States, Case No. 10-20165 (USDC SDFL), Petition for Return of SeizedFunds (7/12/2007)(hereinafter “Puebla Petition”), at 4. 432 Puebla Petition, at 2-3.433 Id.434 See id. at 19.435 See United States v. Casa de Cambio Puebla, S.A., Jose A. Gutierrez de Velasco Hoyos, Amador CorderoVasquez, Pedro Alfonso Alatorre Damy, a/k/a “Pedro Barraza Uruguastegui,” and Leonardo Vasquez Estrada, Case No. 08-20097-CR-Graham (USDC SDFL), Indictment (2/1/2008, unsealed 11/4/2009). 436 Id., Plea Agreement (7/9/2010) at ¶ 1.437 See id., docket entries 12, 34, 38-42.438 United States v. Wachovia Bank N.A., Case No. 10-20165-CR-Lenard (USDC SDFL), Deferred ProsecutionAgreement (3/16/2010), at ¶ 3. 81 Puebla. 439 Those legal proceedings, which involved a major Mexican CDC and major U.S.bank, received widespread attention. 440Puebla was a longtime customer of HBMX, having first begun a relationship with HBMX’s predecessor, Bital, in the 1980s. 441 In 2004, Puebla also opened a U.S. banknotesaccount with HBUS. 442 By 2007, Puebla had several accounts at HBMX, as well as anoutstanding loan. 443 After the United States seized the company’s funds at Wachovia Bank inMay 2007, HBUS suspended the Puebla account two weeks later and closed the account in June 2007. 444 HBMX did not actually close the account until November 2007, and then only after theMexican Attorney General served an order on the bank seizing Puebla funds. Puebla at HBMX. At the time of the May 2007 seizure of more than $11 million in Puebla funds at Wachovia Bank, HBMX was already reeling from another money laundering scandal involving a March 2007 seizure of cash, weapons, and wire transfer records from the Mexican residence of longtime customer, Zhenly Ye Gon and his pharmaceutical companies, Unimed Pharm Chem, Constructora e Inmobiliaria Federal, and Unimed Pharmaceutical. 445 Thatseizure had triggered an intensive review by senior HBMX officials of the Ye Gon-related accounts as well as HBMX’s overall AML program. The Puebla case added another high profile problem for HBMX, not least because Puebla also handled Ye Gon funds. 446In late May 2007, HBUS learned of the seizure of Puebla funds at Wachovia Bank, and quickly suspended activity in the Puebla correspondent account at HBUS. 447439 Id., Factual Statement, Exhibit A to Deferred Prosecution Agreement (3/16/2010), at ¶ 11.It is not clear when HBMX first learned of the seizure, but by early June, both banks were considering whether to close their Puebla accounts. On June 5, 2007, Leopoldo Barroso, HBMX’s AML head, received 440 See, e.g., “U.S. freezes Mexico exchange bureau accounts for money laundering,” EFE News Services Inc.(6/9/2007); see also “Wachovia is under Scrutiny in Latin Drug-Money Probe,” Wall Street Journal, Evan Perez and Glen R. Simpson, April 26, 2008. In addition, the U.S. State Department discussed the Puebla case in its 2009 International Narcotics Control Strategy Report. See 2009 International Narcotics Control Strategy Report, U.S. Department of State at 356-357. 441 See, e.g., July 2007 email exchanges among HBMX Paul Thurston, John Rendall, Ramon Garcia, and others,“[subject redacted by HSBC], HSBC OCC 8875132-135. 442 See 6/5/2007 email from HBUS Daniel Jack to HBMX Leopoldo Barroso, “HSBC in Mexico – AMLCompliance & Casa de Cambio,” HSBC-PSI-PROD-0095913. 443 See 5/1/2008 memorandum [carrying incorrect date of 5/1/2007] from HBUS Judy Stoldt and Gloria Stazza toHBUS Denise Reilly, “Wall Street Journal Article Regarding Wachovia,” OCC-PSI-01358515. 444 See 12/20/2007 HBUS Compliance Certificate, OCC-PSI-00148844, at 5.445 See In re Zhenly Ye Gon, Case No. 1:07-cr-00181-EGS (USDC DC), Complaint for Arrest with a View TowardsExtradition (9/15/2008) (hereinafter “Ye Gon Extradition Complaint”), at 13; “Mexican Fugitive and Co- Conspirator Arrested on U.S. Drug, Money Laundering Charges,” U.S. Drug Enforcement Administration press release (7/24/2007), http://www.justice.gov/dea/pubs/states/newsrel/wdo072407.html. 446 See 10/13/2007 “Reportan ruta de Ye Gon para ‘blanquear’ dinero” (“Ye Gon reported path to ‘launder’money”), El Universal, Francisco Gómez, www.eluniversal.com.mx (reporting that the Mexican agency SHCP had determined that, from 2003 to 2006, Mr. Ye Gon and his companies had moved $90 million through four major Mexican banks and multiple casas de cambio, including HBMX and Puebla), cited in 7/18/2008 Report of Findings (Update) for Consultoria Inernacional Banco, prepared by HBUS Financial Intelligence Unit, OCC-PSI-00247712. 447 See 5/31/2001 email from HBUS Alan Ketley to HBUS Gyanen Kumar and others, “With immediate effect weare suspending all activity with the subject client,” HSBC PSI PROD 0095908-910; 6/6/2007 email from HBUS Daniel Jack to HBUS Alan Ketley, Re: HSBC in Mexico – AML Compliance and Casa de Cambio, HSBC-PSIPROD- 0095912. 82 an email from a senior AML Compliance officer at HBUS, Daniel Jack, asking if Mr. Barroso was the new AML director at HBMX and “wonder[ing] what relationships” HBMX had with Puebla. 448 Mr. Barroso responded that HBMX had “a few DDAs [Demand Deposit Accounts]and a loan” with Puebla. 449 He also indicated that HBMX planned to “decide within the next 5days” whether to terminate its relationship with Puebla, and asked Mr. Jack to let him know if HBUS decided to take that action. 450Mr. Jack noted in a later email that he did not tell Mr. Barroso during the June 5 email exchange about “the DEA seizure or Wachovia closing [Puebla] acc[oun]ts,” although it is possible that HBMX already knew. 451 Mr. Jack also did not disclose that HBUS had alreadysuspended Puebla’s account activity a week earlier, on May 31. 452 Mr. Jack told theSubcommittee that, soon after the June 5 email exchange, he told Mr. Barroso that HBUS had shut down its account with Puebla. 453 When Mr. Barroso asked if HBUS could provide him witha list of their banknote customers in Mexico and the amount of U.S. dollars they exported from Mexico to the United States, Mr. Jack demurred, responding that there were “privacy issues” but that he would “see what info” he could share. 454 This exchange between senior AMLCompliance personnel at HBUS and HBMX suggests that information sharing between the two banks was guarded, rather than automatic. In early July 2007, HBMX Compliance head, Ramon Garcia, disclosed in an internal weekly report that went to HSBC Group Compliance that the HBMX CCC Committee had considered closing the Puebla account, but decided instead to retain the client. In response, John Root, head of Latin American Compliance at HSBC Group, sent him a blistering email criticizing the CCC Committee for “rubber-stamping unacceptable risks.” This email, cited earlier in a discussion of HBMX’s CCC Committee, is relevant again, because it applies to the Puebla account. Mr. Root wrote: “It looks like the business is still retaining unacceptable risks and the AML committee is going along after some initial hemming and hawing. I am quite concerned that the committee is not functioning properly. Alarmed, even. I am close to picking up the phone to your CEO.” 455Mr. Root’s email went on to harshly criticize the CCC Committee’s decisions to keep open accounts for Mr. Ye Gon and another accountholder under suspicion for money laundering, 448 6/5/2007 email from HBUS Daniel Jack to HBMX Leopoldo Barroso, “HSBC in Mexico – AML Complianceand Casa de Cambio,” HSBC-PSI-PROD-0095914. 449 6/6/2007, email from HBUS Daniel Jack to HBUS Alan Ketley, Re: HSBC in Mexico – AML Compliance andCasa de Cambio, HSBC-PSI-PROD-0095912. 450 Id.451 Id.452 See 5/31/2007 email from HBUS Daniel Jack to HBUS Alan Ketley, “N-NY & Casa de Cambio Puebla inMexico,” HSBC-PSI-PROD-0095908; 5/30/2007 email from HBUS Gyanen Kumar to “US Banknote Dept Sales Team,” “Casa De Cambio Puebla,” HSBC OCC 7688742. 453 Subcommittee interview of Daniel Jack (3/13/2012).454 6/6/2007, email from HBUS Daniel Jack to HBUS Alan Ketley, Re: HSBC in Mexico – AML Compliance andCasa de Cambio, HSBC-PSI-PROD-0095912. 455 7/17/2007 email from HSBC John Root to HBMX Ramon Garcia, with copies to Susan Wright, David Bagley,and Warren Leaming, “Weekly Compliance Report 02JUL-06JUL07,” HSBC OCC 8875925-927. 83 before describing as “strike three,” the decision to retain the Puebla “relationship after USD11 million was seized by the authority in [Redacted by HSBC] account with Wachovia in Miami.” Mr. Root continued: “What?! The business was okay with this? The AML Committee just can’t keep rubberstamping unacceptable risks merely because someone on the business side writes a nice letter. It needs to take a firmer stand. It needs some cojones. We have seen this movie before, and it ends badly.” 456Mr. Garcia responded that he was escalating the decision on Puebla to the HSBC Mexico CEO, since the relevant HBMX business division had disagreed with a Compliance recommendation to close the account. 457 The next week, HSBC Mexico CEO Paul Thurstonagreed with closing the account. 458 Mr. Rendall suggested alerting their U.S. counterparts atHBUS, since HBUS also had a correspondent relationship with Puebla. 459Despite Mr. Thurston’s July 2007 decision to close the Puebla account, HBMX did not actually close or freeze its Puebla account for another four months, allowing Puebla continued use of HBMX’s correspondent account at HBUS. 460 HBMX finally closed the account inNovember 2007, after receiving a seizure warrant from the Mexican Attorney General seeking all funds in accounts opened in the name of Puebla or related parties. 461The seizure warrant named 91 parties related to Puebla, of which 81 were HBMX customers who presumably were also using the HBMX correspondent account at HBUS. 462HBMX later determined that, from January 1 though October 31, 2007, a period of ten months, approximately 650 wire transactions had cleared through the “HBSC Mexico correspondent account” at HBUS, where Puebla was either the originator or the beneficiary. 463 Of thosetransactions, 170 wire transfers totaling $7.3 million were conducted by six individuals or entities linked to Puebla. 464456 Id.All of those wires were later traced back to the Puebla accounts 457 See 7/18/2007 email from Ramon Garcia to HBC David Bagley, “Weekly Compliance Report 02JUL-06JUL07,”HSBC OCC 8875925. 458 See July 2007 email exchanges among HBMX Paul Thurston, John Rendall, Ramon Garcia, and others, “[subjectredacted by HSBC], HSBC OCC 8875132-135. 459 Id.460 See, e.g., 10/27/2007 Compliance Certificate, prepared by HBUS Compliance and provided to HSBC GroupCompliance, HSBC PSI PROD 0095916-922, at 919 (listing major HBUS compliance issues, including “HBUS Banknotes/Cas De Cambio Puebla (RED 3870): No transactions have been conducted with Casa de Cambio Puebla SA de CV in Mexico since 1JUN07. Although HBMX continues to deal with this Money Services Business, HBUS plans to formally terminate the Banknotes relationship soon.”). 461 See 12/11/2007 email from HBMX Leopoldo Barroso to HBUS Daniel Jack, “HSBC & Casa de Cambio Pueblain Mexico – Negative Press,” HSBC OCC 7688750. The Attorney General identified 91 related parties. 462 See 5/1/2008 memorandum [carrying incorrect date of 5/1/2007] from HBUS Judy Stoldt and Gloria Stazza toHBUS Denise Reilly, “Wall Street Journal Article Regarding Wachovia,” OCC-PSI-01358515. 463 Id.; 9/13/2010 OCC Supervisory Letter HSBC-2010-22, “Bank Secrecy Act/Anti-Money Laundering (‘BSAAML’)Examination – Program Violation (12 U.S.C. §1818(s); 12 C.F.R. §21.21),” at 24. [Sealed Exhibit.] 464 Id. See also 5/1/2008 memorandum [carrying incorrect date of 5/1/2007] from HBUS Judy Stoldt and GloriaStazza to HBUS Denise Reilly, “Wall Street Journal Article Regarding Wachovia,” OCC-PSI-01358515. 84 frozen at Wachovia. 465 The OCC later observed: “T]hese discoveries about the level of CDCactivity should have raised concerns for HBUS and alerted the bank to the need to obtain basic due diligence for HSBC Mexico and other Group Entities.” 466Puebla at HBUS. While HBMX exposed HBUS to considerable money laundering risk through the transactions it conducted for Puebla, HBUS also incurred risk from its own direct dealings with Puebla, including a U.S. banknotes account it opened for Puebla in 2004. In just three years, Puebla substantially boosted its use of that U.S. banknotes account, swelling its sales of U.S. dollars to HBUS from $18 million in February 2005, to $113 million in March 2007, a tenfold increase. 467When AML monitoring alerts raised red flags about the growing flood of U.S. dollars from Puebla, HBUS bankers provided a number of explanations for the increases, none of which considered whether Puebla might be accepting illegal drug proceeds that drug cartels were then smuggling into Mexico from the United States. For example, when Puebla’s U.S. dollar volumes increased by $3 million between November 2005 and February 2006, an HBUS banker wrote that the “[c]lient is slowing [sic] growing its business volume as a result of better cash flow thanks to dealing with HSBC i.e., faster turnaround of banknotes.” 468 When the volume jumpedby another $13 million the very next month, the HBUS banker offered the same explanation, typo and all: “[c]lient is slowing [sic] growing its business volume as a result of better cash flow thanks to dealing with HSBC i.e., faster turnaround of banknotes.” This cut-and-paste explanation offers no evidence that the banker used due diligence to analyze the sudden multimillion- dollar increase. When the volume climbed again, by more than $20 million from April 2006 to September 2006, to over $76 million, the HBUS banker asked for an explanation wrote: “Mexico as a whole and more specifically [Puebla] is the premier country/msb [money service business] USD [U.S. dollar] remitter. There is [a] large population of Mexican[s] working in the U.S. during the summer months (landscaping) that send money back home (religiously) to their families.” 469 While that might have been true, it was equally true when Puebla transmitted just$27 million back to Mexico around the same time the previous year, a nearly $50 million difference. 470 By the end of March 2007, the month before Puebla funds were seized atWachovia Bank, its monthly U.S. dollar transactions at HBUS had exceeded $113 million. 471On May 30, 2007, two weeks after the seizure of Puebla funds on May 16, HBUS ordered all activity in the Puebla account to be suspended with “immediate effect.” 472465 5/1/2008, memorandum [carrying incorrect date of 5/1/2007] from HBUS Judy Stoldt and Gloria Stazza toHBUS Denise Reilly, “Wall Street Journal Article Regarding Wachovia,” OCC-PSI-01358515. A week 466 9/13/2010, Supervisory Letter HSBC-2010-22, OCC Sally Belshaw to HBUS Irene Dorner and David Bagley,Re: Bank Secrecy Act/Anti-Money Laundering (‘BSA-AML’) Examination – Program Violation (12 U.S.C. §1818(s); 12 C.F.R. §21.21),” at 25. 467 Spreadsheet: Banknotes – NY Selected Customers’ Activity Alerts & Traders’ Explanations for USD Purchases& Sales from 2005-2009, OCC-PSI-0005890-894. 468 Id. at OCC-PSI-0005892.469 Id. at OCC-PSI-0005893.470 Id. at OCC-PSI-0005892.471 Id. at OCC-PSI-0005893.472 5/31/2007 email from HBUS Gyanen Kumar to HBUS Alan Ketley and others, “Casa de Cambio Puebla,”HSBC-PSI-PROD-0095910. See also 5/31/2007, email from HBUS Daniel Jack to HBUS Alan Ketley, “N-NY & Casa de Cambio Puebla in Mexico,” HSBC-PSI-PROD-0095908. 85 later, on June 5, 2007, HBUS AML Compliance officer Daniel Jack contacted HBMX to ascertain whether Puebla also had accounts there, which would continue to expose HBUS to the money laundering risks associated with Puebla through the HBMX correspondent account. 473HBUS terminated its Banknotes relationship with Puebla after conducting a site visit on June 11, 2007. 474 In June and July 2007, HBUS was contacted by multiple U.S. lawenforcement agencies regarding its correspondent accounts with financial institutions in Mexico, including Puebla. On June 25, 2007, for example, the Drug Enforcement Administration and other law enforcement told HBUS of their interest in its “banknote trading with” Puebla. 475 OnJuly 17, 2007, HBUS met with “an analyst from the National Drug Intelligence Center of the US Dep[artmen]t of Justice to explain our business and AML program along with discussing crossborder issues.” 476 On July 20, 2007, HBUS met with FinCEN specialists “to discuss ourwholesale banknotes business with clients in Mexico as well as our AML program, CTR filing and related issues.” 477 The extent to which HBUS informed HBMX about the level of U.S. lawenforcement interest in Puebla is unclear. (b) Sigue Corporation Another HBMX client that used HBMX’s correspondent account at HBUS was Sigue Corporation (Sigue), a U.S. licensed money service business incorporated in Delaware but headquartered in California. 478 Sigue’s primary business activity was transmitting funds onbehalf of third parties from the United States to Mexico and Latin America. 479 Acting throughits operating company, Sigue LLC, it arranged for the remittance of U.S. dollars through a network of more than 7,500 “authorized delegates” across the United States, most of which were small businesses under contract to offer Sigue’s money transmission services. 480On January 28, 2008, Sigue entered into a deferred prosecution agreement with the U.S. Department of Justice, Drug Enforcement Administration, and Internal Revenue Service, admitting that it had failed to maintain an effective anti-money laundering program. 481 As partof the agreement, Sigue admitted to “serious and systemic” violations of U.S. AML requirements from 2003 to 2005, which “allowed tens of millions of dollars of suspicious financial transactions to be conducted through Sigue, including transactions involving funds represented by undercover U.S. law enforcement agents to be drug proceeds.” 482473 See 6/5/2007 email from HBUS Daniel Jack to HBMX Leopoldo Barroso, “HSBC in Mexico – AMLCompliance and Casa de Cambio,” HSBC-PSI-PROD-0095914. See also 10/26/2007 memorandum from HBUS Carolyn Wind to HNAH Janet Burak and others, HSBC-PSI-PROD-0095919. The drug proceeds which 474 See 12/20/2007 “Money Laundering Report for Half-year Ended: December 31, 2007,” prepared by HBUS,OCC-PSI-00148844, at 5. 475 12/20/2007 “Money Laundering Report for Half-year Ended: December 31, 2007,” prepared by HBUS, OCCPSI-00148844, at 5. 476 12/20/2007 “Compliance Certificate,” prepared by OCC, OCC-PSI-00148844, at 2.477 Id.478 See United States v. Sigue Corp. and Sigue LLC, Case No. 4:08CR54 (USDC EDMO), Deferred ProsecutionAgreement Factual Statement (1/28/2008), at 1. 479 Id.480 Id.481 Id.482 Id.86 U.S. undercover agents transmitted through Sigue totaled more than $500,000, and were sent through 59 separate Sigue agents in 22 states. 483 The undercover agents had explicitly informedSigue agents that they were transmitting illegal drug proceeds, structured the transactions to evade U.S. reporting obligations, and wired the funds to seven law enforcement agents in Mexico City, creating a money laundering pattern that Sigue should have detected and reported as suspicious activity, but did not. 484 Sigue admitted its failure to adequately supervise andcontrol its agents, “effectively monitor and investigate high risk transactions,” “establish an effective risk-based AML program,” and “exercise sufficient enhanced due diligence for highrisk transactions and customers.” 485 As part of the agreement to defer prosecution of thecompany, Sigue agreed to forfeit $15 million in suspect funds and spend $9.7 million to strengthen its AML program. 486The day after the deferred prosecution agreement was made public in court, an article discussing Sigue’s misconduct and “record penalty” concluded that a “case such as that against Sigue gives banks yet another reason to treat MSBs [money service businesses] as pariahs.” 487David Bagley, HSBC Group Compliance head, sent a copy of the article to Susan Wright, head of AML Compliance for HSBC Group, with a handwritten note: “Obvious question – I assume they are not our customer.” 488 His assumption, however, was incorrect.After learning that Sigue was, in fact, a client of HBMX, on February 1, 2008, Ms. Wright sent an email to HBMX Compliance head Ramon Garcia about the account. 489 She notedthat, despite the deferred prosecution agreement and Sigue’s admission of wrongdoing, HBMX’s commercial banking division wanted to retain the account. She warned that, if the account were retained, it: “will need to be closely monitored and subject to frequent reviews (recommendation for quarterly reviews in current circumstances). The actions by the US regulators should be used as a trigger event and our due diligence on this client updated. In this connection the high risk profile that is in place for Financial Institutions should be used. … If we only see batched transactions then we are relying on the screening undertaken by [Sigue]. It would be helpful to understand the nature of these transactions and currencies involved – could you provide me with an overview? We should also monitor the volume – you mentioned that we are not [Sigue’s] only bankers in Mexico. If, however, any of the other banks withdraw then we may well see the volume of transactions through us rise and our exposure/risk will increase with a corresponding increase in the cost of monitoring, etc.” 490483 Id.484 Id. at 1-3.485485 Id. at 6.486 Id. at 12-15; Deferred Prosecution Agreement at ¶¶ 5, 9.487 “Money Laundering ‘Sting’ led to MSB’s Record Penalty, Says Legal Pact,” Complinet, Brett Wolf, (1/29/2008),reprinted at HSBC OCC 8875020. 488 See handwritten note on copy of article, “Money Laundering ‘Sting’ led to MSB’s Record Penalty, Says LegalPact,” Complinet, Brett Wolf, (1/29/2008), HSBC OCC 8875020. 489 2/1/2008 email from HSBC Susan Wright to HBMX Ramon Garcia, with copies to HSBC Warren Leaming andJohn Root, no subject line, HSBC OCC 8875017-018. 490 Id.87 Her email was forwarded to HSBC Compliance head David Bagley who, on February 4, 2008, forwarded it to HBMX CEO Paul Thurston and recommended closing the Sigue account. 491 Mr. Bagley noted Sigue’s “serious and systemic violations and a record fine” due inpart to the fact that Sigue “had little control over its numerous agents.” He wrote: “Whilst the company will now need to take steps to address these deficiencies this will inevitably take some time, and instilling the appropriate culture within the business even longer.” Mr. Thurston forwarded Mr. Bagley’s recommendation to John Rendall, HBMX COO, and asked for more information about the account. 492 Mr. Rendall reminded him that “a coupleof months back,” HBMX Compliance had recommended closing the Sigue account, but was opposed by the HBMX commercial banking division (CMB) that wanted to keep the account open. 493 The issue was then elevated to Mr. Thurston who decided against closing theaccount. 494 Mr. Rendall explained:“Our recommendation, which you supported, was to maintain this relationship. It was based on the following factors: A) our CMB team in Tijuana were relatively on the top of the case; B) the events for which [Sigue] have been fined were relatively historic – from memory, 2-3 years ago, and significant improvements had been made since then.” 495Despite Sigue’s admission of wrongdoing, its admission of lax controls over the actions taken by its agents, and the recommendation of the head of HSBC Group Compliance to close the account, Mr. Thurston decided once again to retain it and to continue to provide Sigue with U.S. dollar transactions through the HBMX accounts at HBUS. Mr. Thurston told the Subcommittee that Sigue was one of the few accounts he decided to retain over the objection of HBMX Compliance. He explained that he did so, because he believed the issues were in the past, and Compliance head Ramon Garcia had met with Sigue and believed it was meeting its commitment to strengthen its AML program. 496Also on February 4, 2008, after reviewing an earlier media report identifying HBMX as a “pay partner” for Sigue, 497491 2/4/2008 email from HSBC David Bagley to HBMX Paul Thurston, [subject redacted by HSBC], HSBC OCC8875016. the OCC AML Examiner then reviewing HBUS’ AML program “requested HSBC management to determine what, if any, involvement HSBC had with 492 See 2/4/2008 email from HBMX John Rendall to HBMX Paul Thurston, “[redacted by HSBC],” HSBC OCC8875139. 493 See 2/4/2008 emails from HBMX John Rendall and HBUS David Bagley, “[redacted by HSBC],” HSBC OCC8875139-40. 494 See 2/4/2008 email from HBMX John Rendall to HBMX Paul Thurston, “[redacted by HSBC],” HSBC OCC8875139. 495 See 1/2/2008 email from HBUS Susan Wright to HBMX Ramon Garcia, “[redacted by HSBC],” HSBC OCC8875141. 496 Subcommittee interview of Paul Thurston (5/1/2012).497 See “California MSB Faces Record Fine From Justice Department in AML Case,” Fortent Inform, Brian Monroe(1/11/2008); see also 2/5/2008 OCC memorandum to files, “HSBC Monitoring/Reputation Risk,” OCC-PSI- 01416736 [sealed exhibit]. 88 Sigue.” 498 The OCC inquiry triggered an inquiry into the Sigue account by HBUS, which hadnot been privy to the exchanges between HSBC Group and HBMX about the account. 499On February 5, 2008, HBUS informed the OCC AML Examiner that while Sigue was not an HBUS client, it was a client of HBMX and had executed U.S. dollar wire transfers through HBMX’s correspondent accounts at HBUS. 500 In an internal memorandum summarizing theinformation, the OCC AML Examiner wrote that HBUS “acts as a pass-through for wire transfers for Sigue.” 501 He noted that, for “the period of January through December 2007 159wire transfers passed through HSBC originated by Sigue for the benefit of” HBMX, involving more than $485 million. 502 He wrote that HBUS management had agreed that those wires shouldhave triggered a review of the account activity. 503The OCC AML examiner saw the events surrounding the Sigue account as emblematic of a broader problem involving inadequate monitoring and weak AML investigations by HBUS of clients using correspondent accounts to conduct suspect transactions. In the internal memorandum, the OCC AML examiner wrote: “Over the past few years, there have been a number of instances where the OCC has brought to the attention of HSBC management negative media events, publicized indictments, etc., resulting in the need for HSBC management to conduct ad-hoc reviews to determine potential reputational risk. In the majority of these instances, HSBC management was either not aware of these events or had not been pro-active in determining the level of potential exposure due to these events.” 504He concluded that if he had “not intervened it is highly unlikely that HSBC management would have performed the proper level of due diligence, [or] determined the potential exposure to risk” in the Sigue matter. 505Two months later, on April 26, 2008, a major U.S. newspaper published an article describing an ongoing federal probe of allegations that Wachovia Bank was laundering drug proceeds supplied by Mexican casas de cambio. 506498 2/5/2008 OCC memorandum to files, “HSBC Monitoring/Reputation Risk,” OCC-PSI-01416736, at 2. [SealedExhibit.] The article also mentioned Sigue, triggering a second round of inquiries at HBUS into the status of the Sigue account which remained open at 499 The OCC Examiner noted internally at the time: “Although HSBC management was previously aware of mediareports concerning Sigue, up to the time of our request, HSBC management had not conducted any enhanced due diligence and/or in-depth analysis to determine HSBC’s potential exposure resulting from the prosecution of Sigue.” Id. at 2 (emphasis in original omitted). 500 See 2/5/2008 OCC memorandum to files, “HSBC Monitoring/Reputation Risk,” OCC-PSI-01416736, at 3.[Sealed Exhibit.] 501 Id.502 Id. HBUS apparently provided this wire transfer information to the OCC, in response to the OCC request formore information about HBUS’ involvement with Sigue. 503 Id.504 Id.505 Id. at 1.506 See “Wachovia Is Under Scrutiny in Latin Drug-Money Probe,” Wall Street Journal, Evan Perez, Glenn Simpson(4/26/2008). 89 HBMX and continued to execute U.S. dollar transactions through the HBMX correspondent account at HBUS. HBUS AML Compliance officer Judy Stoldt and HBUS investigator Gloria Stazza sent a memorandum to their supervisor Denise Reilly, a senior HBUS AML Compliance officer, summarizing the article and discussing HBUS’ exposure to the casas de cambio named in the article, including Sigue. 507 The memorandum began:“HBUS does not hold any account for any casa de cambio mentioned in the WSJ article. The only HBUS connection to activity involving those named casas de cambio is activity that was conducted through our correspondent accounts, and most notably through our account with HSBC Bank Mexico (HBMX).” 508The May 2008 memorandum described Sigue as a money service business that had allegedly processed $24.7 million in “suspicious money remittances related to drug-trafficking proceeds.” 509 It explained that HBUS had first taken note of Sigue when it entered into a record$25 million settlement with the Justice Department in January 2008, and, as a result, conducted a review of the Sigue accounts, wire transfer activity, and whether either Sigue or its founder, Guillermo de la Vina, had been “the subject of any other negative news or law enforcement activity.” 510 The memorandum reported that, despite having no direct account with Sigue, a“wire review” found that, during 2007, Sigue had sent 159 wire transfers for $485 million through HBMX’s correspondent account, all of which were originated by Sigue and sent to its own account at HBMX, which HBUS viewed as suspicious. 511 The memorandum noted thatHBUS had contacted HBMX to discuss Sigue, and HBMX disclosed that it had imposed “parameters” on its relationship with Sigue, including limiting Sigue to “conducting transactions for individual customers to $2,000 USD per transaction.” 512 The memorandum did not explain,however, how that $2,000 limit affected the actual wire activity in 2007, in which each wire transfer apparently batched numerous underlying wires without identifying individual client transactions. The memorandum also stated that HBUS had found that a Sigue employee had been indicted for assisting drug traffickers with money laundering, and on another occasion Sigue was described as having allowed $295,000 to be transferred from an account at another bank to an illegal alien in Mexico. 513 Despite this cascade of troubling information, for the nexttwo years, little or no action appears to have been taken by HBUS or HBMX with respect to the Sigue account at HBMX. 507 See 5/1/2008 memorandum [carrying incorrect date of 5/1/2007] from HBUS Judy Stoldt and Gloria Stazza toHBUS Denise Reilly, “Wall Street Journal Article Regarding Wachovia,” OCC-PSI-01358516-517. 508 Id. at 1.509 Id. at 3.510 Id.511 Id. at 4. The memorandum did not mention that this wire analysis was compiled for the OCC, at its request, inFebruary 2008. 512 Id. at 4.513 Id at 3-4.90 On January 30, 2009, having determining that Sigue satisfied the requirements of the Deferred Prosecution Agreement the Justice Department requested and the court granted dismissal of the criminal case against the company. 514In 2010, as part of an OCC AML examination, an OCC AML examiner reviewed the May 2008 memorandum regarding Sigue and asked what followup actions had been taken in response to it, in particular whether Sigue had ever been added to the HBUS “wire filter” for purposes of enhanced due diligence and whether any further analysis had been done of Sigue account activity. 515 HBUS personnel responded that Sigue had not been added to the wire filter,the 2008 memorandum had not been “passed to anyone,” and the HBUS Financial Intelligence Group had not conducted any additional due diligence with respect to Sigue. 516 HBUS explainedthat “Sigue was not added to the wire filter as Sigue entered into a written agreement with the Department of Justice to enhance its AML program and was not (per the investigative search) the subject of any other money laundering investigations.” 517 Essentially, despite Sigue’s deferredprosecution in 2008, admission of wrongdoing caused in part by an inadequate AML program, past HBMX alerts flagging unusual transactions, past HBUS wire transfer analysis identifying suspicious activity, past recommendations by Compliance to close the account, and past regulatory inquiries, HBUS did not conduct any enhanced monitoring or analysis of the Sigue account. HBMX’s relationships with Puebla and Sigue, a Mexican casa de cambio and a U.S. money service business that remitted funds to Mexico and Latin America, demonstrate its tolerance for high risk clients, and how those clients subjected, not only HBMX, but also HBUS to substantial money laundering risks. The accounts also disclose how both banks failed to conduct effective monitoring of some financial institution accounts and transactions, even when faced with evidence of lax AML controls and criminal proceedings involving money laundering. They also expose an absence of regular information sharing and coordinated AML efforts between HBUS and HBMX to address common AML problems, including limited communications about particular clients and actions taken to restrict or close accounts. (2) Cayman Island U.S. Dollar Accounts A second example of high risk HBMX clients posing money laundering risks to HBUS are the tens of thousands of U.S. dollar accounts maintained by HBMX through its branch office in the Cayman Islands. This branch office is a shell operation with no physical presence in the Caymans, and is managed by HBMX personnel in Mexico City who allow Cayman accounts to be opened by any HBMX branch across Mexico. Total assets in the Cayman accounts peaked at $2.1 billion in 2008. Internal documents show that the Cayman accounts had operated for years with deficient AML and KYC controls and information. An estimated 15% of the accounts had no KYC information at all, which meant that HBMX had no idea who was behind them, while 514 See United States v. Sigue Corp. and Sigue LLC, Case No. 4:08CR54 (USDC EDMO), Order for Dismissal withPrejudice (1/30/2009). 515 See 2/16-18/2010 exchange of emails among Federal Reserve Patricia Brunner, HBUS Denis O’Brien, JudyStoldt, and others and OCC Joseph Boss, “June 2008 Audit – Payment Services,” OCC-PSI-00378989. 516 Id.517 5/1/2008, memorandum [dated 5/1/2007, sic] from HBUS Judy Stoldt and HBUS Gloria Stazza to HBUS DeniseReilly, Re: Wall Street Journal Article Regarding Wachovia, OCC-PSI-01358517. 91 other accounts were, in the words of one HBMX compliance officer, misused by “organized crime.” Because a primary feature of the Cayman accounts is their use of U.S. dollars, HBMX has maintained the account assets and conducted account transactions through its U.S. dollar correspondent accounts at HBUS. There is no documentation showing that HBUS knew or was informed that, by providing HBMX with correspondent accounts, it was also providing access to the U.S. financial system to high risk accountholders in the Caymans. By moving the Cayman transactions through its HBUS accounts, HBMX exposed not only itself, but also HBUS to the money laundering risks inherent in its Cayman clients. Cayman Accounts. HSBC acquired the Cayman branch through its purchase of Bital in November 2002. According to a letter from HSBC legal counsel: “Bital received authorization from Mexican and Cayman authorities to offer Cayman USD [U.S. dollar] accounts to its customers in 1980. Bital’s license and authorization to offer Cayman USD accounts was inherited by HBMX when HSBC acquired Bital in 2002.” 518After the acquisition, the Cayman branch of Bital was renamed HSBC Mexico S.A. and continued to operate under a Cayman Class B banking license, restricting the branch to operating only “offshore” and open accounts exclusively for non-Cayman residents. 519 From its inception,the branch had no physical office or employees in the Cayman Islands, and operated in that jurisdiction solely as a shell entity. 520 The Cayman accounts were actually opened andmaintained by HBMX personnel in Mexico. Any HBMX branch across Mexico had the authority to open a Cayman account for a client. 521To enable the Cayman branch to provide U.S. dollar accounts to clients, HBMX used its correspondent accounts at HBUS to supply the needed dollars, process U.S. dollar wire transfers, cash U.S. dollar travelers cheques, and perform similar U.S. dollar services. HBMX did not open a separate correspondent account for the Cayman branch, but included Cayman account transactions within its general correspondent account at HBUS. The documents and other evidence reviewed by the Subcommittee contain no indication that, until recently, HBMX ever informed HBUS about its Cayman branch or the Cayman U.S. dollar denominated accounts being serviced through the HBMX correspondent accounts at HBUS. 522518 6/5/2012 letter from HSBC legal counsel to the Subcommittee, at 4.519 See, e.g., 7/31/2008 email from HSBC David Bagley to HSBC Richard Bennett, “HBMX-CAYMANACCOUNTS,” HSBC OCC 8874827-33. See also list of Cayman offshore banks at http://www.offshorelibrary. com/banking/cayman_islands/page_3. According to HSBC, HBMX policy is not to offer the accounts to either Cayman or U.S. residents. See 6/5/2012 letter from HSBC legal counsel to the Subcommittee, at 5. 520 See, e.g., 7/31/2008 email from HSBC David Bagley to HSBC Richard Bennett, “HBMX-CAYMANACCOUNTS,” HSBC OCC 8874827-33. 521 See, e.g., 1/2006 “General Audit Report, HBMX – KYC of USD Current Accounts in Grand Cayman,” preparedby Group Audit Mexico, HSBC OCC 8874307-310, at 1. This audit reviewed files for Cayman accounts that had been opened by 26 HBMX branches in Mexico City. Id. 522 Michael Gallagher, for example, who headed the HBUS PCM division that helped handle correspondentaccounts, told the Subcommittee he had been unaware of the U.S. dollar Cayman accounts at HBMX. Subcommittee interview of Michael Gallagher (6/13/12). 92 The number of accounts and the volume of assets held in the Cayman accounts have fluctuated over time. Documentation associated with the 2002 Bital purchase do not indicate how many Cayman accounts then existed or the total amount of assets they held. A 2006 audit of the Cayman accounts reported just 1,500 accounts in 2005, with no mention of the account balances. 523 In September 2008, HBMX reported a remarkable increase, over 60,000 Caymanaccounts for nearly 50,000 customers, with total assets approaching $2.1 billion. 524 Three yearslater, however, those totals dropped significantly. According to HSBC legal counsel, as of January 2012, the Cayman branch held about 24,000 Demand Deposit and Term Deposit Accounts for nearly 21,000 customers, with a total dollar value of approximately $657 million. 525 About 9,000 Cayman accounts had been closed in 2009, due in part to insufficientKnow-Your-Customer (KYC) information for the accounts as well as regulatory concerns about their high risk nature. Inherent Riskiness of Accounts. HBMX and HSBC Group were well aware that the Cayman accounts had an inherently higher AML risk than other Mexican accounts, since they were offered in an offshore jurisdiction with strong secrecy laws and a limited tax regime, and permitted accountholders to hold assets in U.S. dollars in contravention of normal Mexican legal restrictions. In 2008, HSBC Group Compliance head David Bagley noted in an email to senior HSBC Group officials that Mexican regulators knew of the Cayman accounts, which apparently circumvented certain Mexican banking regulations, but nevertheless allowed them to operate: “The [Cayman] license, inherited from Bital, allows HBMX to provide USDdenominated services to persons domiciled in Mexico. Mexican regulation apparently prohibits individual Mexicans (i.e. non-corporate) to hold USD-denominated deposit accounts in Mexico. … Although HBMX were recently fined USD50,000, for the inappropriate promotion of these services in Mexico, I am advised that CNBV are aware of the existence of the accounts and services and have raised no concerns.” 526Mr. Bagley also warned: “There continues to be a real focus on the level of USD-denominated activity in Mexico by CNBV and other bodies, and the extent of HBMX’s activity in this area. This account base has to therefore be seen as high-risk from an AML and reputational perspective.” 527523 See 1/2006 “General Audit Report, HBMX – KYC of USD Current Accounts in Grand Cayman,” prepared byGroup Audit Mexico, HSBC OCC 8874307-310, at 1. 524 See chart at HSBC OCC 8876787, attached to 9/12/2008 email from HSBC John Root to HSBC Adrian Cristiani,“Cayman Accounts,” HSBC OCC 8876784. 525 See 6/5/2012 letter from HSBC legal counsel to the Subcommittee at 5.526 7/31/2008 email from HSBC David Bagley to HSBC Richard Bennett, with copies to HSBC MichaelGeoghegan, Matthew King, and HBMX Emilson Alonso, Luis Pena, and John Rendall, “HBMX-CAYMAN ACCOUNTS,” at HSBC- OCC-8874832. 527 Id.93 In November 2005, an email from HBMX Compliance head Ramon Garcia to senior HSBC Group Compliance officer John Root flagging compliance issues at HBMX provided this explanation for the Cayman accounts: “There is a Cayman Island branch for HBMX. Since there is a restriction by Mexican Law to open accounts to nationals in USD except for those residing in the Mexico’s border, as an alternative, [Bital] decided to open this branch where cheques accounts to Nationals could be opened in USD. It is also known that these USD accounts were issued also to non Mexican Nationals.” 528A January 2006 HBMX internal audit report explained the demand for the accounts this way: “HBMX offers their clients the option to open USD current and investment accounts in Grand Cayman so that clients profit [from] the advantages of that country, such as tax free investments, under confidentiality terms.” 529 In a 2007 email discussing the sale of cross-borderfinancial products in Mexico, HSBC Group Compliance Deputy Head Warren Leaming also noted: “Because Mexico’s tax scheme is relatively penal (worldwide income) there is a high demand for off-shore products.” 530Below Standard AML and KYC Controls. The riskiness of the Cayman accounts was magnified by weak AML controls and inadequate KYC information. Those AML deficiencies meant that HBMX had little real knowledge about the customers using the Cayman accounts. HSBC Group knew about the weak state of the Cayman AML and KYC controls from the time Bital was purchased in 2002, and it inherited the Cayman branch. An audit prior to the acquisition found that Bital had no functioning Compliance Department, limited client transaction and activity monitoring, and no KYC focus on high risk clients. 531 The auditspecifically noted the poor state of KYC information in the Cayman accounts: “41% of the accounts reviewed (92 of 224 reviewed) lacked full client information. 37 files had no client information.” 532In 2004, Mexico strengthened KYC requirements for Mexican financial accounts and required Mexican banks to update the KYC information in all customer accounts by 2007. In January 2006, HBMX’s audit group conducted an audit of the KYC controls in place for the Cayman accounts and rated them “Below Standard.” 533528 11/22/2005 email from HBMX Ramon Garcia to HSBC John Root, “HBMX – COMPLIANCE ISSUES,” HSBCOCC 8873261. Of the Cayman accounts reviewed, the audit found that 13% of the files lacked material KYC information; more than 50% lacked a visit 529 1/2006 “General Audit Report, HBMX – KYC of USD Current Accounts in Grand Cayman,” prepared by GroupAudit Mexico, HSBC OCC 8874307-310, at 1. 530 5/24/2007 email from HSBC Warren Leaming to HSBC David Bagley, “He advises that his own complianceteam are advising him that such cross border activities should cease.-HBMX,” HSBC OCC 8875007. 531 July 2002 “Group Internal Audit: Due Diligence Review – Project High Noon,” prepared by HSBC internalaudit group, HSBC OCC 8873846-852. 532 Id. at HSBC OCC 8873847.533 1/2006 “General Audit Report, HBMX – KYC of USD Current Accounts in Grand Cayman,” prepared by GroupAudit Mexico, HSBC OCC 8874307, at 1 (emphasis in original). 94 report with the client; some foreign clients were incorrectly described as Mexican nationals; and 15% of the account files were missing altogether: “More than 50% of account files that were reviewed lacked the relevant visit report, which weakens the position of HBMX in terms of KYC process for these types of accounts (Grand Cayman), particularly those accounts opened by foreigners. In addition, in 13% of files reviewed the visit reports failed to include material information enabling to have adequate KYC. Weaknesses were noted in the supervision over the account opening process, which also impeded to detect promptly any information missing in account files or inconsistencies between the information produced by the client and the data captured in Cis-Hogan [[HBMX data system]. ... In addition, the auditors indentified foreign clients who were input to the system as nationals. In addition to the foregoing, c[irca] 15% (10) of account files were not found at the Branches. No actions had appeared to be taken to instruct RMs [Relationship Managers] to complete client’s file again. In particular the auditors indentified that for accounts opened by foreign clients these had produced expired immigration forms and that Branch staff did not maintain a copy of all the pages composing such a document. This situation was due, in part, to the fact that circular letter Depvist045 (procedure to open current and term accounts) is not clear in the procedure to open these types of accounts (Grand Cayman).” 534The audit concluded with the recommendation: “Branch should ensure that KYC and account opening documentation is complete and in compliance with regulations.” 535The 2006 audit uncovered severe AML and KYC deficiencies in the Cayman branch requiring remedial action to comply with the Mexican deadline for improving customer file KYC information, but those audit results appear to have been ignored. The audit recommendations were recorded in HBMX’s electronic system, but later closed out without any apparent actions having been taken in response, which does not comport with Group policy. 536 Two years later,in 2008, John Root, senior HSBC Group Compliance officer, rediscovered the 2006 audit when examining KYC problems in the Cayman accounts. He wrote: “The real surprise was the existence of an HBMX audit in January 2006 on KYC for the USD Cayman accounts. It is not clear who in AML responded, and how. Blank looks all around.” 537534 Id. at 3.His supervisor, Mr. Bagley, later jokingly remarked to the Head of Group Audit for Latin America and the Caribbean, 535 Id. at 4.536 See 7/30/2008 email from HSBC John Root to HSBC David Bagley, “HBMX Visit Update,” HSBC OCC8876780-782; 8/5/2008 email exchange among HSBC David Bagley, HSBC John Root and HBMX Graham Thomson, “HBMX - Cayman accounts,” HSBC OCC 8874829-830. 537 7/30/2008 email from HSBC John Root to HSBC David Bagley, “HBMX Visit Update,” HSBC OCC 8876780-782. 95 Graham Thomson: “I do find it surprising that there can have been no response and yet the audit was closed out. Is this a breach or are you in audit becoming softer.” 538Project Restoration. As the 2007 deadline approached for completing the KYC updates mandated by Mexican law and internal reports showed that HBMX’s KYC documentation remained in poor condition, HBMX obtained a year-long extension from Mexican regulators, to May 2008, to clean up its files, including client files for the Cayman accounts. 539In February 2008, Mexican regulators met with the HBMX CEO and, among other issues, criticized the bank’s poor KYC documentation, leading HBMX to initiate “Project Restoration” to intensify its KYC remediation efforts. 540 John Rendall, HBMX Chief OperatingOfficer, was put in charge of the project with the understanding that files containing inadequate KYC would be closed. 541 Project Restoration was closely monitored by senior HBMX andHSBC Group officials. At first, the Cayman accounts were excluded from the project. Then, in July 2008, HBMX’s monitoring system suddenly began generating alerts for a number of Cayman accounts. These alerts, which highlighted suspicious account activity, were brought to the attention of senior Compliance personnel. The head of HSBC Group Compliance David Bagley told the Subcommittee this incident was the “first point that the Cayman Islands were brought into sharp focus” for him. 542 He sent an email informing senior HSBC Group and HBMX officials aboutthe alerts which had identified “significant USD [U.S. dollar] remittances being made by a number of [HBMX Cayman] customers to a US company alleged to be involved in the supply of aircraft to drug cartels.” 543 The company was Cabello Air Freight Inc. of Miami.544 Mr. Bagleywrote that “[a]s a precaution HBMX have issued instructions that no new [Cayman] accounts be opened pending a review of these activities.” 545 This step was taken with respect to the Caymanaccounts, in the words of one HBMX compliance officer, “due to the massive misuse of them by organized crime.” 546538 8/5/2008 email from HSBC David Bagley to HBMX Graham Thomson, “HBMX Cayman accounts,” at HSBCOCC 8874829. 539 See 7/27/2007 minutes of HSBC LAM Regional Audit Committee, HSBC OCC 8875086-090 (noting extensionof time for the KYC effort until May 2008). 540 See 6/5/2012 letter from HSBC legal counsel to the Subcommittee,at 2.541 See, e.g., 10/28/2008 email from Graham Thomson to Emilson Alonso, Subject: “HBMX – ProjectoRestauracion,” HSBC OCC 8873464. 542 Subcommittee interview of David Bagley (5/10/2012).543 7/31/2008 email from HSBC David Bagley to HSBC Richard Bennett, with copies to HSBC MichaelGeoghegan, Matthew King, and HBMX Emilson Alonso, Luis Pena, and John Rendall, “HBMX-CAYMAN ACCOUNTS,” HSBC OCC 8874832-33. 544 See also Sealed Exhibits.545 7/31/2008 email from HSBC David Bagley to HSBC Richard Bennett, with copies to HSBC MichaelGeoghegan, Matthew King, and HBMX Emilson Alonso, Luis Pena, and John Rendall, “HBMX-CAYMAN ACCOUNTS,” HSBC OCC 8874832-33. 546 11/27/2008 email from HBMX employee to HBMX Jaime Saenz and Ramon Garcia, “Seriously considerrestricting the product Dollars accounts in the zona frontera Product 63,” HSBC OCC 8875736-738. 96 The decision to suspend new Cayman accounts was made by then HBMX CEO Luis Pena who did not specify when the suspension would be lifted. 547 He also instructed HBMXstaff to engage in “a process of enhanced due diligence KYC” for all Cayman accountholders to “end by December 1.” He wrote: “After this date we will cancel all the accounts that we were not able to complete files on and will send cashiers checks to all the respective customers. For the future, Mexicans who wish to open a dollar denominated account will undergo a referencing process, in which the accounts will be … opened by the bank’s staff in a proper offshore book as we do in our Premier offering. … Unfortunately we will likely lose some deposits as we do not expect the KYC process to succeed 100%, but we will offset a significant control and regulatory risk.” 548Also in July 2008, after reviewing the 2006 audit of the Cayman accounts, Mr. Root informed Mr. Bagley that “a sampling showed that15% of the customers did not even have a file.” 549 Mr. Root wrote: “Fixing the Cayman accounts will be a struggle. How do you locateclients when there is no file?” Missing client files, combined with accounts misused by drug cartel operatives, provided stark evidence of the high risk character of the Cayman accounts and the need to for HBMX to get a better sense of the clients using them. In the meantime, the documents contain no indication that either HSBC Group or HBMX informed HBUS about the suspect account activity or the Cayman KYC deficiencies, even though the Cayman accounts were operating solely through the HBMX correspondent account at HBUS. 550As a result of the AML alerts regarding money laundering involving some of the Cayman accounts and re-discovery of the 2006 audit exposing the poor state of the Cayman account files, the Cayman accounts were added to the Restoration Project. 551 Mr. Root told the Subcommitteethat, in July 2008, the Cayman accounts “went to the top of the list” at the project. 552One of the first steps taken with regard to the Cayman accounts was that HBMX Compliance personnel analyzed their risk levels, and sorted customers into three categories: red, yellow, and white. Red status indicated that a customer was a “Special Category Client” (SCC), on a “black list,” or the subject of a SAR; yellow status indicated that a customer had been 547 See 7/31/2008 email from HBMX Luis Pena to HBMX Emilson Alonso, HSBC David Bagley and others,“HBMX - CAYMAN ACCOUNTS,” HSBC OCC 8873503-504. See also undated HSBC presentation, “Conducting an Enhanced KYC for Grand Cayman Accountholders: Proposal to Update the Strategy to Control Risk arising from Grand Cayman Accounts,” HSBC OCC 8874561. 548 7/31/2008 email from HBMX Luis Pena to HBMX Emilson Alonso, HSBC David Bagley and others, “HBMX -CAYMAN ACCOUNTS,” HSBC OCC 8873503-504. 549 7/31/2008 email from HSBC John Root to HSBC David Bagley, “HBMX Visit Update,” HSBC OCC 8876780-782. 550 Another example of a Cayman U.S. dollar account that HSBC Group and HBMX were aware of and expressedconcerns about, but apparently did not inform HBUS, were accounts opened for two embassies, one of which was for a country in the Middle East. See 12/2/2005 email exchange between HSBC David Bagley and John Root, “OFAC,” HSBC OCC 8876612-613. Mr. Bagley told the Subcommittee that although there was no indication of any “sinister” activity, these accounts were later closed, because the bank “did not want the risk.” Subcommittee interview of David Bagley (5/10/12). 551 Subcommittee interview of David Bagley (5/10/12).552 Subcommittee interview of John Root (4/26/12).97 flagged by HBMX’s internal AML monitoring system with one or more alerts, but no SAR had been filed; white status indicated that the customer had no such derogatory information on file. 553 Out of a total of 49,935 customers with 61,586 accounts worth about $2.1 billion,HBMX categorized 1,314 customers as “red” status, representing 2,240 accounts worth about $205 million. HBMX also flagged 2,027 customers as “yellow” status, representing 2,084 accounts worth about $180 million. 554 HBMX then largely limited its KYC remediation effortsto the 3,341 “red” and “yellow” customers. The other 46,000 accountholders were not included in the project. 555Two months later, in September 2008, senior HSBC Group Compliance officer John Root offered a negative assessment of the KYC remediation efforts directed at the Cayman accounts: “The HBMX ‘Restoration’ project chaired by John Rendall, HBMX COO, is endeavoring to regularize these accounts on a risk-basis. Account opening documentation is generally poor or non-existent and there is a lot of work to do. Money-laundering risk is consequently high.” 556An HSBC presentation, which is undated but appears to have been prepared in October 2008, summarized the ongoing Cayman KYC problems and presented a new strategy to address them. 557 The presentation was entitled, “Conducting an Enhanced KYC for Grand CaymanAccountholders: Proposal to Update the Strategy to Control Risk arising from Grand Cayman Accounts.” 558 One key slide noted that “almost no progress [had] been made in enhanced KYCcompletion” and that only 25% of the files would have complete KYC information by December 1, 2008: “• The Bank has been recently been fined for offering this product in Mexico, and money laundering red flags have been identified. • On 28JUL, CMP [Compliance] gave instructions to suspend this product. • On 31JUL08, Segment Directors were requested by CEO that an enhanced KYC will be completed for all Grand Cayman accounts before 01DEC08. 553 See 9/12/2008 email from HBMX Ramon Garcia to HSBC John Root, “Cayman Accounts,” HSBC OCC8876784. 554 See Attachment to 9/12/2008 email from HBMX Ramon Garcia to HSBC John Root, “Cayman Accounts,”HSBC OCC 8875462 at 465. 555 See undated HSBC presentation, “Conducting an Enhanced KYC for Grand Cayman Accountholders: Proposalto Update the Strategy to Control Risk arising from Grand Cayman Accounts,” HSBC OCC 8874560-566, at 561 (“It is considered that it will not be possible to complete 50,000 enhanced KYC by 01DEC08.”). 556 9/12/2008 email from HSBC John Root to Adrian Cristiani and others, “Cayman Accounts,” HSBC OCC8875462-465, at 462. 557 Undated HSBC presentation, “Conducting an Enhanced KYC for Grand Cayman Accountholders: Proposal toUpdate the Strategy to Control Risk arising from Grand Cayman Accounts,” Bates Nos. HSBC OCC 8874560 – 566. Because of dates mentioned in the presentation, it seems to have been completed between September 27 and October 30, 2008. 558 Undated HSBC presentation, “Conducting an Enhanced KYC for Grand Cayman Accountholders: Proposal toUpdate the Strategy to Control Risk arising from Grand Cayman Accounts,” Bates No. HSBC OCC 8874560 98 • As of JUL08, in Grand Cayman CDA/DDA 49,937 customers, and its portfolio was approximately USD 1,500 million. 559• Currently, this product is expected to be re-opened, as long as necessary adjustments to systems, processes and documentation are made, with stricter controls, and if Group Compliance’s sign-off is obtained. • On 26SEP, Segment directors reported that almost no progress has been made in enhanced KYC completion. In addition, a central validation of enhanced KYC quality is not in place. • According to Remediation Project results, success rate in file completion is approximately 25%. This means that if this strategy is followed, it will not be possible to complete more that 25% of required enhanced KYC forms by 01DEC08.” 560This October 2008 assessment indicates that at least 75% of the Cayman files still had incomplete KYC information six years after HBMX assumed control of the accounts. Despite this grim assessment, the Strategy also noted efforts underway to allow new Cayman accounts to be opened. 561 As Graham Thomson, head of Group Audit for LatinAmerica and the Caribbean, explained in an email to colleagues, the accounts needed to continue due to the income they produced: “Currently the business owner and compliance are still discussing with GMO CMP [Compliance] the product parameters that are to be applied to lift the current embargo and relaunch the CI [Cayman Island] product. It is important that these discussions result in practical product parameters as the CI portfolio is an important source of funds for HBMX and it is hoped the replacement product will be shortly submitted to the new products committee and then relaunched.” 562Internal documents show that HSBC Group and HBMX officials considered a variety of criteria to determine when a new Cayman account could be opened, including requirements that the client be an existing HBMX customer for six months, complete an “enhanced KYC Questionnaire,” undergo screening against the OFAC list and other “blacklists,” and agree to limits on cash deposits. 563U.S. Dollar Restriction. In November 2008, HSBC Group CEO Michael Geoghegan traveled to Mexico and met with senior Mexican regulators who were highly critical of HBMX’s AML and KYC efforts, the huge volume of U.S. dollars that HBMX was exporting to the United States, and the possibility that a portion of those funds were associated with drug trafficking and 559 The figure of $1,500 million seems to refer to the Cayman certificates of deposit and does not include additionalfunds in Cayman Demand Deposit Accounts. 560 Undated HSBC presentation, “Conducting an Enhanced KYC for Grand Cayman Accountholders: Proposal toUpdate the Strategy to Control Risk arising from Grand Cayman Accounts,” HSBC OCC 8874560, at 561. 561 Id. at 561.562 10/20/2008 email from Graham Thomson to HSBC Emilson Alonso and others, “HBMX – ProjectoRestauracion,” HSBC OCC 887459-600 at 596-597. 563 See Sept.-Oct. 2008 email exchanges among HBMX Ramon Garcia, John Rendall, Maria Salazar and HSBCDavid Bagley, Warren Leaming, Susan Wright, John Root, Adrian Cristiani, HSBC OCC 8875818-829, at 829. 99 money laundering. 564 The regulators explicitly mentioned the U.S. dollars sent from the Caymanaccounts. 565 In response, Mr. Geoghegan proposed prohibiting all HMBX branches, includingthe Cayman branch, from offering U.S. dollars to customers, except at automated teller machines in Mexican airports. 566 Since the Cayman accounts relied on U.S. dollars, the proposed newpolicy directly impacted Cayman accountholders. HBMX CEO Luis Pena nevertheless agreed with the proposal, and also ordered the freeze on opening new Cayman accounts to continue indefinitely and prohibiting new cash deposits for existing Cayman accounts. 567 Mr. Pena notedthat the new measures would cost HBMX a lot of money: “Cayman and Mexico dollar accounts provide us with US$2.6 billion of cheap funding. We are likely to lose a big portion of this if we tell customers we no longer receive dollar notes.” 568 The new policies took effect in January2009. 9,000 Accounts Closed. According to HSBC’s legal counsel, HBMX took nearly another year to complete KYC remediation of the Cayman accounts, finally completing the work in July 2009. 569 As part of that KYC effort, HBMX closed approximately 9,000 Caymanaccounts, due in many cases to incomplete KYC information. 570 At the same time, HBMXallowed the Cayman branch to remain in operation and lifted the ban on new accounts. Today, over 20,000 HBMX clients have over $657 million in Cayman U.S. dollar denominated accounts. Because the HBMX Cayman branch continues to offer U.S. dollar accounts, despite a history of poor KYC controls and deficient KYC documentation, and despite the inherent riskiness associated with operating offshore accounts in a secrecy tax haven, the Cayman accounts continue to pose ongoing money laundering risks to HBUS. Because HBUS is now aware of the Cayman accounts, it will have to evaluate the risk and determine whether to continue to process Cayman account transactions through the HBMX correspondent account. (3) Cashing U.S. Dollar Travelers Cheques A third example of how HBMX has introduced risk into HBUS involves its issuing and cashing millions of dollars in U.S. dollar travelers cheques through its correspondent accounts at HBUS, at times under suspicious circumstances. Travelers cheques are paper monetary instruments which, for a fee, are issued and administered by a financial institution. They can be issued in a variety of currencies and 564 See 2/18/2008 email from HBMX Paul Thurston to HSBC Michael Geoghegan, with copies to Richard Bennettand Matthew King, “Confidential – CMBV/FIU Meeting,” HSBC OCC 8873331-333; 2/18/2008 draft report entitled, “Internal Control, HBC Mexico, S.A.,” prepared by CNBV, HSBC OCC 8966021-026. 565 See, e.g., 11/26/2008 email from HSBC David Bagley to HSBC Richard Bennett and Warren Leaming,“Mexico,” HSBC OCC 8875605-607, at 607. 566 See 11/26/2008 email from HSBC Michael Geoghegan to HBMX Emilson Alonso, “Money Launderying,”HSBC OCC 8874849-850. 567 See 11/27/2008 email from HSBC Warren Leaming to HSBC David Bagley and Richard Bennett, “Mexico,”HSBC OCC 8875605-607, at 606. 568 11/28/2008 from HBMX Luis Pena to HSBC Emilson Alonso, HSBC OCC 8874856.569 6/5/2012 letter from HSBC legal counsel to the Subcommittee, at 5.570 Id.100 denominations, and carry serial numbers so that, if the cheques are lost or stolen, the issuing financial institution can trace back the purchase and either replace the cheques or refund the money used to purchase them. Individuals often use travelers cheques to minimize carrying hard currency while traveling and as a way to safeguard their funds. Some financial institutions issue such cheques only to pre-existing customers; others issue the cheques to anyone who pays the fee. U.S. financial regulators have long warned financial institutions about the money laundering risks associated with travelers cheques, especially when purchased with cash by a non-customer and used to move substantial funds across international borders in ways that are difficult to trace. 571 Travelers cheques have been used by terrorists,572 drug traffickers,573 and othercriminals. 574HBMX has issued a large number of U.S. dollar travelers cheques, at times selling them to anyone willing to pay the fee and cashing them for customers and non-customers alike. In 2004, John Root, senior HSBC Group Compliance officer, sent an email to HBMX’s Compliance head, Ramon Garcia, and AML head, Carlos Rochin, noting the huge volume of travelers cheques pouring in from Mexico and seeking assurances that HBMX was on guard against money laundering: “I note that in the year through 3Q04 [third quarter of 2004], HBMX has sold over USD 110 million of travelers cheques, an amount that eclipses that of HBEU [HSBC Europe] here in the UK, and that is several orders of magnitude higher than any other non-UK entity, including Hong Kong and the US. In fact, it represents one-third of the Group’s total global traveller’s cheque business (with the UK representing another third). Could you kindly prepare a report for GHQ [Group Headquarters] summarizing the money laundering procedures currently in place for such a booming business. Please 571 See, e.g., Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act/Anti-Money Laundering(BSA/AML) Examination Manual, “Core Overview: Purchase and Sale of Monetary Instruments,” (6/23/2005) at 59; FFIEC BSA/AML Examination Manual, “Purchase and Sale of Monetary Instruments-Overview,” (8/24/2007) at 212 (“The purchase or exchange of monetary instruments at the placement and layering stages of money laundering can conceal the source of illicit proceeds. As a result, banks have been major targets in laundering operations because they provide and process monetary instruments through deposits.”). 572 See, e.g., United States v. al-Haramain Islamic Foundation Inc., Case No. 6:05-cr-60008-HO (USDC Oregon)Indictment (2/17/2005); “Former U.S. Head of Al-Haramain Islamic Foundation Sentenced to 33 Months in Federal Prison,” U.S. Attorney’s Office for the District of Oregon press release (9/27/11) at 1 (describing how the convicted defendant cashed $130,000 in U.S. dollar travelers cheques at a bank in Saudi Arabia and then provided the funds to support violent extremists in Chechnya). 573 See, e.g., United States v. Wachovia Bank N.A., Case No. 10-20165-CR-Lenard (USDC SDFL), FactualStatement, Exhibit A to Deferred Prosecution Agreement (3/16/2010), at ¶ 35 (describing how Wachovia Bank processed $20 billion in suspicious travelers cheques, some portion of which was suspected to include illegal drug proceeds); “How a Big U.S. Bank Laundered Billions from Mexico’s Murderous Drug Gangs,” The Guardian, (4/2/2011), http://www.guardian.co.uk/world/2011/apr/03/us-bank-mexico-drug-gangs. See also Albajon v. Gugliotta, 72 F. Supp. 2d 1362, 1365 (S.D. Fla. 1999) (admitting travelers cheques as evidence of drug trafficking proceeds); United States v. $41,305.00 in Currency & Travelers Checks, 802 F.2d 1339, 1343 (11th Cir. 1986) (finding travelers cheques could be seized as drug trafficking proceeds). 574 See, e.g., Folk v. State, 192 So. 2d 44, 46 (Fla. Dist. Ct. App. 1966) (upholding conviction for signing a falsename on travelers cheques and cashing them); United States v. Sebaggala, 256 F.3d 59, 63 (1st Cir. 2001) (upholding conviction for using undeclared travelers cheques to attempt to move money fraudulently through U.S. customs). 101 include in this report KYC controls, number of SARs in the YTD [year to date], breakdown by region and branch, etc., etc.” 575Mr. Garcia responded with preliminary information and a recent case involving travelers cheques, but in response to Mexican legal requirements regarding client-specific information, HSBC has so heavily redacted copies of those documents, as well as a longer report requested by Mr. Root, that they do not provide additional information. 576In 2008, when HBMX decided to stop offering U.S. dollars at its branches in most cases, the HBMX CEO Luis Pena recommended greater use of U.S. dollar travelers cheques instead, sold only to pre-existing customers. 577 In response, the Deputy Head of HSBC GroupCompliance, Warren Leaming, warned that travelers cheques also raise AML concerns, and advised lowering the existing $25,000 ceiling on the amount of travelers cheques that could be purchased by one customer at a time, and creating a new limit on the amount of travelers cheques that could be deposited at one time to a client account. 578In 2009, after CNBV expressed concerns about HBMX’s weak AML controls, among other steps, HBMX tightened its policies on travelers cheques. As of January 1, 2009, HBMX determined that it would sell its travelers cheques only to pre-existing customers and would place a limit on the amount that could be sold to any one customer at a time. 579 Warren Leaming,Deputy Head of HSBC Group Compliance, who supported those changes, noted in an email: “There remain AML issues in respect of travellers cheques which historically are very high risk from an AML perspective and accordingly we would expect that the limits are reasonably low and that there are very strong controls in place to ensure that branches do not abuse the rules.” 580At HBUS, the documents reviewed by the Subcommittee indicate that, despite their large volume, HBMX travelers cheques attracted little AML review or attention, even though the travelers cheques would have been presented for payment at HBUS’ processing centers in New York and subjected to review. The HBUS processing centers segregated and reviewed all travelers cheques and were required to send blocks of sequentially numbered cheques exceeding $10,000 to HBUS AML Compliance for review. 581575 11/8/2004 email from HSBC John Root to HBMX Ramon Garcia and Carlos Rochin, with copies to HSBCDavid Bagley and Susan Wright, “Travellers Cheques,” HSBC OCC 8876645-646. At the same time, the processing centers had no information on expected account volume, conducted no trend analysis to identify suspicious 576 See 11/30/2004 email from HBMX Ramon Garcia to HSBC John Root, David Bagley, Susan Wright, andHBMX Carlos Rochin, “Travellers Cheques,” HSBC OCC 8876645-664. 577 See 11/27/2008 email from HBMX Luis Pena to HBMX Emilson Alonso, copy to HSBC Michael Geoghegan,“Money Launderying,” HSBC OCC 8874849. 578 See 12/8/2008 email from HSBC Warren Leaming to HBMX Ramon Garcia and John Rendall with copies toHSBC David Bagley, John Root, Susan Wright, and others, “Mexico Visit,” HSBC-PSI-PROD-0197874-876. 579 12/8/2008 email from HSBC Warren Leaming to HBMX Ramon Garcia and John Rendall, with copies to HSBCDavid Bagley, Susan Wright, John Root, and others, “Mexico Visit,” HSBC-PSI-PROD-0197874-876. 580 Id.581 See 6/26/2008 OCC memorandum, “Pouch Transactions – Hokuriku Bank and SK Trading Company Ltd,”OCC-PSI-00885828, at 1 [Sealed Exhibit.]. HBUS’ AML policies and procedures regarding travelers cheques are discussed in more detail in the Report Section on Hokuriku Bank: Cashing Bulk Travelers Cheques, supra. 102 transactions, and conducted no due diligence on the persons cashing the cheques. 582 A 2007OCC examination of HBUS’ pouch activities, which included clearing U.S. dollar travelers cheques, identified numerous deficiencies in the AML policies and procedures and called for stronger AML controls, but it did not appear to result in any greater review of the HBMX travelers cheques. 583 To the contrary, a 2007 HBUS policy change appears to have furtherlimited AML reviews of travelers cheques presented by HSBC Group affiliates in non-high risk countries, restricting them to cases where the deposits exceeded $1 million. 584 At that time,HBUS deemed both Mexico and HBMX to be at low risk of money laundering. In 2009, the OCC conducted a second review of HBUS’ pouch activities, including procedures to clear U.S. dollar travelers cheques. 585 As part of that examination, HBUSproduced to the OCC a lengthy description of its AML policies and procedures for foreign financial institutions that present items for processing through a correspondent account, including travelers cheques. 586 Those procedures contained a number of restrictions orconditions, but did not impose a ceiling on the amount of money that HBUS would provide to a correspondent client through the cash letter process. The procedures did, however, require transactions over a certain amount to be reported to HBUS AML Compliance before processing. The reporting triggers were linked to the risk rating of the foreign financial institution presenting the monetary instrument for payment. The five relevant risk ratings, from highest risk to lowest, were: Special Category Client (SCC), high risk, cautionary risk, medium risk, and standard risk. The reporting triggers were as follows: For SCC customers – $1,000 for an individual item, and $10,000 in total deposits. For high risk customers – $10,000 for an individual item, and $100,000 in total. For cautionary risk customers – $50,000 for an individual item, and $200,000 in total. For standard and medium risk customers – $50,000 for an individual item and $250,000 in total. Clients seeking to cash travelers cheques in excess of the reporting threshholds were not automatically prohibited from proceeding; instead, their transactions were reported to HBUS AML Compliance which was then supposed to make a case-by-case decision on whether to allow the transactions to proceed. 582 See 4/27/2007 email from HBUS Robert Guthmuller to HBUS Alan Ketley, “Visit to Brooklyn OpsLink,” OCCPSI-00312153, at 4. 583 See 3/31/2007 OCC Report of Examination, OCC-PSI-00304077 [Sealed Exhibit]; 9/13/2007 OCC SupervisoryLetter, “Pouch Services and Middle Market at HBUS,” OCC-PSI-00000391-394. [Sealed Exhibit.] 584 See 5/7/2007 email from HUBS George Tsugranes to HBUS Alan Ketley and others, “Visit to Brooklyn Ops,”OCC-PSI-00312153, at 3. 585 See, e.g., 2/15/2010 email from HBUS Jane Burak to HBUS Lesley Midzain, “Advice Requested,” OCC-PSI-00256833 (describing banknotes examination that included reviews of travelers cheques); 2/11/2010 minutes of a “OCC & Chicago FED update Meeting,” prepared by HSBC, OCC-PSI-00256916 (noting that HSBC made a presentation to the OCC on 2/9/2010, on enhancements to its cash letter process and an “internal look-back of cash letter activity for Travelers Checks and Money Orders”). 586 See undated “Request No. 7,” prepared by HSBC, OCC-PSI-00000123-130 (providing detailed information inresponse to OCC questions regarding HBUS’ remote deposit capture and cash letter pouch transactions). [Sealed Exhibit.] 103 By 2009, Mexico and HBMX were considered high risk and, due to the large volume of HBMX travelers cheques it sold, HBMX cheques should have regularly triggered the AML reporting requirement and AML reviews. In addition, HBMX travelers cheques should have produced numerous alerts due to the large amounts, sequentially numbered cheques, and structuring patterns involved. Instead, the documentation suggests that few alerts issued and very little review of HBMX travelers cheques took place. As part of its 2009 examination, the OCC expressed concern that, based on samples taken from 2007, 2008, and 2009, HBUS’ monitoring of travelers cheques required too few AML reviews and was inadequate to detect suspicious activity. 587 In response, HBUS undertook adetailed review of all cash letter items in 2009. 588 HBUS determined that 280 items had beenflagged for review, a tiny number in comparison to the huge number of transactions cleared per year. In addition, according to HBUS, of those 280 items, less than a handful contained information suggesting suspicious activity. 589 While HBUS presented that result as evidence ofminimal AML risk, it is possible that the criteria used to flag transactions for review were too narrow to catch suspicious transactions. One reason to think the latter might be the case is that, from 2007 to 2012, other financial institutions have reported significant instances of suspicious activities involving U.S. dollar travelers cheques either issued or cleared by HBMX. 590 These reports generally describecoordinated teams of individuals, each of whom purchased large numbers of travelers cheques from HBMX, and then cashed or deposited the cheques in suspicious patterns. Some of the U.S. dollar travelers cheques identified by these financial institutions had a combined value in excess of $1 million, and some of the suspicious activity occurred over an extended period of time. Many of the suspicious transactions involved sequentially numbered cheques, illegible signatures, or difficult to understand markings or numbers on the cheques. In some cases, groups of cheques were made payable to the same health food business, toy company, or automobile auction house. Four examples illustrate the issues. In the first example, nearly 1,500 U.S. dollar travelers cheques were purchased from the same HBMX branch in Mexico over a seven-month period from 2007 to 2008, and cashed shortly thereafter at several automobile auctions in the United States. Money launderers have been shown in the past to utilize the purchase of expensive, but liquid items, such as cars to hide illicit funds. The travelers cheques had a combined value of $900,000. In a second instance from 2008, on four occasions over a period of 16 days, individuals purchased from an HBMX branch in Mexico travelers cheques which, each time, had a combined value of $20,000 to $30,000, and altogether added up to $109,000. All of the cheques were then signed and countersigned with the same illegible signature, and made payable to the same toy business in Mexico. Ten months later, in a coordinated effort over a two-week period, all of the cheques were either cashed or deposited. In a third instance, 188 travelers cheques in denominations of $500 and $1000, totaling $110,000, were purchased in 587 See 2/15/2010 email from HBUS Janet Burak to HBUS Lesley Midzain, “Advice Requested,” OCC-PSI-00256833. 588 Id.589 Id.590 See Sealed Exhibits.104 nine large blocks of sequentially numbered cheques from a major U.S. bank. Then, over a threemonth period from April to June 2011, all 188 cheques were negotiated for payment at the same HBMX branch in Mexico, using illegible signatures so that the cheques provided no information about the payees. In the fourth instance, two men purchased groups of travelers cheques from the same HBMX branch in Mexico. On 14 occasions over a three month period in 2011, the two men purchased the travelers cheques in batches which, each time, had a combined value of $10,000, and altogether added up to $140,000. All of the cheques were then signed with the same illegible signature. Over time, small groups of the travelers cheques, often with consecutive serial numbers, were cashed or deposited, with the majority of cheques failing to bear a stamp indicating exactly where they were negotiated. The 2011 transactions were part of a larger pattern in which the same HBMX branch sold travelers cheques to the same two men over a three year period from 2009 to 2011, for a combined value of $1.9 million. While HBMX has tightened its travelers cheque policies by restricting the sale of travelers cheques to pre-existing customers and limiting the dollar amount of travelers cheques that can be provided to one customer at a time, HBMX travelers cheques continue to surface in reports of suspicious activities filed with U.S. authorities. Because many if not all of the cheques are cashed through the HBMX correspondent accounts at HBUS, HBMX continues to expose HBUS to money laundering risks through its issuance and cashing of U.S. dollar travelers cheques. HBMX’s money service business clients, Cayman accountholders, and travelers cheque purchasers all relied on the U.S. dollar services that HBMX was able to provide through its correspondent accounts at HBUS. In some cases, it appears those HBMX clients used HBMX’s U.S. dollar correspondent account at HBUS to commit criminal acts. For its part, HBUS should have known of the money laundering risks it was incurring from those and other high risk HBMX clients, accounts, and products. Because HBMX was an HSBC affiliate and was also categorized for many years as located in a low risk jurisdiction, however, until recently, HBUS did not performed the KYC due diligence or account monitoring needed to uncover HBMX’s high risk activities. E. Bulk Cash Movements In addition to using HBUS correspondent accounts to execute wire transfers, clear cash letter instruments, and conduct other U.S. dollar transactions, in 2007 and 2008, HBMX used its HBUS banknotes account to supply more physical U.S. dollars to HBUS than any other Mexican bank or HSBC affiliate. The documents indicate that both HBMX and HBUS were unaware of the flood of dollars HBMX was pouring into the United States through HBUS, in part because HBUS had stopped monitoring HSBC affiliates’ banknotes accounts for a three-year period, from mid-2006 to mid-2009. HBUS policy was also consistent with the HSBC Group policy of not performing due diligence or account monitoring for HSBC affiliates. When, in 2008, Mexican and U.S. regulators began pressing both HBMX and HBUS to explain the huge flow of U.S. dollars from Mexico and whether the funds included illegal drug proceeds, both banks were caught by surprise and eventually took action to turn off the spigot. In 2009, HBMX stopped 105 accepting U.S. dollar deposits at its branches in Mexico, and then in 2010, HBUS exited the banknotes business. (1) HBUS’ Global Banknotes Business Prior to its exit, HBUS operated a very large U.S. banknotes business which the Federal Reserve estimated in 2010, to be worth approximately $300 billion annually. 591 As part of thatbusiness, HBUS supplied physical U.S. dollars and accepted bulk cash shipments from financial institutions around the world, including over two dozen HSBC affiliates. 592Bulk cash shipments typically use common carriers, independent carriers, or U.S. Postal Service carriers to ship U.S. dollars by air, land, or sea to a bank located in the United States. 593Shipments have gone via airplanes, armored trucks, ships, and railroads. Most shipments are transported via containerized cargo. Shippers may be “currency originators,” such as businesses that generate cash from sales of goods or services; or “intermediaries” that gather currency from originators or other intermediaries to form large shipments. Intermediaries are typically central banks, commercial banks, money service businesses, or their agents. 594 Bulk cash shipments canbe made directly to a bank in the United States, or to a U.S. Federal Reserve Bank or branch, which will accept the cash and credit it to the account of the intended recipient bank. 595 Banksthat receive bulk cash shipments via common carriers or the Postal Service have no obligation to report the amount of the cash received to U.S. authorities, though they still must report any suspicious activity. 596Until 2010, HBUS was one of about 30 U.S. financial institutions that bought and sold physical currency on a wholesale basis around the world. 597 The headquarters of HBUS’ GlobalBanknotes business was located in New York, headed by Christopher Lok, with offices in London, Hong Kong, Singapore, and other locations. 598 Until 2010, HSBC was also one of arelatively small number of international banks that contracted with the Federal Reserve Bank of New York (FRBNY), under the Extended Custodial Inventory (ECI) Program, to manage the FRBNY’s U.S. currency vaults. The ECI Program facilitates the international distribution of U.S. dollars, repatriates old dollars, circulates new designs, and provides information on the international use of U.S. currency. 599 HSBC operated FRBNY currency vaults in London,Frankfurt, and Singapore. 600591 1/12/2010 memorandum from the Federal Reserve, “US Department of Justice Investigation of HSBC Bank USANA’s (“HSBC Bank USA”) Bank Note Business (Revised),” BOG-SR-000442-43, 001402-409. [Sealed Exhibit.] The currency in those vaults remained on the books of the Federal 592 See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, OCC-PSI-00864335-365, at 342. [Sealed Exhibit.]593 1/12/2010 memorandum from the Federal Reserve, “US Department of Justice Investigation of HSBC Bank USANA’s (“HSBC Bank USA”) Bank Note Business (Revised),” at BOG-SR-001404. [Sealed Exhibit.] 594 Id.595 Id.596 Id., citing 31 CFR §103.23.597 Id. at BOG-SR-001405.598 See 11/2006 HBUS presentation, “Banknotes Trading A Global Reach Organizational Chart as of November2006,” OCC_PSI-00000501-512. 599 1/12/2010 memorandum from the Federal Reserve, “US Department of Justice Investigation of HSBC Bank USANA’s (“HSBC Bank USA”) Bank Note Business (Revised),” at BOG-SR-001405. [Sealed Exhibit.] 600 Id.106 Reserve, and was used to fill orders from third parties or the operator itself. 601 When distributingU.S. dollars, HSBC was obligated to comply with U.S. AML and Office of Foreign Assets Control (OFAC) requirements. 602While bulk cash shipments are a normal and legitimate part of international banking, they are also vulnerable to misuse by money launderers and other criminals. In 2001, the U.S. Congress made smuggling large amounts of physical U.S. dollars across U.S. borders a crime. 603In 2005, a U.S. Money Laundering Threat Assessment identified bulk cash smuggling as a key method used to launder criminal proceeds and highlighted how drug traffickers were smuggling U.S. dollars obtained from illegal U.S. drug sales across the border into Mexico and then using various means to arrange for their deposit into a U.S. bank. 604 In 2006, the U.S. FinancialCrimes Enforcement Network (FinCEN) issued an advisory to U.S. financial institutions warning them in particular about money laundering associated with bulk cash shipments from Mexican casas de cambios. 605As of 2010, 29 HSBC affiliates had banknotes accounts with HBUS. 606 Some of thoseaffiliates operated in high risk countries plagued by drug trafficking, corruption, money laundering, or other criminal enterprises, including Angola, Bangladesh, Colombia, Democratic Republic of Congo, Haiti, Mexico, Panama, Paraguay, Saudi Arabia, and Ukraine. HBUS did not distinguish, however, between high and low risk affiliates with banknotes accounts. (2) HBMX U.S. Dollar Sales to HBUS For a three-year period, from mid-2006 until mid-2009, HBUS accepted more than $15 billion in physical U.S. dollars from other HSBC affiliates, but failed to conduct any AML monitoring of the bulk cash transactions. 607 HBUS had performed AML monitoring both priorto and following that time period. HBUS personnel have been unable to explain why all AML monitoring of its banknotes accounts ceased during that period and then resumed later, but the OCC has noted that the monitoring ceased when a formal AML oversight agreement applicable to HBUS expired, and resumed when an OCC AML examination of the banknotes operations was launched in July 2009. 608601 Id.The absence of AML monitoring meant that HBUS did not track 602 Id.603 See Section 371 of the USA Patriot Act, P.L. 107-56, codified at 31 USC §5332 (outlawing the smuggling orattempted smuggling of over $10,000 in currency or monetary instruments into or out of the United States, with the specific intent to evade U.S. currency reporting requirements). 604 See Dec. 2005 “U.S. Money Laundering Threat Assessment,” issued by the Money Laundering ThreatAssessment Working Group, which included the U.S. Departments of Treasury, Justice, and Homeland Security, Federal Reserve, and Postal Service, Chapter 5 on “Bulk Cash Smuggling” (“Upon leaving the country, cash may stay in Mexico, continue on to a number of other countries, or make a U-turn and head back into the United States as a deposit by a bank or casa de cambio.”). 605 4/28/2006 “FinCEN Guidance to Financial Institutions on the Repatriation of Currency Smuggled into Mexicofrom the U.S.,” No. FIN-2006-A003. 606 See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, OCC-PSI-00864335-365, at 342. [Sealed Exhibit.]607 Id. at 00864336.608 See id. at 00864360. When asked why HBUS stopped monitoring its affiliates’ banknotes activity, HBUSpersonnel offered conflicting reasons. Daniel Jack, in charge of HBUS compliance for banknotes, thought that his supervisor, Alan Ketley, had approved the decision to stop monitoring affiliates, but Alan Ketley did not recall the 107 its growing dollar traffic with HBMX, which reached $3 billion in 2007, and then jumped another 25% in 2008 to $4 billion. 609In February 2008, Mexican regulators held a private meeting with HBMX CEO Paul Thurston and informed him that HBMX was repatriating more U.S. dollars to the United States than any other Mexican bank – more than each of the four largest Mexican banks, all of which were larger than HBMX. 610 The CNBV also informed Mr. Thurston that the Mexican FinancialIntelligence Unit (FIU) was very concerned about the “high level of ML [money laundering] risk” involved. 611 The FIU indicated that in the “majority of the most relevant ML cases” theyhad investigated in 2007, “many transactions were carried out through” HBMX. 612In November 2008, the CNBV and FIU held a second private meeting, not only with the HBMX CEO, then Luis Pena, but also with the HSBC CEO of Latin America, Emilson Alonso, and the CEO of the HSBC Group, Michael Geoghegan. 613 Again, the regulators expressed theiralarm at the volume of U.S. dollars that HBMX was sending to the United States and described law enforcement concerns about the extent to which those dollars may be the proceeds of illegal drug trafficking in the United States. A November email from the HSBC Group Compliance Deputy Head summarizing the meeting stated that, between January and September 2008, HBMX had repatriated $3 billion to the United States, which represented 36% of the market volume and double what the biggest bank in Mexico, Banamax, had repatriated, even though HBMX was only the fifth largest bank in the country. 614 According to an internal OCCdocument, the Department of Homeland Security’s Immigration and Customs Enforcement (ICE) division conveyed that, within Mexico, HBMX “led the market in cash repatriation in 2007 and 2008,” with “$3.2 billion repatriated in 2007 and $4.2 billion repatriated in 2008.” 615A quick analysis undertaken by HBMX immediately after the November meeting found that while HMBX was “very good at buying/acquiring dollars,” it did “not seem to sell them and hence our very high repatriation figures.” 616 The analysis also determined that “80% of ourdollars come from money exchange business at branches.” 617decision. Neither did their superior, Teresa Pesce. David Bagley called the decision to stop monitoring banknotes for affiliates “inexplicable.” Subcommittee interviews of Daniel Jack (3/13/2012), Alan Ketley (2/16/2012), Teresa Pesce (3/30/2012) and David Bagley (4/12/2012). It noted further that “there is no limit on the amount of dollars that c[u]stomers can convert to pesos,” and that with respect to 609 Id.; 6/29/2009 OCC notes of telephone conversations, prepared by OCC AML Examiner Joseph Boss, OCC-PSI-00928760. 610 See 2/18/2008 draft report entitled, “Internal Control, HBC Mexico, S.A.,” prepared by CNBV, HSBC OCC8966021-026, at 5. 611 Id.612 Id. at 6. Examples of these cases included Zhenly Ye Gon, Casa de Cambio Puebla, and Sigue Corporation.613 See 11/27/2008 email from HSBC Warren Leaming to HSBC David Bagley and Richard Bennett, “Mexico,”HSBC OCC 8875605-607. 614 11/27/2008 email from HSBC Warren Leaming to HSBC David Bagley and Richard Bennett, “Mexico,” HSBCOCC 8875605-607, at 606. 615 6/29/2009 OCC notes of telephone conversations, prepared by OCC AML Examiner Joseph Boss, OCC-PSI-00928760. 616 11/27/2008 email from HSBC Warren Leaming to HSBC David Bagley and Richard Bennett, “Mexico,” atHSBC OCC 8875606. 617 Id.108 non-customers, HBMX branches would “convert up to 3000 dollars, and do not require any KYC.” 618 HSBC Group Compliance head David Bagley responded: “The practice of changingUSD in the branches pres[u]mably with little or no ID for non customers is in breach of Group policy. When looking at our USD exposure how can this have been missed.” 619At HBUS, an undated analysis was conducted of its banknotes traffic with Mexican financial institutions over a three-month period, from November 2006 to February 2007. 620 Theanalysis disclosed that HBUS was doing far more business with HBMX than any other Mexican financial institution. It showed that during the three-month period: –HBUS had purchased about $470 million in U.S. dollars from Banco Mercantil Del Norte, a major Mexican bank, while selling it only about $22 million in U.S. dollars. –HBUS had purchased about $281 million in U.S. dollars from BBVA Bancomer, another major Mexican bank, while selling it only about $5 million. –HBUS had purchased about $196 million in U.S. dollars from Case de Cambio Puebla, and $194 million from Consultoria International, without selling either any U.S. dollars. –During the same period, HBUS had purchased about $742 million in U.S. dollars from HBMX, while selling it only a little more than $1.3 million. These figures indicate that HBMX was, by far, HBUS’ largest banknotes customer in Mexico, something that HBUS would not have known at the time since it had stopped monitoring banknotes transactions involving affiliates. In July 2009, the OCC initiated an AML examination of HBUS’ global banknotes operations, and soon discovered that the bank was not monitoring the banknotes activities of its affiliates. 621 That same month, HBUS resumed monitoring its banknote accounts.622 InSeptember, the OCC requested documentation related to banknotes accounts for 25 Latin American financial institutions, including ten in Mexico. In November 2009, the examination team added examiners from the Federal Reserve. Additional requests for information were made, including with respect to HSBC affiliates with banknotes accounts, HBMX, Mexican casas de cambios, and HBMX’s U.S. dollar accounts in the Cayman Islands. 618 Id.619 11/27/2008 email from HSBC David Bagley to HSBD Warren Leaming, copy to Richard Bennett, “Mexico,”HSBC OCC 8875605. 620 See undated “HBUS Banknotes NY – USD Bought from or Sold to Customers in Mexico: 3-Month Period(Nov-06 to Feb-07),” prepared by HBUS, OCC-PSI-00151506. See also undated “Banknotes-NY Selected Customers’ Activity Alerts & Traders’ Explanations for USD Purchases & Sales from 2005-2009,” prepared by HNAH, OCC-PSI-00005890-904. 621 See 2/6/2010 email from HBUS Janet Burak to HBUS Brendan McDonagh, “Expanded ‘Banknotes Exam,’”OCC-PSI-00787479 (summarizing the banknotes examination effort). See also Subcommittee interview of Joseph Boss (1/30/2012). 622 See 9/13/2010 OCC Supervisory Letter HSBC-2010-22, OCC-PSI-00864335-365, at 360. [Sealed Exhibit.]109 In August 2009, the OCC summarized some of the information in an internal memorandum. 623 According to the OCC, due to transaction costs, banknotes transactions atHBUS typically occurred only about once per month and involved large shipments. 624 Inaddition, transaction volumes often fluctuated on a seasonal basis, increasing during holidays or tourist seasons. 625 According to the OCC, HBUS said that it conducted AML monitoring on amonthly basis, examining banknotes transactions by customer and inquiring when significant changes in the volume of U.S. dollar sales or purchases took place. 626When the OCC conducted tests on the 2009 HBUS banknotes data, however, it determined that the volume data was not always accurate, and HBUS did not keep records of its reviews or actions: “When volumes changed significantly, the bank did not seem to be aware of these changes, and it does not appear that the bank took any action as a result. For example, even though transactions volumes for customers in Mexico increased significantly from the first 6 months of 2008, over the first 6 months of 2009, there was no documentation in the files that the bank noted the change or took any action. … Bank employees … assured us that adequate monitoring takes place within the business line and Compliance. However, we were unable to find anything in the files that this was the case. They also cautioned that too much documentation results in increased legal risk. We explained to the bank that written documentation is necessary, for institutional memory, and to ensure that controls are exercised. We noted the bank’s appetite for risk, as well as the risk inherent in the Banknotes business. The business line seemed to resist this message, but Compliance staff seemed to eventually grasp the importance of better documentation.” 627As the data confirmed that HBMX was the single largest supplier of U.S. dollars to HBUS, transferring billions of dollars that far outstripped the volumes being supplied by larger Mexican banks and other HSBC affiliates, Mexican and U.S. law enforcement and regulatory authorities continued to express concern that HBMX’s bulk cash shipments could reach that volume only if they included illegal drug proceeds. In a January 2010 meeting, U.S. law enforcement and regulators also expressed concern that the problem extended beyond Mexico: “The bulk cash receipts by HSBC’s Bank Note Business from certain correspondent accounts based in Central and South America exceed reasonably expected volumes of USDs that should be within those countries from tourism, foreign business, etc.” 628623 See 8/13/2009 OCC memorandum to OCC AML Examiners from the OCC Compliance Risk Analysis Division,“HSBC Global Banknotes, Compliance RAD assistance,” OCC-PSI-00846642. [Sealed Exhibit.] 624 Id. at 4.625 Id.626 Id.627 Id. at 4-5.628 1/11/2010 meeting memorandum, prepared by the Federal Reserve Bank of Chicago, “DOJ Concerns with HSBCBank Notes Activities,” BOG-SR-001402-1409, at 402 [Sealed Exhibit.] 110 (3) Remedial Action In response to the concerns expressed by regulators and law enforcement, HBMX took a number of steps to gain a better understanding and control of its U.S. dollar transactions. The first set of actions, in February 2008, focused on gaining better information. HBMX announced a new policy, effective immediately, to deem all customers who deposited more than $100,000 in a month as SCC clients subject to enhanced due diligence. HBMX identified 312 customers that met that criteria and subjected them to a KYC review. 629 HBMX also undertook a review of itsbranches to identify the nature and volume of their U.S. dollar transactions, 630 and a review of itsmoney service business clients to determine whether each relationship should continue. 631 Stillanother action HBMX took was to change its account monitoring criteria to increase scrutiny of U.S. dollar deposits by customers. 632In November 2008, after another meeting with regulators critical of its U.S. dollar transactions, HBMX went further. It ordered its branches to stop providing physical U.S. dollars to customers and non-customers alike, other than through ATMs at airports. 633 It also prohibitedbranches from accepting U.S. dollar cash deposits from customers. 634 In addition, HBMXstopped opening new U.S. dollar accounts at its Cayman branch, and prohibiting the acceptance of new cash deposits for existing Cayman accounts. 635 All of these actions led to a steep drop inthe number and volume of HBMX U.S. dollar transactions. As HBMX cut back dramatically on its U.S. dollar business beginning in early 2009, OCC AML examiners found that HBUS appeared to be increasing its U.S. dollar transactions with Mexican clients, including some of the high risk casas de cambio that could no longer engage in the same volume of U.S. dollars with HBMX. 636629 See undated “Actions taken since 18FEB,” prepared by HBMX, HSBC OCC 8875040-041(describing actionstaken after a Feb. 18, 2008 meeting with the CNBV); 3/3/2008 “Internal Control, HSBC Mexico SA,” prepared by HBMX, HSBC OCC 8966027-038. But see 7/28/2008 email from HBMX Luis Alverez to HSBC John Root and HBMX Ramon Garcia, “Major Issues Outstanding,” HSBC OCC 8873598 (“In order to mitigate risk in HBMX, 100K process was implemented (customers which make USD cash deposits exceeding 100k within a one-month period). It has been identified that 974 customers made cash deposits for a total amount of USD308 Million from Jan to May. These customers are classified in our monitoring systems as high-risk customers and an enhanced KYC must be performed for them. If any customers do not meet requirements, accounts are closed.”). HSBC Group Compliance knew about HBUS’ Mexican casa de cambio clients. Rather than press HBUS to close the accounts, 630 See, e.g., undated “Rectification Programme – 12 major projects in 6 categories,” prepared by HBMX, HSBCOCC 8875046 (listing as item 5, on “USD Banknotes”: “Review of USD intensive customers” and “Analysis of transaction patterns through branches”). 631 7/28/2008 email from HBMX Luis Alverez to HSBC John Root and HBMX Ramon Garcia, “Major IssuesOutstanding,” HSBC OCC 8873598. 632 Undated “Actions taken since 18FEB,” prepared by HBMX, HSBC OCC 8875040-041(describing actions takenafter a Feb. 18, 2008 meeting with the CNBV). 633 See 11/27/2008 email from HBMX Luis Pena to HBMX Emilson Alonso, copy to HSBC Michael Geoghegan,“Money Launderying,” HSBC OCC 8874849. 634 Id.635 11/27/2008 email from HSBC Warren Leaming to HSBC David Bagley and Richard Bennett, “Mexico,” HSBCOCC 8875605-607. 636 See, e.g., 9/1/2009 OCC memorandum to the Files, “Washington Meeting,” OCC-PSI-01416833 (“[O]nceHSBC Mexico ceased its operations, HBUS began significant volume of Banknote activity directly with some of HSBC Mexico’s former Banknote clientele.”). [Sealed Exhibit.] 111 however, HSBC Group Compliance head David Bagley merely observed to a colleague in January 2009: “I am surprised that HBUS still have cambio clients.” 637A year later, in June 2010, HBUS decided to exit the U.S. banknotes business. It closed the Global Banknotes offices in New York, London, Hong Kong, and Singapore, and later sold portions of the business to other banks. 638 HBUS also declined to renew its contract to operateU.S. currency vaults for the Federal Reserve Bank of New York when that contract expired in 2010. In September 2010, the OCC issued a supervisory letter identifying multiple AML deficiencies at HBUS, including with respect to its banknotes business, and followed with a cease and desist order in October. F. Analysis Over the years, HBUS maintained correspondent accounts for at least 80 HSBC affiliates and banknotes accounts for at least 29 HSBC affiliates, which accounted for a large portion of its U.S. dollar activities. In 2009, for example, HSBC determined that “HSBC Group affiliates clear[ed] virtually all USD [U.S. dollar] payments through accounts held at HBUS, representing 63% of all USD payments processed by HBUS.” 639 HSBC also calculated that, over an eightyearperiod, its U.S. dollar clearing business had increased over 200%, from processing an average daily amount of $185 billion in 2001, to $377 billion in 2009. 640 HBUS functioned asthe U.S. nexus for the entire HSBC global network of financial institutions. Some of those institutions used their access to the U.S. financial system as a selling point to attract clients. 641Not all of those affiliates operated in high risk jurisdictions like Mexico; not all had high risk clients like casas de cambio; not all had high risk products like U.S. dollar Cayman accounts; and not all had weak AML controls. But some HSBC affiliates operated under those circumstances, and HBMX provides a case history of the money laundering risks that followed. HBMX illustrates how the U.S. affiliate of a global bank can better protect itself by conducting careful due diligence of fellow affiliates, as already required by law, identifying higher risk institutions, and understanding their high risk clients, high risk products, AML controls, and money laundering vulnerabilities. HBMX also illustrates the need for ongoing, effective account monitoring to detect, prevent, and report suspicious activity. Effective monitoring and SAR reporting require adequate resources and personnel. Still another lesson is that AML personnel at the parent and affiliates of a global bank should consider all legal avenues for systematically sharing information with each other about suspicious clients and transactions in order to combat misuse of their network by drug traffickers, organized crime, and other wrongdoers. 637 1/27/2009 email from HSBC David Bagley to HSBC Susan Wright and Warren Leaming, “Press Release,”HSBC OCC 8873485. 638 Id. In 2010, HSBC Holdings plc sold its U.S. wholesale banknotes business in Asia to United Overseas BankLimited (UOB) for $11 million, and in 2011, sold its European banknotes business to HSBC Bank plc. It recorded total closure costs of $14 million during 2010. Id. 639 See 9/9/2009 chart entitled, “HSBC Profile,” included in “HSBC OFAC Compliance Program,” a presentationprepared by HSBC and provided to the OCC, at HSBC OCC 8874197. 640 Id. at “USD Payment Statistics – Fact Sheet,” HSBC OCC 8874211.641 Subcommittee interview of Michael Geoghegan (5/42/2012).112 IV. HSBC AFFILIATES: CIRCUMVENTING OFAC PROHIBITIONS The United States prohibits doing business with certain persons and entities, including terrorists, persons engaged in nuclear proliferation, drug kingpins, and persons associated with rogue jurisdictions such as Iran, North Korea, and Sudan. To implement the law, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has developed a list of those prohibited persons and countries which banks use to create an “OFAC filter” to identify and halt potentially prohibited transactions. Transactions stopped by an OFAC filter typically undergo an individualized review to see if the transaction can proceed. Foreign banks that engage in U.S. dollar transactions typically execute them through the account of a bank in the United States, subject to the U.S. bank’s OFAC filter. While most processing takes less than 24 hours, transactions stopped by the OFAC filter for further review may undergo substantial processing delays and, in some cases, payments may be blocked and held for years. Because of the additional time and expense involved when transactions are subjected to review, some foreign banks have developed a variety of tactics to avoid the OFAC filter. Common tactics included intentionally stripping information from the transaction documentation to conceal the participation of a prohibited country or person, or using “cover payments.” In the context of Iranian transactions, cover payments are transfers between correspondent banks in non-sanctioned jurisdictions which lack underlying payment details, including information about a party that is a prohibited country or person. In the case of Iranian U.S. dollar transactions, some banks used one or both of these practices when conducting socalled “U-turn” transactions, a type of transaction that was allowed under OFAC regulations prior to November 2008, but because the transactions referenced Iran, routinely triggered the OFAC filter and required an individualized review which delayed the transaction’s processing. In recent years, U.S. law enforcement has penalized some international banks that used willfully deceptive tactics to circumvent the OFAC filter and process prohibited transactions. The Subcommittee conducted a review of issues related to the sending of OFAC sensitive transactions through HBUS’ correspondent accounts from 2000 to 2010, by HSBC affiliates. The evidence indicates that, for years, some HSBC affiliates sending OFAC sensitive transactions involving Iran through their U.S. dollar correspondent accounts at HBUS took steps to conceal them, including by deleting references to Iran from the payment instructions or by characterizing the transaction as a transfer between banks in permitted jurisdictions without disclosing any Iranian connection. More specifically, from at least 2001 to 2007, two HSBC affiliates, HSBC Europe (HBEU) and later HSBC Middle East (HBME), repeatedly conducted U-turn transactions involving Iran through HBUS, many of which were not disclosed to the bank, even though they knew HBUS required full transparency to process U-turns. To ensure HBUS cleared the transactions without delay, HBEU routinely altered transaction documentation to delete any reference to Iran that might trigger the OFAC filter at HBUS and also typically characterized the transaction as a transfer between banks in permitted jurisdictions. The aim of the affiliates’ efforts appeared to be to ensure the Iranian transactions utilized HBUS’ automated processing procedures and avoided any human intervention or manual review, a process known as straight through processing or STP. Internal bank documents also indicate that the affiliates viewed the U-turns they sent through HBUS’ accounts as permitted by OFAC rather than 113 prohibited transactions under U.S. law, but their failure to provide full transparency prevented any individualized review by HBUS to confirm their legality. Internal bank documents show that HSBC Group Compliance knew of HBUS’ insistence on full transparency for U-turns and the practice of HSBC affiliates to conceal the Iranian transactions sent through their U.S. dollar correspondent accounts at HBUS. HSBC Group Compliance, as well as other senior HSBC Group executives, allowed the HSBC affiliates to continue to engage in these practices, which even some within the bank viewed as deceptive, for more than five years without disclosing the extent of the activity to HBUS. The bank documents show that, from 2000 to 2005, the practice of altering U-turn transaction documentation was repeatedly brought to the attention of HSBC Group Compliance, including by HBEU personnel who objected to participating in the alteration of documents and twice announced deadlines to end the activity. Despite receiving this information, HSBC Group Compliance did not stop HSBC affiliates from sending concealed Iranian transactions through HBUS’ accounts until the bank decided to exit Iran altogether in 2007. At the same time, while some at HBUS claimed not to have known they were processing undisclosed Iranian transactions from HSBC affiliates, internal documents show key senior HBUS officials were informed as early as 2001. In addition, on several occasions, HBUS’ OFAC filter stopped Iranian transactions that HBUS had indicated should be disclosed by HSBC affiliates, but were not. Despite the evidence of what was taking place, HBUS failed for years to demand a full accounting of what HSBC affiliates were doing. While HBUS insisted, when asked, that HSBC affiliates provide fully transparent transaction information, when it obtained evidence that some affiliates were acting to circumvent the OFAC filter, HBUS failed to take decisive action to confront those affiliates, stop the conduct, and ensure all Iranian U-turns were subjected to individualized reviews to gauge whether they complied with the law. In addition to Iranian transactions, HBUS documents indicate that, from at least 2002 to 2007, some HSBC affiliates also sent potentially prohibited transactions through HBUS involving Burma, Cuba, North Korea, or Sudan, although none of the affiliates employed the same type of systematic effort used for transactions involving Iran. In recent years, HBUS’ OFAC compliance program as a whole has also displayed AML deficiencies. In 2010, HBUS hired an outside auditor, Deloitte LLP, to identify and examine the OFAC sensitive transactions involving Iran and other prohibited countries or persons that went through the bank. 642642 See Deloitte Review of OFAC transactions, “Results of the Transactions Review – UK Gateway, March 29,2012,” HSBC-PSI-PROD-0197919 at 930. That review, which is ongoing and has yet to review all relevant transactions, has so far identified, over a seven-year period from 2001 to 2007, more than 28,000 OFAC sensitive transactions sent through HBUS involving a total of $19.7 billion. Of those 28,000 transactions, more than 25,000 totaling more than $19.4 billion involved Iran, while 3,000 involved other prohibited countries or persons. The Deloitte review characterized 2,584 of those transactions, involving assets in excess of $367 million, 79 of which involved Iran, as “Transactions of Interest” requiring additional analysis to determine whether violations of U.S. 114 law occurred. 643Finally, another issue involves actions taken by some HSBC Latin American affiliates, with the approval of HSBC Group Compliance, to send non-U.S. dollar payment messages through a U.S. server whose OFAC filter was not turned on to screen them for terrorists, drug kingpins, or other prohibited persons. HSBC Group Compliance allowed those payment messages to move through the United States and utilize U.S. facilities while bypassing the OFAC filter, despite HBUS concerns that such messaging traffic might require OFAC screening to block transfers involving terrorism, drug trafficking, or other wrongdoing. The transactions were later screened by HSBC Group’s WOLF filter. HBUS is currently in the process of analyzing those transactions, which could lead to financial penalties if it is found to have violated OFAC regulations. A. Background on OFAC Prohibitions OFAC. The Office of Foreign Assets Control (OFAC) within the U.S. Department ofTreasury administers and enforces economic and trade sanctions stemming from U.S. foreign policy and national security goals, and other threats to the foreign policy, national security, or economy of the United States. 644 The officewas formally established in December 1950, duringWorld War II, when President Truman blocked all Chinese and North Korean assets subject to U.S. jurisdiction. 645 Its programs seek to prohibit U.S. persons and entities from engaging intrade or financial transactions with terrorists, persons engaged in activities related to the proliferation of weapons of mass destruction, international narcotics traffickers, and rogue jurisdictions. OFAC’s regulatory authority is exercised under Presidential national emergency powers and laws enacted by the U.S. Congress to impose controls on transactions and authorize the freezing of assets under U.S. jurisdiction. According to OFAC, “[m]any of the U.S. sanctions are based on United Nations and other international mandates, are multilateral in scope, and involve close cooperation with allied governments.” 646 The freezing of assets “immediatelyimposes an across-the-board prohibition against transfers or dealings of any kind with regard to the property,” and the owner of the asset must contact OFAC directly to request the release of a frozen asset. OFAC prohibitions support U.S. and international efforts to combat terrorism, nuclear proliferation, drug trafficking, and other wrongdoing. OFAC administers both comprehensive and selective sanctions programs. The comprehensive U.S. programs apply to persons and entities within a designated jurisdiction and have applied to Burma (Myanmar), Cuba, Iran, Sudan, and Syria. The non-comprehensive programs target specific individuals and entities rather than impose broad prohibitions involving an entire country. These programs have applied at times to persons and entities associated with Iraq, Libya, North Korea, Somalia, and Zimbabwe. To carry out U.S. sanctions programs, 643 Id.644 See U.S. Department of Treasury Office of Foreign Assets Control (OFAC), http://www.treasury.gov/about/organizational-structure/offices/Pages/Office-of-Foreign-Assets-Control.aspx. 645 Id. OFAC is the successor to the Office of Foreign Funds Control (the “FFC”) that was established at thebeginning of World War II in 1940. However, the Treasury Department administered sanctions as far back as the War of 1812 when sanctions were imposed against Great Britain. Id. 646 Id.115 OFAC has developed a list of Specially Designated Nationals and Blocked Persons (SDN). The SDN designation covers both individuals and entities in which SDN persons have a direct or indirect ownership interest of 50% or more. The SDN designation applies to covered entities whether or not the entity is named on the SDN list. 647 U.S. persons are prohibited from dealingwith persons and entities on the SDN list, and all SDN assets in the United States are supposed to be blocked. OFAC also has authority to grant general and specific “licenses,” which authorize exceptions for certain categories of transactions, such as those related to humanitarian efforts. 648OFAC regulations apply to all U.S. persons, both citizens and permanent resident aliens, regardless of where they are located, as well as all persons and entities within the United States, and all U.S. incorporated entities and their foreign branches. 649 Fines for violating U.S. sanctionlaws and OFAC regulations can be substantial. Criminal penalties can result in fines ranging from $50,000 to $10 million and imprisonment for 10 to 30 years for willful violations. Civil penalties range from $250,000 or twice the amount of each underlying transaction to $1,075,000 for each violation. 650Iran and U-turn Transactions. For more than thirty years, dating back to 1979, the United States has applied sanctions programs to Iran, enforced by OFAC. 651 These programshave generally prohibited U.S. persons from engaging in transactions with anyone associated with Iran, and the OFAC filter has stopped any financial transaction including an Iranian reference. Between 1995 and November 10, 2008, however, OFAC regulations also included an exception to the prohibition on Iranian transactions commonly referred to as “U-turns.” U-turn transactions were authorized by OFAC under regulations issued in 1995. In that year, President Clinton declared that Iran was an international threat for its attempt to obtain a nuclear weapon as well as its role in undermining ongoing peace talks in the Middle East. As such, U.S. financial institutions were generally barred by OFAC from processing transactions involving Iran. In their place, OFAC allowed only those Iran-related transactions that began and ended in non-Iranian foreign banks. According to Treasury: “This is commonly referred to as the ‘‘U-turn’’ authorization. It is so termed because it is initiated offshore as a dollar-denominated transaction by order of a foreign bank’s customer; it then becomes a transfer from a correspondent account held by a domestic 647 See OFAC website, FAQ #10: http://www.treasury.gov/resource-center/faqs/Sanctions/Pages/ques_index.aspx648 See OFAC web site, FAQ #10: http://www.treasury.gov/resource-center/faqs/Sanctions/Pages/ques_index.aspx649 See OFAC website, FAQ #11: http://www.treasury.gov/resource-center/faqs/Sanctions/Pages/answer.aspx#10650 See U.S. Department of Treasury Office of Foreign Assets Control (OFAC), http://www.treasury.gov/about/organizational-structure/offices/Pages/Office-of-Foreign-Assets-Control.aspx. 651 See 31 C.F.R. Part 535, Iranian Assets Control Regulations, and 31 C.F.R. Part 560, Iranian TransactionsRegulations, which together comprise the Iranian sanctions program. Initial Iranian sanctions regulations, now detailed in Part 535, were created on November 14, 1979, after U.S. diplomats were taken hostage in Tehran, and President Carter blocked assets located in the United States belonging to the Government of Iran. On October 29, 1987, following Iran’s expressions of support for international terrorism and aggressive actions against non-hostile shipping in the Persian Gulf, President Reagan issued Executive Order 12613, the predecessor to Part 560. From 1995 to 1997, President Clinton issued three additional Executive Orders, numbered 12957, 12959, and 13059, which culminated in a prohibition of nearly all trade and investment activities with Iran by U.S. persons, regardless of location. 116 bank for the foreign bank to a correspondent account held by a domestic bank for another foreign bank; and it ends up offshore as a transfer to a dollar-denominated account of the second foreign bank’s customer.” 652In essence, the new regulations only allowed U.S. financial institutions to clear U.S. dollar transactions involving non-Iranian intermediaries, even if they involved Iranian clients. This restriction meant transactions involving Iran could be processed only if the beginning and ending points were non-Iranian foreign banks. The purpose of U-turn transactions was to allow U.S. dollar-denominated transactions to continue throughout the world – benefitting both U.S. commerce and the value of the dollar – but to prevent U.S. citizens and institutions from doing business with Iran. This goal was accomplished by ensuring that the only point such transactions touched the United States was in clearing them for foreign banks. The U-turn exception was widely used to carry out U.S. dollar Iranian transactions in the United States for many years. In November 2008, the exception was revoked, and it was no longer legal under OFAC regulations to clear Iran-linked transactions even for foreign banks, although U.S. banks were still permitted to handle Iranian funds in limited circumstances, including transactions supporting humanitarian relief. 653 U.S. persons were explicitly prohibited,however, from engaging in any transaction or dealing in any property or property interest with any Iranian bank designated under the Nonproliferation of Weapons of Mass Destruction or Specially Designated Global Terrorist programs. 654The U-turn exception for Iran in OFAC regulations until 2008 does not appear in any other OFAC regulation, and so does not affect transactions involving any other prohibited country or person. Prosecutions for OFAC Violations. In recent years, a number of large, international banks have been prosecuted for systematically violating OFAC prohibitions. In most cases, the violations involved the practice of stripping information from wire transfer documentation to hide the participation of a prohibited person or country, and executing the prohibited transaction through a U.S. dollar account at a U.S. financial institution. For example, in December 2009, Credit Suisse was fined $536 million by the Department of Justice for altering wire transfer documentation from 1995 to 2006, in transactions involving Burma, Cuba, Iran, and Libya. That same month Lloyd’s Bank was fined $217 million for stripping information from wire transactions over a ten-year period, from the mid 1990s through September 2007. In May 2010, ABN Amro was fined $500 million for removing information from wire transfers involving OFAC sanctioned countries between 1995 and 2005. Most recently, on June 12, 2012, the U.S. Justice Department and New York District Attorney entered into a deferred prosecution agreement with ING Bank N.V. and imposed the 652 See Treasury website, http://www.treasury.gov/resource-center/sanctions/Documents/fr73_66541.pdf; OFACwebsite, http://www.treasury.gov/about/organizational-structure/offices/Pages/Office-of-Foreign-Assets- Control.aspx, at 2. 653 See OFAC website, http://www.treasury.gov/about/organizational-structure/offices/Pages/Office-of-Foreign-Assets-Control.aspx, at 2. 654 Id. at 2.117 largest fine ever levied against a bank for OFAC violations. 655 For processing more than $2billion in transactions on behalf of Cuban, Iranian, and other prohibited persons, ING Bank agreed to a criminal forfeiture of $619 million. The Treasury Department’s press release revealed that ING Bank had “intentionally manipulated financial and trade transactions to remove references to Iran, Cuba, and other sanctioned countries and entities.” 656 It noted thatING Bank’s methods included not referencing a payment’s origin, utilizing “misleading” payment messages, and using shell companies. According to court filings, between the early 1990s and 2007, ING Bank processed more than 20,000 transactions in violation of OFAC prohibitions, “with the knowledge, approval and encouragement of senior corporate managers and legal and compliance departments.” 657A summary of recent prosecutions and legal actions related to OFAC violations follows. Recent Prosecutions and Legal Actions Related to OFAC Violations Bank Date Fine Link Brief Summary ING Bank N.V. 6/12/2012 $619 million • DOJ Press Release The Department of Justice and the New York CountyDistrict Attorney’s Office entered into simultaneous deferred prosecution agreements with ING Bank relating to 20,000 transactions totaling $1.6 billion processed through the U.S. financial system on behalf of Cuban and Iranian entities from the early 1990s through 2007. Barclays 8/18/2010 $298 million • DOJ Press Release• Wall Street Journal, ProbeCircles Globe to Find Dirty Money The Department of Justice and the New York County District Attorney’s Office entered into deferred prosecution agreements with Barclays Bank for activity relating to transactions illegally conducted for customers in Cuba, Iran, Libya, Sudan and Burma from the mid-1990s until September 2006. ABN Amro 5/10/2010 $500 million • DOJ Press Release• Wall Street Journal, RBS,DOJ to End Deferred Prosecution Agreement over ABN Amro The Department of Justice entered into a deferred prosecution agreement with ABN Amro Bank for removing information from wire transfers from 1995- 2005 for customers in Iran, Libya, the Sudan, Cuba and other OFAC- listed countries. Credit Suisse 12/16/2009 $536 million • DOJ Press Release• DOJ Statement of FactsThe Department of Justice entered into a deferred prosecution agreement with Credit Suisse. The fines related to alterations on wire transfers from 1995 to 2006 from Iran, Cuba, Burma and Libya. 655 See, e.g. United States v. Ing Bank, N.V., Case No. 1:12cr136 (USDC DDC), Information (6/12/2012) andDeferred Prosecution Agreement (6/12/2012). 656 6/12/2012 “ING Bank N.V. Agrees to Forfeit $619 Million For Illegal Transactions With Cuban and IranianEntities,” Treasury press release, www.treasury.gov/press-center/press-releases/Pages/tg1612.aspx. 657 Id.118 Lloyd’s Bank 01/09/2009 $217 million • DOJ Press Release The Department of Justice and the New York CountyDistrict Attorney’s Office entered into deferred prosecution agreements with Lloyd’s Bank for wire stripping transactions from the mid 1990s through September 2007. Australia and New Zealand Bank Group Ltd 8/24/2009 $5.75 million • Treasury SettlementStatement • Enforcement DocumentsThe Treasury Department entered into a settlement with the Australia and New Zealand Bank Group relating to currency exchanges from 2004 to 2006, for transactions processed through US correspondent accounts for customers in Cuba and Sudan. Prepared by U.S. Permanent Subcommittee on Investigations, July 2012 HSBC is currently under investigation by the U.S. Justice Department and several federal financial regulatory agencies for engaging in similar practices in possible violation of OFAC regulations. 658 In October 2010, an internal Federal Reserve email discussing HSBC’s decisionto hire an outside auditor to review its records “presumably to find problematic transfers,” noted that “HSBC was one of the two major UK banks for Iranian banks during the early 2000s (Lloyds being the other), so we can imagine what will be found.” 659B. Executing OFAC-Sensitive Transactions (1) Transactions Involving Iran (a) Overview Documents collected by the Subcommittee do not pinpoint when undisclosed Iranian transactions began moving through HBUS in potential violation of OFAC regulations. HSBC officials were aware of the practice generally as early as 2000, as seen in an email discussion between HSBC Group’s Compliance head, then Matthew King, and AML head Susan Wright. Ms. Wright criticized actions taken by an unrelated bank to alter transaction documentation to disguise a wire transfer moving through the United States, but their email exchange does not disclose whether such transactions were already taking place at HBUS. 660 By 2001, they clearlywere, as described in an email from HBEU to HBUS. 661In 2001, when HSBC Europe (HBEU) raised the issue of processing U-turn transactions through its U.S. account in compliance with U.S. requirements, HBUS personnel made it clear that any such transactions would need to be fully transparent and include all underlying payment details to enable HBUS to evaluate whether they qualified as permissible U-turns. From at least 2001 to 2007, however, despite repeated HBUS requests for full transparency, HBEU and later HSBC Middle East (HBME) sent transactions involving Iran through their U.S. dollar 658 See 2/27/2012 HSBC Holdings plc 6-K filing with the Securities and Exchange Commission, item 13,http://sec.gov/Archives/edgar/data/1089113/000119163812000216/hsba201202276k7.htm . 659 10/07/2010 email from Fed Stephen Meyer to Fed Kwayne Jennings and others, “HSBC OFAC,” (Fed email – noBates). 660 See 6/16/2000 email from HSBC Susan Wright to HSBC Matthew King, HSBC OCC 8875191-92.661 See 6/28/2001 email from HBEU John Wilkinson to HBUS Denise Reilly and others, “Bank Melli,” HSBC OCC8876132-133, discussed below. 119 correspondent accounts at HBUS without full disclosure of the transaction details. In some instances, the HSBC affiliate simply stripped the identifying Iranian information from the transaction documentation. In others, the HSBC affiliate also sent the transaction as a transfer between banks in permitted jurisdictions, a tactic sometimes referred to as a “cover payment,” since the bank-to-bank transfer acted as a cover for the underlying transaction. 662 Both methodssought to ensure that a transaction would not be stopped by HBUS’ OFAC filter and delayed for individualized review to determine whether it, in fact, qualified as a permissible U-turn, but would instead benefit from “straight through processing” or STP. From 2001 until 2005, the two HSBC affiliates frequently discussed processing Iranian U.S. dollar transactions for various Iranian financial institutions and entities through their HBUS correspondent accounts. Numerous emails among HBEU, HBME, HBUS, and HSBC Group discuss whether HBUS would be willing to process Iranian U-turn transactions and, if so, how. At the same time, HSBC Group, HBEU and HBME bankers were pushing to expand contacts with Iran. The Senior Payments Manager in HBUS reported being told in a July 2001 conference call that the HSBC Group, with backing from the Chairman, was seeking to “significantly grow our presence in Iran.” 663 In 2003, an HBME business proposal estimatedthat processing 700 U.S. dollar payments for Iranian banks per day using U-turn transactions would produce income of $4 million, while failing to process them would threaten HSBC’s current Iranian business which produced annual bank income of $2 million. 664 HBME alsonoted that it already had a “number of existing USD accounts for Iranian banks.” 665Even though discussions with HBUS over processing the transactions continued in 2002 and 2003, documentation shows that HBEU had already begun to send U-turn transactions through HBUS without disclosing an Iranian connection for many of them. 666 Some HBUEcompliance and payments personnel objected to altering payment instructions in connection with the Iranian transactions, and a key payments official even announced deadlines in January 2004 and September 2004, after which no Iranian payment instructions would be altered, but both deadlines were ignored. HBUS finally approved a protocol to process transparent U-turns in December 2004. 667 Even after that protocol was approved, however, HBEU continued to sendundisclosed U-turn payments through HBUS using cover payments, failing to provide requested information to its own affiliate. At HBUS, during the same time period, internal documents show that, as early as 2001, senior HBUS payments, compliance, and business managers were informed that Iranian U.S. 662 The cover method utilizes the MT202 SWIFT message or payment instruction format, which provides a U.S.bank with the names of the foreign banks acting as the originator or beneficiary of the immediate transfer, but is not required also to provide the underlying origination and beneficiary customer information. 663 7/12/2001 email from HBUS Denise Reilly to Douglas Stolberg and others, “Bank Melli,” HSBC OCC 8876128-129. HSBC legal counsel told the Subcommittee that the HSBC affiliates were already doing business with Iran, but they wanted to increase that business by doing it with Bank Melli. Subcommittee meeting with HSBC legal counsel (6/20/12). 664 1/2003 memorandum from HBME Rick Pudner to HBUS Denise Reilly and HBEU Malcolm Eastwood andothers, “Business Case-USD Payment From Iranian Banks/Entities,” HSBC OCC 8876490 . 665 Id.666 See, e.g., 12/30/2001 email from Protomastro to Carolyn Wind and others, HSBC OCC 8873909.667 Subcommittee interview of Anne Liddy (2/22/2012).120 dollar payments were being sent by HBEU through HBUS after deleting references to Iran. They were also informed of an HBEU proposal to streamline the processing of U-turn transactions by omitting references to Iran so the transactions would not be halted by the OFAC filter in the United States. Emails at the time show that senior HBUS officials expressed discomfort with the HBEU proposal, but took no other action to stop or prevent the activity already occurring. 668 In addition, HBUS’ OFAC filter occasionally caught an Iranian-relatedtransaction, sent by an HSBC affiliate, in which the identifying information had not been fully removed, demonstrating that undisclosed U-turns continued to be sent through HBUS correspondent accounts, but again, no HBUS personnel took further action to stop the activity. In 2003, the Iranian issue was discussed again when a new HBUS AML Director arrived, but once more, no decisive action was taken to put a stop to undisclosed U-turns. Although HSBC Group Compliance was aware of HBUS’ concerns, HBEU’s practice of stripping information or using cover payments to conceal U-turn transactions involving Iran, and the fact that such undisclosed transactions were routinely slipping through HBUS accounts, HSBC Group did not prohibit the practice for years. In July 2005, HSBC Group issued a Groupwide directive, Group Circular Letter (GCL) 050047, barring all HSBC affiliates from engaging in U.S. dollar transactions in violation of OFAC regulations, but continued to allow their use of cover payments for permissible U-turn transactions, which meant the transactions would continue to circumvent the OFAC filter and individualized review by recipient U.S. banks. In April 2006, HSBC Group issued a second Group-wide directive, GCL 060011, requiring HSBC affiliates and other financial institutions to use fully transparent payment instructions when sending transactions through HBUS accounts, but again allowed U-turns “to be made as cover payments.” In 2007, HSBC Group decided to exit Iran. In recent years, OFAC has sent over a dozen so-called Cautionary Letters to HBUS about incidents in which it failed to block a prohibited transaction, including transactions involving Iran. In 2010, HSBC Group employed an outside auditor, Deloitte LLP, to identify and review OFAC sensitive transactions at HBUS over a seven-year period from 2001 to 2007. That review has so far examined 58 million payment messages involving assets of $37 billion that passed through the key server, located in the United Kingdom, during that timeframe and identified OFAC sensitive U.S. dollar transactions involving assets totaling $19.7 billion. The review identified almost 25,000 U.S. dollar transactions involving Iran, involving assets in excess of $19.4 billion. 669 The vast majority of the Iranian transactions, ranging from 75% to 90% overthe years, were sent through HBUS and other U.S. dollar accounts without disclosing any connection to Iran. While the affiliates may have viewed these U-turns as permissible under U.S. law, the absence of identifying information meant they did not trigger the OFAC filter or an individualized review by HBUS to make sure. 668 7/11/2001 email from HBUS Douglas Stolberg to HBUS Denise Reilly, HBUS Joe Harpster, and HBUS MichaelGallagher, “ Bank Melli,” HSBC OCC 8876129. 669 Deloitte Review of OFAC transactions, “Results of the Transactions Review – UK Gateway, March 29, 2012,”HSBC-PSI-PROD-0197919 at 930. 121 (b) Concealing Iranian Transactions 2000 Notice Regarding Iranian Transactions. On June 9, 2000, the HSBC GroupAML Compliance head Susan Wright learned in an email that a client bank was using deceptive practices to send OFAC sensitive U.S. dollar transactions through U.S. correspondent accounts while evading detection by the OFAC filter. In the June 9, 2000 email to Ms. Wright from an HSBC colleague, she was informed that a particular bank, whose name was redacted by HSBC from the email, was “automatically replacing a remitter’s name with that of” the bank. 670 The email stated that the bank planned tocease the practice by the end of June, but in the future, for OFAC sensitive transactions, would “arrange cover for the payment using MT202/203 remittances.” “MT202/203” refers to the SWIFT message or payment instructions used to execute bank-to-bank transfers. The email explained that bank-to-bank transfers did not require identifying the underlying party who originated the transaction or the ultimate beneficiary of the payment. 671 It also indicated that thebank planned to send a separate “MT100 message” to the recipient bank providing full payment details for the originator and ultimate beneficiary. The email stated: “In this way a payment, in US$ can be made for an individual or company on the OFAC list, without the name being ‘detected’ by the OFAC filters that all US banks would apply.” 672Ms. Wright forwarded the June 2000 email to Matthew King, then head of HSBC Group Compliance, describing the client bank’s past procedure of altering transaction documentation when processing OFAC sensitive wire transfers. She wrote: “We advised them that this was contrary to SWIFT guidelines (drawn up to address FATF 673 concerns re money laundering viawire transfers) which required that the full details (names and addresses) of remitters and beneficiaries are included.” 674 She also described the client bank’s future plan to conceal OFACsensitive transactions behind bank-to-bank transfers. Ms. Wright wrote: “From a Group perspective I consider the continuation of this practice to be unacceptable and as a deliberate and calculated method to avoid the US OFAC sanctions has the potential to raise serious regulatory concerns and embarrass the Group.” 675Ms. Wright’s reaction indicates that as early as 2000, HSBC Group Compliance learned of practices being used to avoid detection by the OFAC filter, and viewed them as “unacceptable” and raising potential regulatory concerns that were capable of embarrassing HSBC. 670 6/9/2000 email from HSBC Bob Cooper to HSBC Susan Wright, “Significant Exception 2Q00-04,” HSBC OCC8875192-193. 671 Id.672 6/9/2000 email from HSBC Bob Cooper to HSBC Susan Wright, “Significant Exception 2Q00-04,” HSBC OCC8875192-193. 673 FATF is the Financial Action Task Force, the leading international body that set standards for combating moneylaundering and terrorist financing. 674 6/14/2000 email from HSBC Susan Wright to HSBC Matthew King, “Memo: Significant Exception 2Q00-04,”HSBC OCC 8875191-192. 675 Id.122 2001 Bank Melli Proposal. Six months later, in January 2001, HBEU approached HBUS with a proposal to use its U.S. dollar correspondent account at HBUS to clear U.S. dollar transactions for Bank Melli, the largest commercial retail bank in Iran. 676 At that time, BankMelli’s London Branch maintained a U.S. dollar account with several other major international banks, but was interested in establishing a relationship with HSBC that would give the bank the majority of Bank Melli’s U.S. dollar clearing business. HBEU conducted an extensive review, with advice from two outside U.S. law firms, to determine whether transactions originated by Bank Melli would meet the definition of a permissible U-turn transaction under OFAC regulations, and concluded that they would, in fact, be permissible. Even though the proposed U-turns would be permissible under OFAC regulations, HBEU proposed carrying them out in the form of bank-to-bank transfers, without any reference to the underlying originator or ultimate beneficiary and, so without any reference to Iran. 677 The aimwas to ensure that the transactions would not be delayed by triggering an OFAC filter and having to undergo individualized review. HBUS compliance personnel responded that any such transactions would have to be done in a more transparent manner, with detailed payment information specifying the underlying originating and beneficiary customer information. HBUS employees expressed concern about using cover payments, since the limited payment instructions would not enable HBUS to know whether it was processing a valid U-turn transaction involving Iran or whether it was even processing a U-turn transaction at all. 678 Itwould see only two banks making the transfer on the payment instructions and would have no knowledge of the underlying customers for whom the transaction was being processed, including whether they were prohibited persons. Legal Advice. In January 2001, HBUS OFAC Compliance officer Elizabeth Protomastro asked outside legal counsel, Tom Crocker, for an opinion as to whether HBUS could process U.S. dollar transactions from HBEU on behalf of either Bank Melli or Iran’s Central Bank, Bank Markazi. 679 After extensive consultations involving two law firms andOFAC, HBUS was advised that the Bank Melli transactions could qualify as permissible U-turn transactions. 680676 HSBC had established a relationship with Bank Melli’s office in Tehran in 1999. 7/11/2001 email from HBUSCarolyn Wind to HSBC Matthew King and others, “Bank Melli,” HSBC-PSI-PROD-0096130-132. 677 Id. at 0096130. Under international banking practice, it was legal for bank-to-bank transactions to omitunderlying payment details for the originator and ultimate beneficiary. Subcommittee briefing by OFAC (5/8/2012). 678 Id. at 0096130-131.679 See 1/31/2001 email from Elizabeth Protomastro to Tom Crocker, HSBC OCC 8903860.680 On February 1, 2001, HBEU provided Ms. Protomastro with more information about the type of U.S. dollartransactions that would be sent through HBEU’s correspondent account at HBUS, explaining that they would include 25 treasury-related payments involving about $750 million per day, 25 treasury-related receipts involving about $750 million per day, and 100 commercial payments involving $200 to $300 million per day, none of which would be related to letters of credit for military goods. (See 2/1/2001 email from HBEU Peter Blenk to HBUS Elizabeth Protomastro, “Central Bank of Iran,” HSBC OCC 8903864-865.) On February 2, 2001, Mr. Crocker advised that the scenario outlined by HBUE did not appear to qualify for the U-turn exception as stipulated in the OFAC Iranian Transactions Regulations, because HBEU could not serve as both the originating and receiving foreign bank. (See 2/2/2001 email from Tom Crocker to HBUS Elizabeth Protomastro, “Central Bank of Iran,” HSBC OCC 8903859-860.) In response to Mr. Crocker’s opinion, on February 19, 2001, HSBC Group Compliance head Matthew King contacted a second law firm, Winthrop Brown, to obtain a second opinion. (See 2/19/2001 email from HSBC 123 HSBC Group Compliance head Matthew King forwarded the legal advice to HBME officials Brian Richards and John Richards, stating: “I confirm I am happy for the business to be undertaken on this basis.” He also wrote: “I am assuming this business will be booked in HBEU, hence I am copying Chris Couldrey. If any other Group entity is likely to be involved, could you let me know.” 681 Brian Richards responded the following day to confirm that paymentorders from Bank Melli’s account would originate from HBEU, and credits in favor of Bank Melli would be credited to their account at HBEU. He stated that the payment orders would not mention Bank Melli, and HBUS would not receive payment orders or receipts directly from an Iranian entity. Mr. Richards concluded that the payment chain would meet the U-turn definition provided by Mr. Simons. 682HBEU Payment Instructions. HBEU, HBUS, and HSBC Group Compliance continued to discuss HBEU’s proposal to process U.S. dollar transactions for Bank Melli. In a letter dated April 30, 2001, HBEU’s Multicurrency Payments Department (MPD) sent Bank Melli a proposal to process their payments with “minimal manual intervention.” 683The letter included payment templates with specific instructions on how to format U.S. dollar transactions so the paperwork would not have to be altered by HBEU. MPD proposed that Bank Melli use the provided templates to complete payments fields for both MT202 and MT100 SWIFT messages 684 and to test the proposal.685 In the letter, MPD Business DevelopmentManager John Fowle advised the Bank Melli Cash and Payments Manager in London, Saeed Pourjam: “[F]ollowing tests in our payments environment we are confident that we have found a solution to processing your payments with minimal manual intervention. The key is to Matthew King to Winthrop Brown and HBME John Richards, “Memo: OFAC constraints in the Central Bank of Iran operating a USD Clearing account with HSBC Bank plc in London,” HSBC OCC 8903876-877.) One of the firm’s lawyers, John Simons, consulted with OFAC and obtained a copy of the payment processing procedure for qualified “U-Turn Dollar Clearing” transactions. He explained he was waiting to confirm with OFAC’s Chief Counsel Office about whether a second U.S. bank was required to process permissible U-turn transactions. The email indicated that they had also determined that a requirement in Section 560.516 (b) for U.S. depository institutions to determine if an underlying transaction was prohibited by OFAC, “prior to initiating a payment on behalf of any customer or crediting a transfer to the account on its books of the ultimate beneficiary,” did not apply to U-turns. (See 2/2001 email from John Simons to Winthrop Brown, “Memo: OFAC constraints in the Central Bank of Iran operating a USD Clearing account with HSBC Bank plc in London,” HSBC OCC 8903875-876.) In April 2001, Mr. Simons emailed Mr. King that OFAC had confirmed that a second U.S. bank was not required when processing permissible U-turn transactions and no specific OFAC license was required to engage in U-turn transactions. (See 4/26/2001 email from John Simons to HSBC Matthew King and others, OFAC – Iran,” HSBC OCC 8903868-870. 681 4/26/2001 email from HSBC Matthew King to HBME Brian Richards and others, “OFAC – Iran,” HSBC OCC8903868. 682 4/27/2001 email from HBME Brian Richards to HSBC Matthew King and others, “OFAC – Iran,” HSBC OCC8903874. 683 See 7/11/2001 email from HBUS Carolyn Wind to HSBC Matthew King and others, “Bank Melli,” HSBC OCC8876130-136 at 135-136 (including a copy of the April letter). 684 MT202 and MT100 are examples of SWIFT messages used by financial institutions to facilitate paymentprocessing. Different messages utilize specialized formats, dependent on the type of transaction, to process the payments. Subcommittee briefing by OFAC (5/8/2012); Subcommittee briefing by Deloitte (5/51/2012). 685 7/11/2001 email from HBUS Carolyn Wind to HSBC Matthew King, “Bank Melli” HSBC OCC 8876130-136 at133-136. 124 always populate field 52 – if you do not have an ordering party name then quote “One of our Clients”, never leave blank. This means that the outgoing payment instruction from HSBC will not quote “Bank Melli” as sender – just HSBC London and whatever is in Field 52. This then negates the need to quote “DO NOT MENTION OUR NAME IN NEW YORK” in field 72.” 686This email shows HBEU designed a payment method to avoid the OFAC filter by preventing the inclusion of information about the participation of the Iranian bank. The method developed by HBEU ensured that no language that would normally trigger an OFAC review – such as “do not mention our name in New York” – appeared in the transaction documentation. On May 25, 2001, in an email to colleagues, Michael Gallagher, an HBUS senior official at the Payments and Cash Management (PCM) division, expressed discomfort with the Bank Melli proposal to colleagues, including his supervisor, Douglas Stolberg, head of Commercial and Institutional Banking (CIB): “I wish to be on the record as not comfortable with this piece of business.” 687 His statement did not elicit any immediate response. When interviewed, Mr.Gallagher told the Subcommittee that he sent this email to express his concerns to his colleagues, including his supervisor, and then left it to them to determine what should be done. 688In the meantime, HBEU had already begun processing Bank Melli U-turns through its account at HBUS, using cover payments so that the transactions would not trigger HBUS’ OFAC filter. This fact was disclosed in a June 28, 2001 email from the HBEU Institutional Banking Relationship Manager who handled the Bank Melli account, John Wilkinson. 689 In the email, hewas discussing the Bank Melli proposal with the head of HBUS’ payment services, Denise Reilly. Mr. Wilkinson explained that once the proposal “goes live,” Bank Melli was instructed “to alter the format” of their payments to achieve straight through processing. Mr. Wilkinson wrote: “[W]e have further asked them to only put ‘One of our clients’ in field 52, thus removing the chance of them inputting an ‘Iranian referenced’ customer name, that causes fall out of the cover payment sent to HBUS and a breach of OFAC regulations.” 690He also explained that using ‘One of our clients’ in field 52 “is a standard phrase used by MPD [HBEU’s Multicurrency Payments Department] in these situations.” 691686 Id. at 8876135 (emphasis in original). Two months earlier, on May 21, 2001, HBEU Institutional Banking (CIBIBL) conducted a call with Bank Melli to inquire about the names of the principal beneficiaries of their payments. The resultant call report indicated that “as expected,” Bank Melli was unable to answer with the reasoning that Iran imports from many countries and suppliers worldwide. This information had been previously requested by a Senior Manager in Payment Operations at HBUS, Denise Reilly. An Area Manager within HBEU CIB IBL, Brian Richards, forwarded the response to Ms. Reilly the following day. Ms. Reilly then forwarded Mr. Richard’s email to HBUS Compliance personnel. 5/22/2001 email from HBUS Denise Reilly to HBUS Carolyn Wind and others, “Bank Melli,” HSBC-PSI-PROD-0096138-142. Acknowledging Ms. 687 5/25/2001 email from HBUS Michael Gallagher to HBUS Denise Reilly and Douglas Stolberg, “BANKMELLI,” HSBC-PSI-PROD-0096138. 688 Subcommittee interview of Michael Gallagher (6/13/2012).689 6/28/2001 email from HBEU John Wilkinson to HBUS Denise Reilly and others, “Bank Melli,” HSBC OCC8876132-133 at 133. 690 Id.125 Reilly’s concerns following “a recent formatting error” detailed in an earlier email of June 15, 2001, Mr. Wilkinson noted that Bank Melli had not yet begun to use the new formatting method detailed in the April letter: “Bank Melli are still formatting payments in their usual method, in this instance MPD failed to spot the poor input and did not follow their normal procedure of altering the payment, hence it was blocked. MPD have again confirmed the new formatting method will achieve straight through processing and overcome these difficulties.” 692Mr. Wilkinson’s email shows that Bank Melli was already processing undisclosed U-turn transactions through HBEU’s account at HBUS, using what he calls “their usual method” for formatting the payments, prior to the proposed changes. His email also described HBEU’s “normal procedure” as “altering” Bank Melli’s payments to prevent the payments from being blocked. The proposed new procedure was aimed at eliminating those manual interventions on the part of HBEU to both expedite payments, potentially saving time and therefore money. This June 2001 email put HBUS on notice that HBEU had at times altered transactions involving Bank Melli in Iran, a practice already so commonplace at HBEU it was called its “normal procedure.” This email was sent to the head of HBUS’ payment service operations, who then alerted other HBUS executives. When asked about this document describing the alteration of documents being engaged in by an HSBC affiliate, senior HBUS Compliance official Anne Liddy, who oversaw HBUS’ OFAC compliance program, told the Subcommittee that it would have been a problem if U-turns were being processed in 2001, since HBUS did not then have a process in place to conduct U-turns appropriately. 693HBUS Objections. On July 11, 2001, after HBUS Compliance head Carolyn Wind learned of the HBEU proposal, she sent an email to HSBC Group Compliance head Matthew King objecting to it. 694 What followed was a growing consensus that HSBC should not bepursuing its business in this fashion. Ms. Wind included the Wilkinson email from June and a copy of the April letter sent to Bank Melli providing payment message instructions. Ms. Wind expressed several concerns, including whether the transactions sent via the cover payments would be permissible under OFAC regulations and that “HBUS will not be able to confirm whether or not the underlying transaction actually meets the ‘U-Turn’ requirement.” She noted further that it was “not apparent that HBEU will be able to confirm that each payment meets the requirements.” She wrote: “In an effort to facilitate ‘straight-through processing’, it now appears that HBEU will train Bank Melli on formatting the payments and that we will be relying on Bank Melli to ensure that only qualifying payments are processed through HBEU’s account with HBUS.” 695691 Id.692 Id.693 Subcommittee interview of Anne Liddy (2/22/2012).694 7/11/2001 email from HBUS Carolyn Wind to HSBC Matthew King and others, “Bank Melli,” HSBC OCC8876130-136. 695 Id. at 8876130.126 Ms. Wind also expressed concern about how it might appear to U.S. regulators that HBEU trained Bank Melli to write payment instructions in such a way, pointing out that if OFAC were to identify a transaction that did not qualify as a permissible U-turn, OFAC might consider “HSBC’s actions due to the non-disclosure as having involved willful disregard or evasion.” 696HBUS payment services head Denise Reilly forwarded Ms. Wind’s email to Douglas Stolberg, head of HBUS Commercial and Institutional Banking (CIB). He responded: “With the amount of smoke coming off of this gun, remind me again why we think we should be supporting this business?” 697Ms. Reilly responded by sending Mr. Stolberg a memorandum prepared by the HSBC Group Representative for Iran, John Richards, which stated that HSBC Group “with the backing of Bond” – referring to the HSBC Chairman of the Board of Directors - wanted to “significantly grow our presence in Iran” with current lines of credit reported to be $800 million, trade lines of $150 million, and growth anticipated in trade, cash management and internet banking. The memorandum indicated that HSBC Group and HBEU wanted to expand the bank’s presence in Iran and viewed clearing U.S. dollar transactions for Bank Melli as a profitable venture that could help win additional business in Iran, despite U.S. sanctions and HBUS concerns. 698These email exchanges show that, by July 2001, senior HBUS compliance, payments, and business managers, as well as the HSBC Group Compliance head, were aware that Iranian U.S. dollar transaction documentation was being altered by HBEU and the transactions were being processed through HBUS. 699 HBUS Compliance head Carolyn Wind complained toHSBC Group Compliance head Matthew King, but neither stopped the practice, nor did HSBC Group obtain a legal opinion about whether its U.S. dollar cover payments were in compliance with OFAC regulations. HBUS’ Payments Proposal. In August 2001, HBUS offered its own proposed procedures to clear U.S. dollar transactions involving Bank Melli. 700 Uncomfortable with theformatting solution proposed by HBEU a few months prior, HBUS proposed that Bank Melli be listed as the originator in the payment instructions and proposed establishing a segregated account for the transactions so HBUS could ensure that all Bank Melli payments would be stopped by the OFAC filter for further review and approval. 696 Id. at 8876131.697 See 7/11/2001 email exchanges among HBUS Douglas Stolberg and HBUS Denise Reilly, Joe Harpster, andMichael Gallagher, “Bank Melli,” HSBC OCC 8876128-130. 698 Id. at 8876128-129.699 7/11/2001 email exchange among HBUS Carolyn Wind, HBUS, Paul Lee, HBUS Anne Liddy, HBUS DouglasStolberg, HBUS Michael Gallagher, and HBUS Denise Reilly, HSBC OCC 8876129. 700 The procedures consisted of a two-step debit process and a five-step OFAC review process, and committed tosame day processing for transactions determined to be U-turn compliant. The procedures required that Bank Melli transactions be segregated in an “HBEU Special Account” with the account number entered into the OFAC filter so that every Bank Melli transaction would be stopped in the OFAC queue for two reviews and two approvals prior to processing. Bank Melli would appear as the originator for all related transactions. 8/29/2001 email from HBUS Denise Reilly to HBAP Alan Wilkinson and others, “Bank Melli,” HSBC OCC 7687346-348. 127 On August 30, 2001, HSBC’s John Richards expressed his support for the procedures, noting it would be the first time that an Iranian bank name was mentioned in the payment message. 701On September 6, 2001, HBUS met with the Director of the Office of Foreign Assets Control (OFAC) to discuss clearing Bank Melli U-turn transactions. Carolyn Wind commented that although OFAC did not approve or reject the proposal, she walked away from the meeting thinking that OFAC was “okay with it.” 702HBME’s Iranian Transactions. While HBEU was processing U-turn transactions for Bank Melli, a second HSBC affiliate, HSBC Middle East (HBME), was also carrying out OFAC sensitive transactions for other clients, using its own and HBEU’s U.S. dollar correspondent accounts at HBUS apparently without alerting HBUS to the transactions. In an October 2001 email, David Bagley, then HBME Regional Head of Legal and Compliance, sought guidance from HSBC Group Compliance head Matthew King about how OFAC sensitive transactions should be handled. 703 Mr. Bagley wrote: “As I understand the current position we do routinely,and across the Group, adopt differing approaches to payments potentially subject to OFAC sanctions.” Mr. Bagley wrote that, at HBME, payments were not structured “against a specific request from the customer, rather we undertake this structuring as a routine,” and that he was not clear about whether those procedures were viewed “as being inappropriate, and thus should be disallowed.” He also noted: “I am advised that there may even be software in the UK which filters such payments for restructuring in the event that the original message has been structured in such a way that it will be caught by the OFAC filters.” Mr. Bagley cautioned that subjecting all OFAC sensitive payments to the OFAC filter for further review and approval would likely hurt business. He wrote: “disallowing all payments which are potentially subject to the OFAC process,” or the alternative of forwarding “messages in such a way that they would be caught,” would have a “significant affect” upon HBME’s business within the Middle East and the Group’s business within correspondent banking. He also wrote: “given the likely volumes it is impractical to submit each payment to a process of referral to HBUS,” as HBUS had proposed. He concluded with a request for clear guidance: “I would be grateful for your clarification as to whether what is currently going on is acceptable, or whether we should be adopting a different practice.” 704Mr. King responded that the September 11, 2001 terrorist attack on the United States required a reassessment. He wrote: “some of the routes traditionally used to avoid the impact of US OFAC sanctions may no longer be acceptable.” Mr. King indicated that an automated screening system was being looked into, and in the interim asked that OFAC sensitive payments be vetted manually. 705701 8/30/2001 email from HSBC John Richards to HBUS Denise Reilly and others, “Bank Melli,” HSBC-PSIPROD-0096147-48. 702 Subcommittee interview of Carolyn Wind (3/7/2012).703 10/10/2001 email exchange among HSBC Matthew King and HBME David Bagley and others, “OFACSanctions,” HSBC OCC 8873890-893 at 892. 704 Id. at 8873892.705 Id. at 8873890.128 Mr. Bagley’s email alerted Mr. King to the fact that HBME, like HBEU, was routinely sending U.S. dollar transactions through its correspondent account at HBUS using methods intended to circumvent HBUS’ OFAC filter. His email did not limit those transactions to Iranian U-turns, but sought broader guidance on acceptable practice. Mr. King wrote back: “all we can do is ask that payment from the affected countries are vetted manually.” 706(c) Pressuring HBUS on Iran In April 2002, HBME asked HBUS to re-circulate its proposed procedures for processing Iranian U-turn transactions, 707 indicating that the two affiliates were still attempting to reachagreement on the procedures to be used. 708HBEU Draft Guidelines. While the HBEU Relationship Manager for Institutional Banking in HBME, John Wilkinson, was trying to streamline the cover payments procedure used to send Iranian U-turns through HBEU’s correspondent account at HBUS, HBEU Compliance was trying at the same time to put a stop to the practice altogether. On July 15, 2002, an HBEU Compliance officer forwarded draft guidelines for handling OFAC sensitive transactions to HBEU Compliance manager Julie Clarke and HBEU Multicurrency Payments Department (MPD) head Malcolm Eastwood and requested their approval. 709 The proposed guidelines statedin part that, although HBEU was not legally required to comply with U.S. OFAC prohibitions, “It is strongly recommended … that RMs [Relationship Managers] do not deliberately take action aimed at assisting a customer to circumvent OFAC sanctions. For example payment instructions should not be amended by IBL staff.” The proposed guidance also stated: “On no account should you deliberately guide, encourage or coerce the sender into amending the payment details so as to circumvent the OFAC sanctions. … We will simply process as instructed.” 710 The draft guidance relied on the following Group Policy:“Group members should comply with both the letter and spirit of all relevant laws, codes, rules, regulations and standards of good market practice in each jurisdiction around the world where they conduct business.” 711706 Id. at 8873890-891.707 4/15/2002 email from HBUS Denise Reilly to HBEU John Wilkinson and others, “Bank Melli,” HSBC OCC7687376-377. 708 According to Mr. Bagley, the HBEU Payment Services’ December 2002 Compliance Certificate made explicitreference to its practice of altering Iranian U.S. dollar payments. Subcommittee interview of David Bagley (4/12/2012). Compliance Certificates from affiliates are normally consolidated and sent to HSBC Group Compliance for review, which would have provided a formal channel for addressing the issue. David Bagley told the Subcommittee, however, that the reference to U-turn transactions in HBEU’s 2002 certificate was not incorporated into the consolidated Compliance Certificate and therefore was not formally escalated to Group Compliance for review. Id. 709 7/15/2002 email from HBEU Paul Proctor to HBEU Julie Clarke, HBEU Malcolm Eastwood, and others,“Monitoring of payment transactions against sanctions,” HSBC OCC 8877103-106. 710 Id. at 8877106.711 Id. at 8877105. The guidelines also noted that the responsibility for “policing payment and cheque clearingsagainst sanctions” would move to Payment Services in the future. 129 These guidelines were later approved and became effective in the fall of 2003. 712 They showthat HBEU Compliance and business personnel were aware of and concerned about potentially deceptive practices some could use to circumvent OFAC prohibitions. HBME Negotiations. While HBEU Compliance developed the OFAC guidelines, Gary Boon, HBME Payment and Cash Management (PCM) sales manager in Dubai, spent the second half of 2002, making a concerted effort to reach agreement with HBUS on how to process U-turn transactions. On August 29, 2002, Mr. Boon emailed Denise Reilly and Nancy Hedges in HBUS Payment Operations, to encourage HBUS to officially approve the processing of U-turn transactions involving Iranian banks. He wrote: “I can now confirm that HSBC Bank plc, London does not have any processing or compliance issues in respect of USD payments from existing or new opportunities with Iranian Banks.” 713 He also wrote that HBEU wanted “toensure the payments are STP [straight through processing],” and HBEU would provide its clients with guidelines for formatting transactions to “ensure that our Iranian clients fully understand, when or how, payments could be rejected.” 714 He indicated that he was seeking HBUS’ formalagreement to process the U-turn transactions, from both a resource and reputational risk standpoint, “before I attempt to sell a USD clearing proposition.” 715On October 8, 2002, Mr. Boon sent an email to senior HBUS Compliance official, Anne Liddy, seeking feedback on the HBEU proposal. 716 Ms. Liddy responded that the position ofHBUS Compliance remained unchanged “in that all transactions involving Bank Melli must be fully disclosed and represented in one single transaction that reflects the complete flow of funds.” 717 Ms. Liddy noted that the HBUS proposed procedures had been approved by LegalCounsel as meeting OFAC requirements. She also stated that HBUS and HBEU needed to reach agreement on the payment procedures before HBUS Compliance would present an official proposal to HBUS’ Senior Management Committee or OFAC for approval. Ms. Liddy was also clear that these steps had to be taken prior to HBEU’s making any proposal to Bank Melli or another Iranian bank. 718Mr. Boon responded on the same day that HBEU would soon be complying with the Financial Action Task Force (FATF) regulations requiring full disclosure of payment details on MT100/MT103 message formats, which was already part of the HBEU proposal since HBEU sent those messages to the bank receiving a U-turn payment in addition to sending a cover payment on a MT202 form. He indicated that the payments sent to HBUS fall into the category of permissible U-turn transactions, and noted that HBUS was already processing U.S. dollar transactions through two existing accounts in London. 719712 See 9/8/2003 email from HBEU Julie Clarke to HBEU Paul Proctor and others, “OFAC sanctions evasion –Iranian payments,” HSBC OCC 8876819-820. Mr. Boon wrote: “The majority of 713 8/29/2002 email from HBME Gary Boon to HBUS Nancy Hedges, HBUS Denise Reilly, and others, “IRANUSDPAYMENTS,” HSBC OCC 0948193-195. 714 Id. at 0948194.715 Id. at 0948194.716 See 10/08/2002 email exchanges among HBUS Anne Liddy, HBME Gary Boon, and others, “Bank Melli,”HSBC OCC 7687374-375. 717 Id. at 7687375.718 Id. at 7687375.719 Id. at 7687374-375.130 payments will be processed with HBEU sending a MT100/MT103 to the beneficiary bank and HBUS will receive the MT202 cover payment (again your already doing this).” 720 He indicatedthat, due to “massive opportunities,” he would like to resolve the procedural issues prior to a scheduled visit to Iran in November 2002. 721 In response, Ms. Liddy reluctantly set up aconference call with Mr. Boon and included Carolyn Wind and Denise Reilly. 722When asked about this email, Ms. Liddy told the Subcommittee that she misinterpreted Mr. Boon’s assertion that HBUS was already processing Iranian payments through existing accounts in London to mean that the issue affected London accounts, but not accounts in the United States. 723 She said that she became more concerned two months later, in December 2002,when a Bank Melli payment was caught in HBUS’ OFAC filter. 724 Carolyn Wind told theSubcommittee that she was surprised by Mr. Boon’s email and didn’t know what his comments meant. Ms. Wind said that she contacted HSBC Group Compliance head Matthew King to follow-up, but didn’t know what action he took, if any. 725The results of the conference call between HBME and HBUS were discussed in email correspondence later that month. On October 28, 2002, Mr. Boon wrote to Denise Reilly requesting an update. Ms. Reilly responded that HBUS had spoken with OFAC; the “MT100/MT103 and MT202 normal cover payment process has been deemed unacceptable”; and OFAC required “full disclosure of the transaction.” 726 Mr. Boon and Ms. Reilly then agreedthat HBEU should open a separate “Special nostro account” for all U-turn transactions to ensure each transaction would be caught by the OFAC filter for review and approval. 727 Mr. Boonrequested confirmation that if HBEU met those terms and the HBUS committee approved the proposal, that “HBUS would be in a position to potentially become Iran’s USD Clearing Agent, HBEU would be their USD Correspondent Bank?” 728 Ms. Reilly responded that the currentproposal was to “process transactions on behalf of Bank Melli” and if the proposal were broader “then it should be included in the business rationale that we requested in our conference call earlier this week for presentation to HBUS senior management.” 729 She indicated that the HBUSSenior Management Committee was comprised of the President of the bank, key business heads, and the head of key support units. While these emails suggest HBUS Compliance was poised to present the Iranian U-turn proposal to the HBUS Senior Management Committee, there is no indication in the documentation that the committee ever received or approved it. Eastwood Memorandum. In November 2002, HBEU Multicurrency Payments Department (MPD) head Malcolm Eastwood sent a memorandum to HBUS Payments Services 720 Id. at 7687375.721 10/17/2002 email from Gary Boon to Anne Liddy, “IRAN,” HSBC OCC 7687373.722 10/21/2002 email from Anne LIddy to Carolyn Wind and Denise Reilly, “IRAN,” HSBC OCC 7687373.723 Subcommittee interview of Anne Liddy (2/22/2012).724 Id. See also 12/30/2002 email exchanges among HBUS Elizabeth Protomastro, HBUS Carolyn Wind, HBUSAnne Liddy, HBUS Denise Reilly, and HSBC David Bagley, “OFAC: PLC wire on behalf of Melli Bank PLC,” HSBC OCC 8873909. 725 Subcommittee interview of Carolyn Wind (3/07/2012).726 10/29/2002 email from HBUS Denise Reilly to HBME Gary Boon and HBUS Nancy Hedges, “ IRAN-USDPayments,” HSBC OCC 0948192-193. 727 Id. at 0948192.728 Id. at 0948192.729 Id. at 0948192.131 head Denise Reilly and Geoff Armstrong expressing concern that HSBC was exposing itself to unnecessary risk by handling OFAC sensitive payments. 730 He wrote:“I currently feel that we may be exposing ourselves to unnecessary and unacceptable Reputational and Operational Risk when we are handling payments originating from FIs [financial institutions] domiciled in or who are a local branch of an FI domiciled in an OFAC regulated country.” Mr. Eastwood stated that HBEU’s current process was to send OFAC sensitive payments to HBUS via the “cover” payment method that made no mention of Iran or other prohibited countries. 731 He noted that two payments, one from Iran and one from Cuba, had recently beencaught by HBUS’s OFAC filter. Mr. Eastwood stated that he wanted to resolve the situation, and “we therefore need to seek clarification of HBUS/OFAC’s stance so that we can determine our future payments strategy.” 732The Eastwood memorandum again put HBUS on notice regarding HBEU’s practice of concealing U-turn transactions behind cover payments and altering the payment instructions received from Iranian banks. Mr. Eastwood wrote: “The Iranian banks continue to send us what I describe as conditional payment instructions which for HBEU require an element of amendment by ourselves.” 733 Mr. Eastwood warned: “If we cannot achieve this [a resolution onhow to handle U-turn transactions] I will have to recommend to my General Manager a view that processing these payments is ‘unsafe’ and that these items should be filtered out and cancelled. This would have severe repercussions for our Group relationship within the Iranian FIs.” 734That same day, HBUS Payments Services head Denise Reilly forwarded the Eastwood memorandum to HBUS PCM head Michael Gallagher and HBUS Compliance head Carolyn Wind, with the note: “We need to discuss.” 735 HBUS records do not indicate whether thatdiscussion took place. When asked about this email, Mr. Gallagher told the Subcommittee that he wasn’t sure he received Mr. Eastwood’s memorandum because he wasn’t named on it. 736When shown another email indicating he had discussed the Eastwood memorandum again in December 2003, with the new HBUS AML head, 737 he told the Subcommittee that he did notrecall the memorandum, any discussion of it, or taking any action in response to it. 738 WhenCarolyn Wind was asked about the Eastwood memorandum, she told the Subcommittee that HBUS kept “pushing back on U-turns.” 739730 11/14/2002 memorandum from HBEU Malcolm Eastwood to HBUS Denise Reilly and HBEU GeoffArmstrong, “Compliance – OFAC Issues in General and Specific to Iran,” HSBC OCC 7688824. 731 Id. at 7688825.732 Id. at 7688825.733 Id. at 7688826.734 Id. at 7688826.735 11/14/2002 email from HBUS Denise Reilly to HBUS Carolyn Wind and HBUS Michael Gallagher,“Compliance – OFAC Issues in General and Specific to Iran,” HSBC OCC 7688822-827. 736 Subcommittee interview of Michael Gallagher (6/13/2012).737 See 12/17/2003 email from HBUS Denise Reilly to HBUS Teresa Pesce, “Compliance – OFAC Issues in Generaland Specific to Iran,” HSBC OCC 3407517-522 (“Attached is the memo that we discussed yesterday in our meeting with Michael Gallagher.”). 738 Subcommittee interview of Michael Gallagher (6/13/2012).739 Subcommittee interview of Carolyn Wind (3/7/2012).132 Do Not Mention Our Name. In late December 2002, HBUS OFAC Compliance officer Elizabeth Protomastro notified Carolyn Wind, Denise Reilly, and Anne Liddy that, on December 27, 2002, the HBUS OFAC filter had stopped and rejected a payment listing Bank Melli as the originator of the payment and containing a field that read, “Do not mention our name in NY.” Ms. Protomastro advised rejecting all U-turn transactions containing such language. The language on the stopped transaction shows how information related to Iranian payments was intentionally withheld from HBUS. In response, Ms. Liddy went to Carolyn Wind’s office and spoke with her, Denise Reilly, and Paul Lee, HBUS’ Legal Counsel, about the transaction. She was told to alert David Bagley, who had become head of HSBC Group Compliance in January 2002. 740 That same day, Anne Liddy forwarded Ms. Protomastro’s email to Mr. Bagley.741 Ms.Liddy told the Subcommittee that she was concerned about the Bank Melli payment, because HBEU still had not obtained approval to do those types of transactions. 742 She told theSubcommittee that neither Mr. Bagley nor Ms. Wind provided any feedback on the incident, and she didn’t know what action, if any, Mr. Bagley took. 743The 2002 Eastwood memorandum again put senior HBUS compliance and business officials on notice that HBEU was sending undisclosed OFAC sensitive transactions through its U.S. dollar correspondent accounts at HBUS. Again, HBUS officials alerted their superiors, but no further action was taken. (d) Continuing Pressure on HBUS to Process Iranian Transactions Although HBEU handled the Bank Melli account, it was HSBC Middle East (HBME) that was at the center of efforts to pressure HBUS to process Iranian transactions without triggering the OFAC filter. HBME took the lead in dealing with Iran and selling bank services to Iranian banks. In January 2003, HBME Group Relationship Manager for the Middle East, Nigel Weir, sent HBUS Payments Services head Denise Reilly and HBEU MPD head Malcolm Eastwood a memorandum entitled, “Business Case-USD Payments from Iranian Banks/Entities.” 744740 Subcommittee interview of Anne Liddy (2/22/2012). Mr. Bagley assumed the duties of HSBC GroupCompliance head in January 2002, but his appointment did not become official until Mary 2002, after the U.K. Financial Services Authority approved it. Subcommittee interview of David Bagley (5/10/2012); Subcommittee briefing by Cahill Gordon & Reindel LLP (6/20/2012). This HBME memorandum laid out the “business case” for HBUS’ 741 See 12/30/2002 email exchanges among HBUS Elizabeth Protomastro, HBUS Carolyn Wind, HBUS AnneLiddy, HBUS Denise Reilly, and HSBC David Bagley, “OFAC: PLC wire on behalf of Melli Bank PLC,” HSBC OCC 8873909. 742 Subcommittee interview of Anne Liddy (2/22/2012).743 Id. See also at 12/30/2002 email exchanges among HBUS Elizabeth Protomastro, HBUS Carolyn Wind, HBUSAnne Liddy, HBUS Denise Reilly, and HSBC David Bagley, “OFAC: PLC wire on behalf of Melli Bank PLC,” HSBC OCC 8873909. 744 1/2003 memo from HBME Rick Pudner to HBUS Denise Reilly and HBEU Malcolm Eastwood and others,“Business Case-USD Payments From Iranian Banks/Entities,” HSBC OCC 8876490; 1/21/2003 email exchanges among HBUS Anne Liddy, HBUS Carolyn Wind, HBUS Denise Reilly and others, HSBC OCC 3407510. Nigel Weir and Rick Pudner were joint authors of the memorandum. 133 processing Iranian transactions using the procedures proposed by HBEU back in August 2001. 745The memorandum stated: “Currently, it is estimated that Iranian banks issue up to 700 USD payments a day using their USD service providers, mainly banks in the UK and Europe, which in turn use their New York USD correspondents to effect the payments. It is believed that some service providers amend the payments to ensure Iran is not mentioned in the body of the payment instruction to their USD correspondent. This process minimizes the risk of payment being referred to OFAC.” 746The memorandum did not state explicitly that both HBME and HBEU were already engaged in the same practice using their U.S. dollar accounts at HBUS. The HBME memorandum stated that HBME “believe[s] there is a substantial income opportunity to see a USD payments proposition to Iranian Banks,” and provided an appendix detailing existing and potential business opportunities in Iran, while noting HBEU already had a “number of existing USD accounts for Iranian banks, which are used for payments clearing purposes.” 747 The memorandum concluded:“It is anticipated that Iran will become a source of increasing income for the group going forward and if we are to achieve this goal we must adopt a positive stance when encountering difficulties. We are aware of the concerns expressed by HBUS but strongly believe that by working together we can overcome them using means which are perfectly legitimate and in accordance with rules laid down by the relevant regulatory bodies. I hope we will be able to resolve this issue otherwise I fear we will destroy future value in a market which has substantial potential for the group.” 748HBME asked that the business case be presented to HBUS’ Senior Management Committee at the earliest opportunity. On January 16, 2003, Denise Reilly forwarded the HBME memorandum to HBUS Compliance officials Carolyn Wind and Anne Liddy. 749 On January 21, 2003, Ms. Liddyforwarded it to Tom Crocker, the outside legal counsel advising HBUS on OFAC matters. 750745 Id. at 1. The memorandum stated: “This paper has been produced in order for the Senior ManagementCommittee (SMC) of HSBC Bank USA (HBUS) to evaluate whether or not HBUS will process US dollar (USD) payments initiated by Iranian Banks via accounts held with HSBC Bank Plc (HBEU).” Id. 746 Id. at 8876490.747 Id. at 8876493. Internal bank documents indicate that HBEU cleared U.S. dollar transactions through itscorrespondent account at HBUS for at least six Iranian banks, Bank Melli, Bank Kesharvazi , Bank Markazi, Bank Sepah, Bank Tejarat, and the Export Development Bank of Iran. See, e.g., 10/23/2003 email from HSBC John Root to HSBC David Bagley and others, “USD Clearing – Iranian Banks,” HSBC OCC 8875217. HBEU senior payments official Rod Moxley told the Subcommittee that he believed seven or eight Iranian banks used HSBC for U.S. dollar correspondent services. Subcommittee interview of Rod Moxley (6/07/2012). 748 1/2003 memo from HBME Rick Pudner to HBUS Denise Reilly and HBEU Malcolm Eastwood and others,“Business Case-USD Payments From Iranian Banks/Entities,” HSBC OCC 8876492. 749 Subcommittee interview of Anne Liddy (2/22/2012).750 See 1/21/2003 email from HBUS Anne Liddy to External Counsel Tom Crocker and others, “USD Paymentsfrom Iranian Banks,” HSBC OCC 3407510-11. 134 When asked about the memorandum, Ms. Liddy told the Subcommittee she did not recall it or the outcome of Mr. Crocker’s review. 751On February 3, 2003, HSBC Group Compliance head David Bagley sent an email to HBME, where he used to work, discussing the issue. 752 He conveyed that he had asked seniorCompliance official John Root to review the OFAC issue from a Group perspective. He also wrote that he “would be grateful if we could exercise greater care with regard to the content of written material” being sent to HBUS, explaining: “The business case includes a number of express references to practices which may constitute a breach of US sanctions, including the OFAC provisions, and could provide the basis for action against the HSBC Group for breach of those sanctions, or seeking to facilitate a breach.” 753 Mr. Bagley requested that futurecommunications regarding this subject be cleared through him or John Root “to avoid relative sensitive references,” prior to involving HBUS. 754 The recipient of the email, Nigel Weir,responded that the memorandum was intended to recommend pursuing a significant business opportunity, while complying with applicable regulations. 755 Mr. Bagley told the Subcommitteethat this was the first time, in his role as head of HSBC Group Compliance, he addressed the OFAC issue. He noted that HBME’s actions could potentially “constitute a breach of US sanctions,” yet it would take him two more years, until July 2005, to establish Group policy prohibiting such conduct. Again, there was no indication that a proposal for handling Iranian U-turn transactions was ever presented to or approved by HBUS’ Senior Management Committee. At the same time, undisclosed transactions continued to be sent by HSBC affiliates through their correspondent accounts at HBUS. A later analysis performed by an outside auditor at HBUS’ request found that, in 2002 alone, HBEU sent at least 1,900 and HBME sent at least 400 Iranian transactions through U.S. dollar accounts in the United States. 756Caught in the OFAC Filter. On June 13, 2003, another Bank Melli transaction was caught in the HBUS OFAC filter, containing not only a reference to the bank, but also the words “do not mention our name.” 757 On June 16, 2003, HBUS OFAC Compliance officer ElizabethProtomastro alerted both Carolyn Wind and Anne Liddy. 758751 Subcommittee interview of Anne Liddy (2/22/2012).Ms. Wind forwarded the email to HSBC Group Compliance officer John Root, and Ms. Protomastro provided him with additional details about the payment, including that it involved $150,000. She explained that when the HBUS Funds Transfer staff saw the message “do not mention our name,” they rejected the 752 2/3/2003 email from HBUS David Bagley to HBME Rick Pudner and others, “Business Case-US Payments FromIranian Banks/Entities,” HSBC OCC 8876487-488. 753 Id.754 Id. at 8876488.755 2/3/2003 email from HBME Nigel Weir to HSBC David Bagley and others, “ Business Case-US Payments FromIranian Banks/Entities,” HSBC OCC 8876487. 756 Deloitte, Results of the transactions Review – UK Gateway, March 29, 2012. HSBC-PSI-PROD-0197919, at 62.The Deloitte review examined HBEU and HBME Iranian transactions sent through U.S. dollar accounts at both HBUS and JPMorgan Chase. 757 See 6/17/2003 email from HBUS Elizabeth Protomastro to HSBC John Root and HBUS Carolyn Wind, “Re:PLC-Re “do not mention our name,” at HSBC OCC 8873922. 758 6/16/2003 email from HBUS Elizabeth Protomastro to HBUS Carolyn Wind and HBUS Anne Liddy, “PLC-Re“do not mention our name,” HSBC OCC 8873925. 135 payment in accordance with HBUS policy, “due to concerns about evasion issues under the OFAC regulations.” 759 Ms. Protomastro explained that HBUS would not process a paymentcontaining such a message, even if it qualified as a permissible U-turn transaction. On June 17, 2003, Mr. Root forwarded the payment details to HSBC Group Compliance head David Bagley. 760 Mr. Bagley responded by asking if they should allow a payment “withthis sort of instruction to be passed to HBUS, regardless of the wider issue as to the applicability of OFAC to non us persons.” 761The June 2003 transaction once again made several senior officials at HBUS and HSBC Group aware that HSBC affiliates were sending undisclosed OFAC sensitive transactions through HBUS accounts, even though HBUS had yet to approve a U-turn protocol. When asked about this incident, Ms. Wind told the Subcommittee that she did not recall what HSBC Group Compliance said or did about the payment. 762 She also did not recall whether there was aninquiry made to identify similar transactions, whether the transaction was reported to OFAC, or whether a SAR was considered or filed. When asked who in HBUS was responsible for following up on the incident, she replied that from the business side, Denise Reilly and her supervisor Michael Gallagher, and from the compliance side, herself and her supervisor Anne Liddy. 763 When Mr. Gallagher was asked about the incident, he responded that it was not hisresponsibility to take action, because blocked payments are an operational and compliance effort, not a PCM issue. 764 He stated that he would not have had the authority to either stop or release asuspect payment; operations staff, including Denise Reilly, did not report to Mr. Gallagher in 2003. Using “Selves” Instead of Client Names. In August 2003, internal bank documents show that Compliance personnel in HSBC Group and HBEU learned of, and objected to, the practice of some HBEU personnel, when sending Iranian U-turn transactions, to alter the payment instructions and identify HBEU itself as the active party in the transaction, rather than use a client name that might trigger HBUS’ OFAC filter. Despite their objections, the practice continued for years. On August 20, 2003, the head of HSBC Group Audit Matthew King informed HSBC Group Compliance head David Bagley that “HBEU continues to send remittances to the US with ‘selves’ noted as the ordering party when the transfer would otherwise be filtered out for OFAC sanctions reasons.” 765 He wrote: “I recall that this has been raised in the past, but I thought wehad agreed the practice would cease. Are you aware of the current position?” 766759 6/17/2003 email from HBUS Elizabeth Protomastro to HSBC John Root and HBUS Carolyn Wind, “Re: PLC-Re“do not mention our name,” HSBC OCC 8873922-923. 760 Id.761 Id.762 Subcommittee interview of Carolyn Wind (3/7/2012).763 Id.764 Subcommittee interview of Michael Gallagher (6/13/2012).765 8/20/2003 email from HSBC Matthew King to HSBC David Bagley and others, “OFAC,” HSBC OCC 8876504-505. 766 Id. at 8876505.136 On September 1, 2003, Mr. Bagley forwarded Mr. King’s email to John Root and asked him to investigate. 767 Mr. Bagley wrote that there is now “some clarity” that OFAC prohibitionsdo not apply to non-U.S. persons, even when payments are denominated in U.S. dollars. 768 Healso wrote that an established payment mechanism exists for bank-to-bank transfers, which did not require underlying payment information and which might apply to HBEU transfers to HBUS. 769 Mr. Root agreed to look into the matter.On September 2, 2003, HBEU Compliance manager Julie Clarke sent an email to an individual whose name was redacted by HSBC seeking more information about the transactions that triggered the inquiry by HSBC Group Audit head Matthew King. 770 The email recipientresponded: “During the conversation, I mentioned that historically we used “selves” but that I had stopped the practice as soon as I had discovered it in mid-2000. He stated that it was still done in HBEU. This was not in connection with [redacted] payments and I have no examples.” 771The following day Ms. Clarke forwarded the email to Rod Moxley in HBEU’s Multicurrency Payment Department (MPD), and asked him for more information regarding the practice of using “ourselves” in a payment message. 772On September 8, 2003, Mr. Moxley responded to Ms. Clarke. 773 He explained that theOFAC sanctions issue had been “under discussion for some time” within MPD. 774 He forwardedto her an August email that he had sent to Pat Conroy, Malcolm Eastwood’s supervisor, addressing various issues related to OFAC sensitive transactions. The August email indicated that a certain person, whose name was redacted by HSBC, had brought “our current practice regarding the alteration of the remitter field on Iranian payments to the attention” of Matthew King and David Bagley. 775767 9/1/2003 email from HSBC David Bagley to HSBC John Root and HSBC John Allison, “OFAC,” HSBC OCC8876504. The August email also stated that “[t]he specific issue with Iran had been formally raised with the RM [Relationship Manager], John Wilkinson” who had been “given a deadline of 31 December 2003 to remedy this situation.” The August email also noted: 768 Id. Mr. Bagley told the Subcommittee that the applicability of OFAC prohibitions to non U.S. persons was anundecided issue in 2003, with legal opinions offering differing conclusions. Subcommittee interview of David Bagley (4/12/2012). OFAC now takes the position that its prohibitions apply to all U.S. dollar transactions, including those involving non-U.S. persons. 769 9/1/2003 email from HSBC David Bagley to HSBC John Root and HSBC John Allison, “OFAC,” HSBC OCC8876504. As explained earlier, at that time, bank-to-bank transfers could be executed on forms which required information on the remitting and beneficiary banks, but not the underlying customers. 770 9/2/2003 email from HBEU Julie Clarke to [redacted], “OFAC sanctions,” HSBC OCC 8876824-825.771 Id. at 8876824.772 9/3/2003 email from HBEU Julie Clarke to HBEU Rod Moxley and Chris Pollard, “OFAC Sanctions,” HSBCOCC 8876824. 773 9/8/2003 email from HBEU Rod Moxley to HBEU Julie Clarke, “OFAC Sanctions,” HSBC OCC 8876820-821.774 Id. at 8876821.775 8/22/2003 email from HBEU Rod Moxley to HBEU Pat Conroy, “Project Wolf,” HSBC OCC 8876821-822.137 “Malcolm’s stance, I understand, is that any payments after 31 December 2003 will not be processed unless signed off at a very senior level.” 776That same day, September 8, 2003, Ms. Clarke forwarded the email chain to HBEU Compliance officer Paul Proctor and wrote: “It appears that John Wilkinson has been allowed to continue (to 31/12/03) to use ‘selves’ as the remitter name for Iranian payments which I believe contravenes your recently issued guidelines.” 777 Mr. Proctor responded:“This is the first time I have seen in writing, an admission that Payments Services are amending payments by removal of either the remitter’s name or country to prevent the probable trigger of the US filter and the subsequent freezing of funds. You indicate that Group Compliance have now forbidden you to tamper with such payments, which I would fully support as it flies in the face of Group policy re complying with the spirit and letter etc.” 778This email indicates that HBEU Compliance had not been aware the some HBEU personnel were continuing to alter documentation connected to OFAC sensitive transactions, in defiance of new guidelines prohibiting such conduct. The email also indicates that HSBC Group Compliance had instructed HBEU Compliance that HBEU personnel were “forbidden” to “tamper” with the documentation. When asked about these emails, Mr. Bagley told the Subcommittee that, in October 2003, Mr. Root reported to him that HBEU Compliance had admitted HBEU was still altering Iranian U-turn transaction documentation, despite a recommendation by HBEU Compliance that it cease. 779 Mr. Bagley told the Subcommittee that HBEU had explained that it had been suedwhen payments were blocked by the HBUS filter, so it was using cover payments to avoid additional operational losses. 780 Mr. Bagley also explained that neither HBEU Compliance norHSBC Group Compliance could simply order a business unit to cease a particular practice; each could only “recommend” a course of action which it had done. The internal bank documents show that, in the fall of 2003, Mr. Eastwood and Mr. Moxley in MPD, HBEU Compliance manager Julie Clarke and Compliance officer Paul Proctor, as well as the heads of HSBC Group Audit and Compliance, expressed repeated concern about actions taken by persons like the HBEU Relationship Manager for Bank Melli John Wilkinson to alter U-turn transaction documentation in a way that would avoid the OFAC filter; all agreed the practice should stop. HBEU Compliance took the step of issuing guidelines recommending against such conduct, but HBEU personnel apparently ignored the guidance. 776 Id.777 9/8/2003 email from HBEU Julie Clarke to HBEU Paul Proctor and others, “OFAC sanctions evasion – Iranianpayments,” HSBC OCC 8876819-820. 778 9/8/2003 email from HBEU Paul Proctor to HBEU Julie Clarke and others, “Re: OFAC sanctions evasion –Iranian payments,” HSBC OCC 8876818-819. 779 Subcommittee interview of David Bagley (5/10/2012).780 Id.138 Proposal to Expand U.S. Dollar Clearing for Iranian Banks. In October 2003, HBME increased the pressure on HBUS to process Iranian transactions by proposing to expand its U.S. dollar clearing business in Iran. In early October, HBME Planning head Steve Banner circulated a document entitled, “Iran - Strategy Discussion Paper,” to several senior bank executives, including HBME Deputy Chairman David Hodgkinson; HBME Global Relationship Manager for the Middle East Nigel Weir; HSBC Group Compliance deputy head Warren Leaming, HBUS General Counsel Paul Lee, and HBUS Compliance head Carolyn Wind. 781 Thestrategy essentially sought approval for HBME offering U.S. dollar payment services to more Iranian banks since, as the strategy noted, “the Iranian market offers substantial untapped potential for the HSBC Group.” 782The strategy listed “significant business wins” involving Iran, in the Project and Export Finance, Trade Finance, and Treasury and Capital Markets areas with an estimated $7 million per year in revenues generated by Iranian businesses for “various Group entities.” 783 In a sectionentitled, “Phase 1 – Immediate Opportunities,” the strategy stated that Iran’s annual international trade business was valued at $25 billion, 80% of which was denominated in U.S. dollars. It stated that HBEU PCM currently offered U.S. dollar payment services to four Iranian banks, and could market the same services “to other Iranian commercial banks, including Iran’s Central Bank (Bank Markazi).” It estimated the potential business as worth up to $4 million per year. The strategy also noted an upcoming change in U.K. law that would require U.K. bankto- bank transfers to identify, not only the banks involved in the transfer, but also their underlying customers. It stated that the impending U.K. legislation, together with U.S. sanctions laws, would “significantly complicate the USD payments process for Iranian counter-parties,” and if “the Group decides to pro-actively promote USD payments services to Iranian banks the payments will need to be processed by HBUS with full details to satisfy OFAC requirements.” 784To facilitate the process, the strategy said that HBME planned to prepare a paper for HSBC Group requesting an increase in the country risk limits for Iran. 785 The strategy concluded byasking for HSBC Group’s approval and HBUS’ “no objection” to HBEU’s providing U.S. dollar services to additional Iranian banks. 786The strategy stated clearly that, “HBEU PCM currently offer[s] USD [U.S. dollar] payment services to 4 Iranian banks.” 787 It once again alerted HBUS to the fact that HBEU wasalready processing U.S. dollar transactions for Iranian banks through its account at HBUS. The strategy was sent to both HBUS’ legal counsel and top compliance officer. On October 15, 2003, the HBUS CEO at the time, Youssef Nasr, sent an email to HBUS PCM head Michael Gallagher noting that with regard to Iranian U-turns, “there remain serious political and reputational risks within the USA if they proceed with this and that he should ensure that Paul Lee is kept in the loop at all times because of the prior work he has done both on 781 Undated HSBC document, “Iran – Strategy Discussion Paper,” HSBC OCC 8873949-956.782 Id. at 8873949.783 Undated HSBC document, “Iran – Strategy Discussion Paper,” HSBC OCC 8873951.784 Id. at 8873954.785 Id. at 8873952.786 Id. at 8873955.787 Id. at 8873952.139 this and some recent approaches from Group offices about opportunities in Libya.” 788 Whenasked if Mr. Gallagher discussed the strategy paper with Mr. Nasr, Mr. Gallagher told the Subcommittee that he did not recall seeing it. 789 On October 21, 2003, HBUS General CounselPaul Lee contacted HSBC Group Compliance head David Bagley “expressing some concerns” about the Iranian strategy. 790On October 21, 2003, Mr. Bagley sent an email to HBME officials indicating several issues surrounding the U-turn transactions needed clarification and asked whether the costs associated with incurring U.S. legal fees made it worthwhile to continue the discussion. Mr. Bagley also wrote: “I am not sure that HBUS are aware of the fact that HBEU are already providing clearing facilities for four Iranian banks, presumably including USD [U.S. dollar] clearance. Bank Markazi is named in the OFAC sanctions as a government owned bank and thus on the face of it not able to benefit from U-turn exemptions.” 791On October 26, 2003, HBME Deputy Chairman David Hodgkinson sent an email in response to Mr. Bagley. He wrote: “HSBC earns USD7.5m a year from its business dealings with Iran and we believe that there is significant long-term potential for growth.” 792 Mr.Hodgkinson indicated that he was willing to incur costs to investigate the options and find “an acceptable way to offer the maximum range of services possible without jeopardizing the Group’s position in the U.S.” 793 Mr. Bagley then directed senior Compliance official John Rootto work with Gary Boon at HBME on a payment solution. 794Root Report. As he had been instructed to do by Mr. Bagley, John Root looked into the Iranian U-turn issue. On October 23, 2003, Mr. Root sent an email to Mr. Bagley, HSBC Group AML head Susan Wright, Money Laundering Control Officer John Allison, and HBEU Compliance officer Paul Proctor. Mr. Root wrote that the Iranian relationship at HBEU consisted of a U.S. dollar clearing service volume of approximately 11 payments every business day for six banks: Melli, Keshavarzi, Markazi, Sepah, Tejarat, and the Export Development Bank. 795 His email again confirmed that HBEU was altering the payment documentation,despite HSBC Group Audit head, Matthew King’s having expressed concerns about the practice, and the HBEU Compliance guidelines calling for the practice to stop by the end of the year. Mr. Root wrote: 788 10/15/2003 email from HBUS Youssef Nasr to HBUS Michael Gallagher, “Subject, Re: Iran-USD Payments,”HSBC OCC 8873942. 789 Subcommittee interview of Michael Gallagher (6/13/2012).790 See 10/21/2003 email exchange among HSBC David Bagley, HBME Steve Banner, and others, “Iran-StrategyDiscussion Paper,” HSBC OCC 8873946-947. 791 Id.792 10/26/2003 email from HBME David Hodgkinson to HSBC David Bagley, “Iran-Strategy Discussion Paper,”HSBC OCC 8873959. 793 Id.794 Subcommittee interview of David Bagley (5/10/2012). See also 10/28/2003 email from HSBC David Bagley toHBME Ajay Bhandoola, “Memo: Iran-Strategy Discussion Paper,” HSBC OCC 8873958. 795 Mr. Root identified two more banks than were referenced in the October Iran strategy paper.140 “EPS [the payment services team within MPD where Mr. Eastwood and Mr. Moxley worked] HBEU have been manually intervening in the processing of Iranian bank payment instructions by removing the remitter’s name and country to prevent the probable trigger of a filter in the US, and the subsequent declaration to OFAC (and possible freezing) of the funds.” 796Mr. Root wrote that he believed EPS had been instructed by HBEU Compliance to cease this practice, but was unclear when the instructions were given or by whom. He noted that HBEU Institutional Banking (IBL) had negotiated an extension until December 31, 2003, due to “long-standing valuable relationships.” After the December 31, 2003 deadline, Mr. Root stated that cover payments would be considered unacceptable, and EPS would have to send HBUS fully formatted payment instructions on a MT100/103 serial basis. Mr. Root also noted that Project WOLF, an HSBC Group project developing an automated payment filter to screen transactions for terrorists, would not ensure HBEU compliance with U-turn regulations in the United States. As a result, he said that HBUS would continue to be responsible for screening all U.S. dollar transactions with regard to OFAC prohibitions. 797Moxley Deadline. The following day, John Root forwarded David Bagley, Susan Wright, and John Allison an email from Rod Moxley in HBEU’s Multicurrency Payments Department (MPD) expressing Mr. Moxley’s objection to participating in procedures designed to conceal U-turn transactions. In his October 24, 2003 email, Mr. Moxley first objected to the notion that the MPD procedures being used for Iranian transactions were new or unknown: “I have been alarmed by recent inferences that Payment Services have been amending the Iranian banks’ payments without the knowledge or consent of IBAl RIM or IBL Compliance. This has been a long standing practice and to avoid future doubt, I will reiterate the points made in Malcolm Eastwood’s memo to Niger Weir of 22 Jan. 03.” 798Mr. Moxley also stated that the position of his office in terms of processing the Iranian payments was becoming “increasingly untenable.” He wrote that HBEU Risk Management Services 799would be controlling the new WOLF filter, but “we have been requested to find ways to circumnavigate our own and other institutions’ compliance filters.” 800796 10/23/2003 email from HSBC John Root to HSBC David Bagley and others, “USD Clearing – Iranian Banks,”HSBC OCC 8875217. He described his role as protecting the bank from reputational risk, but “I now feel uncomfortable in compromising my position by leading IBL, PCM or Iranian counterparties down certain routes which may directly 797 Id. at 8875217.798 10/24/2003 email from HBEU Rod Moxley to HBEU John Wilkinson and others, “Iran,” HSBC OCC 8874661-663. Mr. Moxley then outlined a new procedure that he advocated for Iranian payments, the result of which would be that the Iranian banks would enter the payment information instead of HBEU. 799 RMS was located within HBEU’s Payment Services. Subcommittee interview of Rod Moxley (6/7/2012).800 10/24/2003 email from HBEU Rod Moxley to HBEU John Wilkinson and others, “Iran,” HSBC OCC 8874661-663. 141 contravene the spirit of the Compliance framework.” 801 Mr. Moxley warned that, given theinternal HBEU deadline to stop processing concealed Iranian transactions, beginning January 1, 2004, “no Iranian payments will be amended.” 802On November 11, 2003, HSBC Group Money Laundering Control Officer John Allison sent an email to HSBC Group AML head Susan Wright about his visit to HBEU’s Multicurrency Payments Department (MPD) the week prior to discuss Iranian payments. 803 He wrote thatIranian correspondent bank customers entered payment information on a form, and MPD staff were then expected to review the form to ensure the phrases “Iran,” “do not mention Iran,” or any other compromising reference were not included in the MT202 payment message transmitted to HBUS. He described this process as “established custom” rather than a documented procedure, “believed by MPD to be at the request of relationship management.” He also wrote that the new MPD Compliance manager was “not comfortable with the custom which he has inherited, neither from a moral compliance perspective, nor from the operational loss/embarrassment factor.” Mr. Allison also wrote that MPD Compliance is “very uncomfortable” about periodically being asked by Nigel Weir and Gary Boon in HBME whether a specific payment format will pass through an OFAC filter. 804 He stated that MPD Complianceviewed all of the Iranian payments they processed as meeting the requirements for a permissible U-turn transaction, 805 and wanted to move toward the legitimate execution of these payments inlight of what Mr. Root described as an “instruction” from Mr. Bagley “to cease processing Iranian bank payments.” 806On November 27, 2003, Mr. Moxley sent Ms. Wright a draft proposal to process Iranian U.S. dollar transactions. Although the proposal would prohibit altering a transaction document to remove the name of a prohibited country or town, and required a review for OFAC compliance, it did not require the transaction to include full payment details for the originator and ultimate beneficiary as outlined in the HBUS August 2001 U-turn payment procedure. 807On December 10, 2003, after having consulted HBUS Compliance head Carolyn Wind, Ms. Wright sent Mr. Moxley an email updating him on the Iranian U-turn payment proposal. 808801 Id. at 8874662.Ms. Wright indicated that the issue of processing payments through HBUS had been “discussed at length” among HBUS Compliance, outside legal counsel Tom Crocker, HBUS payments personnel, and HBEU during the summer of 2001. She indicated she had asked Ms. Wind to forward the 2001 HBUS proposal for consideration. The following day, Nigel Weir wrote to Ms. Wright that the HBUS proposal required a method for processing payments that was not 802 Id. at 8874662.803 11/11/2003 email from HSBC John Allison to HSBC Susan Wright, “Iran payments,” HSBC OCC 8877136-137.804 Id. at 8877136.805 Id. at 8877137. The email did not address the issue of whether Bank Markazi, as a government owned CentralBank, was unable to utilize the U-turn exception. 806 Id. at 8877137. Although Mr. Root indicated that Mr. Bagley had ordered the MPD payments to “cease,” theycontinued for another two years. 807 11/27/2003 email from HBEU Rod Moxley to HSBC Susan Wright, “Draft Iranian – USD Payment Procedures,”HSBC OCC 8875225-232. 808 12/10/2003 email from HSBC Susan Wright to HBEU Rod Moxley and others, HSBC OCC 8875508.142 HBME’s preferred solution. 809 He also expressed concern that HBEU would be unable to advisetheir customers of the proposed processing changes before the December 31 deadline and requested an extension. Ms. Wright forwarded the correspondence to Mr. Bagley. On December 12, 2003, Mr. Bagley emailed Mr. Weir that if HBUS felt it could agree to processing the Iranian transactions only on the basis of fully transparent documentation, then its views would have to be taken into account. He also wrote that HBUS “must be comfortable” with the approach. HBEU continued, however, to object to the new payment procedure. On December 18, 2003, HBEU wrote to HSBC Group Compliance that HBUS’ procedure, which it referred to as “the serial method,” “ requires a large amount of work prior to commencement, a disproportionate amount of expense and a higher than average risk to the banks reputation being damaged by a future payment.” 810At the same time HBEU and HBUS were arguing over payment procedures, HBEU and HBME continued to send transactions involving Iran through their correspondent accounts at HBUS, the vast majority of which were undisclosed. A later analysis performed by an outside auditor at HBUS’ request found that, in 2003, HSBC affiliates sent at least 5,400 Iranian transactions to U.S. dollar accounts in the United States, of which about 90% were not disclosed. 811Also in December, HBUS payments services head Denise Reilly spoke with HBUS’ new AML Director Teresa Pesce, who began work in September 2003, about the Iranian issue and sent her a copy of the 2002 Eastwood memorandum describing how HBEU altered documentation and used cover payments to send U.S. dollar transactions involving Iran through their correspondent account at HBUS without HBUS’ knowledge. 812 Ms. Reilly’s emailindicated that Ms. Pesce had also discussed the issue with Mr. Gallagher the previous day, although Mr. Gallagher told the Subcommittee he did not recall either seeing the memorandum or discussing it with Ms. Pesce. 813809 See 12/11/2003 email exchange between HSBC Susan Wright, HBME Nigel Weir, and others, “ Iran – U-TurnPayments,” HSBC OCC 8877150-154. 810 12/18/2003 email from HBEU Tony Collins to HSBC John Allison and others, “Memo: Re: Iran – U-TurnPayments,” HSBC OCC 8873974-975. Group Compliance John Allison and John Root sought legal advice from outside counsel Tom Crocker of Alston & Bird and Mr. Crocker determined that “it is not clear that the cover payments meet the requirement of the U.S. Dollar u-turn exception to the Regulations.” 1/8/2004 memo from Thomas Crocker to John Root and John Allison, “Iranian U.S. Dollar U-Turn Transactions and Cover Payments,” HSBC OCC 8903992-000. 811 Deloitte presentation, “March 29, 2012,” HSBC-PSI-PROD-0197919, at HSBC OCC 8966143. The Deloittereview examined HBEU and HBME Iranian transactions sent through U.S. dollar accounts at HBUS and other U.S. banks. 812 See 12/17/2003 email from HBUS Denise Reilly to HBUS Teresa Pesce, “Compliance – OFAC Issues in Generaland Specific to Iran,” HSBC OCC 3407517-522 (“Attached is the memo that we discussed yesterday in our meeting with Michael Gallagher.”). See also 11/14/2002 memorandum from HBEU Malcolm Eastwood to HBUS Denise Reilly and HBEU Geoff Armstrong, “Compliance – OFAC Issues in General and Specific to Iran,” HSBC OCC 7688824. 813 Id.; Subcommittee interview of Michael Gallagher (6/13/2012).143 (e) Reaching Agreement Despite the HBEU deadline announced by Rod Moxley, that MPD would stop processing concealed Iranian transactions after December 31, 2003, no agreement was reached by that date on how to process the transactions. Documents obtained by the Subcommittee indicate that HBEU did not adhere to its deadline, but continued to process Iranian transactions using cover payments and deleting any references to Iran in the payment instructions. On March 10, 2004, after an Iranian transaction was detected and halted in London, HBEU MPD head Malcolm Eastwood wrote: “I remain extremely uncomfortable with the practice of amending Iranian payment orders for whatever means.” 814 Mr. Eastwood advisedHBEU Compliance and Institutional Banking to resolve the issue as soon as possible and remarked that his Compliance certificate is “heavily caveated to reflect that we are not compliant in respect of Iran.” 815 Mr. Eastwood sent a copy of his email to HSBC Group AML head SusanWright who forwarded it to David Bagley. The following day, Mr. Bagley responded to Mr. Eastwood by writing that he understood and shared his concerns, but believed his comments underestimated “the complexity of the OFAC regulation, and the competing competitive pressures across the Group.” 816 Mr. Bagleyalso wrote that one reason for the slow resolution was that “HBUS was unaware that any arrangements existed with Iranian banks.” On March 22, 2004, more than two years after becoming head of HSBC Group Compliance, David Bagley confronted HBME Deputy Chairman David Hodgkinson about the need to change how HBME was handling U.S. dollar clearing activity for Iranian banks. 817 Mr.Bagley wrote that he was “uncomfortable with this activity in its current form,” and “the amount of revenue may not justify” the “additional work and investment” required, “nor would it justify ru[n]ning the reputational and regulatory risk in the US.” He expressed his willingness to discuss the issue further, but suggested “that any such conversation take place over the telephone, as we are seeking to avoid correspondence with HBUS on this sensitive issue other than through lawyers so as to preserve privilege.” 818WOLF Filter Announced. On March 23, 2004, HSBC Group issued a new Group Circular Letter 040021 implementing a major new initiative on “Payment screening.” 819 Thecircular announced that HSBC Group had developed an internal filter called “WOLF” to screen against terrorists and sanctioned countries and persons. The circular explained: 814 3/10/2004 email from HBEU Malcolm Eastwood to MDBK (Midland Bank) Quentin Aylward and others, “BankMarkazi Payment,” HSBC OCC 8873979-980. 815 Id. at 8873980.816 3/11/2004 email from HSBC David Bagley to HBEU Malcolm Eastwood and others, “Bank Markazi Payment,”HSBC OCC 8873985-986. 817 3/22/2004 email from HSBC David Bagley to HBME David Hodgkinson and HSBC Warren Leaming, “Iran –Correspondent Banking Services,” HSBC OCC 8873995-997. 818 Id.819 3/23/2004 “GCL 040021: Payment screening,” prepared by HSBC Group, HSBC OCC 0953080-084.144 “As part of the international effort to combat terrorism, Competent Authorities in numerous countries have published lists of names that are known to be, or are believed to be involved in terrorist activity. … In addition … sanctions against a number of countries and names are imposed …. Compliance with these sanctions and orders has to date relied upon manual processes to identify when relevant names are contained in payment instructions. In order to ensure that compliance with the restrictions … is achieved consistently across the Group, an automated payment screening utility named WOLF has been developed. When installed … WOLF will, before execution, search all fields of a payment message for matches with listed terrorist/sanctioned names. Once a potential match with a word or words … is identified, the unexecuted payments must be reviewed to establish whether the match is actually a true match, with appropriate action taken if it is. WOLF is the Group solution for real-time pre-execution payment screening.” 820The circular indicated that globally, WOLF would screen against terrorists listed by the United Nations, United States, United Kingdom, European Union, and Hong Kong, as well as countries or persons sanctioned by the United Nations. It indicated that compliance and payment operations personnel in HSBC affiliates were responsible for ensuring WOLF was loaded with other sanctioned names that were applicable locally. 821 It indicated that the screening would beapplied first to international transactions, and later to domestic ones. The circular required affected HSBC entities to install the WOLF filter by the end of 2004. HBME Extension. On April 17, 2004, HBME Deputy Chairman David Hodgkinson contacted David Bagley about the unresolved issues involving HBME’s U.S. dollar clearing business for Iran, because he anticipated having to explain HSBC’s position to the Central Bank during a visit to Tehran in May. Mr. Hodgkinson noted: “The current position as briefed to me last week was that we have not yet found a way to handle major USD clearing business.” 822 Heinformed Mr. Bagley that he had directed his staff to develop a proposal to undertake this business while minimizing risk, “so that if circumstances change we know our preferred way forward.” 823Mr. Bagley forwarded the email to his supervisor, HSBC Group legal counsel Richard Bennett. Mr. Bagley wrote: “[T]he most pressing issue to be resolved is that relating to the limited number of existing relationships that we have (for two small Iranian Banks) where I suspect that HBUS are not aware that payments may be passing through them. Do not believe that we can allow this situation to continue very much longer, which is the point I will make to David in my response.” 824 This email is the third825820 Id.in which Mr. Bagley indicated that HBUS 821 Id. HSBC added the OFAC SDN list to the WOLF filter in 2004, and added the OFAC country list in August2005. Subcommittee briefing by Cahill Gordon & Reindel LLP (6/20/2012). 822 4/17/2004 email from HBME David Hodgkinson to HSBC David Bagley and HSBC Warren Leaming, “ Iran –Correspondent Banking Services,” HSBC OCC 8874671. 823 Id. at 8874671.824 4/19/2004 email from HSBC David Bagley to HSBC Richard Bennett, “Iran Correspondent Banking Services –OFAC,” HSBC OCC 8873994 and HSBC OCC 8966146. Mr. Bagley had allowed these payments to continue by granting a dispensation since they ran afoul of Group policy. However, an increase in business, which is what HBME was seeking, was on hold pending an agreement between HBUS, HBEU, and HBME. 145 might be unaware it was processing Iranian U-turn transactions that, in his own words, “may constitute a breach of U.S. sanctions,” yet contained no indication that Mr. Bagley planned to inform HBUS about the risks it was incurring. Two days later, on April 19, 2004, Mr. Bagley again pressed HBME to resolve the issue. In an email to Mr. Hodgkinson, Mr. Bagley expressed concern about the correspondent relationships operating through HBME “which do not currently meet the requirement of the US Legal opinion that has now been obtained.” 826 He continued: “I have sanctioned thecontinuation of these services pending an early resolution of the way forward, but it is clear from your note that we are some distance away from finalizing our thinking such that we can go to HBUS with any proposal with regard to a way forward.” Mr. Bagley warned: “I feel that there is little option other than for me to recommend to HBEU that the existing activity be discontinued given the risk that we are posing for HBUS, unless the solution under consideration at your end gives us a satisfactory option.” HBME’s Nigel Weir responded to Mr. Bagley’s email at the request of Mr. Hodgkinson, stating that he had already spoken with Gary Boon at HBME and John Allison at HSBC Group to develop a solution. He also requested that Mr. Bagley extend the dispensation from the HBEU decision to stop altering Iranian documentation until June 30, 2004. 827 Two days later,Mr. Bagley told John Allison that he was reluctant to extend the dispensation “unless there is a clear and agreed solution with a definite and proximate implementation date,” and requested an update the following week. 828 Despite Mr. Bagley’s indication that he would not grant anextension without an agreement, the same practices continued amid ongoing negotiations over the agreement’s provisions. Second Moxley Deadline. About eight months after Mr. Moxley had raised strong objections to continuing to alter Iranian payments, no agreement had been reached among HSBC affiliates on increasing the transparency of the transactions. HBEU continued to delete references to Iran from the payment instructions, generate cover payments with incomplete payment information, and send undisclosed Iranian payments to HBUS. To break the impasse, in June 2004, outside legal counsel in the United States proposed a new payments solution, which essentially required that all U-turns be processed by HBUS in a transparent or “serial” manner that identified the underlying originators and beneficiaries. 825 The other two were a 10/21/2003 email from HSBC David Bagley to HBME Steve Banner, and others, “Iran-Strategy Discussion Paper,” HSBC OCC 8873946-947 (“I am not sure that HBUS are aware of the fact that HBEU are already providing clearing facilities for four Iranian banks, presumably including USD clearance.”); and a 3/11/2004 email from HSBC David Bagley to HBEU Malcolm Eastwood and others, “Bank Markazi Payment,” HSBC OCC 8873985-986 (“The complexity of the OFAC regulations, and the fact that HBUS were unaware tha any arrangements existed with Iranian Banks, has made speedy resolution of this issue difficult.”). 826 4/19/2004 email from HSBC David Bagley to HBME David Hodgkinson, “Iran – Correspondent BankingServices,” HSBC OCC 8966135. 827 5/2/2004 email from HBME Nigel Weir to HSBC David Bagley and others, “ Iran – Correspondent BankingServices,” HSBC OCC 8874673-674. 828 5/4/2004 email from HSBC David Bagley to HSBC John Allison, “ Iran – Correspondent Banking Services,”HSBC OCC 8874673. 146 On June 9, 2004, HBEU senior payments official Rod Moxley reacted negatively to the proposal due to operational difficulties. At the same time, he wrote: “I feel very uncomfortable recommending that we continue to process Iranian payments.” 829 He requested a formalresponse by June 18, 2004, and stated that “unless compelling commercial reasons” approved by HSBC Group Compliance and HBUS exist, he would stop handling Iranian payments after September 30, 2004. 830 This email represented his second attempt to cut off Iranian paymentsthat MPD was uncomfortable processing. On June 30, 2004, Nigel Weir wrote to Mr. Moxley and asked him to revisit the issue and work with HSBC Group Compliance on a solution enabling HBEU to execute U.S. dollar payments for Iranian banks in accordance with U.S. regulations. 831 Mr. Weir told Mr. Moxleythat if the payments were stopped, “we will be effectively insulting the Government and State of Iran.” Mr. Weir stated that the bank had declined new U.S. dollar payment business from Iranian banks due to the sensitive political situation, “but to exit business which we have been conducting for many years would jeopardize all other existing business activities.” He estimated that the Group profit from existing Iranian business activities amounted to $10 million per year. Also on June 30, 2004, HBME Deputy Chairman David Hodgkinson forwarded the correspondence between Mr. Moxley and Mr. Weir to then HBEU CEO Michael Geoghegan, asking for his “intervention and support” in positively resolving the long-standing issue, and noting Iran’s “significant strategic importance” to the Group. 832 Mr. Hodgkinson also noted thatthe volume of Iranian payments was small at 20 per day. When asked about this email, Mr. Moxley told the Subcommittee that it resulted in HBEU and HBME’s obtaining a “dispensation” from having to end the alteration of Iranian transactions until the end of 2004. 833 When askedabout the dispensation approval process, he said that he thought that HSBC Group Compliance approval was needed along with secondary approval from either HSBC Group Audit or another manager. Later that day, another HBEU official John Ranaldi sent an email to Mr. Geoghegan stating that he was aware of the Iranian situation and would get an update. He wrote: “[B]asically, our interpretation was that we were being asked to ‘fudge’ the nature of the payments to avoid the U.S. embargo and seizure.” 834 When asked about this email, Mr.Geoghegan told the Subcommittee that he could not explain what Mr. Ranaldi meant by using the word “fudge,” except that it related to Iran. 835829 6/9/2004 email from HBEU Rod Moxley to HSBC John Allison and others, “Iran,” HSBC OCC 8874002-004.He said that, at the time, he was unaware that HBEU was altering transaction documentation or using cover payments. Having since learned what was going on, he told the Subcommittee that he assumed that’s what Mr. Ranaldi was talking about. When asked whether it raised alarm bells at the time, he remarked that he got 830 Id.831 6/30/2004 email from HBME Nigel Weir to HBEU Rod Moxley and others, “Memo: Re: Iran,” HSBC OCC8874001-002. 832 6/30/2004 email from HBME David Hodgkinson to HBEU Michael Geoghegan, “Memo: Re: Iran,” HSBC OCC8874001. 833 Subcommittee interview of Rod Moxley (6/7/2012).834 6/30/2004 email from HBEU John Ranaldi to HBEU Michael Geoghegan, “Memo: Re: Fw: Iran,” HSBC OCC8873999. 835 Subcommittee interview for Michael Geoghegan (5/24/2012).147 many emails and Mr. Ranaldi used colorful language. He said that he also knew Mr. Ranaldi would follow-up with him in a few days. HBEU Proposal. On July 6, 2004, HBEU’s Rod Moxley produced a specific proposal as a potential way forward using his preferred solution of serial payments. 836 The extensiveproposal also shed light on existing practices at HBEU. 837The proposal noted that HBEU had been trying to come up with a solution for two years after an HBEU compliance officer challenged the practice of altering Iranian payment instructions in June 2002. It noted that Bank Melli, Bank Markazi, Bank Tejarat, Bank Kesharvazi, and the Export Development Bank of Iran were the five Iranian financial institutions that took advantage of this practice to effect U.S. dollar payments with a daily volume estimated at between 10 and 50 payments per day at an approximate total value of $500,000 to $1 million. The proposal also noted that the Central Bank payments were much larger, in the range of $10 million, and were typically made at certain times of the month. 838 The proposal stated that the“vast majority of payments are valid, falling within the U-turn exception.” 839The proposal discussed two potential payment options that would meet HBUS’ requirement for transparency. It noted that HBEU preferred the “serial payment” option which would allow the Iranian banks to format their payments in a way that would not require intervention from HBEU. HBEU believed this aspect of the proposal would relieve it of any responsibility to review the payments, leaving it up to HBUS, or another U.S. bank where a payment was directed, to verify that the payment met the U-turn exception requirements. The proposal indicated that HBEU would continue to utilize WOLF and other filters to screen the payments, but the Iranian financial institutions would be responsible for ensuring they submitted only valid U-turn payments “permissible under the terms of US legislation.” The proposal indicated this solution would also transfer the risks associated with blocked payments to the Iranian banks. 840 The proposal acknowledged that HBUS would need to agree to this solution,and HBEU and Group Compliance would need to “sign-off” on it prior to moving forward. On July 6, 2004, HBEU MPD head Malcolm Eastwood forwarded Mr. Moxley’s proposal to John Ranaldi, noting that he continued to have serious concerns about the Iranian U.S. dollar clearing business. 841 Mr. Ranaldi forwarded the email to then HBEU CEO MichaelGeoghegan, writing: “reference your earlier query.” 842836 See 7/2004 discussion paper, “HSBC Bank PLC Iranian Payment Processing Proposals,” HSBC OCC 8874692-701. According to Mr. Ranaldi, Mr. Eastwood’s department was being asked to “amend instructions or assume responsibility that the 837 Id. For example, according to the document, the existing HBEU practice was that if an Iranian financialinstitution included a cautionary statement, such as “Do not mention Iran,” in Field 72 of the payment instructions, the payment would drop out to what was called a repair queue. Once in the repair queue, HSBC personnel would alter the payment instructions by deleting any reference to Iran. 838 7/2004 discussion paper, “HSBC Bank PLC Iranian Payment Processing Proposals,” HSBC OCC 8874692-701.839 Id.840 Id. at 8874696.841 7/6/2004 email from HBEU Malcolm Eastwood to HBEU John Ranaldi and others, ”HBEU Iranian PaymentsBusiness,” HSBC OCC 8876861 842 Id.148 contents of the payment message do not attract the Fed’s attention and seize the payment.” He explained that a “payment clerk is asked to judge upon a payment kicked out by the filtering system, whether to release, or return.” He wrote, “there is an irony; someone could argue that by returning payments to Iran that we are contravening the ofac rules.” 843 Mr. Ranaldicharacterized the risks associated with the existing practice as including operational losses due to payment seizure, threats to HSBC’s reputation, and “incurring hefty fines.” He told Mr. Geoghegan that Lloyds Bank had been fined “and few if any u.k. banks are in the business.” When asked about this email, Mr. Geoghegan told the Subcommittee that he was “puzzled” that he didn’t act to stop the practice immediately or get out of the business. He remarked that he did respond that way with Mexico, so thought it was odd that he didn’t in this case. He couldn’t recall whether he talked to any other senior HSBC Group executives about the issue. 844Emails in early August 2004 show HBEU and HBME reviewing and discussing the Moxley proposal. 845 On August 6, 2004, Mr. Bagley commented: “My initial reaction is that theproposals are more robust, and therefore more likely to be acceptable that we originally contemplated or proposed.” 846 He also said the proposal had to be sent to HBUS’ outside legalcounsel for confirmation it would meet OFAC requirements. 847 Later that day, the HSBC Globalhead of Payments and Cash Management, Iain Stewart, forwarded Mr. Bagley’s email to Mr. Geoghegan and Mr. Hodgkinson with a note: “Progress report. This will delay it a bit but we are getting there.” 848 When asked about this email, Mr. Geoghegan surmised that HBUS wasinvolved and legal opinions were being obtained. 849On September 22, 2004, HBEU Nigel White informed Mr. Stewart and others, including Mr. Bagley, that “all involved parties have signed off on the proposal,” and the next step was for HSBC Group Compliance to obtain agreement from HBUS. 850 At the same time thesenegotiations were ongoing, HBEU and HBME continued to send undisclosed Iranian transactions to HBUS with the tacit approval of HSBC Group Compliance. HBUS Approval. The revised Moxley proposal was sent to HBUS in November 2004. On November 30, 2004, HBUS’ AML Director Terry Pesce, PCM head Michael Gallagher, and Payment Services head Denise Reilly met with HBUS CEO Martin Glynn, about HBUS processing U-turn transactions. Prior to the meeting, Ms. Reilly circulated the HBUS procedures 843 7/6/2004 email from HBEU John Ranaldi to HBEU Michael Geoghegan, “HBEU Iranian Payments Business,”HSBC OCC 8876861. 844 Subcommittee interview of Michael Geoghegan (5/24/2012).845 See 8/4/2004 email exchanges among MDBK Phil Baines to HBEU Nigel White and others, “Iranian – PaymentProcessing Proposals,” HSBC OCC 8874705-708. 846 8/6/2004 email from HSBC David Bagley to HBEU Nigel White and others, “ Iranian – Payment ProcessingProposals,” HSBC OCC 8874703-704. 847 Id.848 8/6/2004 email from HSBC Iain Stewart to HBEU Michael Geoghegan and HBME David Hodgkinson, “ Iranian– Payment Processing Proposals,” HSBC OCC 8874703. 849 Subcommittee interview of Michael Geoghegan (5/24/2012).850 9/22/2004 email from HBEU Nigel White to HSBC Iain Stewart and others, “Iranian U Turn Payments,” HSBCOCC 8874023-037. 149 that were developed in 2001, “when the topic was last active.” 851 The internal emails suggestthat one HBUS employee may have been under the impression that the processing of Iranian transactions had not yet begun and did not know that HBUS had already been processing Iranian U.S. dollar transactions for at least three years. 852A few days after the high level meeting among HBUS officials, Ms. Reilly sent Mr. Gallagher a description of “the conditions under which HBUS will accept U-Turn transactions.” 853 Those conditions included that transactions would be formatted to be fullytransparent serial payments; HBEU would agree not to alter payment instructions and abide by the U-turn processing requirements; HBUS would not be liable for penalties resulting from OFAC sanction violations; a separate “HBEU Special Account” would be established at HBUS to handle Iranian originated transactions and the account number would be added to the HBUS OFAC filter so all transactions could be reviewed and approved prior to processing; HBUS would be reimbursed for the additional employees needed to handle review of these payments; and fees for the transactions would reflect the processes and risk. 854 Whereas the 2001 protocolwas specific to Bank Melli, this protocol applied to all Iranian transactions. 855On December 15, 2004, Mr. Bagley informed the HSBC Global Head of PCM Marilyn Spearing and HBME Deputy Chairman David Hodgkinson that he had advised then HSBC Group CEO Stephen Green “that a compliant solution had been agreed in principle with HBUS.” While this agreement was a significant milestone, Mr. Bagley said Mr. Green wanted to consider the issue and possibly discuss it with then HSBC Group Chairman John Bond. Mr. Bagley asked Ms. Spearing to provide him data on the potential commercial value of the Iranian U.S. dollar transactions to the Group, considering both existing and future business. He wrote: “I would not suggest that we seek to try and influence the debate at this stage….but it might be helpful if I was armed with the likely value to the Group if we are in effect making a reputational risk over possible reward type judgment.” 856Mr. Bagley concluded by writing that it would probably be “sensible” to “gently” proceed “assuming that we may get sign-off.” 857851 11/30/2004 email from HBUS Denise Reilly to HBUS Sandra Peterson and HBUS Michael Gallagher, “ Uturns,”HSBC-PSI-PROD-0096166; 11/29/2004 email from HBUS Denise Reilly to HBUS Michael Gallagher and others, “U-turns,” HSBC-PSI-PROD-0096167. 852 See, e.g., 11/30/2004 email from HBUS Sandra Peterson to HBUS Denise Reilly and HBUS Michael Gallagher,“ U-turns,” HSBC-PSI-PROD-0096165 (Ms. Peterson: “Is this proposal for Bank Melli only or is the intent to grow this business? When this topic first arose it was to support Bank Melli but my understanding is that the business under discussion now is more general, with no specific clients named to date.”). 853 12/2/2004 email from HBUS Denise Reilly to HBUS Michael Gallagher and others, “U-Turns,” HSBC OCC3407526-527. 854 Id. at 3407527.855 Subcommittee meeting with HSBC legal counsel (4/12/12).856 12/15/2004 email from HSBC David Bagley to HSBC Marilyn Spearing and HBME David Hodgkinson, “Iran –OFAC,” HSBC OCC 8874039. 857 Id. at 8874039.150 An internal OCC memorandum indicates that, in early 2005, HBUS contacted the OCC about a proposal to process Iranian U-turns. 858 In the memorandum, an OCC examiner describedhow legitimate U-turns could be processed and wrote: “[W]e notified Ms. Pesce that we believed the transactions to be permissible. However, we also informed her that the bank would have to maintain extremely tight controls over the transactions as well as a comprehensive system of controls for monitoring purposes.” 859 Later in the same memorandum, the OCCexaminer wrote: “[O]n February 23, 2005 Ms. Pesce informed the writer that the decision to process the u-turn transactions was not to go forward and that the area business had made the decision not to undertake such processing.” 860The documentation suggests that even after reaching agreement with HBUS on how to process Iranian transactions, HBEU and HBME continued to send undisclosed Iranian transactions through their HBUS accounts. A later analysis performed by an outside auditor at HBUS’ request found that HSBC affiliates sent about 7,800 Iranian transactions through U.S. dollar accounts in the United States during 2004, of which more than 90% continued to be undisclosed. 861(f) Processing the Iranian Transactions The 2004 agreement reached among HSBC affiliates on how to process Iranian U-turn transactions did not end the controversies or new developments affecting those transfers. Considering an Exit. Four months after agreement was reached with HBUS on how to process Iranian transactions, on April 8, 2005, David Bagley reached out to Mr. Hodgkinson to request an assessment of the nature and extent of Iranian business for an analysis Mr. Bagley was asked to prepare for the HSBC Group Chairman. It appears that at the top levels of HSBC, there was some discussion about exiting the Iranian business entirely due to a “specific transaction for NPC” about which Mr. Bagley had spoken with Mr. Green. 862 In the same email, Mr. Bagleywrote, “This is needed partly as part of the risk over reward equation, but also because we will need to both analyze each different type of business and assess how we will deal with legacy issues.” 863 He continued: “It is not all as bad as it seems as the conversation today gave someclear possible alternative approaches to an outright ban.” 864Two days later, on April 10, 2005, HBME official Ajay Bhandoola provided Mr. Bagley with a paper discussing payment alternatives for Iran. 865858 See 2/28/2005 OCC memorandum, “Issues Update,” OCC-PSI-00903648-650, at 2. [Sealed Exhibit.]The paper laid out two proposals for 859 Id.860 Id.861 Deloitte presentation, “March 29, 2012,” HSBC-PSI-PROD-0197919, at HSBC OCC 8966143. The Deloittereview examined HBEU and HBME Iranian transactions sent through U.S. dollar accounts at HBUS and other U.S. banks. 862 4/8/2005 email from HSBC David Bagley to HBME David Hodgkinson and HBME Nasser Homapour, “ IranianBusiness – OFAC,” HSBC OCC 8874052. The reference to NPC is unclear. 863 Id. at 8874052.864 Id. at 8874052.865 4/10/2005 email from HBME Ajay Bhandoola to HSBC David Bagley and others, “ Iranian Business – OFAC,”HSBC OCC 8874051-057. 151 continuing payments from Iranian bank accounts with HSBC “to protect our Iranian franchise while minimizing any possible legal, regulatory or reputational risk to HBUS.” The two alternative solutions provided were to use another U.S. dollar correspondent (other than HBUS) for HBME, and to limit U.S. dollar accounts for Iranian banks to specific purposes. 866 HBMEdid not explain why it was considering using a third party correspondent since HBUS had already agreed to process the Iranian transactions using transparent procedures. 867Stopping Payments. On April 19, 2005, HBUS’ OFAC filter stopped a $362,000 payment from Bank Melli, because it contained the phrase “do not mention our name in New York.” 868 When asked in general about why payments would be stopped in the HBUS filter,Rod Moxley told the Subcommittee that messages like the one mentioned above should have been deleted in the processing area but was errantly left on the outgoing instructions. 869 Thisincident indicated that HBEU’s MPD was still altering Iranian payment instructions in April 2005, one year after Mr. Moxley had threatened to stop processing all payments if forced to continue altering them, and four months after HBEU and HBUS reached agreement on using fully transparent Iranian U.S. dollar transactions. HBEU resubmitted the payment on April 22, 2005, but HBUS stopped it again and sent a SWIFT message requesting full disclosure of the name and address of the underlying originator and ultimate beneficiary. Two follow-up requests were sent by HBUS on April 28 and May 4, 2005. As of May 5, 2005, no response had been received. 870In early May 2005, a $6.9 million wire payment involving Iran was also stopped by HBUS, because the payment details included the phrase, “Bank Melli Iran.” 871 HBUS OFACCompliance officer Elizabeth Protomastro sent an email to HBEU, as well as HSBC Group, stating: “Though the payment appears to meet the U-turn under the Iranian Transactions Regulations, we require that the payments should be fully disclosed as to the originator and beneficiary information before processing. We know that this policy is in line with the stance of other U.S. financial institutions … You are also aware, from past discussions, that this is required by HBUS. Let us know if you have any questions. Please advise on your side of the delay in processing.” 872The email chain regarding the stopped payment was forwarded to Mr. Bagley, who then contacted HBUS AML head Teresa Pesce to ask whether HBUS’ action “denotes a change of 866 Undated “Iranian Accounts and USD Payments,” prepared by HBEU, HSBC OCC 8874055-057.867 Id. at 8874056-057.868 5/5/2005 email from HBUS Elizabeth Protomastro to HSBC John Allison and others, “ Payment rejected re MelliBank PLC – USD 362,000,” HSBC-PSI-PROD-0096170-171. 869 Subcommittee interview of Rod Moxley (6/7/2012).870 5/5/2005 email from HBUS Elizabeth Protomastro to HSBC John Allison and others, “ Payment rejected re MelliBank PLC – USD 362,000,” HSBC-PSI-PROD-0096170-171. 871 5/3/2005 email from HBUS Elizabeth Protomastro to HSBC John Allison, HSBC Susan Wright, HBEU RodMoxley, and others, “Wire payment suspended re ‘Iran’ – USD 6,912,607.82,” HSBC OCC 8874711. 872 Id. at 8874712.152 policy and approach within HBUS to what I would normally expect to be cover payments.” 873Mr. Bagley wrote: “As you are aware, there are no Group standards which require that the originator and beneficiary details go in all payments. Accordingly, Group Operation globally will not habitually require or input this information if the underlying customer instruction is received on a basis permitted by the SWIFT format and by local regulation.” He noted that if the payment were suspended due to a reference to Iran, he understood. But if the action taken by HBUS denoted a change of policy on what information had to be included in payment instructions, that change may not have been communicated across the Group and vetted with business colleagues. This email was sent in 2005, by Mr. Bagley, after more than two years of negotiations to increase transparency with regard to Iranian transactions. Ms. Pesce forwarded Mr. Bagley’s email to HBUS OFAC Compliance officer Elizabeth Protomastro and senior HBUS Compliance official Anne Liddy. Ms. Protomastro responded that “for the most part” the U-turns being processed by HBUS for HBEU had been fully disclosed in compliance with the conditions specified in December 2004. 874 Ms. Protomastro stated that theremitter involved in the $6.9 million transfer was Credit Suisse Zurich, which was “well aware of the u-turn practices of other U.S. organizations and the requirement for full disclosure of the name and address of the originator and the beneficiary.” 875On June 3, 2005, Ms. Protomastro informed HSBC Group about two more HBEU transfers, for $1.9 million and $160,000, that had been stopped by HBUS due to the lack of full disclosure of the originator, beneficiary, and purpose of the payment. 876 HBEU responded thatboth payments were foreign exchange related, the originators were Bank Tejarat and Bank Melli, and the beneficiaries were Persia International Bank and Credit Suisse Zurich, respectively. 877Ms. Protomastro responded by requesting that HBEU follow up with the banks to obtain the names and addresses of the initial originators and ultimate beneficiaries, as well as confirmation of the underlying purpose of the payments, in accordance with the “agreement reached in the past” between HBUS and HBEU requiring full disclosure for U-turn payments. 878 According toinformation provided by Bank Melli through HBEU, the $160,000 payment denoted an internal transfer from Bank Melli’s account with HBEU to Bank Melli’s account with Credit Suisse Zurich. 879 This information allowed the payment to be released.880873 5/4/2005 email from HSBC David Bagley to HBUS Teresa Pesce, “Wire Payments Suspended,” HSBC OCC8874710-711. Mr. Marsden stated that he 874 5/4/2005 email from HBUS Elizabeth Protomastro to HBUS Teresa Pesce and others, “ Wire PaymentsSuspended,” HSBC OCC 8874710. 875 Id. at 8874710.876 6/3/2005 email between HBUS Elizabeth Protomastro and HSBC John Allison and others, “Wire payments fromHSBC Bank PLC suspended – USD 1,900,000 and USD 160,000 (Iran),” HSBC OCC 3407547. 877 6/6/2005 email from HBEU Rod Moxley to HBUS Elizabeth Protomastro and others, “Re: Wire payments fromHSBC Bank PLC suspended – USD 1,900,000 and USD 160,000 (Iran),” HSBC OCC 3407546-547. 878 6/6/2005 email from HBUS Elizabeth Protomastro to HBEU Stephen Cooper and others, “Re: Wire paymentsfrom HSBC Bank PLC suspended – USD 1,900,000 and USD 160,000 (Iran),” HSBC OCC 3407544-545. 879 6/7/2005 email from HBEU Anthony Marsden to HBUS Grace Santiago-Darvish, “Re: Wire payments fromHSBC Bank PLC suspended – USD 1,900,000 and USD 160,000 (Iran),” HSBC OCC 3407543-544. 153 was in the process of contacting Bank Tejerat for additional information about the $1.9 million transfer. On June 6, 2005, Anne Liddy sent HBUS AML head Teresa Pesce the email correspondence about the two Iranian payments that had been suspended. 881 She also informedMs. Pesce that 44 of the approximately 60 payments stopped by the HBUS OFAC filter the previous month, May 2005, and forwarded for review, referenced Iran. She remarked that this was “quite a lot.” The following day, HBUS OFAC Compliance officer Grace Santiago-Darvish informed HBUS’ Payment Services head Denise Reilly that they would be sending a message to all HSBC locations to remind them about the need to fully disclose underlying information in Uturn payments. She wrote: “We, in Compliance have noticed that, other locations could be more forthcoming about disclosing orig[inator], and bene[ficiary] information.” 882Switch from HBEU to HBME. On May 20, 2005, HBME Deputy Chairman David Hodgkinson sent an email to HSBC business heads that, after a meeting with the HSBC Group Chairman and Group CEO, a decision had been made to transfer all Iranian bank U.S. dollar accounts held by HBEU to HBME, and utilize a “third party correspondent in the US for cover and other valid U turn payments.” 883 When asked about this decision, David Bagley told theSubcommittee that the processing of the payments was moved to HBME because that was where the locus of business was located. 884 In addition, HBME set up a special team to review thetransactions to ensure consistent treatment. Mr. Hodgkinson also informed HSBC business heads that they should suspend new business and the expansion of current activities with Iran until the political situation improved, but that “existing business and commitments with Iran” were allowed to continue. 885JP Morgan Chase. On June 20, 2005, David Bagley informed David Hodgkinson that Iranian payments had been discussed in a meeting he had with HSBC Group CEO Stephen Green and HSBC Group legal counsel Richard Bennett. 886 He wrote that it was decided that allU-turns, whether passing through HBUS or another U.S. correspondent, would have to comply with the U-turn requirements in OFAC regulations. He wrote that Mr. Green also wanted confirmation that the “agreed arrangements in relation to Iranian payments had been put in place,” and that payments, including any cover payments, passing through the United States would comply with OFAC regulations. Mr. Bagley wrote: 880 6/7/2005 email from HBEU Anthony Marsden to HBEU Rod Moxley and others, “Re: Wire payments fromHSBC Bank PLC suspended – USD 1,900,000 and USD 160,000 (Iran),” HSBC OCC 3407544-545. 881 6/6/2005 email from HBUS Anne Liddy to HBUS Teresa Pesce and others, “Fw: Wire payments from HSBCBank PLC suspended – USD 1,900,000 and USD 160,000 (Iran),” HSBC OCC 3407537. 882 6/7/2005 email from HBUS Grace Santiago-Darvish to HBUS Denise Reilly and others, “Re: Wire paymentsfrom HSBC Bank PLC suspended – USD 1,900,000 and USD 160,000 (Iran),” HSBC OCC 3407536. 883 5/20/2005 email from HBME David Hodgkinson to HBME Nasser Homapour and others, “Iran,” HSBC OCC8874714. 884 Subcommittee interview of David Bagley (4/12/2012).885 5/20/2005 email from HBME David Hodgkinson to HBME Nasser Homapour and others, “Iran,” HSBC OCC8874714. 886 6/20/2005 email from HSBC David Bagley to HBME David Hodgkinson, “Iranian Payments,” HSBC OCC8878027-029. 154 “Although I may have misunderstood our discussions I was not previously aware that this was a precondition nor did my original paper envisage that if we used a non-Group correspondent we would necessarily consider passing only U-turn exempt payments through them. In fact in such circumstances there would be no reason to use anyone other than HBUS given that HBUS could not be criticized were it to carry out exempt payments.” 887Mr. Bagley’s comments suggest that he was under the impression that using a non-Group correspondent would have allowed HSBC to process Iranian payments that did not meet the Uturn exception. However, after his discussion with Mr. Bennett and Mr. Green, he requested that Mr. Hodgkinson confirm they would be sending only compliant U-turn transactions through the United States, regardless of “whether or not through our own correspondent.” 888On June 27, 2005, David Hodgkinson responded that HBME was attempting to open a U.S. dollar correspondent account with JP Morgan Chase (JPMC) for the purpose of processing Iranian U.S. dollar payments. Later in the email he wrote: “we never envisaged anything other than U-Turn complaint payments being processed,” and confirmed agreement that “there is no reason to use anyone other than HBUS.” He clarified that the only reason they had considered another U.S. correspondent for these payments was due to HBUS being unwilling to process them for reputational risk reasons. 889 When Michael Gallagher, the head of HBUS PCM, wasasked whether he was aware that HBME opened a U.S. dollar account with JPMorgan Chase in 2005, he could not recall. 890 He further explained that HBME must have thought that HBUS’standards were higher if they went to JPMorgan Chase to do the same service. Despite that email, HBME did open a U.S. correspondent account with JPMC. Mr. Bagley alerted HSBC Group CEO Stephen Green to the account on September 19, 2005, writing that HBME had opened a correspondent account with JPMC “through which the pre-screened compliant U-turn Iranian Payments can be made.” 891 A later analysis conducted by an outsideauditor at HBUS’ request found that HBME sent about 1,800 U-turns to its JPMorgan Chase account in 2005 and 2006. 892887 Id.888 Id. at 8878028. With regard to cover payments, Mr. Bagley wrote that failing to consider an entire transaction(“both the cover payment instruction and any linked bank to bank message”), which if considered together “would lead to a different determination in terms of that U-turn exemption,” needed to be included in the risk determination. Mr. Bagley also referenced heightened concerns about the level of scrutiny from U.S. authorities regarding cover payments and OFAC compliance by “ US banks offering correspondent banking services,” stemming from discussions held at a recent Wolfsberg meeting. The Wolfsberg Group consists of major international banks that meet regularly and work together to combat money laundering. See http://www.wolfsbergprinciples. com/index.html. 889 6/27/2005 email from HBME David Hodgkinson to HSBC David Bagley and HSBC Richard Bennett, “IranianPayments,” HSBC OCC 8878026-027. 890 Subcommittee interview for Michael Gallagher (6/13/2013).891 9/19/2005 email from HSBC David Bagley to HSBC Stephen Green and HSBC Richard Bennett, “GCL050047“Compliance With Sanctions,” HSBC OCC 8874360-361. 892 Subcommittee briefing by Cahill Gordon & Reindel LLP (6/20/2012); Deloitte presentation, “March 29, 2012,”HSBC-PSI-PROD-0197919, at HSBC OCC 8966143. The Deloitte review examined HBEU and HBME Iranian transactions sent through U.S. dollar accounts at HBUS and other U.S. banks. 155 ( g) Establishing Group-wide PolicyIn July 2005, HSBC Group Compliance issued a Group Circular Letter, or GCL, that for the first time established Group-wide policy on processing OFAC sensitive transactions, including U-turns involving Iran. GCL 050047 explicitly barred all HSBC affiliates and offices from participating in any U.S. dollar transaction, payment, or activity that would be prohibited by OFAC regulations. 893 The GCL also explicitly acknowledged the U-turn transactionspermitted under OFAC regulations and required all compliant U-turn transactions be routed through an HBME “Center of Excellence” in Dubai for processing. While the policy directed all HSBC affiliates to use only permissible Iranian U-turns, the GCL also allowed HSBC affiliates to continue to use cover payments when sending them through U.S. accounts for processing, which meant the transactions would continue to circumvent the OFAC filter and any individualized review by the recipient U.S. bank, including HBUS. 894The 2005 GCL also required local U.S. dollar clearing systems, located in Hong Kong and the United Arab Emirates, to implement WOLF screening for all U.S. dollar payments to ensure that non-compliant payments were rejected. The GCL stated: “Any dispensation from the terms of this GCL requires GHQ CMP [Group Compliance] concurrence.” 895 Mr. Bagleydescribed the GCL as being “necessary and urgent to protect the Group’s reputation.” 896About a month after the GCL was issued, the HSBC Group head of Global Institutional Banking, Mark Smith, issued a managerial letter, in August 2005, providing guidance on implementing the new policy. 897 The letter provided a brief summary of Group’s relationshipwith each of the OFAC sanctioned countries. 898 With respect to Iran, Mr. Smith wrote: “Iran –extensive relationships with a number of Iranian institutions. Group Compliance had re-affirmed that OFAC sanctions, including the U-turn exception, apply to all transactions.” 899 The guidancealso clarified that the revised policy applied only to U.S. dollar transactions and continued to permit non-U.S. dollar business with prohibited countries and persons on the OFAC list. 900893 See 7/28/2005 GCL 050047, “Compliance with Sanctions,” HSBC OCC 3407560-561.894 Id.895 Id.896 7/26/2005 email from HSBC David Bagley to HSBC Mansour Albosaily and others, “OFAC GCL,” HSBC OCC3407550-555. Upon receipt of the GCL, on July 26, 2005, Anne Liddy wrote that she would discuss the need for OFAC training with John Allison and Susan Wright at their monthly meeting the following day to ensure HBEU and HBME “clearly understand OFAC” and “how to identify a true U turn.” 7/26/2005 email from HBUS Anne Liddy to HBUS Grace Santiago-Darvish and others, “OFAC GCL,” HSBC OCC 3407549. 897 8/25/2005 managerial letter from HSBC Mark Smith to HBUS Aimee Sentmat, HBME Alan Kerr, and others,“GCL050047 – Compliance with OFAC sanctions,” HSBC OCC 3407565-569. 898 8/25/2005 Managerial Letter from Mark Smith, “GCL050047 – Compliance with OFAC sanctions,” HSBC OCC3407565-569. 899 Id. at 3407568.900 8/25/2005 managerial letter from HSBC Mark Smith to HBUS Aimee Sentmat, HBME Alan Kerr, and others,“GCL050047 – Compliance with OFAC sanctions,” HSBC OCC 3407565-569. 156 Also in August 2005, HBUS circulated an email identifying correspondent relationships affected by the new policy. 901 The email identified the number of open correspondent accountswith financial institutions in affected countries, including Iran. It also explained: “The revised policy does not represent an automatic exit strategy with regards to affected clients. Non-USD business (and for Iran, U-turn exempt transactions) may continue to be undertaken. … Verbal discussions with affected clients would be preferable. Any written correspondent seeking to clarify the Group’s revised policy should be cleared with local Compliance.” 902Once the policy was in place, HSBC personnel took a closer look at some of the Iranian transactions. On August 10, 2005, HBME sales manager Gary Boon sent John Root an email which included an excerpt from an email sent by David Bagley to David Hodgkinson. 903 In it,Mr. Bagley noted that Mr. Hodgkinson had conveyed that a “significant number” of the trade and other transactions involving HBME would be U-turn compliant. In response, Mr. Bagley wrote: “I have to say that a number of potential payments resulting from trade transactions from other Group offices that John Root and I have looked at since the issuance of the GCL are not in our view U-turn compliant.” In September 2005, HBEU senior payments official Rod Moxley completed an analysis of U.K. transactions over a 10-day period that were stopped by the HSBC WOLF filter and involved prohibited countries, including Iran. 904 He forwarded the results to senior HSBC GroupCompliance officials John Root and John Allison, noting that over just ten days, 821 of the transactions had involved Iran. 905In mid-September 2005, David Bagley provided an update to HSBC Group CEO Stephen Green on implementation of the July 2005 GCL. He explained that the “required specialist ‘Uturn’ team” had been established at HBME in Dubai, and a correspondent account with JP Morgan Chase had been opened to process compliant U-turn payments. He indicated that HBME was also using HBUS to process U-turns, as was HBEU. Mr. Bagley stated that “a number of Group Offices” had opened U.S. dollar accounts with HBME for routing Iranian payments, but added that he was not convinced that all HSBC affiliates had done so. As a result, he issued a reminder to the Regional Compliance Officers to discuss the matter with their business heads and requested confirmation by September 23, 2005. Despite the issuance of the GCL and the existing arrangement with HBUS, an undisclosed Iranian-related transaction was discovered, leading an HBUS executive to believe the practice was ongoing. In November 2005, another bank stopped a transaction after HBUS had already processed it, without knowing the transaction had involved Iran. HBUS OFAC Compliance officer Elizabeth Protomastro notified Mr. Moxley at HBEU that, on November 7, 901 See 8/25/2005 email from HBUS Alan Ketley to multiple HSBC colleagues, “GCL050047 – Compliance withOFAC Sanctions,” HSBC OCC 3407565-569. 902 Id. at 4.903 8/25/2005 email from Gary Boon to John Root, HSBC OCC 8876581. See also HSBC OCC 8876580.904 See 9/23/2005 email from HBEU Rod Moxley to HSBC John Allison and HSBC John Root, “OFAC sanctions,”HSBC OCC 8877213-214. 905 9/23/2005 email from HBEU Rod Moxley to HSBC John Allison and others, “OFAC sanctions,” HSBC OCC8877213-214. 157 2005, a $100,000 transaction involving Bank Melli had been processed through HBEU’s account at HBUS without transparent documentation. She wrote: “We are bringing this to your attention as this situation indicates that cover payment involving Iran are still being processed by PLC [referring to HBEU]. It was our understanding that Group payments involving Iran would be fully disclosed as to the originators and beneficiaries.” 906The payment had not been stopped by the HBUS OFAC filter, because it did not contain any reference to Iran. She explained that four days later HBUS received a SWIFT message from HBEU stating that after contacting the remitter the correct SWIFT should have been “MelliRTH94.” Since a U.S. bank cannot directly credit an Iranian bank, the payment was stopped and rejected by an unrelated bank. However, HBUS did not have the funds because Credit Suisse had already been paid through another correspondent bank owned by Credit Suisse. Ms. Protomastro explained that if the payment did involve Bank Melli, it met the U-turn exception. However, she wanted to know why HBEU continued to submit cover payments involving Iran which ran afoul of the new HBUS agreement. 907 Mr. Moxley responded that thetransaction had uncovered a transparency issue with their payment system, which HBEU would work to address. 908A later review performed by an outside auditor at HBUS’ request found that, even after the 2004 HBUS agreement, HSBC affiliates continued to send thousands of undisclosed Iranian U-turn transactions through their U.S. dollar accounts at HBUS and elsewhere. The auditor’s review found that, from July 2002 to June 2005, HBEU and HBME together sent about 18,000 Iranian U-turn transactions through their U.S. dollar accounts of which about 90% did not disclose any connection to Iran. 909 The review found that, from July 2005 to June 2006, HBMEsent about 3,000 Iranian U-turns through its U.S. dollar accounts of which about 95% were undisclosed. The comparable figures for HBEU were 1,700 U-turns of which 75% were undisclosed. 910906 11/23/2005 email from HBUS Elizabeth Protomastro to HBEU Rod Moxley and others, “Cover paymentprocessed to Credit Suisse re “Bank Melli” – USD 100,000,” HSBC OCC 8876886-887. 907 Id.908 Id. Mr. Moxley explained that when a customer directly inputs a transaction through an approved electronicchannel, such as Hexagon, and the transaction achieves straight through processing, the cover MT202s are automatically generated by the HBEU payments system by the time the transactions hit the HBEU WOLF queue. He explained that the WOLF team was reviewing these payments to ensure the U-turn requirements were met, but acknowledged the lack of transparency for HBUS and indicated that a paper had already been submitted to the Head of Payment Services, Malcolm Eastwood, regarding the matter. Id. 909 Deloitte Review of OFAC transactions, “March 29, 2012,” HSBC OCC 8966113 at 8966143.910 Id. at 8966143. The figures for 2005 alone, were that HBEU and HBME together sent about 6,300 Iranianpayments through U.S. dollar accounts in the United States, of which more than 90% were undisclosed. Id. 158 (h) Shifting Iranian Transactions from HBUS to JPMorgan Chase and Back Again In 2006, HBME sent a number of Iranian U-turn transactions through its new U.S. dollar account at JPMorgan Chase. When JPMorgan Chase decided to exit the business later in the year, HBME turned to HBUS to process them. Again, most of the U-turns HBME sent to HBUS were undisclosed. GCL 060011 Barring Cover Payments. On April 6, 2006, less than a year after GCL 050047 was issued, HSBC Group issued another Group Circular Letter, entitled “U.S. Dollar Payments,” essentially barring non-transparent cover payments for most OFAC sensitive transactions. It followed an enforcement action by the Federal Reserve Board on December 19, 2005, charging ABN AMRO Bank with OFAC violations for modifying payment instructions on wire transfers used to make OFAC sensitive transactions and using special procedures to circumvent compliance systems used to ensure the bank was in compliance with U.S. laws. 911About two weeks after the enforcement action, an email exchange among HBEU, HBME, HBUS, and HSBC Group Compliance officials revealed: “Group compliance is having a closer look at the [2005] GCL, with more specific reference to the recently published details of the ABN AMRO Enforcement Action. They are consider[ing] whether it is appropriate, for us to move to use of serial payment methodology. Group compliance needs to give opinion to Group CEO by next friday.” 912That same day, an HBUS Global Payments and Cash Management employee sent an email suggesting that commercial U.S. dollar payments be executed as “serial payments in which all payment party details are advised through HSBC Bank USA, your USD correspondent.” The HBUS employee also wrote: “This will allow our automated transaction monitoring system to appropriately analyze all group transactions for suspicious activity that would otherwise be hidden with the cover payment method. This system goes beyond simple OFAC checking to detect repetitive transaction trends indicative of money laundering or terrorist financing. 911 See 12/19/2005 Federal Reserve Board, Financial Crimes Enforcement Network, Office of Foreign AssetsControl, New York State Banking Department, and Illinois Department of Financial and Professional Regulation press release and Order of assessment of a civil money penalty, http://www.federalreserve.gov/boarddocs/press/enforcement/2005/20051219/121905attachment2.pdf. Five years later, in May 2010, the Justice Department imposed a $500 million file on ABN Amro for removing information from wire transfers involving prohibited countries. See 5/10/2010 U.S. Department of Justice press release, http://www.justice.gov/opa/pr/2010/May/10-crm-548.html (“ According to court documents, from approximately1995 and continuing through December 2005, certain offices, branches, affiliates and subsidiaries of ABN AMRO removed or altered names and references to sanctioned countries from payment messages. ABN AMRO implemented procedures and a special manual queue to flag payments involving sanctioned countries so that ABN AMRO could amend any problematic text and it added instructions to payment manuals on how to process transactions with these countries in order to circumvent the laws of the United States. Despite the institution of improved controls by ABN and its subsidiaries and affiliates after 2005, a limited number of additional transactions involving sanctioned countries occurred from 2006 through 2007.”). 912 1/6/2006 email from HBEU Michele Cros to HBUS Bob Shetty and other HSBC, HBUS, HBEU, and HBMEcolleagues, “OFAC – Compliance with Sanctions GCL,” HSBC OCC 7688873. 159 Thiswill assure regulators we are doing everything possible to comply with their requirements.” 913The new GCL 060011 required all HSBC Group affiliates to use fully transparent “serial” payments when sending U.S. dollar transactions through HBUS or any other U.S. correspondent, with full disclosure of all originators and beneficiaries. 914 Essentially, it required all HSBCaffiliates to use the same procedure already established at HBUS. The GCL made an exception, however, for Iranian U-turns. Instead of requiring full disclosure in the transaction documents sent to a U.S. bank, the GCL allowed U-turns to “continue to be made as cover payments.” HSBC affiliates were required, however, obtain the underlying payment details to ensure the transaction was permissible under OFAC regulations. 915 In addition, the GCL required all Uturntransactions to continue to be directed through HBME, which had established a dedicated team in Dubai for processing Iranian transactions. Because the GCL created an exception for Iranian U-turns, it did not stop the use of undisclosed transactions being sent by HBME and HBEU to HBUS. 916The policy’s effective date was April 30, 2006, and directed HBUS to require all thirdparty banks for which it provided U.S. dollar correspondent banking services to utilize the same fully transparent payment procedures by December 31, 2006. 917 The GCL also stated thatdispensations from the deadlines could be obtained only from HSBC Group Compliance, with the concurrence of HBUS Compliance. Soon after the GCL was announced, several HSBC affiliates requested and received dispensation from the April 2006 deadline, the most notable of which ended up giving HBEU more than a year to come into compliance with the new GCL. 918913 1/6/2006 email from HBUS Richard Boyle to HBEU Michele Cros and HBUS Bob Shetty, “OFAC –Compliance with Sanctions GCL,” HSBC OCC 7688871 – 873. The email explained that ABN AMRO used their “USD nostro [account] with ABN AMRO New York to process USD payments originated through ‘special procedures’,” and that cover payments were used “as a method of masking Iranian and Libyan financial institutions as the originators of USD wire transfers.” It also discussed the recent regulatory actions as establishing “a precedent that the U S entity of a global group will be held responsible for the transactions in USD that may take place any where in the Group,” and mentioned other banks where regulatory action had been taken, including one that led to a cease and desist order prohibiting cover payments. HBEU obtained an initial 914 See “GCL 060011 – US Dollar Payments (06/Apr/2006),” HSBC OCC 3407587.915 The GCL stated that “serialpayments cannot qualify as U-turn payments,” but OFAC confirmed to the Subcommittee that U-turn payments could, in fact, be processed as serial payments. Subcommittee briefing by OFAC (5/8/2012). 915 The GCL stated that “serial payments cannot qualify as U-turn payments,” but OFAC confirmed to theSubcommittee that U-turn payments could, in fact, be processed as serial payments. Subcommittee briefing by OFAC (5/8/2012). 916 From April through June 2006, about 90% of the Iranian payments sent by HBME to U.S. dollar accounts atHBUS and elsewhere did not disclose their connection to Iran. In July 2006, an internal HSBC policy was issued that required HBME to send Iranian payments received from Group affiliates to HBUS on a serial basis. After July 2006, nearly 100% of the Iranian payments sent by HBME to the U.S. disclosed their connection to Iran. This internal policy did not apply to HBEU until late in 2007. From April 2006 through December 2007, about 50% of the 700 Iranian payments sent by HBEU to U.S. dollar accounts at HBUS and elsewhere did not disclose their connection to Iran. Deloitte Review of OFAC transactions, “March 29, 2012,” HSBC OCC 8966113 at 8966143. 917 4/6/2006 GCL 060011, “US Dollar Payments,” HSBC OCC 3407587.918 See 4/25 – 5/5/2006 email exchanges among HSBC David Bagley, Group offices, and HBEU Rod Moxley,“Serial Payments – USD – GCL,” HSBC OCC 8877231-239. The emails indicate HSBC Asia Pacific requested dispensation for 19 specific countries until August 31, 2006, to allow time to change its payment systems. HBEU 160 dispensation until October 31, 2006. On November 21, 2006, HBEU MPD head Malcolm Eastwood requested a second extension until after installation of a new GPS system scheduled for July 1, 2007. In July, due to “the huge volume of HBEU traffic and the potential resolution of the problem by an impending global system change,” HBEU received a third extension until November 2007. 919 Since HBEU was one of the top processors of payments for HSBC affiliates,its year and a half dispensation delayed full implementation of the new GCL until November 2007. 920The month after the new GCL was issued, HBUS Compliance official Anne Liddy sent an email to HSBC Group AML head Susan Wright indicating she had heard that David Bagley had “issued a dispensation” in relation to the new GCL. Ms. Liddy said that while she recalled discussions about how HSBC Group was “having a difficult time getting our Group offices to switch (mainly due to systems issues),” and the need to provide more time for clients to convert, she did not recall any dispensations being issued. She asked Ms. Wright for more information. Ms. Wright responded: “There have been a limited number of dispensations granted re HSBC’s own customers – John is the keeper of the dispensations and so will provide you with more detail.” 921 Based on Ms. Liddy’s email, it appears that Group Compliance may have granteddispensations which then allowed cover payments to continue, without obtaining HBUS Compliance’s agreement, as the GCL required. JPMC Pulls Out. In May 2006, about six months after HBME opened an account with JPMorgan Chase to process Iranian U-turns, JPMorgan Chase decided to stop processing them. On May 25, 2006, a JPMC representative informed HBME official Gary Boon that they would continue to process HBME’s dollar payment transactions, with the exception of Iranian transactions that reference details in the payment narrative. 922 On May 26, 2006, Mr. Bagleywrote to HSBC Group CEO Stephen Green that “JMPC have indicated that they are not willing to process these payments, I assume for reputational rather than regulatory reasons (given that they are within the U-turn exemption).” He continued that HBME would have to “pass these payments through HBUS.” He noted that they had previously received concurrence from HBUS to process the transactions, confirmed by HBUS CEO Martin Glynn. 923requested a dispensation until the end of October 2006 for MPS, citing a reconfiguration of the new GPP system that was expected by December 31, 2006. Michael Grainger in GTB – PCM, in conjunction with Operations and IT, requested a dispensation for HBEU sites through HUB until the end of 2006 to allow system changes to be implemented and piloted. David Bagley forwarded this email correspondence to John Allison with a request for consideration. He also noted that the serial methodology would put HBEU at a competitive disadvantage with regard to fees charged and the volume of customer complaints. Id. That same day Mr. 919 7/4/2007 email from HBEU Rod Moxley to IBEU Tony Werby and Andy Newman, “[redacted] – HSBCarrangements for payment of the consideration,” HSBC OCC 8876901. 920 A Deloitte review later determined that HBEU continued to send U-turns without any reference to Iran throughthe end of 2007, reflective of the dispensation granted to HBEU until November 2007. Deloitte Review of OFAC transactions, “March 29, 2012,” HSBC OCC 8966113 at 8966143. See also 11/21/2006 memorandum from HBEU Malcolm Eastwood to HSBC David Bagley and others, “GCL 060011 Dispensation,” HSBC OCC 8876896-899. 921 See 7/16 – 25/2007 email exchanges among HBUS Anne Liddy, HSBC Susan Wright, and HSBC John Allison,“Conversion of Clients to Serial Payment Method,” HSBC OCC 8875256. 922 5/25/2006 email from JPMC Ali Moosa to HBME Gary Boon and others, “US Dollar Transactional Activities viaDDA at JPM,” HSBC OCC 3243782-787 at 786. . 923 5/26/2006 email from HSBC David Bagley to HSBC Stephen Green, “US Dollar Transactional Activities viaDDA at JPM,” HSBC OCC 3243782-787 at 784. 161 Bagley alerted HBUS AML head Teresa Pesce that “HBME have no choice but to now pass” Uturn exempt payments through HBUS. 924Iranian Transactions Shift to HBUS. HBUS was already processing Iranian U-turn transactions for HBEU, but HBME’s decision to route its Iranian U-turns through HBUS as well represented an increase in the volume of transactions that HBUS would have to identify and review. On May 26, 2006, the same day he learned HBME would begin routing U-turns through its U.S. dollar account at HBUS, HBUS AML officer Alan Ketley emailed HBME’s Alan Kerr to clarify how HBUS would process the new volume of payments. 925 On May 30, 2006, Mr.Ketley wrote to HBME Gary Boon, copying HBUS AML head Teresa Pesce: “I’m unclear why you would be seeking to have HBUS handle this activity at no notice and am uncomfortable making arrangements for such sensitive activity in this fashion.” He requested examples of payment orders for routing through HBUS and asked for confirmation that HBME would not begin routing U-turns through HBUS until they had the “appropriate controls in place.” He was also concerned from a resource perspective, and stated that HBME intended to pass as many Uturns in a day as HBUS would normally handle in a busy month. 926 That same day, in responseto his email to Mr. Boon, Ms. Pesce wrote: “Alan – we have no choice. JPMC won’t take them.” 927HBUS’ effort to ensure it had adequate staffing to review OFAC-related alerts from the HBME U-turns was made more difficult by varying information from HBME on the number of transactions to expect. On June 22, 2006, HBUS Compliance officials Anne Liddy and Alan Ketley reacted to an email exchange involving HBME’s Gary Boon discussing U-turn payment volumes being processed through HBUS as between 10 and 25 per day. Ms. Liddy wrote: “[B]efore it was about 40. Yesterday 10. Now 25ish. BTW I am going to set up a m[ee]t[in]g with Terry and Denise (as our financier) to discuss resourcing for OFAC. It is out of hand.” 928In July 2006, HBME made a policy decision to go beyond the requirements of the Groupwide 2006 GCL and require all of its Iranian transactions to provide fully transparent payment information to its U.S. correspondents. 929In addition to the HBME transactions moving to HBUS, one other notable transaction involving Iran in 2006, pertained to 32,000 ounces of gold bullion valued at $20 million. In May 2006, the HBUS London branch cleared the sale of the gold bullion between two foreign banks 924 5/26/2006 email from HSBC David Bagley to HBUS Teresa Pesce and others, HSBC OCC 3243782-783.925 5/26/2006 email from HBUS Alan Ketley to HBME Alan Kerr and HBME Gary Boon, “U-Turns,” OCC-PSI-00179654 926 5/30/2006 email from HBUS Alan Ketley to HBME Gary Boon and HBME Alan Kerr, “U-Turns,” OCC-PSI-00179654. 927 5/30/2006 email from HBUS Teresa Pesce to HBUS Alan Ketley, “U-Turns,” HSBC OCC 3243965.928 6/22/2006 email from HBUS Anne Liddy to HBUS Alan Ketley, “You Turn Payments,” HSBC OCC 3250730-732. 929 Subcommittee briefing by Cahill Gordon & Reindel LLP (6/20/2012)162 for the ultimate benefit of Bank Markazi, Iran’s Central Bank. HSBC indicated that it had been aware that Bank Markazi was the beneficiary, but had viewed the transaction as a permissible Uturn. 930 OFAC later told HBUS that it considered the transaction to be a “non-egregious”violation of law, and provided HBUS with an opportunity to explain why it should not be penalized for it; HBUS is still awaiting a final determination as to whether it will be penalized. 931(i) Getting Out In October 2006, HSBC Group reversed course and decided to stop handling Iranian Uturns. In 2007, it went further and exited all business with Iran, subject to winding down its existing obligations. Increasing Risks. In October 2006, Mr. Bagley provided a warning to his superiors that HSBC might want to re-consider processing U-turns. In an email on October 9, 2006, Mr. Bagley informed Stephen Green, who had become HSBC Group Chairman, Michael Geoghegan, who had become HSBC Group CEO, and David Hodgkinson, who used to head HBME but had become HSBC Group COO, that the risks associated with U-turns had increased due to “actions taken by the US government in withdrawing the U-Turn exemption from Bank Saderat.” 932 Theprior month, in September 2006, HBUS had stopped an undisclosed transaction involved Bank Saderat in Iran, which was added to the OFAC SDN list that same month. 933Mr. Bagley wrote: “During my recent visit to the US to attend a Wolfsberg meeting I was discretely advised of the following by a reliable source: [U.S. Treasury] Under Secretary [Stuart] Levey … and the more hawkish elements within the Bush administration were in favour of withdrawing the U-Turn exemption from all Iranian banks. This on the basis that, whilst having direct evidence against Bank Saderat particularly in relation to the alleged funding of Hezbollah, they suspected all major Iranian State owned banks of involvement in terrorist funding and WMD [weapons of mass destruction] procurement. … Certain US Government bodies have however made it known to a number of US banks that, as WMD related transactions are impossible to detect they would run an unacceptable reputational and regulatory risk were they to continue to process U-Turn transactions. The essence of the statement appears to be that as WMD related transactions would be heavily disguised (where even as a trade transaction documents 930 1/1/2010 – 5/31/2010 Compliance Certificate from HSBC David Bagley to HNAH Brendan McDonagh and NiallBooker, OCC-PSI-01754176, at 17. 931 See draft HSBC response to pre-penalty notice, OCC-PSI-00299323.932 10/9/2006 email from HSBC David Bagley to HSBC Stephen Green, HSBC Michael Geoghegan, and HBMEDavid Hodgkinson, “Iran – U-Turn Payments,” HSBC OCC 8874731-732. 933 See 9/11/2006 email from HBUS Anne Liddy to HBUS Teresa Pesce, “HBME Wire payment USD 586.00 (Iran-Bank Saderat) – Reject & Report to OFAC,” HSBC OCC 4844209 and 12/14/2006 email from Elizabeth Protomastro to John Allison and others, “OFAC – Wire payments blocked from HSBC offshore entities – USD 32,000 (re SDGT) and USD 2,538,939.33 (re Sudan),” HSBC OCC 3407608-609. 163 would in effect be falsified) there is no safe way for a US bank to be involved in even a U-turn exempt transaction however stringent the scrutiny or monitoring. The clear implication made was that being found to be involved in a WMD related transaction, even if wholly innocently, would result in significant and severe action being taken against such a bank. There were very strong indications that a number of US banks were therefore considering withdrawing from all U-turn related activity. If this happens those continuing in this market are likely to have an increased concentration. Although I am satisfied that we have put appropriate controls in place to manage the UTurn transactions, I am concerned that there are now increased risks in continuing to be involved in U-Turn USD payments which would justify our reconsidering our approach. I do recognize that the significance that tightening our policy to withdraw from U-Turn permitted transactions would have in terms of our Middle Eastern and Iranian business.” 934GCL 060041 Ending U-turns. Shortly after Mr. Bagley’s email, HSBC decided to stop processing U-turns entirely. On October 25, 2006, HSBC Group Compliance issued Group Circular Letter 060041 which directed all Group offices to immediately stop processing U-turn payments. 935 An exception was made for permissible U-turn payments in connection withlegally binding contractual commitments. HSBC decided to stop utilizing the U-turn exception two years before OFAC actually revoked the exception in November 2008. Despite this decision, HSBC maintained a number of existing Iranian relationships. 936On March 13, 2007, as a result of a “letter recently filed with the SEC “relating to the extent of our exposure to business in the so-called named countries (Sudan, Syria, and Iran),” 937 HSBCGroup Compliance head David Bagley updated HSBC Group CEO Michael Geoghegan on HSBC’s relationships with Iranian banks. He wrote: “The existing levels of business, much of which is historic and subject to ongoing commitments, has been reviewed by CMP [Compliance] as against the requirements of Group policy, particularly where transactions are denominated in USD. Some of this activity related to pre-existing committed obligations which are binding on an ongoing basis. Group policy recognizes that we will have to allow such arrangements to run off. Relevant business colleagues are however aware of the Group’s stance in terms of having no appetite for new or extended business activity involving Iranian counterparties. Where transactions appear to potentially conflict with Group policy those transactions are referred to GHQ CMP for determination and sign-off.” 938934 Id. at 8874732.935 10/25/2006 GCL 060041, “US OFAC Sanctions against Iran – U-Turn Exemption,” HSBC OCC 3407606.936 See 2/6/2006 Project and Export Finance presentation, “Iranian portfolio,” HSBC OCC 8876050-057. Thispresentation indicated that Project and Export Finance had not taken on any new Iranian business since 2005. 937 3/13/2007 email from HSBC David Bagley to HSBC Michael Geoghegan and others, “Iran,” HSBC OCC8878037-038. 938 Id. at 8878037-038.164 The subject of Iran arose again a few months later, in June 2007, when Mr. Bagley informed HSBC Group CEO Michael Geoghegan that he had a private meeting with U.S. Treasury Under Secretary for Counter Terrorist Financing and Sanctions, Stuart Levey, during a recent Wolfsberg Group conference. Mr. Bagley indicated that Mr. Levey had questioned him about a HSBC client who, according to Mr. Levey, “had clearly been identified as having acted as a conduit for Iranian funding of” an entity whose name was redacted from the document by HSBC. 939 Mr. Bagley wrote: “Levey essentially threatened that if HSBC did not withdraw fromrelationships with [redacted] we may well make ourselves a target for action in the US.” Mr. Geoghegan responded: “This is not clear to me because some time ago I said to close this relationship other than for previously contractually committed export finance commitments.” 940Mr. Bagley replied that the bank had only “limited relationships with [redacted] and in fact overall with Iranian banks.” Mr. Bagley also wrote that he had discussed the matter with David Hodgkinson, and they agreed that HSBC “should immediately withdraw from [redacted] and also withdraw from all Iranian bank relationships in a coordinated manner.” He noted that the bank would have to honor “legally binding commitments” such as Project and Export Finance facilities. 941 Thesecommunications indicate that HSBC officials had previously known about problems with one particular Iranian client but that it did not end the relationship until after a warning from the U.S. government. GCL 070049 on Exiting Iran. On September 24, 2007, HSBC Group Compliance issued another Group Circular Letter, this one announcing the bank’s decision to exit Iran. GCL 070049 directed all account relationships with Iranian banks to be “closed as soon as possible” with sufficient notice as required by local law and to “allow an orderly run down of activity” and the “run-off of any outstanding exposures.” The GCL allowed ongoing payments involving existing facilities and transactions “where there are legally binding commitments,” such as Project and Export Finance facilities, to continue to be made as serial payments. 942 The deadlinefor closure of all Iranian accounts was November 30, 2007. 2008 and 2009 Iranian Transactions. After the GCLs terminating most business with Iran, internal bank documents show that hundreds of Iranian transactions per month continued to surface at HBUS during 2008 and 2009. These transactions were not, however, the type of undisclosed U-turn transactions that HSBC affiliates had been routinely sending through HBUS accounts prior to HSBC’s decision to exit Iran, but represented other types of transactions. In 2008 and 2009, for example, HBUS’ London Banknotes office conducted a series of apparently prohibited transactions benefitting the Iranian Embassy in London. From July 22, 2008 to February 12, 2009, in more than 30 transactions, HBUS sold over €455,000 to HBEU 939 See 6/8/2007 email exchanges among HSBC David Bagley, HSBC Michael Geoghegan and others, “Iran,”HSBC OCC 8878214-216 at 215. 940 Id. at 8878215.941 Id. at 8878214.942 9/24/2007 GCL 070049, “Sanctions Against Iran,” OCC-PSI-00141529-531 and HSBC OCC 8876013-015.165 which, in turn, sold them to the Embassy of Iran in the United Kingdom. 943 According toHBUS, “the funds were used to meet salary obligations” of the Iranian Embassy. 944 In addition,from December 5, 2008 to February 5, 2009, HBEU purchased over $2,500 from the Embassy of Iran and resold the U.S. dollars to HBUS. 945 In 2009, after HBUS discovered that the LondonBanknotes office was engaging in currency transactions with the Iranian Embassy, it reported the transactions to OFAC and ended the activity. 946Other transactions involving Iran processed through HBUS’ correspondent accounts from 2008 to 2009, included a March 2009 wire transfer for $300,000, which was mistakenly processed because a HBUS compliance officer did not realize a transaction reference to “Persia” implied a connection to Iran; and two wire transfers totaling over $55,000 which involved a vessel owned by “NITC” which, until it was updated, HBUS’ OFAC filter did not recognize as the National Iranian Tanker Company. 947(j) Looking Back According to an ongoing outside audit requested by HSBC, from 2001 to 2007, HBEU and HBME sent through their U.S. dollar accounts at HBUS and elsewhere nearly 25,000 OFAC sensitive transactions involving Iran totaling $19.4 billion. 948 While some of those transactionswere fully disclosed, most were not. According to the review conducted by Deloitte, from April 2002 to December 2007, more than 85% of those payments were undisclosed. 949Despite HBUS pleas for transparency and a 2004 internal agreement to use fully transparent procedures, HSBC affiliates HBEU and HBME often took action, including by deleting references to Iran or using cover payments, to prevent the Iranian transactions sent through their U.S. dollar correspondent accounts at HBUS from being caught in the OFAC filter. Despite the fact that they viewed most of the transactions as permissible under U.S. law, concealing their Iranian origins helped avoid delays caused when HBUS’ OFAC filter stopped the transactions for individualized review. HBME, in particular, requested that HBUS allow the use of cover payments to conceal Iranian transactions and circumvent the OFAC filter. When HBUS insisted on fully transparent transactions, the HSBC affiliates sent undisclosed transactions through their HBUS accounts anyway. HSBC Group leadership, including the 943 3/20/2009 letter from HBUS Elizabeth Protomastro to OFAC, HSBC OCC 060892. See also 1/25/2012 OCCSupervisory Letter HSBC-2012-03, “OFAC Compliance Program,” OCC-PSI-01768561-566, at Attachment (describing the transactions as involving over $606,000 in U.S. dollars). [Sealed Exhibit.] 944 Id.945 Id.946 See 3/24/2009 “Compliance Report for 1Q09-HUSI Businesses,” sent by HBUS Lesley Midzain, to HNAH JanetBurak, HSBC David Bagley, and HBUS Paul Lawrence, HSBC OCC 3406981; 1/25/2012 OCC Supervisory Letter HSBC-2012-03, “OFAC Compliance Program,” OCC-PSI-01768561-566, at Attachment. [Sealed Exhibit.]. 947 See 1/25/2012 OCC Supervisory Letter HSBC-2012-03, “OFAC Compliance Program,” OCC-PSI-01768561-566, at Attachment. [Sealed Exhibit.] 948 See Deloitte Review of OFAC transactions, “Results of the Transactions Review – UK Gateway, March 29,2012,” HSBC-PSI-PROD-0197919, at 930. 949 Subcommittee briefing by Cahill Gordon & Reindel LLP (6/20/2012); Deloitte presentation, “March 29, 2012,”at HSBC OCC 8966113. These payments were sent to the U.S. bank as cover payments, serial payments, or payments that were cancelled and then re-submitted by either an HSBC affiliate or the client without disclosing the connection to Iran in the payment message. Id. at 8966118 and 8966143. 166 heads of Compliance and AML, were aware in varying degrees of what the affiliates were doing, but for years, took no steps to insure HBUS was fully informed about the risks it was incurring or to stop the conduct that even some within the bank viewed as deceptive. The HSBC Group Compliance head took no decisive action even after noting that the practices “may constitute a breach” of U.S. sanctions. At HBUS, senior executives in the Compliance and payments areas knew about the actions being taken by HSBC affiliates to send concealed Iranian transactions through their U.S. dollar correspondent accounts, but were unable or unwilling to obtain information on the full scope of the problem, bring the issue to a head, and demand its resolution at the highest levels of the bank to ensure all U-turns were reviewed for compliance with the law. (2) Transactions Involving Other Countries Iranian transactions were not the only potentially prohibited transactions sent through HBUS. Transactions involving Burma, Cuba, North Korea, and Sudan, as well as persons named on the SDN list, were also sent through HBUS accounts, although to a much lesser extent than those related to Iran. HSBC affiliates were one major source of the transactions, due to poor compliance with HSBC Group policy barring U.S. dollar transactions with prohibited countries or persons, and requiring transparent transactions, but the majority of these transactions appear to have been sent through HBUS by unrelated financial institutions. The transactions sent by HSBC affiliates also do not appear to be the product of the same kind of systematic effort to avoid the OFAC filter as was the case with the Iranian U-turns. Some of the transactions sent through HBUS had references to a prohibited person or country deleted or used cover payments, and passed undetected through the OFAC filter. Others openly referenced a prohibited country or person, but escaped detection by HBUS’ OFAC filter or HSBC’s WOLF filter due to poor programming. Still others were caught by a filter, but then released by HBUS personnel, apparently through human error. An ongoing review by an outside auditor, examining HBUS transactions over a seven-year period from 2001 to 2007, has so far identified about 2,500 potentially prohibited transactions involving countries other than Iran, involving assets totaling about $322 million. 950(a) 2005 and 2006 GCLs The documents examined by the Subcommittee show that HBUS’ OFAC filter blocked a transaction involving a prohibited country other than Iran as early as 2002. 951950 Deloitte presentation, “Results of the Transactions Review – UK Gateway, March 29, 2012,” HSBC-PSI-PROD-0197919, at 930. Since the Deloitte review has yet to examine an additional set of U.S. dollar transactions and does not include any transactions during the period 2008 to 2010, its figures represent a conservative analysis of the potentially prohibited transactions transmitted through HBUS. Internal bank documents indicate, however, that transactions involving prohibited persons or countries other than Iran did not receive the same level of attention as the Iranian transactions, until issuance of 951 On May 21, 2002, a $3 million payment from HBEU was blocked by HBUS’ OFAC filter due to a reference inthe payment details to Cuba. See 4/24/2006 email from HBUS Charles Delbusto to HBUS Michael Gallagher, “ING Writeup,” HSBC OCC 1933599-601. See also 11/14/2002 memorandum from HBEU Malcolm Eastwood to HBUS Denise Reilly and HBEU Geoff Armstrong, “Compliance – OFAC Issues in General and Specific to Iran,” HSBC OCC 7688824. 167 the July 28, 2005 Group Circular Letter 050047 which barred HSBC affiliates from executing U.S. dollar transactions involving any person or country prohibited by OFAC. 952Shortly after the GCL was issued, the HSBC Group head of Global Institutional Banking, Mark Smith, issued a managerial letter, in August 2005, providing guidance on implementing the new policy. 953 His letter summarized the Group’s relationships with Burma, Cuba, Iran, NorthKorea, Sudan, and Zimbabwe. He explained that most of HSBC Group’s business with Sudan and Cuba was conducted in U.S. dollars and “discussions already initiated with the affected banks will dictate the extent of our ongoing relationship.” The guidance also clarified that the revised policy applied only to U.S. dollar transactions. 954In addition, the managerial letter identified correspondent relationships affected by the new policy. 955 It provided the number of open correspondent accounts with financial institutionsin Cuba, Burma, Iran, North Korea and Sudan. It also explained: “The revised policy does not represent an automatic exit strategy with regards to affected clients. Non-USD business (and for Iran, U-turn exempt transactions) may continue to be undertaken. However, for a number of reasons eg. operational simplicity, where the remaining non-USD business is uneconomic or where the client concludes they will have to conduct their business with an alternative provider, the ultimate outcome may be the closure of certain relationships. Verbal discussions with affected clients would be preferable. Any written correspondent seeking to clarify the Group’s revised policy should be cleared with local Compliance.” 956The letter noted that “any dispensation from the terms of the GCL require[d] Group Compliance concurrence.” 957In September 2005, senior HBEU payments official Rod Moxley completed an analysis of U.K. transactions over a 10-day period that were stopped by HSBC’s WOLF filter and involved Burma, Cuba, or Sudan. 958 He forwarded the results to senior HSBC GroupCompliance officials John Root and John Allison, noting that there were “a considerable number of USD denominated transactions” for Sudan, and “also to a lesser extent” Cuba and Burma. He also noted that prior to the effective date of the new GCL, these payments would have been stopped by the WOLF filter but then allowed to proceed, “providing they did not infringe on UN/EU sanctions or terrorist parameters,” since HBEU was “not affected directly by OFAC sanctions,” but the new GCL would require these payments to be blocked due to OFAC prohibitions. 952 7/28/2005 GCL 050047, “Compliance with Sanctions,” HSBC OCC 3407560-561.953 8/25/2005 managerial letter from HSBC Mark Smith to HBUS Aimee Sentmat, HBME Alan Kerr, and others,“GCL050047 – Compliance with OFAC sanctions,” HSBC OCC 3407565-569. 954 Id at 3407566.955 Id.956 Id. at 3407568.957 Id. at 3407568.958 See 9/23/2005 email from HBEU Rod Moxley to HSBC John Allison and HSBC John Root, “OFAC sanctions,”HSBC OCC 8877213-214. 168 Mr. Moxley also wrote: “Since the issuance of the GCL, it has been made clear that US interests are of paramount importance and we should do nothing, when processing payment transactions, which would leave HBUS in a vulnerable position. The issues surrounding Iran have overshadowed other OFAC payments recently, however, I can advise that we have not so far physically returned any USD payments involving Sudan, Cuba or Burma. I feel we now need to look far more closely at these payments to ensure compliance with the GCL.” 959Mr. Moxley asked about two alternative responses to transactions stopped by the WOLF filter and barred by the new GCL. One was to continue processing the transactions but ensure that the payment was routed in such a way “that they are not frozen in the US.” He explained: “This will involve intelligent usage of the routing system but may perpetuate similar scenarios to those encountered with Iran (customer instructions saying Do not mention Sudan or routing which does not make it apparent that these are Sudanese payments).” This alternative seems to suggest that HSBC would engage in Iran-style transactions in which transaction details are stripped out to avoid triggering the OFAC or WOLF filters. His second alternative was to “strictly” apply the GCL “and return the payments unprocessed.” He wrote that his “instinct” was to “return all such USD payments … so that our US colleagues’ position is not compromised,” but wanted confirmation from HSBC Group Compliance before taking that action. 960 The documents reviewed by the Subcommittee do not indicate what response hereceived. When asked about his email, Mr. Moxley told the Subcommittee that he could not recall how his inquiry was resolved. 961About a year later, on April 6, 2006, HSBC Group issued another Group Circular Letter, GCL 060011, which required all HSBC affiliates, when sending U.S. dollar transactions through a correspondent account at HBUS or another U.S. financial institution to use so-called “serial payments” specifying the transaction’s chain of originators and beneficiaries. 962 This policychange was intended to stop HSBC affiliates from using cover payments, which provide less information for banks when processing payments and which can mask potentially prohibited transactions sent through HBUS or other U.S. banks. Its effective date for HSBC affiliates was April 30, 2006; HBUS was required to impose the policy on all third-party banks for which it provided U.S. dollar correspondent banking services by December 31, 2006. 963 At the sametime, HSBC Group Compliance granted a year-long extension to HBEU, giving it until July 2007, before it was required to use serial payment instructions. 964Internal bank documents indicate that OFAC sensitive transactions involving countries other than Iran took place both before and after the 2005 and 2006 GCLs. 959 Id.960 Id. at 8877214.961 Subcommittee Interview of Rod Moxley (6/7/2012).962 4/6/2006 GCL 060011, “US Dollar Payments,” HSBC OCC 3407587.963 Id.964 See 4/25 – 5/5/2006 email exchanges among HSBC David Bagley, Group offices, and HBEU Rod Moxley,“Serial Payments – USD – GCL,” HSBC OCC 8877231-239. Subcommittee briefing by OFAC (5/8/2012). 169 (b) Transactions Involving Cuba Internal bank documents indicate that, from at least 2002 through 2007, HBUS processed potentially prohibited U.S. dollar transactions involving Cuba. HSBC affiliates in Latin America, in particular, had many Cuban clients and sought to execute transactions on their behalf in U.S. dollars, despite the longstanding, comprehensive U.S. sanctions program and the OFAC filter blocking such transactions. 965In August 2005, a month after HSBC Group issued its new GCL policy barring HSBC affiliates from engaging in U.S. dollar transactions in violation of OFAC prohibitions, HBUS circulated an email identifying correspondent relationships that would be affected. 966 The emailstated: “An overriding observation is that the revised policy will most significantly impact the Cuban and Sudan correspondent bank relationships.” It also observed: “For Sudan and Cuba, most of our business is conducted in USD and the discussions already initiated with the affected banks will dictate the extent of our ongoing relationships.” 967In September 2005, HSBC Group Compliance head David Bagley told HSBC Group CEO Stephen Green that they had closed “a number of USD correspondent relationships with Cuban … banks.” 968 On October 3, 2005, Mr. Bagley sent an email to Matthew King, then headof HSBC Group Audit, that Mr. Green was “particularly concerned” about ensuring the 2005 GCL was “properly and fully implemented across the Group.” 969 Mr. Bagley asked Mr. King touse HSBC’s internal audits to help gauge compliance with the new GCL. Mr. King relayed the request to various HSBC auditors and, in response, learned from HSBC Mexico (HBMX) Compliance that the OFAC list had not been fully integrated into HBMX’s monitoring system and would not be for another six months, until April 2006. 970 HBMX reported that, pending thesystems integration, it had set up “manual controls” in several divisions to implement the new GCL, but “no automated means exists to ensure that these controls are properly being carried out.” 971 HBMX explained further that its “greatest exposure” was “the volume of businesshistorically carried out by HBMX customers with Cuba in US dollars.” 972Mr. King responded that the HBMX transactions raised two sets of concerns, one with respect to the U.S. dollar transactions involving Cuba being run through HBMX’s correspondent account at HBUS, and the second with respect to non-U.S. dollar transactions being “transmitted through the HBUS TP gateway,” referring to a U.S.-based server that handled transfers from 965 See OFAC “Sanctions Programs and Country Information,” Cuba sanctions (last updated 5/11/2012),http://www.treasury.gov/resource-center/sanctions/Programs/pages/cuba.aspx. 966 See 8/25/2005 email from HBUS Alan Ketley to multiple HSBC colleagues, “GCL050047 – Compliance withOFAC Sanctions,” HSBC OCC 3407565-569. 967 Id. at 3407568.968 9/19/2005 email from HSBC David Bagley to HSBC Stephen Green and HSBC Richard Bennett, “GCL050047“Compliance With Sanctions,” HSBC OCC 8874360-362. 969 10/3/2005 email from HSBC David Bagley to HSBC Matthew King, “GCL 050047 – Compliance withSanctions,” HSBC OCC 8874359-360. 970 10/14/2005 email from HBMX Graham Thomson to HSBC Matthew King, “GCL 050047 – Compliance withSanctions,” HSBC OCC 8874358-359. 971 Id.972 Id.170 Mexico and South America. 973 Since the United States prohibited transactions involving Cuba,both types of transactions raised questions about whether they ran afoul of the OFAC list and the 2005 GCL. Mr. King responded: “I note HBMX continues to process USD payments involving Cuba. It is very important that is stopped immediately as the regulators are getting very tough and the cost to the Group could be considerable if a breach occurs, both in terms of the fine and the rectification work which is likely to be a pre-requisite to any settlement. With regard to non-USD payments as described above, GHQ CMP [Group Headquarters Compliance] are urging HBUS to screen out these transactions to avoid any risk, and HBMX would have to put measures in place to p[re]-empt customer dismay.” 974HSBC affiliates from outside of Latin America also occasionally sent potentially prohibited transactions involving Cuba through their HBUS accounts. For example, in December 2006, a payment for $15,350 that had been sent by an HSBC affiliate in the Asia- Pacific region was blocked by HBUS, because the transaction documents referred to “Air Tickets Moscow Havana Moscow 3Pax.” 975In 2007, an internal HSBC document entitled, “Information Requested in Connection With: (North Korea, Cuba, and Myanmar),” revealed that, as of May 2007, HSBC affiliates in Mexico and Latin America were still providing U.S. dollar accounts to Cuban clients, in apparent violation of HSBC Group GCL policy and OFAC regulations. 976 The document indicated thatHBMX had 23 Cuban customers with U.S. dollar accounts containing assets in excess of $348,000, and 61 Cuban customers holding both U.S. dollar and Mexican peso accounts with assets totaling more than $966,000. 977 In addition, the report disclosed that HSBC affiliates inColombia, Costa Rica, El Salvador, Honduras, and Panama were also providing U.S. dollar accounts to Cuban nationals or the Cuban Embassy. The document also indicated that arrangements had been made to “cancel all business relationships with” Cuban clients, in relation to U.S. dollar accounts or commercial relationships for the entire region. 978 These steps werebeing taken almost two years after the July 2005 GCL had prohibited HSBC affiliates from executing U.S. dollar transactions involving OFAC sensitive persons. 973 10/17/2005 email from HSBC Matthew King to HBMX Graham Thomson, HSBC David Bagley, and others,“GCL 050047 “Compliance With Sanctions,” HSBC OCC 8874357-358. 974 Id.975 12/17/2006 email from HBAP Donna Chan to HBUS Alan Ketley and others, “TT NSC770937 Dated 13Dec06For USD15,350.21,” HSBC OCC 3287261-262. 976 5/18/2007 HSBC document, “Information Requested in Connection With: (North Korea, Cuba, and Myanmar),”HSBC OCC 8876088-095, at 8876093-095. 977 Id. In addition, 1, 284 Cuban clients had nearly 2250 HBMX accounts holding solely Mexican pesos, with assetsexceeding a total of $8.9 million. Id. at 8876093. 978 5/18/2007 HSBC report, “Information Requested in Connection With: (North Korea, Cuba, and Myanmar),”HSBC OCC 8876088-095 at 8876093-095. 171 (c) Transactions Involving Sudan A second set of OFAC sensitive transactions involved Sudan, a country which is also subject to a comprehensive sanction program in the United States. 979 Internal bank documentsindicate that, from at least 2005 to 2008, HBUS processed a considerable volume of U.S. dollar transactions involving Sudan that, once the new GCL took effect, should have decreased. The reasons they continued include a wide range of factors, from inadequate bank staffing reviewing OFAC transactions, to deceptive wire transfer documentation, to ongoing actions by HSBC affiliates to send these potentially prohibited transactions through HBUS. In August 2005, a month after HSBC Group issued the GCL policy barring HSBC affiliates from engaging in U.S. dollar transactions in violation of OFAC prohibitions, HSBC Group head of Global Institutional Banking, Mark Smith, circulated a managerial letter identifying correspondent relationships that would be affected. 980 The letter stated: “Anoverriding observation is that the revised policy will most significantly impact the Cuban and Sudan correspondent bank relationships.” It also observed: “For Sudan and Cuba, most of our business is conducted in USD and the discussions already initiated with the affected banks will dictate the extent of our ongoing relationships.” 981 In September 2005, a senior HBEU paymentsofficial Rod Moxley completed an analysis of U.K. transactions over a 10-day period that were stopped by the WOLF filter and noted “a considerable number of USD denominated transactions” for Sudan. 982A year after the GCL took effect, however, one affiliate attempted to clear a Sudanrelated transaction through HBUS in violation of company policy. On December 6, 2006, HBUS blocked a $2.5 million payment originating from an HSBC branch in Johannesburg, because the payment details referenced the “Sudanese Petroleum Corporation.” 983 Although the paymenthad also been stopped by the WOLF filter in HSBC Johannesburg, an employee there had approved its release and sent the transaction through their correspondent account at HBUS. An internal email from HSBC Johannesburg explained that the release of the funds was: “a genuine error in an attempt to push the day[‘]s work through before the cut-off time. I believe the loss of three staff in the department leaving only two permanent staff remaining is causing the[m] to work towards clearing their queues rather than slow down 979 See OFAC “Sanctions Programs and Country Information,” Sudan sanctions (last updated 2/1/2012),http://www.treasury.gov/resource-center/sanctions/Programs/pages/sudan.aspx . 980 8/25/2005 managerial letter from HSBC Mark Smith to HBUS Aimee Sentmat, HBME Alan Kerr, and others,“GCL050047 – Compliance with OFAC sanctions,” HSBC OCC 3407565569; 8/25/2005 email from HBUS Alan Ketley to multiple HSBC colleagues, “GCL050047 – Compliance with OFAC Sanctions,” HSBC OCC 3407565- 569. 981 Id. at 3407568.982 See 9/23/2005 email from HBEU Rod Moxley to HSBC John Allison and HSBC John Root, “OFAC sanctions,”HSBC OCC 8877213-214. 983 See 12/14/2006 email from HBUS Elizabeth Protomastro to HBUS John Allison and others, “OFAC – Wirepayments blocked from HSBC offshore entities – USD 32,000 (re SDGT) and USD 2,538,939.33 (re Sudan),” HSBC OCC 3407608-609. 172 to read the warnings such as these. … Having said that I also feel it is a matter of training where seeing the word ‘Sudan’ alone should have been warning enough.” 984The email also noted that the transaction had been sent by Commercial Bank of Ethiopia, which was “aware that this payment may not go through as they have attempted to make this payment via their other correspondent banks and failed.” 985In July 2007, HBUS discovered that another client, Arab Investment Company, had been sending “multiple Sudan-related payments” through its U.S. dollar account at HBUS, that other banks later blocked for specifying a Sudanese originator or beneficiary, “suggesting that HBUS has been processing cover payments for this client.” 986 An email identified seven wire transfersover a one-year period, collectively involving more than $1.1 million, in which the documentation provided to HBUS made no reference to Sudan, preventing the transfers from being stopped by HBUS’ OFAC filter. 987 The email noted that two of the wire transfers laterblocked by other banks had resulted in letters from OFAC seeking an explanation for HBUS’ allowing the transfers to take place, and suggested closing the client account to prevent more such incidents. 988 On another occasion, HBUS identified five wire transfer payments betweenJanuary and November 2007, totaling more than $94,000, that turned out to be intended for a Sudanese company, but had been processed as straight through payments at HBUS, because “there was no beneficiary address and no mention of ‘Sudan’.” 989In still other cases, wire transfers clearly referencing Sudan were stopped by HBUS’ OFAC filter for further review, but then allowed by HBUS staff to proceed. An HBUS internal report on OFAC compliance noted, for example, two blocked wire transfers involving Sudan, one for over $44,000 and the other for over $29,000, blocked on November 5 and December 7, 2007, respectively, by HBUS’ OFAC filter, but subsequently “released due to human error.” 990In August 2008, HBUS noted that it was then holding over $3.2 million in Sudan-related payments sent to the bank from other HSBC affiliates. 991984 12/15/2006 email from HSBC Gimhani Talwatte to HSBC Krishna Patel, “PCM Operational error. Funds frozenin USA – payment on behalf of Commercial Bank of Ethiopia,” OCC-PSI-00610597, at 8. The bulk of the funds came from blocking a $2.5 million payment from HSBC Johannesburg destined for the Sudanese Petroleum Corporation, but three other Sudan-related payments from HSBC affiliates were also identified, a $300,000 payment sent by HSBC Hong Kong; a payment for more than $367,000 payment from HSBC Dubai, and a payment for more than $58,000 from British Arab Commercial Bank Ltd. The email listing these blocked funds noted that a court order was seeking transfer of the funds 985 Id.986 7/8/2007 email from HBEU Joe Brownlee to HBEU Giovanni Fenocchi, forwarded by HBEU Peter May toHBUS Anne Liddy and HBUS Alan Ketley, “Arab Investment Company Reportable Event #3948 Notification Entity,” OCC-PSI-00620281, at 2. 987 Id.988 Id.989 Undated Global Transaction Banking report, “All Open Reportable Events,” OCC-PSI-00823408, at 7.990 4/2/2008 HBUS memorandum, “Management Report for 1Q2008 for OFAC Compliance,” OCC-PSI-00633713.991 8/8/2008 email from HBUS Anne Liddy to HSBC Susan Wright and others, “USS Cole Case,” OCC-PSI-00304783 at 2-3. 173 to a federal court in the United States in connection with a lawsuit seeking compensation for the families of 17 U.S. sailors killed in a 2000 terrorist attack on the USS Cole in Yemen. 992In August 2010, in connection with an effort to exit correspondent relationships with 121 international banks that HBUS determined it could no longer support, HBUS CEO Irene Dorner sent an email noting references to 16 banks in Sudan. Ms. Dorner wrote: “In Phase 2 there will be Trade names the exit for which may be more complicated but to give you a flavo[u]r of the problem we seem to have 16 correspondent banks in Sudan which cannot be right.” 993(d) Transactions Involving Burma Another set of OFAC sensitive transactions involved Burma, also referred to as Myanmar, a country which, like Cuba and Sudan, was subject to a comprehensive sanctions program in the United States. 994 This program, first imposed in 1997, remains in effect today,although certain aspects of the program were suspended in May 2012. 995 Internal bankdocuments indicate HBUS processed potentially prohibited transactions involving Burma from at least 2005 to 2010. One of the earliest references to transactions with Burma in the documents reviewed by the Subcommittee is a January 2005 email involving HBUS’ Global Banknotes business, which involves the buying and selling of large quantities of physical U.S. dollars to non-U.S. banks. 996The email, written by HSBC Group Compliance head David Bagley, described a transaction in which HBUS purchased $2.9 million in U.S. dollars from a client, determined that the dollars had come from a certain party whose name was redacted by HBUS, and noted: “Myanmar is currently subject to OFAC regulations prohibiting any transactions by US persons relating to Myanmar counterparties.” Mr. Bagley wrote: “There appears little doubt that the transaction is a breach of the relevant OFAC sanction on the part of HBUS, that it will need to be reported to OFAC and as a consequence there is a significant risk of financial penalty. It does not appear that there is a systemic issue, rather we are dealing with an individual incident, although given the potential seriousness of the breach external lawyers have been instructed to assist with the process of resolving matters with OFAC.” 997992 Id.993 8/20/2010 email from HBUS Irene Dorner to HSBC Andrew Long and others, “Project Topaz US UrgentRequirements,” HsBC OCC 8876105-106. 994 See OFAC “Sanctions Programs and Country Information,” Burma sanctions (last updated 4/17/2012),http://www.treasury.gov/resource-center/sanctions/Programs/pages/burma.aspx. 995 Id. The U.S. Government suspended certain aspects of the Burma sanctions on May 17, 2012. See “U.S. EasesMyanmar Financial Sanctions,” Wall Street Journal, Jay Solomon (5/17/2012), http://online.wsj.com/article/SB10001424052702303879604577410634291016706.html ( “[T]he U.S. Treasury Department is maintaining and updating its list of sanctioned Myanmar military companies, business tycoons and generals who allegedly engaged in human-rights violations and corruption.”). 996 See 1/21/2005 email from HSBC David Bagley to HSBC Stephen Green and Richard Bennett, “ComplianceException,” HSBC OCC 8873671. 997 Id.174 In July 2005, HSBC Group issued its new GCL policy barring all HSBC affiliates from engaging in U.S. dollar transactions in violation of OFAC prohibitions. A few days later, on August 25, 2005, HSBC Group head of Global Institutional Banking, Mark Smith, circulated a managerial letter, referenced previously, identifying correspondent relationships that would be affected. 998 The letter noted that the “Group has 2 account relationships with Myanmar entities,”and stated that the “GCL applies in full,” implying both relationships would have to be terminated. In September 2005, a senior HBEU payments official, Rod Moxley, who analyzed U.K. transactions stopped by the WOLF filter over a 10-day period noted that a number of the U.S. dollar transactions involved Burma. 999After the GCL’s 2005 effective date, Burma-related transactions appear to have been reduced, but continued to occur. One example is a $15,000 payment that originated in Burma on January 18, 2008, was processed as a straight-through payment at HBUS, and blocked by the OFAC filter at another bank involved with the transaction. 1000 An HBUS email explained thatthe payment had not been blocked at HBUS, because its OFAC filter didn’t recognize “Yangon,” the former capital of Burma, also called “Rangoon,” as a Burma-related term. According to the email, it was the second payment involving “Yangon” that was missed by the HBUS filter. HBUS Compliance head Carolyn Wind requested that the filter be fixed immediately: “We are running too much risk that these misses will cause OFAC to start questioning the effectiveness of our controls.” 1001Four months later, HBUS blocked an April 2008 wire transfer for $12,060 headed for the account of an SDN-listed entity at Myanmar Foreign Trade Bank. An internal bank document noted that the payment had been blocked by HBUS due to “references to Yangon and Myanmar, rather than blocking it due to the sanctioned entity[‘]s involvement.” The document noted that the bank code “for the sanctioned entity was not included in the payments filter, as per agreed upon procedure with the UK WOLF team,” and a systems fix was implemented in October 2008. 1002In May 2010, two additional Burma-related U.S. dollar transactions were processed by HBUS, due to limitations in the WOLF filter. In one instance, a payment was not blocked, because “the filter did not list ‘Burmese’ as an a.k.a. [also known as] for Burma.” In the other instance, the “filter did not identify ‘Mynmar’ as a possible reference to Myanmar.” 1003998 8/25/2005 managerial letter from HSBC Mark Smith to HBUS Aimee Sentmat, HBME Alan Kerr, and others,“GCL050047 – Compliance with OFAC sanctions,” HSBC OCC 3407565569; 8/25/2005 email from HBUS Alan Ketley to multiple HSBC colleagues, “GCL050047 – Compliance with OFAC Sanctions,” HSBC OCC 3407565- 569. 999 See 9/23/2005 email from HBEU Rod Moxley to HSBC John Allison and HSBC John Root, “OFAC sanctions,”HSBC OCC 8877213-214. 1000 See 1/25/2008 email exchanges among HBUS Carolyn Wind, HBUS Mike Ebbs, and others, “Myanmar-relatedpayment – Missed by filter (“Yangon”),” HSBC OCC 0616168-178, at 169. 1001 Id. at 0616168.1002 Undated Global Transaction Banking report, “All Open Reportable Events,” OCC-PSI-00823408, at 4.1003 1/1/2010 – 5/31/2010 Compliance Certificate from HSBC David Bagley to HNAH Brendan McDonagh andHNAH Niall Booker, OCC-PSI-01754176 at pg 4. 175 (e) Transactions Involving North Korea Still another set of OFAC sensitive transactions involved North Korea which, unlike Burma, Cuba and Sudan, is not subject to a comprehensive U.S. sanctions program, but has particular persons and entities included in the OFAC SDN list. 1004In August 2005, a month after HSBC Group issued the GCL policy barring HSBC affiliates from engaging in U.S. dollar transactions in violation of OFAC prohibitions, HSBC Group head of Global Institutional Banking, Mark Smith, circulated a managerial letter identifying correspondent relationship that would be affected. 1005 The letter stated: “The Grouphas 3 account relationships with North Korean entities. These are all inhibited. We have been seeking to close the accounts, and will continue to do so, for some time but have not been able to elicit a response from the banks concerned.” 1006Nearly two years later, in 2007, an internal HSBC document entitled, “Information Requested in Connection With: (North Korea, Cuba, and Myanmar),” revealed that, as of May 2007, HSBC affiliates in Mexico and Latin America were providing U.S. dollar accounts to North Korean clients. 1007 The document indicated that HSBC Mexico (HBMX) had nine NorthKorean customers with nine U.S. dollar accounts holding assets exceeding $46,000, and seven North Korean customers with both U.S. dollar and Mexican peso accounts whose assets totaled more than $2.3 million. 1008 The document indicated that arrangements had been made to “cancelall business relationships with” North Korea, in relation to U.S. dollar accounts or commercial relationships for the entire region. In addition, HBUS did not close a U.S. dollar account with the Foreign Trade Bank of the Democratic People’s Republic of Korea until April 28, 2010, although a review of the account indicated that no U.S. dollar activity had taken place in it since 2007. 1009(f) Other Prohibited Transactions In addition to transactions involving jurisdictions subject to U.S. sanctions programs, some transactions sent to HBUS involved prohibited individuals or entities named on the OFAC SDN list. While many of these transactions were not sent by HSBC affiliates, some were. 1004 See OFAC “Sanctions Programs and Country Information,” North Korea sanctions (last updated 6/20/2011),http://www.treasury.gov/resource-center/sanctions/Programs/pages/nkorea.aspx. 1005 8/25/2005 managerial letter from HSBC Mark Smith to HBUS Aimee Sentmat, HBME Alan Kerr, and others,“GCL050047 – Compliance with OFAC sanctions,” HSBC OCC 3407565569; 8/25/2005 email from HBUS Alan Ketley to multiple HSBC colleagues, “GCL050047 – Compliance with OFAC Sanctions,” HSBC OCC 3407565- 569. 1006 8/25/2005 managerial letter from HSBC Mark Smith to HBUS Aimee Sentmat, HBME Alan Kerr, and others,“GCL050047 – Compliance with OFAC sanctions,” HSBC OCC 3407565569, at 3. 1007 5/18/2007 HSBC document, “Information Requested in Connection With: (North Korea, Cuba, and Myanmar),”HSBC OCC 8876088-095, at 8876093-095. 1008 Id. In addition, 92 North Korean clients had 137 HBMX accounts holding solely Mexican pesos, with assetsexceeding a total of $697,000. Id. at 8876093. 1009 See 2007 Deloitte OFAC review, “Results of the Transactions Review-UK Gateway, March 29, 2012,” HSBCPSI-PROD-0197919, at 988; Subcommittee briefing provided by Deloitte representatives (5/5/2012). 176 HBUS did not allow such transactions to proceed, showing the effectiveness of the OFAC filter when all appropriate transactions are run through it. On November 9, 2006, for example, “at the direction of OFAC,” HBUS blocked for further review a $32,000 payment that had been originated by HBME, because the underlying payment details indicated the funds were to be credited to Al Aqsa Islamic Bank. 1010 This bankhad been designated as a “specially designated global terrorist” by OFAC in December 2001, because it was a “direct arm of Hamas, established and used to do Hamas business.” 1011 OnNovember 20, 2006, HBME asked HBUS to cancel the payment, because “it was sent in error.” On December 7, 2006, however, OFAC instructed HBUS to continue to block the funds. HBUS AML Compliance head Teresa Pesce wrote: “How is it that these payments continue to be processed by our affiliates in light of the GCLs?” 1012A report prepared by Deloitte at HBUS’ request, examining the period 2001 to 2007, also disclosed that one U.S. dollar correspondent account located in the United Kingdom had been opened for a bank located in Syria, while two U.S. dollar correspondent accounts in the United Kingdom had been established for the “Taliban.” 1013 When asked about the correspondentaccount for a bank established for the Taliban, HSBC legal counsel told the Subcommittee that HBEU had maintained an account for Afghan National Credit and Finance Limited, the London subsidiary of an Afghan bank that, from October 22, 1999 to February 2, 2002, was designated under OFAC’s Taliban sanctions. 1014 An HBUS representative told the Subcommittee thatHBUS was unable to go back far enough in its records to uncover whether or not the Afghan account at HBEU sent transactions through HBUS during that time. 1015 The fact that HBEU hadthis account after the 9-11 terrorist attack on the United States again demonstrates how HSBC affiliates took on high risk accounts that exposed the U.S. financial system to money laundering and terrorist financing risks. These U.S. dollar accounts may also have contravened the 2005 GCL and OFAC regulations by enabling banks in Syria and Afghanistan when it was controlled by the Taliban to engage in U.S. dollar transactions through HBUS. Another account involving an individual on the OFAC list was housed at HSBC Cayman Islands. On February 21, 2008, a Syrian businessman by the name of Rami Makhlouf was 1010 12/14/2006 email from HBUS Elizabeth Protomastro to HBUS John Allison and others, “OFAC – Wirepayments blocked from HSBC offshore entities – USD 32,000 (re SDGT) and USD 2,538,939.33 (re Sudan),” HSBC OCC 3407608-609. 1011 1/9/2007 email from HBUS Elizabeth Protomastro to HSBC John Allison, HBUS Teresa Pesce, Anne Liddy,and others, “OFAC – Wire payments blocked from HSBC offshore entities – USD 32,000 (re SDGT) and USD 2,538,939.33 (re Sudan),” OCC-PSI-00610498, at 2. 1012 See 12/15/2006 email from HBUS Teresa Pesce to HBUS Elizabeth Protomastro and others, “OFAC – Wirepayments blocked from HSBC offshore entities – USD 32,000 (re SDGT) and USD 2,538,939.33 (re Sudan),” HSBC OCC 3407608. 1013 10/18-10/19/2011 “Transaction Review Progress and Results Reporting,” prepared by Deloitte LLP, HSBC-PSIPROD-0096628-672, at 649. 1014 Subcommittee briefing by HSBC legal counsel (7/9/2012). See also “UK Observer Reports Taliban Banks StillOperating in London,” London The Observer, Sunday edition of The Guardian (10/1/2007); “Schwerer Schlag”: Ein kleines Geldhaus in London diente offenbar als Hausbank der Taliban,” [Serious Blow: A small Financial Institution in London apparently served as Taliban’s main bank”], Der Spiegel, Christoph Von Pauly (10/8/2001). 1015 Id.177 placed on the SDN list by OFAC. 1016 One week later, HSBC Cayman Compliance personnelcontacted HBUS to report that HSBC Cayman Islands currently held a trust relationship with Mr. Makhlouf and to inquire as to “what actions if any HSBC Group has taken in relation to the above mentioned individual.” 1017 An HBUS Compliance officer asked the Cayman Complianceofficer for more information about the Makhlouf accounts, and the head of HSBC Cayman Compliance responded: “The Trust is administered by HSBC Geneva. We raised concerns with this client in August 2007 however we were assured by David Ford that the relationship had been reviewed at a Group level and a decision had been taken to continue with the relationship.” 1018Ultimately, HBUS determined that it did not have any connection to Mr. Makhlouf and did not need to report any information to OFAC. (3) HBUS’ OFAC Compliance Program Internal bank documentation related to HBUS’ OFAC compliance efforts regarding OFAC sensitive transactions portrays a variety of specific problems over the period reviewed by the Subcommittee. One problem was that some HSBC affiliates continued to offer U.S. dollar accounts to prohibited persons despite HSBC Group policy and OFAC regulations, and continued to send transactions involving those accounts through their U.S. dollar accounts at HBUS. A second problem was the ongoing practice by some HSBC affiliates and others to use methods of processing transactions which did not disclose the participation of a prohibited person or country when sending a transaction through an account at HBUS. Even some within HSBC worried that such methods would look deceptive to its U.S. regulators. In other cases, prohibited transactions were not detected by HSBC’s WOLF filter or HBUS’ OFAC filter due to programming deficiencies that did not identify certain terms or names as suspicious. In still other cases, transactions that had been properly blocked by the WOLF or OFAC filter were released by HSBC or HBUS employees in error, due to rushed procedures, inadequate training, or outright mistakes. Beginning in 2008, spurred in part by an upcoming OCC examination of its OFAC compliance program, HBUS took a closer look at its program as a whole. On September 28, 2008, HBUS received a cautionary letter from OFAC regarding “12 payments processed from September 4, 2003 through February 1, 2008 which represent possible violations against U.S. economic sanctions.” 1019 That same month, HBUS learned that the OCCplanned to review its OFAC operations as part of a November 2008 examination of HBUS’ Payments and Cash Management (PCM) division. 1020 In response, HBUS undertook a detailedanalysis of not only the 12 transactions highlighted by OFAC, but also other prohibited transactions that had been processed through the bank since issuance of the 2005 GCL policy. 1016 See 2/21/2008 U.S. Department of Treasury Press Release No. HP-834, “Rami Makhluf Designated ForBenefiting from Syrian Corruption,” http://www.treasury.gov/press-center/press-releases/Pages/hp834.aspx (“TheU.S. Department of the Treasury today designated Rami Makhluf, a powerful Syrian businessman and regime insider whom improperly benefits from and aids the public corruption of Syrian regime officials.”). 1017 2/28/2008 email exchange among HBUS Andy Im and HSBC Cayman Islands Patricia Dacosta and MichelleWilliams, HSBC OCC 8870981. 1018 Id.1019 9/29/2009 OFAC Cautionary Letter, HSBC-PSI-PROD-0096180-181.1020 See 10/3/2008 email from HBUS Lesley Midzain to HBUS Janet Burak, HSBC David Bagley, and HBUS AnneLiddy, “OFAC ‘Cautionary Letter’ received today,” HSBC OCC 3406951-952. 178 On October 3, 2008, a member of HBUS’ OFAC Compliance team Elizabeth Protomastro forwarded the OFAC letter to HBUS Compliance head Leslie Midzain. 1021 Ms.Midzain, in turn, forwarded it to HSBC Group Compliance head David Bagley and HNAH’s regional Compliance head Janet Burak. 1022 Ms. Midzain wrote that she was giving them an“immediate heads up” because of the “additional [OFAC] failures since February 2008,” the upcoming OCC examination in November, and the “continued sensitivity” surrounding OFAC compliance. She stated that the matter would “receive high priority.” 1023On November 6, 2008, Ms. Midzain provided Mr. Bagley and Ms. Burak with detailed charts on the 12 prohibited transactions as well as a larger number of prohibited transactions that had been mistakenly processed by the bank. 1024 To provide context to the figures, she noted thatHBUS processed approximately 600,000 wire transfers per week, of which about 5%, or 30,000 transactions, generated “possible [OFAC] matches which require review prior to releasing.” 1025She wrote that, over a five-year period from 2003 to 2008, HBUS had “rejected and reported 1,212 transactions valued at $100 million” to OFAC. 1026 She explained that, in addition, HBUShad self-reported 79 missed transactions to OFAC that should have been blocked, but weren’t. Of those, she wrote that HBUS had identified “approx[imately] 57” that were issued subsequent to the 2005 GCL that were “contrary to sanction requirements and for which HSBC was the originating bank.” 1027 She noted that some of the issues had arisen after HBUS replaced itsOFAC filter in July 2007, and may have been due to gaps in the filter that were closed “as the system [was] refined.” 1028Ms. Midzain reported that the 79 missed transactions primarily involved Iran and Sudan. 1029 Other transactions involved Cuba, Iraq, Syria, Zimbabwe, and persons on the SDNlist. Ms. Midzain explained that of the 57 missed transactions that occurred since issuance of the July 2005 GCL policy barring HSBC affiliates from processing U.S. dollar transactions for OFAC sensitive persons, 21 or about one-third had nevertheless originated with an HSBC affiliate. 1030 Of those 21, her analysis noted that about five did not contain a reference to aprohibited person. Her analysis suggests that an HSBC affiliate may have been using a cover payment which would mask the nature of the transaction from HBUS. 1031 Ms. Midzain wrote:“Regarding Group members, since Group policy was issued JUL05, we have nonetheless received a fairly notable number of payments that suggest HSBC banks have not been consistently applying the policy.” 10321021 Emails between HBUS Elizabeth Protomastro, HBUS Lesley Midzain, and others on October 3, 2008, “OFAC‘Cautionary Letter’ received today,” HSBC OCC 3406952-953. She also noted that the analysis had not examined the 1022 10/3/2008 email from HBUS Lesley Midzain to HBUS Janet Burak, HSBC David Bagley, and HBUS AnneLiddy, “OFAC ‘Cautionary Letter’ received today,” HSBC OCC 3406951-952. 1023 Id.1024 11/6/2008 email exchanges among HBUS Leslie Midzain, HSBC David Bagley, HBUS Janet Burak, and others,“OFAC analysis,” HSBC OCC 0616010-026. 1025 Id. at 0616012.1026 Id.1027 Id. at 0616016.1028 Id. at 0616014.1029 Id. at 0616016-017.1030 Id. at 0616017.1031 Id. at 0616016.1032 Id.179 population of payments that HBUS stopped over the years to see how many of them also came from HSBC affiliates. Her figures also did not reflect the larger universe of potentially prohibited transactions that were processed by the bank without either HBUS or OFAC detecting them. David Bagley, HSBC Group Compliance head, thanked Ms. Midzain for her analysis. He also wrote: “As you know, we have just completed and are currently collating the results of a Groupwide Compliance review of compliance with our USD/OFAC policy. Whilst some of these apparent breaches of Group policy may be rather historic nevertheless I am determined that we should enforce our policy on a consistent and Groupwide basis. Given this, what I would like to do is at Group level track back relevant and apparently offending payments and establish root causes so as to satisfy ourselves that there can be no, or at the very least, far less repetition. It is of course unrealistic to expect that no payments will pass through to HBUS, and at least our move to transparency in form of serial payments should allow these to be caught nevertheless I would prefer that payments were rejected at point of entry.” 1033The OCC examination took place near the end of 2008. It tested the bank’s OFAC systems to determine if OFAC screening was being properly applied to new accounts, wire transfers, and other transactions. 1034 An internal OCC memorandum stated that, as of June 30,2008, “HBUS reported 370 items on the OFAC blocked report, valuing approximately $20 million.” It reported that, from September 2003 to September 2008, HUBS had “rejected and reported to OFAC over 1,200 transactions valuing $100 million.” 1035 The memorandum alsostated that HBUS was then processing about 600,000 wire transfers per week, of which 6%, or about 30,000, were manually reviewed each week by four-person OFAC Compliance teams in Delaware and New York. The OCC wrote that, of the wire transfers that underwent manual review, 20 to 30 per day were “escalated” and required a “disposition decision from compliance management.” 1036 The OCC memorandum reported:“Although, according to management, within the past five years (9/03-9/08) there ha[ve] been only 80 missed payments, the bank’s Compliance teams are under rigorous pressure to process alerts and determin[e] a disposition in a timely maner. … [T]his strain can and will inhibit their mental capacity leaving gaps for errors even though permanent current staff members are well trained and qualified to complete the OFAC responsibilities.” 1033 11/11/2008 email from HSBC David Bagley to HBUS Leslie Midzain and HSBC Susan Wright, “OFAC,”HSBC OCC 0616010-011. 1034 7/28/2008 OCC memorandum, “OFAC Examination – Payment and Cash Management (PCM),” OCC-PSI-01274962. [Sealed Exhibit.] 1035 Id. at 3.1036 Id. at 4-5.180 On January 20, 2009, the OCC sent HBUS a Supervisory Letter with generally positive examination findings regarding its OFAC compliance efforts. 1037 The Supervisory Letter stated:“• OFAC Compliance is High and Increasing. The quality of risk management systems is satisfactory. • Compliance with legal and regulatory requirements is satisfactory and no violations of law or regulation were cited at this examination. • One recommendation is made related to staffing.” 1038The Supervisory Letter stated that the OFAC risk was high and increasing due to “almost a zero tolerance for error” under OFAC regulations and increasing growth in HBUS’ PCM and retail banking businesses. The staffing recommendation, which did not require corrective action, stated: “Management should consider a review of current staffing requirements to ensure that there is an adequate number of permanent qualified staff to prolong the timely operations associated with OFAC related matters and to ensure adherence with regulatory requirements … as your business grows.” 1039 Despite the OCC’s generally positive examination, internal bankdocuments indicate that HBUS itself had a much more negative view of its OFAC compliance program. In June 2009, HBUS initiated an “OFAC Program Review Project.” 1040 Four monthslater, in October 2009, Debra Bonosconi, the HBUS Director for Specialized Compliance overseeing the Embassy Banking business, sent an email to Anthony Gibbs, the COO of HSBC North America Legal and Compliance, commenting on a number of compliance issues, including OFAC compliance. 1041 Ms. Bonosconi, who had begun working at HBUS in March 2008, wrotethat she had only recently become aware of the negative findings of the OFAC Program Review Project. She explained: “This project has been underway since June and the findings that have surfaced are no different than those already identified previously. So, we have a project that has taken far longer than it should have and findings that do not vary significantly from previous reviews. The bottom line is, our OFAC process is in disarray and in great risk of being noncompliant. We have multiple systems, inconsistent practices, limited communication between the various functions, and no oversight function.” 1042This candid description of the bank’s OFAC compliance program, as having “inconsistent practices,” “limited communication,” and “no oversight function,” stands in marked contrast to the OCC findings less than a year earlier. 1037 See OCC Supervisory Letter HSBC-2008-41, “Office of Foreign Asset Control Examination,” OCC-PSI-00000434-436. [Sealed Exhibit.] 1038 Id. at 1.1039 Id. at 3.1040 See 10/23/2009 email from HBUS Debra Bonosconi to HBUS Anthony Gibbs, “comments,” HSBC OCC3405534-537. 1041 Id.1042 Id. at 3405537.181 Another sign of the stresses in the OFAC compliance program surfaced in December 2009, when the four-person OFAC Compliance team in New York faced an accumulated backlog of greater than 700 OFAC alerts that had yet to be reviewed. 1043 The OFACCompliance team requested five or six people from the Payments and Cash Management (PCM) department for ten days to help clear the backlog. 1044 PCM responded that it had no resources toloan, and suggested asking Compliance personnel in Delaware for help. The OFAC Compliance team in New York responded the Delaware Compliance staff was already “fully deployed” dealing with general alerts from the CAMP monitoring system: “We have considered all options at this point[;] the Compliance team in DE is already fully deployed dealing with wire camp alerts and bank examiner requests for the current exam. There is no bandwidth there at all[;] they are behind on the current alert clearing process which we are also dealing with.” 1045In late 2011, the OCC conducted a second examination of HBUS’ OFAC compliance program and, on January 25, 2012, issued a Supervisory Letter with a more negative assessment. 1046 The Supervisory Letter stated that the OCC was “concerned about the numberand severity of the deficiencies in the enterprise-wide OFAC compliance program” at HBUS and at two other HSBC affiliates in the United States, HSBC Nevada, N.A. and HSBC Trust Company (Delaware), N.A. It stated that the OCC had reviewed reports prepared by HBUS’ own auditors and by an outside consultant that “identified significant deficiencies in the program.” It noted that bank management had taken “significant steps” to address deficiencies, but concluded the “three banks lack a robust OFAC risk assessment that ensures the OFAC risks have been adequately identified so they can be managed appropriately.” The Supervisory Letter contained two Matters Requiring Attention (MRAs) by the bank: (1) development of a “comprehensive OFAC risk assessment;” and (2) an independent review of certain real estate loans through a California branch between 2009 and 2011, involving Iran, that raised OFAC concerns. 1047 The Supervisory Letter also included a three-page attachment identifying OFACviolations cited in seven OFAC cautionary letters since June 2009. The OCC required HBUS to modify the AML action plan it was developing in response to a September 2010 Supervisory Letter necessitating broad improvements in its AML program to include the MRAs on its OFAC compliance program. 1048Since the OCC examination, OFAC has issued one more cautionary letter to HBUS. Altogether, six of the pending OFAC letters warned that the violations might result in a civil monetary penalty, but no penalty has been imposed as of June 2012. 1043 12/11/2009 email exchange among HBUS Camillus Hughes and HBUS Michael Gallagher, Charles DelBusto,Sandra Peterson, Thomas Halpin, Chris Davies, and Lesley Midzain, “OFAC Payments,” HSBC OCC 7688668-670, at 670. 1044 Id.1045 Id. at HSBC OCC 7688668.1046 See 1/25/2012 OCC Supervisory Letter HSBC-2012-03, “OFAC Compliance Program,” OCC-PSI-01768561-566. [Sealed Exhibit.] 1047 Id. at 2.1048 Id. at 3.182 (4) Server Issues One additional issue involving OFAC-sensitive transactions involves payment messages associated with non-U.S. dollar transactions that were sent through servers physically located in the United States, but which were not processed by HBUS and were not screened by an OFAC filter. The key issue is whether the electronic presence of those payment messages in the United States, utilizing U.S. facilities on their way elsewhere, required application of the OFAC filter. 1049 Despite concern expressed by HBUS, the bank decided not to turn on the HBUSOFAC filter to screen these payment messages. WHIRL Server. In the documents reviewed by the Subcommittee, server issues appear to have first arisen in 2003, when the HSBC Group Executive Committee discussed establishing a new server in the United Kingdom to process credit card transactions, instead of continuing to route those transactions through a server in the United States, for the express purpose of “avoid[ing] contravening the OFAC restrictions.” 1050 In January 2004, the HSBC Group Boardof Directors approved installing a separate, so-called “WHIRL system” in the United Kingdom at an estimated cost of $20 million. 1051 When asked about the WHIRL server, Mr. Bagley told theSubcommittee that the bank had moved the payment processing outside of the United States to protect HBUS, that he viewed it as a broad reading of OFAC rules at the time, and that he saw it as a conservative decision. 1052By 2005, the WHIRL server was active. In November 2005, Mr. Bagley asked Mr. Root to follow up on certain HBMX compliance issues identified by Mexican regulators, including the processing of credit card transactions. Mr. Bagley wrote that even through the credit card transactions “are, or will be processed on the UK Whirl server the routing of the relevant messages may pass through the U.S. first.” 1053 He also wrote: “If this is the case then we maystill have an issue dependent on how much intervention is theoretically possible on the part of the US leg.” The following day, the head of HBMX Compliance Ramon Garcia informed Mr. Root and Mr. Bagley that WHIRL transaction messages were still being routed through a U.S. server “for a fraction of a second for later transfer to the UK,” which could be long enough for a “log file” to exist in the United States identifying the transactions. HSBC Affiliates in the Americas. Six months later, in April 2006, Mr. Bagley proposed that “countries in the Americas outside USA disconnect their payment routing link to the USA TP Gateway and reconnect to the UK TP.” He indicated doing so would provide two main benefits: “firstly the ability to make payments in currencies other than USD to countries/names/entities sanctioned by USA OFAC (as permitted by GCL 050047), and secondly 1049 When asked, OFAC declined to provide a definitive answer to the Subcommittee in the abstract, indicating thatits analysis would have to examine specific facts. Subcommittee briefing by OFAC (5/8/2012). 1050 See 1/30/2004 Board of Directors minutes for HSBC Holdings plc, HSBC-PSI-PROD-0198571-572. TheHSBC Group Executive Committee consisted of senior executives in HSBC. 1051 See 1/30/2004 Board of Directors minutes for HSBC Holdings plc, HSBC-PSI-PROD-0198571-572.1052 Subcommittee interview of David Bagley (5/10/2012).1053 See 11/15-22/2005 email exchanges among HSBC David Bagley, HSBC John Root, and HBMX Ramon Garcia,“HBMX – Compliance Issues,” HSBC OCC 8873261-266. 183 to take data records outside USA.” 1054 His email raised the issue of whether electronic paymentmessages routed through a U.S. server could be subject to HBUS’ OFAC filter and the obligation to block all potentially prohibited transactions. In November 2006, at a meeting of the HBUS Compliance Risk Management Committee, then HBUS Compliance head Teresa Pesce advised: “Plans are underway to implement OFAC screening for messages sent by the Americas through the global messaging gateway in the US in 2007.” 1055 Her decision to inform the committee of that development indicates that paymentmessages already being routed through the U.S. server were not being scanned against the OFAC filter. If the OFAC filter was not being used, all of the payment messages being sent through the United States by HSBC affiliates in Latin America were not being screened for terrorists, drug traffickers, or other wrongdoers. Four months later, in March 2007, Mr. Bagley contacted Alexander Flockhart, then HSBC Latin America CEO, about Latin America payment messages being routed through the U.S. server, in light of the increased focus on OFAC compliance “on the part of both OFAC” and “our banking regulators.” 1056 Mr. Bagley noted that HBUS was required to screen alltransactions for compliance with OFAC requirements, including all non-U.S. dollar transactions, which “would clearly be disadvantageous from Latin America’s perspective,” since the logistics of screening all those transactions “would be commercially and operationally challenging” for Latin American affiliates. Mr. Bagley informed Mr. Flockhart that they were developing a standalone WHIRL server in the United Kingdom that Latin America could use and which would avoid OFAC screening. He commented that if Mr. Flockhart “want[ed] to carry out as many transactions permitted by Group policy as possible,” he should relocate Latin America’s payment processing “to a different Group Messaging Gateway” than the one in the United States. Mr. Bagley also noted that HSBC Group had already “informally explored” the possible relocation of Latin America payment processing to the U.K. server, but realized that gateway was already experiencing capacity issues. Mr. Bagley commented further that the existing situation in which “the filtering” was not turned on was making HSBC’s U.S. colleagues “extremely uncomfortable”: “Whilst we have lived with the current position for some time, it is fair to say that now that our US colleagues are on notice they feel extremely uncomfortable in allowing the position to continue indefinitely. In essence, we will either have to have a pass and timeline for a relocation of the payment messages or will need to turn the filtering on.” 1057Mr. Bagley does not make it clear how his U.S. colleagues were put “on notice,” and when asked, he told the Subcommittee that he did not recall who he talked with at HBUS about the 1054 4/10/2006 email from HSBC David Bagley to HBBR Luis Eduardo, HBMX David Leighton, and others, “TPGateways,” HSBC OCC 7687437-438. 1055 11/13/2006 Compliance Risk Management Committee minutes for HBUS, HSBC OCC 3407449-451.1056 3/13/2007 email from HSBC David Bagley to HBMX Sandy Flockhart, “Group Messaging,” HSBC OCC8874354-355. 1057 Id. at 8874355.184 issue, but he did indicate clearly that the OFAC filter was not turned on for the U.S. server being used to forward payment messaging traffic from HSBC affiliates in Latin America. 1058 Fivemonths earlier, HBUS Compliance head Teresa Pesce told the HBUS Compliance Risk Management Committee that payment messages sent by the Americas through the U.S. gateway would be scanned for OFAC beginning in 2007; Mr. Bagley’s email indicates that, as of March 2007, the OFAC filter had still not been turned on, and his U.S. colleagues were “extremely uncomfortable in allowing the position to continue indefinitely.” The following day Mr. Flockhart asked for a contact to discuss re-routing Latin American payment messaging traffic through the U.K. server. A few days after that, Mr. Bagley provided the contact information and also notified Mr. Flockhart that HSBC Brazil was considering “giving up certain payments activity given the challenges of passing that activity through the US.” 1059 Mr. Bagley wrote that the HSBC Group had asked HSBC Brazil to postpone thatdecision until it was determined whether payment messaging could be “migrated elsewhere.” Mr. Bagley also wrote: “There may also need to be a conversation at some stage with Paul Lawrence [then HBUS CEO] if it is necessary to persuade HBUS to continue with payment messaging pending any migration.” 1060 In this email, the head of HSBC Group Complianceseems to be advocating sending non-U.S. dollar payments through the U.S. gateway without monitoring the transactions for OFAC compliance, pending migration of the Latin American traffic to another server. When Paul Thurston, former head of HBMX, was asked about Mr. Bagley’s comments, he expressed surprise that the HSBC Group Compliance head took that position. 1061 In June 2007, Mr. Flockhart approved switching Latin America’s non-U.S. basedSWIFT traffic to the U.K. gateway citing it as the most cost effective solution. 1062Around the same time, HSBC Brazil (HBBR) also sought to move its transactions from the U.S. to the U.K. server to avoid the OFAC filter. In December 2006, HBBR contacted Malcolm Eastwood at HBEU, asking for assistance in obtaining a second SWIFT address to be used for HBBR payments going to Iran, Cuba, and other sanctioned countries. HBBR explained that these transactions -- about 50 per year -- were compliant with Group policy, but ran the risk of being blocked by the U.S. server they currently utilized, which was why it wanted to switch the transactions to the U.K. server and execute them in Euros. HBBR wrote: “To enable it, we have been informed that we have to create a second SWIFT address (BIC) to be used exclusively for this purpose, which should also not be published by SWIFT in their books.” 10631058 Subcommittee interview of David Bagley (5/10/2012).1059 3/22/2007 email from HSBC David Bagley to HBMX Sandy Flockhart, “Group Messaging,” HSBC OCC8875066-067. 1060 Id.1061 Subcommittee interview of Paul Thurston (5/1/2012). Mr. Bagley said that the reason he suggested to Mr.Flockhart that the messages be moved to the U.K. gateway was because he had received a legal opinion, which he considered “extreme,” that non-U.S. dollar messages going through a U.S. messaging center could be impacted by OFAC. He was, thus, acting in a conservative manner to avoid violating OFAC requirements. Subcommittee interview of David Bagley (5/10/2012). 1062 6/1/2007 email from HBMX Sandy Flockhart to HBMX Neelesh Heredia and others, “Group MessagingGateway for LAM – Clear Choice Report,” HSBC OCC 8874349-350. 1063 12/18/2006 email from HBBR Morgana Casagrande to HBEU Malcolm Eastwood and others, “Transactionswith Iran/Cuba, etc.,” HSBC OCC 8876927-928. 185 In response, Mr. Eastwood reached out to HSBC Group Compliance and HBEU operational staff to discuss practical issues with Brazil’s routing “US sanctioned items” via the U.K. server. He wrote: “I have concerns that we might be breaching at least the spirit of the US Serial Routing GCL if not the letter of it.” 1064 HSBC Group Money Laundering Control OfficerJohn Allison responded that, by using the U.S. server, Brazil was subject to an “all currency prohibition for all OFAC entries,” but HSBC Group policy allowed Brazil to make payments in non-U.S. dollar currencies to entities on the OFAC list, so long as they were not linked to terrorism or Weapons of Mass Destruction. At the same time, he expressed concern about the perception of HSBC’s obtaining an additional SWIFT address dedicated to payments intended for OFAC sanctioned countries. Mr. Eastwood forwarded this email correspondence to HBEU colleagues with the comment: “Just fyi. This all makes me very nervous!” HBEU’s Rod Moxley responded that trying to identify and process transactions “which have so many conditions attached to them” was a predicament for them. He wrote: “Slightly irritating too that GHQ CMP [Group Headquarters Compliance] seem to have bent over backwards to accommodate a system which looks very dodgy to me. How about no you can’t do this?” 1065 On January 2, 2007, Mr. Moxleysarcastically described setting up a second SWIFT address an “interesting concept,” forwarded the idea to a colleague, and wrote: “let’s set up a completely different Swift address to help avoid any problems with Cuba and Iran. Wish I’d thought of it.” 1066On January 26, 2007, Mr. Eastwood responded to Brazil’s request. 1067 He indicated in amemorandum that, after conferring with HSBC Group Compliance and operational personnel, they were not favorable to segregating certain transactions through separate SWIFT addresses, even though the transactions were permissible under Group policy, due to the possible perception of “taking action to avoid certain transactions being examined by the US authorities.” Instead, Mr. Eastwood noted that HBBR could re-route all of its SWIFT traffic via the U.K. server, listing several logistical issues that would have to be resolved if Brazil wanted to move forward. These documents raise the question of whether non-U.S. dollar payment messages referencing transactions routed through a U.S. server by HSBC affiliates were required to be screened by an OFAC filter, or whether they could move across U.S. boundaries and use U.S. facilities without triggering any OFAC prohibitions. On the one hand, HSBC Group Compliance urged Latin America to switch their messaging traffic from a U.S. to a U.K. server to avoid the delays that come with OFAC screening, while on the other hand indicating that for at least a fivemonth period from November 2006 to March 2007, the OFAC filter had not been turned on to screen the Latin American payment messages going through the U.S. server even though HBUS apparently had expressed concerns about not screening the messages for prohibited activity. 1064 12/21/2006 email from HBEU Malcolm Eastwood to Bill Rice and others, “Fw: Transactions with Iran/Cuba,etc,” HSBC OCC 8876927. 1065 See 12/28/2006 – 1/4/2007 email exchanges among HBEU Malcolm Eastwood, HSBC John Allison, HBEURod Moxley, and others, “Transactions with Iran/Cuba, etc.,” HSBC OCC 8876925-927. 1066 1/2/2007 email from HBEU Rod Moxley to HBEU Andy Newman, “Transactions with Iran/Cuba, etc,” HSBCOCC 8876921. 1067 1/26/2007 memorandum from HBEU Malcolm Eastwood to HBBR Lucas Fragoso and others, “TradeTransaction with Iran/Cuba etc.,” HSBC OCC 8876930-931. 186 HSBC Group knowingly put its U.S. affiliate at regulatory and reputational risk by moving payment messages through a U.S. server without scanning them against the OFAC filter. Turning Off OFAC Verification. A very different server issue arose in July 2007, when HBUS introduced a new product called Fircosoft to help monitor OFAC sensitive transactions. The product caused a huge increase in the number of OFAC alerts, creating a backlog that began to overwhelm HBUS OFAC compliance personnel. According to a fourth quarter 2007 Compliance Report by HBUS, the introduction of the new product caused “serious performance issues” that would “not support HBUS volumes.” 1068 On July 17, 2007, “a riskbased decision was made to eliminate the verification step of all OFAC filter alerts on a temporary basis to accelerate the process of clearing the OFAC queue.” 1069 The more limitedreview process for OFAC sensitive transactions remained in effect for about three weeks, from July 17 to August 6. On August 1, 2007, HBUS Chief Operating Officer David Dew wrote: “I think that we simply must now agree on a definitive timetable for reintroduction of full OFAC controls.” 1070 When asked about this matter, Mr. Dew told the Subcommittee that he thought thelimitation on the “verification step” in the OFAC filter was only stopped for about a day. 1071Anne Liddy told Subcommittee that she recalled that the verification step was turned off for about a month, but didn’t view it as a risk to the bank. 1072In 2009, the same verification step in the OFAC filter was again turned off by HBUS for a few weeks. In November 2009, due to an industry-wide switch to SWIFT202 cover payments, OFAC alerts increased dramatically at HBUS. HBUS was so concerned about the large number of false OFAC hits being generated that it stopped the verification step, as was done in 2007. Turning off the verification step concerned one HBUS employee enough that the employee quietly reported the action to the Federal Reserve. The Federal Reserve examiner who spoke with the employee wrote in an email to colleagues that the HBUS employee reported: “On Monday Lesley Midzain, former head of BSA/AML turned off the second level filter on Chips activity without consulting anyone and with no supporting documentation. The rational given for turning the second level filter off was to reduce the daily backlog in lieu of additional resources. The individual who spoke to me knew this was not appropriate action and decided to call the [regulator].” 1073HSBC’s legal counsel told the Subcommittee that the verification step was turned off for 13 days, from November 25, 2009 and December 7, 2009. 10741068 4Q07 Compliance Report from HBUS Carolyn Wind to HNAH Janet Burak and others, HSBC-PSI-PROD-0000508-016 at 509. The issue raised by both incidents in 2007 and 2009, is whether HBUS’ decision to turn off part of the OFAC filtering system reduced its effectiveness in screening for prohibited transactions and increased U.S. vulnerabilities to money laundering and terrorist financing. 1069 Global Payments System (GPS) Implementation Issues, 6 Aug 07 HUSI Audit Committee Update, HSBC OCC1105891. 1070 8/01/2007 email from HBUS David Dew to Bandula Wijesinghe and others, OCC-PSI-00188404.1071 Subcommittee interview of David Dew (3/05/2012).1072 Subcommittee interview of Anne Liddy (2/22/2012).1073 12/16/2009 internal Federal Reserve memorandum , BOG-A-207130. [Sealed Exhibit.]1074 Subcommittee briefing by HSBC legal counsel (6/27/2012).187 C. Analysis OFAC enforces U.S. programs aimed at exposing and disabling the financial dealings and resources of some of the most dangerous persons and jurisdictions threatening the world today, including terrorists, persons involved with weapons of mass destruction, drug traffickers, and rogue jurisdictions. The OFAC filter is the central mechanism used to identify, stop, and block suspect transactions speeding through financial systems. Global financial institutions have a special responsibility to respect OFAC prohibitions and comply with OFAC restrictions. Actions taken to circumvent the OFAC filter or endanger the effectiveness of a critical safeguard may facilitate transactions undertaken by some of the worst wrongdoers among us. The evidence reviewed by the Subcommittee indicates that, from 2001 to 2007, HSBC affiliates, with the knowledge and tacit approval of HSBC Group executives, engaged in alarming conduct sending undisclosed Iranian U-turn transactions through their HBUS correspondent accounts, without information that would otherwise have triggered OFAC reviews. When asked, HBUS insisted on HSBC affiliates using transparent payment instructions so that all U-turn transactions would be stopped by the OFAC filter and reviewed, but when faced with evidence that some HSBC affiliates were acting to circumvent the OFAC filter, HBUS failed to take decisive action to stop the conduct some in its own organization viewed as deceptive. In addition, from at least 2009 to early 2012, the bank’s OFAC compliance program suffered from multiple deficiencies. Still another issue is that some HSBC affiliates sent non- U.S. dollar messaging traffic through U.S. servers in which the OFAC screening was not turned on or was restricted. The aim in many of the instances in which HSBC affiliates acted to circumvent the OFAC filter may have been to avoid the time-consuming individualized reviews that followed, rather than execute prohibited transactions. But expediency in the face of the threats posed by the targets of OFAC prohibitions does not justify potentially violating or undermining OFAC requirements. HBUS likewise failed to obtain information about the full scope of undisclosed OFAC sensitive transactions going through its correspondent accounts, bring to a head the issue of HSBC affiliates circumventing OFAC safeguards, and ensure all transactions were reviewed for OFAC compliance. 188 V. AL RAJHI BANK: DISREGARDING LINKS TO TERRORIST FINANCING For decades, HSBC has been one of the most active global banks in Saudi Arabia, despite AML and terrorist financing risks involved with doing business in that country. Among other activities, for more than 25 years, HSBC has provided a wide range of banking services to Al Rajhi Bank, Saudi Arabia’s largest private bank. 1075 Thoseservices included providing large amounts of physical U.S. dollars to the bank as part of HSBC’s U.S. banknotes business. After the 9-11 terrorist attack on the United States in 2001, evidence began to emerge that Al Rajhi Bank and some of its owners had links to organizations associated with financing terrorism, including that one of the bank’s founders was an early financial benefactor of al Qaeda. In January 2005, despite the fact that Al Rajhi Bank had not been indicted, designated a terrorist financier, or sanctioned by any country, HSBC Group Compliance recommended internally that, due to terrorist financing concerns, HSBC affiliates should sever ties with the bank. In response, some HSBC affiliates disregarded the recommendation and continued to do business with the bank, while others terminated their relationships but protested HSBC’s decision and urged HSBC to reverse it. The protests continued despite a U.S. indictment the next month, in February 2005, of two individuals accused, among other matters, of cashing $130,000 in U.S. travelers cheques at Al Rajhi Bank in Saudi Arabia and smuggling the money to violent extremists in Chechnya. In May 2005, four months after its initial decision, HSBC Group Compliance reversed itself and announced that all HSBC affiliates could do business with Al Rajhi Bank, thus allowing HBUS to decide for itself whether to resume the relationship. For nearly two years, HSBC Banknotes repeatedly asked its AML Compliance personnel to allow reinstatement of the Al Rajhi Bank relationship, despite ongoing concerns at HBUS about the bank’s possible links to terrorist financing. On December 1, 2006, despite concern that there is “no smoke without fire,” HBUS AML Compliance agreed to allow HBUS to reinstate the relationship and resume supplying U.S. dollars to Al Rajhi Bank. Earlier, Al Rajhi Bank had threatened to pull all of its business from HSBC if the U.S. banknotes business were not restored, while HSBC personnel estimated that restoring the U.S. banknotes business would produce annual revenues of at least $100,000. In 2007, additional information surfaced about Al Rajhi Bank’s possible links to terrorism, including articles on a 2003 report by the U.S. Central Intelligence Agency (CIA) entitled, “Al Rajhi Bank: Conduit for Extremist Finance,” which found that “[s]enior al-Rajhi family members have long supported Islamic extremists and probably know that terrorists use their bank.” Despite that and other troubling information, HBUS continued to supply U.S. dollars to the bank, and even expanded its business, until 2010, when HSBC decided, on a global basis, to exit the U.S. banknotes business. 1075 HSBC also operates an affiliate, HSBC Bank Middle East, with branches in Saudi Arabia; owns Saudi BritishBank; and provides correspondent banking services to other Saudi financial institutions. 189 Al Rajhi Bank was not the only bank with links to terrorism serviced by HBUS. Two additional examples are Islami Bank Bangladesh Ltd. and Social Islami Bank which is also located in Bangladesh. In each case, in anticipation of revenues of $75,000 to $100,000 per year, HBUS Banknotes personnel disregarded troubling evidence of possible links to terrorist financing, opened accounts for the banks, and provided them with U.S. dollars and access to the U.S. financial system. A. Al Rajhi Bank Founded in 1957, Al Rajhi Bank is one of the largest banks in Saudi Arabia, with over 8,400 employees and assets totaling $59 billion. 1076 Headquartered in Riyadh, thebank has over 500 branches, mostly in Saudi Arabia, but also in Malaysia, Kuwait, and Jordan. 1077 The bank was founded by four brothers, Sulaiman, Saleh, Abdullah, andMohamed, of the Al Rajhi family, one of the wealthiest in Saudi Arabia. The bank began as a collection of banking and commercial ventures which, in 1978, joined together as the Al Rajhi Trading and Exchange Company. 1078 In 1987, thecompany converted to a joint stock company, and two years later renamed itself the Al Rajhi Banking and Investment Corporation. 1079 In 2006, the bank rebranded itself as AlRajhi Bank. 1080 It is traded on the Saudi Arabian Stock Exchange (Tadawul), and about45% of its shares are publicly owned. 1081 Al Rajhi family members remain the bank’slargest shareholders. 1082Al Rajhi Bank offers a wide range of banking services including deposits, loans, investment advice, securities trading, remittances, credit cards, and consumer financing. 1083 All services are offered in conformance with Islamic requirements,including the set aside of funds for “zakat,” which is used for charitable donations. The bank has won a number of awards for its operations in the Middle East. The bank’s most senior official is Sulaiman bin Abdul Aziz Al Rajhi, who at various times has held the posts of Chief Executive Officer, Managing Director, and Chairman of the Board of Directors. 10841076 Al Rajhi Bank website, “About Us,”The bank’s General Manager is Abdullah bin Abdul Aziz Al Rajhi. The board of directors consists of eleven directors, six of whom http://www.alrajhibank.com.sa/en/about-us/pages/default.aspx. 1077 Id.1078 Id; Al Rajhi Bank website, “Our History,” http://www.alrajhibank.com.sa/our-history/index.html.1079 Al Rajhi Bank website, “Our History,” http://www.alrajhibank.com.sa/our-history/index.html.1080 Id. The bank also has various subsidiaries, including Al Rajhi Capital. See Al Rajhi Capital website,http://www.alrajhi-capital.com/en/Welcome+to+ARFS/Overview/. 1081 HBUS “Know Your Customer Profile” of Al Rajhi Banking & Investment Corp. (10/15/2010), HSBC-PSI-PROD-0102310, (hereinafter “2010 HBUS KYC Profile on Al Rajhi Bank”), at 2. About 45% of the bank’s shares arepublicly traded; the remainder is held primarily by members of the Al Rajhi family. Id. at 3. 1082 2010 HBUS KYC Profile on Al Rajhi Bank at 3.1083 See Al Rajhi Bank website, http://www.alrajhibank.com.sa.aspx.1084 See Al Rajhi Bank website, “About Us,” http://www.alrajhibank.com.sa/en/about-us/pages/board-ofdirectors.aspx. See also 2010 HBUS KYC Profile on Al Rajhi Bank at 3 (describing Sulaiman Abdul Aziz Al Rajhi as Chairman of the Board and Managing Director; Abdullah Sulaiman Al Rajhi as CEO; and Mohammed Lookman Samsudeen as General Manager and Chief Financial Officer). 190 are Al Rajhi family members: Sulaiman bin Abdul Aziz Al Rajhi, Chairman of the Board; Abdullah bin Abdul Aziz Al Rajhi; Sulaiman bin Saleh Al Rajhi; Mohamed bin Abdullah Al Rajhi; Abdullah bin Sulaiman Al Rajhi; and Bader bin Mohammed Al Rajhi. 1085The bank is part of an extensive group of Al Rajhi business and nonrpofit ventures, which include companies engaged in money exchange services, commodity trading, real estate, poultry, construction, and pharmaceuticals. 1086 One business whichalso had an HBUS account was the Al Rajhi Trading Establishment, a money exchange business owned by Abdulrahman Saleh Al Rajhi, 1087 Its HBUS account was closed in2005, when it merged with seven other businesses to form a new Saudi bank. The largest nonprofit venture in the Al Rajhi group is the SAAR Foundation, which is named after Sulaiman bin Abdul Azis Al Rajhi, and supports nonprofit and business ventures around the world. 1088 Sulaiman Al Rajhi and his family today have an estimated net worth ofnearly $6 billion. 1089The Subcommittee contacted Al Rajhi Bank regarding its relationship to HSBC and the matters addressed in this section, but the bank has not provided any information in response to the Subcommittee’s inquiry. B. Saudi Arabia and Terrorist Financing The majority of Al Rajhi Bank’s operations take place in Saudi Arabia, which the United States has long identified as a country of concern in the area of terrorist financing. 1090 Following the terrorist attack on the United States on September 11, 2001,the U.S. government began a decade-long intensive investigation into where and how terrorists obtain funding, repeatedly returning to Saudi Arabia, its banks, and its nationals as a suspected source. In 2004, the 9/11 Commission charged with investigating the terrorist attack issued a report which found that Osama Bin Laden and al Qaeda had relied on a “financial support network that came to be known as the ‘Golden Chain,’ put together mainly by financiers in Saudi Arabia and the Persian Gulf states.” 1091 TheCommission’s report explained: 1085 Rajhi Bank website, “About Us,” http://www.alrajhibank.com.sa/en/about-us/pages/board-of-directors.aspx.1086 See, e.g., Sulimin Abdul Aziz Al Rajhi Holding Company website, http://www.alrajhiholding.com/.1087 See, e.g., March 2002 email chain among HBUS personnel, “Al Rajhi Trading establishment,” OCC-PSI-00381727, at 3; 9/8/2008 HSBC Financial Investigations Group (FIG) report on Al Rajhi Bank, HSBC-PSI-PROD- 0102813. 1088 See “Sulaiman Al-Rajhi’s life a rags to riches story,” Arab News (5/29/2012),http://www.arabnews.com/?q=economy/sulaiman-al-rajhi%E2%80%99s-life-rags-riches-story. 1089 See Profile of Sulaiman Al Rajhi & family (March 2012), Forbes, http://www.forbes.com/profile/sulaiman-alrajhi/.See also 2010 HBUS KYC Profile on Al Rajhi Bank at 3 (estimating family worth at $22.5 billion). 1090 See, e.g., International Narcotics Control Strategy Reports prepared by the U.S. Department of State, 2003-2012(identifying Saudi Arabia as a country “of concern” with respect to money laundering and terrorist financing). 1091 The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks upon the UnitedStates, (7/22/2004), at 55. 191 “Al Qaeda appears to have relied on a core group of financial facilitators who raised money from a variety of donors and other fund-raisers, primarily in the Gulf countries and particularly in Saudi Arabia. Some individual donors surely knew, and others did not, the ultimate destination of their donations.” 1092The Commission report stated: “Saudi Arabia’s society was a place where al Qaeda raised money directly from individuals and through charities. It was the society that produced 15 of the 19 hijackers.” 1093 The report also stated that it “found no evidence that the Saudi government asan institution or senior Saudi officials individually funded [Al Qaeda],” 1094 and that after terroristattacks began occurring in Saudi Arabia, a “Saudi crackdown … ha[d] apparently reduced the funds available to al Qaeda – perhaps drastically – but it is too soon to know if this reduction will last.” 1095After several major terrorist attacks within its borders in 2003 and 2004, Saudi Arabia took a number of steps to combat terrorist financing. One report to Congress by the Congressional Research Service summarized those actions as follows: “Since mid-2003, the Saudi government has: set up a joint task force with the United States to investigate terrorist financing in Saudi Arabia; shuttered charitable organizations suspected of terrorist ties; passed anti-money laundering legislation; banned cash collections at mosques; centralized control over some charities; closed unlicensed money exchanges; and scrutinized clerics involved in charitable collections.” 1096Saudi Arabia also reported seizing illicit cash from terrorist organizations, shutting suspect bank accounts, designating several individuals as terrorist financiers, and killing two of them. 1097 Inaddition, Saudi Arabia established a Permanent Committee on Combating the Financing of Terrorism and a Financial Investigation Unit which began operations in September 2005. 1098Despite those advances, U.S. government testimony and reports indicate that Saudi Arabia continued to be a focus of concern with respect to terrorist financing. In 2005, for example, U.S. Treasury Under Secretary for Terrorism and Financial Intelligence Stuart Levey testified before Congress: “[W]ealthy donors in Saudi Arabia are still funding violent extremists around the world, from Europe to North Africa, from Iraq to Southeast Asia.” 10991092 Id. at 170.He also 1093 Id. at 370.1094 Id. at 171.1095 Id. at 383.1096 “Saudi Arabia: Terrorist Financing Issues,” Congressional Research Service Report for Congress, RL32499(9/14/2007), http://www.fas.org/sgp/crs/terror/RL32499.pdf (hereinafter “2007 CRS Report on Saudi Arabia Terrorist Financing Issues”), in the summary. See also 2007 International Narcotics Control Strategy Report, U.S. Department of State, at 355-357. 1097 2007 CRS Report on Saudi Arabia Terrorist Financing Issues, at 25.1098 Id. at 24.1099 Stuart Levey testimony before the House Financial Services Subcommittee on Oversight and Investigations andHouse International Relations Subcommittee on International Terrorism and Nonproliferation (5/4/2005). 192 testified that Saudi individuals may be “a significant source” of financing for the Iraq insurgency. 1100In 2007, in its annual International Narcotics Control Strategy Report, the U.S. Department of State wrote: “Saudi donors and unregulated charities have been a major source of financing to extremist and terrorist groups over the past 25 years.” 1101 A 2007 report to Congressby the Congressional Research Service stated: “U.S. officials remain concerned that Saudis continue to fund Al Qaeda and other terrorist organizations.” 1102 That same year, Congressenacted legislation which found that “Saudi Arabia has an uneven record in the fight against terrorism, especially with respect to terrorist financing,” and required the U.S. government to develop a long term strategy for working with Saudi Arabia to combat terrorist financing. 1103 Onthe sixth anniversary of the 9/11 attack, Treasury Under Secretary Levey said in a televised interview on terrorist financing: “[I]f I could somehow snap my fingers and cut off the funding from one country, it would be Saudi Arabia.” 1104In 2008, the U.S. State Department issued the long-term strategy required by the 2007 law. 1105 The strategy identified goals and “performance targets” to track progress instrengthening collaboration with Saudi Arabia to clamp down on terrorist financing. In April 2008, when questioned during a Senate hearing, Treasury Under Secretary Levey testified that, while Saudi Arabia had taken strong action against terrorists operating within its borders and was cooperating with the United States on an operational level, it was not working as hard to prevent funds from flowing to terrorists outside of its borders: “Saudi Arabia today remains the location from which more money is going to terror groups and the Taliban – Sunni terror groups and the Taliban – than from any other place in the world.” 1106In 2009, a report prepared for Congress by the U.S. Government Accountability Office (GAO) reviewed both the State Department’s long-term strategy and Saudi anti-terrorism efforts since 2005. GAO concluded: “U.S. and Saudi officials report progress on countering terrorism and its financing within Saudi Arabia, but noted challenges, particularly in preventing alleged funding for terrorism and violent extremism outside of Saudi Arabia.” 1107 GAO wrote:“U.S. officials remain concerned about the ability of Saudi individuals and multilateral charitable organizations, as well as other individuals visiting Saudi Arabia, to support 1100 Stuart Levey testimony before the Senate Committee on Banking, Housing, and Urban Affairs (7/13/2005)(“Wealthy Saudi financiers and charities have funded terrorist organizations and causes that support terrorism and the ideology that fuels the terrorists' agenda. Even today, we believe that Saudi donors may still be a significant source of terrorist financing, including for the insurgency in Iraq.”). 1101 2007 International Narcotics Control Strategy Report, U.S. Department of State, at 355.1102 2007 CRS Report on Saudi Arabia Terrorist Financing Issues, in the summary.1103 See Section 2043(c), Implementing Recommendations of the 9/11 Commission Act, P.L. 110-53 (8/3/2007).1104 “U.S.: Saudis Still Filling Al Qaeda’s Coffers,” Brian Ross, ABC News (9/11/ 2007).1105 “U.S. Strategy Toward Saudi Arabia, Report Pursuant to Section 2043(c) of the ImplementingRecommendations of the 9/11 Commission Act,” U.S. Department of State (1/30/2008). 1106 Stuart Levey testimony before Senate Committee on Finance, “Anti-Terrorism Financing: Progress Made andChallenges Ahead,” (4/1/2008). 1107 “Combating Terrorism: U.S. Agencies Report Progress Countering Terrorism and Its Financing in SaudiArabia, but Continued Focus on Counter Terrorism Financing Efforts Needed.” U.S. Government Accountability Office, GAO-09-883 (Sept. 2009), http://www.gao.gov/new.items/d09883.pdf, at 1. 193 terrorism and violent extremism outside of Saudi Arabia. U.S. officials also noted that limited Saudi enforcement capacity and terrorist financiers’ use of cash couriers pose challenges to Saudi efforts to prevent financial support to extremists.” 1108GAO also noted that certain performance targets set by the State Department had been dropped in 2009, such as the establishment of a Saudi Commission on Charities to oversee actions taken by Saudi charities abroad as well as certain regulations of cash couriers. 1109 GAO recommendedthat the United States reinstate the dropped performance targets to prevent the flow of funds from Saudi Arabia “through mechanisms such as cash couriers, to terrorists and extremists outside Saudi Arabia.” 1110Recently, Saudi Arabia won praise for its role in foiling a terrorist plan to smuggle a bomb onto an airline flight to the United States. 1111 The State Department’s most recent annualInternational Narcotics Control Strategy Report contains no information about Saudi Arabia’s anti-money laundering or terrorist financing efforts. 1112C. Alleged Al Rajhi Links to Terrorism In the ten years after the 9-11 attack in 2001, U.S. government reports, criminal and civil legal proceedings, and media reports have alleged links between Al Rajhi family members and the Al Rajhi Bank to terrorist financing. The alleged links include that some Al Rajhi family members were major donors to al Qaeda or Islamic charities suspected of funding terrorism, established their own nonprofit organizations in the United States that sent funds to terrorist organizations, or used Al Rajhi Bank itself to facilitate financial transactions for individuals or nonprofit organizations associated with terrorism. Many of the suspicions regarding Al Rajhi Bank stem from 2002, when the name of its most senior official, Sulaiman bin Abdul Azis Al Rajhi, appeared on an internal al Qaeda list of financial benefactors, and when a network of Al Rajhi-related nonprofit and business ventures located in Virginia was subjected to search by U.S. law enforcement seeking to disrupt terrorist financing activities in the United States. Al Qaeda List of Financial Benefactors. The al Qaeda list of financial benefactors came to light in March 2002, after a search of the Bosnian offices of the Benevolence International Foundation, a Saudi based nonprofit organization which was also designated a terrorist organization by the Treasury Department, led to seizure of a CD-ROM and computer hard drive with numerous al Qaeda documents. 11131108 Id. at 29.One computer file contained scanned images 1109 Id. at 15, 33.1110 Id. at 3.1111 See, e.g., “International sting operation brought down underwear bomb plot,” Los Angeles Times, Brian Bennettand Ken Dilanian (5/8/2012), http://latimesblogs.latimes.com/world_now/2012/05/underwear-bomb-plot.html.1112 2012 International Narcotics Control Strategy Report, Volume II Country Database, U.S. Department of State, at287-289. 1113 See United States v. Enaam Arnaout, Case No. 02-CR-892 (USDC NDIL), “Government’s Evidentiary ProfferSupporting the Admissibility of Coconspirator Statements,” (1/6/2003), 194 of several hundred documents chronicling the formation of al Qaeda. 1114 One of the scanneddocuments contained a handwritten list of 20 individuals identified as key financial contributors to al Qaeda. 1115 Osama bin Laden apparently referred to that group of individuals as the “GoldenChain.” 1116 In a report prepared for Congress, the Congressional Research Service explained:“According to the Commission’s report, Saudi individuals and other financiers associated with the Golden Chain enabled bin Laden and Al Qaeda to replace lost financial assets and establish a base in Afghanistan following their abrupt departure from Sudan in 1996.” 1117One of the 20 handwritten names in the Golden Chain document identifying al Qaeda’s early key financial benefactors is Sulaiman bin Abdul Aziz Al Rajhi, one of Al Rajhi Bank’s key founders and most senior officials. 1118The Golden Chain document has been discussed in the 9-11 Commission’s report, in federal court filings, and civil lawsuits. 1119 Media reports as early as 2004 noted that the alQaeda list included the Al Rajhi name. 1120 HSBC was clearly on notice about both the al Qaedalist and its inclusion of Sulaiman bin Abdul Aziz Al Rajhi. 1121http://fl1.findlaw.com/news.findlaw.com/wsj/docs/bif/usarnaout10603prof.pdf (hereinafter “Arnaout Evidentiary Proffer”), at 29. See also 2007 CRS Report on Saudi Arabia Terrorist Financing Issues, at 3; “Terrorism, 2002- 2005,” FBI report, at 12, http://www.fbi.gov/stats-services/publications/terrorism-2002-2005/terror02_05.pdf (“On August 18, 2003, Enaam Arnaout, the director of Benevolence International Foundation, was sentenced to 11 years in federal prison after pleading guilty on February 10, 2003, to terrorism-related racketeering conspiracy charges. Arnaout had been indicted on October 9, 2002, for conspiracy to fraudulently obtain charitable donations in order to provide financial assistance to al-Qa’ida and other organizations engaged in violence and terrorism.”). 1114 Arnaout Evidentiary Proffer at 29.1115 Id. at 30.1116 Id. at 30. See also 2007 CRS Report on Saudi Arabia Terrorist Financing Issues,” at footnote 6. But see“Tangled Paths: A Sprawling Probe Of Terror Funding Centers in Virginia,” Wall Street Journal, Glenn Simpson (6/21/2004)(“Soon thereafter, a senior al Qaeda leader held by the Justice Department in New York confirmed the document's authenticity in an interview with the FBI, referring to it as the Golden Chain, U.S. government court filings say.”). 1117 2007 CRS Report on Saudi Arabia Terrorist Financing Issues,” at 3.1118 A copy of the Golden Chain document was provided as Exhibit 5 to the Arnaout Evidentiary Proffer. Copieshave also appeared on the Internet with English translations. See, e.g.,“The Golden Chain,” Wikipedia, http://en.wikipedia.org/wiki/The_Golden_Chain. 1119 See The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks upon theUnited States, (7/22/2004), at 55. See also, e.g., Arnaout Evidentiary Proffer at 29-30; The Underwriting Members of Lloyd’s Syndicate 3500 v. Saudi Arabia, Case 3:11-cv-00202-KRG (USDC WDPA), Civil Complaint (9/8/11), http://www.investigativeproject.org/documents/case_docs/1680.pdf , at 20. 1120 See, e.g., “Tangled Paths: A Sprawling Probe Of Terror Funding Centers in Virginia,” Wall Street Journal,Glenn Simpson (6/21/2004). 1121 See, e.g., 7/26/2007 email from OCC Joseph Boss to HBUS Alan Ketley, “Saudi’s,” HSBC OCC 2830874-879(transmitting 2007 Wall Street Journal article to HBUS and requesting its response); 2/3/2010 email from HBUS Jon K. Jones to HBUS Ali S. Kazmy, “Islami Bank Bangladesh Ltd. – Poss SCC,” OCC-PSI- 00453499 (“Al-Rajhi Bank got [its] start as a money chaining network and (Chairman Suleiman al-Rajhi appeared on the ‘Golden Chain’ of wealthy investors who supported Osama bin Laden.)”). 195 2002 Search Warrant. Also in March 2002, as part of Operation Green Quest, a U.S. Treasury effort to disrupt terrorist financing activities in the United States, 1122 U.S.law enforcement agents conducted a search of 14 interlocking business and nonprofit entities in Virginia associated with the SAAR Foundation, an Al Rajhi-related entity, and the Al Rajhi family. 1123 Over 150 law enforcement officers participated in the search,generating widespread media coverage. 1124 A law enforcement affidavit supporting thesearch warrant detailed numerous connections between the targeted entities and Al Rajhi family members and related ventures. 1125 The affidavit stated that over 100 active anddefunct nonprofit and business ventures in Virginia were part of what it described as the “Safa Group,” 1126 which the United States had reasonable cause to believe was “engagedin the money laundering tactic of ‘layering’ to hide from law enforcement authorities the trail of its support for terrorists.” 1127The SAAR Foundation is a Saudi-based nonprofit organization, founded by Sulaiman bin Abdul Aziz Al Rajhi in the 1970s, named after him, and used by him to support a variety of nonprofit endeavors, academic efforts, and businesses around the world. In 1983, the SAAR Foundation formed a Virginia corporation, SAAR Foundation, Inc., and operated it in the United States as a tax-exempt nonprofit organization under Section 501(c)(3) of the U.S. tax code. 1128 In 1996, another nonprofitorganization was incorporated in Virginia called Safa Trust Inc. 1129 These and othernonprofit and business ventures associated with the Al Rajhi family shared personnel and office space, primarily in Herndon, Virginia. In 2000, SAAR Foundation Inc. was dissolved, 1130An affidavit filed by the United States in support of the search warrant alleged that the Safa Group appeared to be involved with providing material support to terrorism. Among other matters, it alleged that members of the Safa Group had transferred “large amounts of funds … directly to terrorist-front organizations since the early 1990’s,” including a front group for the Palestinian Islamic Jihad-Shikaki Faction, a designated terrorist organization. but the Safa Trust continued to operate. 1131 It also detaileda $325,000 donation by the Safa Trust to a front group for Hamas, another designated terrorist organization. 1132 In addition, the affidavit expressed suspicion about a transfer of over $26million from members of the Safa Group to two offshore entities in the Isle of Man. 11331122 See “Operation Green Quest Overview,” U.S. Customs and Border Protection press release (2/26/2002),http://www.cbp.gov/xp/cgov/newsroom/news_releases/archives/legacy/2002/22002/02262002.xml. The 1123 See “Affidavit in Support of Application for Search Warrant,” In Re Searches Involving 555 Grove Street,Herndon, Virginia and Related Locations, (USDC EDVA), submitted by David Kane, Senior Special Agent, U.S. Customs Service (hereinafter “Kane affidavit”), at ¶¶ 3-4 (describing investigation). 1124 See, e.g., “Raids Seek Evidence of Money Laundering,” New York Times, Judith Miller (3/21/2002).1125 See Kane affidavit throughout, but in particular ¶¶ 178-180.1126 Kane affidavit at ¶ 1 (page 6).1127 Kane affidavit at ¶ 5.1128 Kane affidavit at ¶ 132.1129 Kane affidavit at ¶¶ 135-136.1130 Kane affidavit at ¶ 132. See also “Raids Seek Evidence of Money Laundering,” New York Times, Judith Miller(3/21/2002)(stating that, “although officially dissolved,” the SAAR Foundation had recently occupied the Virginia offices subject to search). 1131 Kane affidavit at ¶ 3.1132 Kane affidavit at ¶¶ 10(g), 161. Executive Order 12947 (1995).1133 Kane affidavit at ¶ ¶ 103-104.196 affidavit further alleged that “one source of funds flowing through the Safa Group [was] from the wealthy Al-Rajhi family in Saudi Arabia.” 1134The search produced about 200 boxes of information which was then analyzed and used in other investigations and prosecutions, although neither the SAAR Foundation or Safa Trust has been charged with any wrongdoing. 1135 In 2003, Abdurahman Alamoudi, who had workedfor SAAR Foundation Inc. from 1985 to 1990, as executive assistant to its president, 1136 pledguilty to plotting with Libya to assassinate the Saudi crown prince and was sentenced to 23 years in jail. 1137 He had also openly supported Hamas and Hezbollah, two terrorist organizationsdesignated by the United States. 1138 According to an affidavit supporting the criminal complaintagainst him, Mr. Alamoudi admitted receiving $340,000 in sequentially numbered $100 bills from Libya while in London, 1139 and planned “to deposit the money in banks located in SaudiArabia, from where he would feed it back in smaller sums into accounts in the United States.” 1140According to the affidavit, he also admitted involvement in similar cash transactions involving sums in the range of $10,000 to $20,000. 1141The documents seized in the 2002 search were returned after about 18 months, but in 2006, were sought again through subpoenas issued by a federal grand jury in Virginia. 1142 TheAl-Rajhi related business and nonprofit ventures initially refused to re-supply the documents, then turned them over after a court imposed civil contempt fines totaling $57,000. 1143 The AlRajhi group then engaged in a four-year, unsuccessful court battle to nullify the fines. 1144 Inaddition, in 2004, Al Rajhi Bank filed a defamation lawsuit against the Wall Street Journal for a 2002 article describing how Saudi Arabia was monitoring certain accounts due to terrorism concerns. 1145 In 2004, the lawsuit settled; the Wall Street Journal did not pay any damages. Italso published a letter from the bank’s chief executive, 1146 and its own statement that thenewspaper “did not intend to imply an allegation that [Al Rajhi Bank] supported terrorist activity, or had engaged in the financing of terrorism.” 11471134 Kane affidavit at ¶ 111 (emphasis in original omitted).1135 See In re Grand Jury Subpoena (T-112), 597 F.3d 189 (4th Cir. 2/24/2010), at 191-192.1136 See United States v. Alamoudi, (USDC EDVA)(9/30/2003), “Affidavit in Support of Criminal Complaint,”submitted by Brett Gentrup, Special Agent with U.S. Immigration and Customs Enforcement, (hereinafter “Gentrup affidavit”), ¶ 29. 1137 See “Abdurahman Alamoudi Sentenced to Jail in Terrorism Financing Case,” press release prepared by U.S.Department of Justice (10/15/2004). 1138 See Gentrup affidavit at ¶ 35.1139 Gentrup affidavit at ¶¶ 39, 431140 Gentrup affidavit at ¶ 44.1141 Gentrup affidavit at ¶ 45.1142 See In re Grand Jury Subpoena (T-112), 597 F.3d 189 (4th Cir. 2/24/2010).1143 Id.1144 Id. See also “A Court Sheds New Light on Terror Probe,” The New York Sun, Joseph Goldstein (3/24/2008).1145 The article was “Saudis Monitor Key Bank Accounts For Terror Funding at U.S. Request,” Wall Street Journal,James Dorsey (2/6/2002), http://online.wsj.com/article/SB109813587680048521.html. 1146 “Al Rajhi Bank’s Statement on Journal’s Article,” Wall Street Journal, Abdullah Sulaiman Al Rajhi(10/19/2004), http://online.wsj.com/article/SB109813521879148492.html. 1147 HSBC Financial Intelligence Group Report of Findings on Al Rajhi Bank, HSBC OCC 7519413 (12/13/2004).197 2003 CIA Report. While the widely publicized 2002 search fueled suspicions about Al Rajhi Bank’s association with terrorist financing, a 2003 CIA report, discussed in a news article in 2007, provided another basis for concerns about the bank. In 2003, the U.S. Central Intelligence Agency (CIA) issued a classified report entitled, “Al Rajhi Bank: Conduit for Extremist Finance.” 1148 According to Wall StreetJournal reporter, Glenn Simpson, this CIA report concluded: “Senior Al Rajhi family members have long supported Islamic extremists and probably know that terrorists use their bank.” 1149“Islamic extremists have used Al-Rajhi Banking & Investment Corporation (ARABIC) since at least the mid-1990s as a conduit for terrorist transactions, probably because they find the bank’s vast network and adherence to Islamic principles both convenient and ideologically sound. Senior al-Rajhi family members have long supported Islamic extremists and probably know that terrorists use their bank. Reporting indicates that senior al-Rajhi family members control the bank’s most important decisions and that ARABIC’s princip[al] managers answer directly to Suleiman. The al-Rajhis know they are under scrutiny and have moved to conceal their activities from financial regulatory authorities.” A later civil lawsuit, filed in 2011, provided a longer quotation from the same CIA report as follows: 1150 According to the same Wall Street Journal article by Glenn Simpson, the 2003 CIA report alleged that, in 2000, Al Rajhi Bank couriers “delivered money to the Indonesian insurgent group Kompak to fund weapons purchases and bomb-making activities.” 1151 The report also allegedly claimed that in 2002, one year after the 9/11attacks, the bank’s managing director ordered the Al Rajhi Bank’s board “to explore financial instruments that would allow the bank’s charitable contributions to avoid official Saudi scrutiny.” 1152 The 2003 CIA report allegedly stated further that extremists“ordered operatives in Afghanistan, Indonesia, Pakistan, Saudi Arabia, Turkey, and Yemen” to use Al Rajhi Bank. 11532005 Al Haramain Prosecution. A third source of suspicion regarding Al Rajhi Bank’s possible links to terrorism arose from a 2005 federal indictment of al-Haramain Islamic Foundation Inc. and two of its senior officials. Al-Haramain Islamic Foundation is a Saudibased nonprofit organization that, in 2005, operated in more than 50 countries around the world. 11541148 “US Tracks Saudi Bank Favored by Extremists,” Wall Street Journal, Glenn Simpson (7/26/2007),Beginning in 2002, the United States designated multiple branches of the Foundation http://online.wsj.com/article/SB118530038250476405.html. 1149 Id.1150 The Underwriting Members of Lloyd’s Syndicate 3500 v. Saudi Arabia, Case 3:11-cv-00202-KRG (USDCWDPA), Civil Complaint (9/8/2011), http://www.investigativeproject.org/documents/case_docs/1680.pdf (hereinafter “Lloyd’s lawsuit”), at ¶ 370. 1151 “US Tracks Saudi Bank Favored by Extremists,” Wall Street Journal, Glenn Simpson (7/6/2007),http://online.wsj.com/article/SB118530038250476405.html. 1152 Id.1153 Id.1154 United States v. al-Haramain Islamic Foundation Inc., Case No. 6:05-CR-60008-HO (USDC Oregon)Indictment (2/17/2005) at ¶ B. 198 as terrorist organizations. 1155 After freezing the assets of two such branches for “divertingcharitable funds to terrorism,” a U.S. Treasury Department press release stated: “The branch offices of al Haramain in Somalia and Bosnia are clearly linked to terrorist financing.” 1156 In2004, a Treasury Department statement called al-Haramain Foundation “one of the principal Islamic NGOs [Non-Governmental Organizations] providing support for the Al Qaida network and promoting militant Islamic doctrine worldwide.” 1157 That same year, the United Statesadded the U.S. branch of the organization to the SDN list for acting as an “underwrit[er] of terror.”-- 1158 The Saudi government issued a similar 2004 designation and ordered the al-Haramain Islamic Foundation to be dissolved. 1159 In 2008, however, Treasury noted that, despitethe Saudi government’s action, the organization’s leadership appeared to have reconstituted itself under a new name and continued to operate. 1160In the United States, representatives of the al-Haramain Islamic Foundation formed, in 1999, an Oregon corporation named al-Haramain Islamic Foundation, Inc. which set up offices in Ashland, Oregon. 1161 The corporation was operated as a nonprofit organization under Section501(c)(3) of the U.S. tax code. 1162 In 2004, the Office of Foreign Assets Control (OFAC) at theTreasury Department deemed al-Haramain Islamic Foundation Inc. in Oregon a “Specially Designated Global Terrorist Entity.” 1163 In 2005, the United States indicted the Foundation andtwo of its senior officials, Pirouz Sedaghaty and Soliman Al-Buthe who was later designated by the United States as a terrorist financier. 1164 Since both men were out of the country when theindictment was filed, the case was dormant for two years. 11651155 See “Blocking Property and Prohibiting Transactions With Persons Who Commit, Threaten To Commit, orSupport Terrorism,” 66 FR 49079 (9/23/2001). In 2007, Mr. Sedaghaty returned to 1156 3/11/2002 “Designations of Somalia and Bosnia-Herzegovina Branches of Al-Haramain Islamic Foundation,”U.S. Treasury Department, http://www.fas.org/irp/news/2002/03/dot031102fact.html. 1157 “Treasury Announces Joint Action with Saudi Arabia Against Four Branches of al-Haramain In The FightAgainst Terrorist Financing,” U.S. Treasury Department press release No. JS-1108 (1/22/2004), http://www.treasury.gov/press/releases/js1108.htm. 1158 See Executive Order No. 13,224 (2004); “U.S.-Based Branch of Al Haramain Foundation Linked to Terror,”U.S. Treasury Department press release (11/9/2004). 1159 See, e.g., 2007 CRS Report on Saudi Arabia Terrorist Financing Issues, at 19.1160 See “Combating Terrorism: U.S. Agencies Report Progress Countering Terrorism and Its Financing in SaudiArabia, but Continued Focus on Counter Terrorism Financing Efforts Needed.” U.S. Government Accountability Office, GAO-09-883 (Sept. 2009), http://www.gao.gov/new.items/d09883.pdf, at 35. 1161 See United States v. al-Haramain Islamic Foundation Inc., Case No. 6:05-cr-60008-HO (USDC Oregon)Indictment (2/17/2005) at ¶ B. 1162 Id.1163 See Executive Order No. 13224 (2004); “U.S.-Based Branch of Al Haramain Foundation Linked to Terror,”U.S. Treasury Department press release (11/9/2004); Al Haramain Islamic Foundation Inc. v. U.S. Dep’t of Treasury, 660 F.3d 1019, 1023 (9th Cir. 2011). 1164 See United States v. al-Haramain Islamic Foundation Inc., Case No. 6:05-CR-60008-HO (USDC Oregon)Indictment (2/17/2005). The case was featured in the U.S. State Department’s annual report on money laundering issues. See 2005 International Narcotics Control Strategy Report, Volume II, “Money Laundering and Financial Crimes,” U.S. State Department, at 16. See also “U.S.-Based Branch of Al Haramain Foundation Linked to Terror,” U.S. Treasury Department press release No. JS-1895 (9/9/2004); “Tax Case Ends Against Charity,” Les Zaitz, The Oregonian (8/5/2005). 1165 Because neither individual was in the United States, the prosecution later dropped the Foundation from the case,to prevent the case from proceeding in a piecemeal fashion. See Al Rajhi Banking & Investment Corp. v. Holder, Case No. 1:10-MC-00055-ESH, Memorandum of Points and Authorities In Support of Petitioner’s Motion to Quash USA Patriot Act Subpoena (1/19/2010), at 5. 199 the United States and was arrested at an airport. 1166 In 2010, he stood trial, was convicted of twofelonies, and sentenced to nearly three years in prison. 1167 In the incident that led to hisconviction, he and Mr. Al-Buthe used funds from an Egyptian donor to purchase $130,000 in U.S. travelers cheques from a bank in Oregon; Mr. Al-Buthe then traveled to Saudi Arabia and, in 2000, cashed the travelers cheques at Al Rajhi Bank; the money was then smuggled to violent extremists in Chechnya. 1168Al Rajhi Bank’s role in the events that formed the basis for the prosecution attracted media attention in 2005, when the indictment was filed; in 2007, when Mr. Sedaghaty was arrested; and in 2010, when the trial took place. Over the years, it became public that Mr. Al- Buthe, a designated terrorist financier, had been a client of Al Rajhi Bank in Saudi Arabia in 2000, 1169 as had the al-Haramain Islamic Foundation, later designated a terrorist organization.1170In 2007, a Wall Street Journal article reported that Al Rajhi Bank had maintained at least 24 accounts for the al-Haramain Islamic Foundation and handled unusual transactions for it. 1171 InJanuary 2010, after the United States served an administrative subpoena on Al Rajhi Bank to obtain authenticated bank documents for use in the al-Haramain Foundation criminal trial, the bank refused to produce them and filed a motion in court to quash the subpoena, 1172 leading tomedia reports that it was refusing to cooperate with a terrorist financing prosecution. 1173Links to Suspect Banks. In addition to the Golden Chain document, the U.S. search of Al-Rajhi related businesses and nonprofits in the United States, and the al Haramain Foundation prosecution, still another source of concern about Al Rajhi Bank involves its alleged links to other banks suspected of financing terrorism. In 2011, a civil lawsuit filed by an insurance syndicate against Saudi Arabia and others seeking to recover insurance payments made after the 9-11 terrorist attack discussed two of those 1166 Id.1167 “Former U.S. Head of Al-Haramain Islamic Foundation Sentenced to 33 Months in Federal Prison,” U.S.Attorney’s Office for the District of Oregon press release (9/27/11) at 1. 1168 Id.1169 See, e.g., Al Rajhi Banking & Investment Corp. v. Holder, Case No. 1:10-MC-00055-ESH, Memorandum ofPoints and Authorities In Support of Petitioner’s Motion to Quash USA Patriot Act Subpoena (filed 1-19-10), at 6. 1170 See, e.g., “U.S. Tracks Saudi Bank Favored by Extremists,” Wall Street Journal, Glenn Simpson (7/26/2007),http://online.wsj.com/article/SB118530038250476405.html. See also 7/26/2007 email from OCC Joseph Boss to HBUS Alan Ketley, “Saudi’s,” HSBC OCC 3391185 (transmitting the article to HBUS); email from HBUS Ketley to HBUS colleagues, Saudi’s,” HSBC OCC 3391262 (sharing the article within HBUS). 1171 “US Tracks Saudi Bank Favored by Extremists,” Wall Street Journal, Glenn Simpson (7/26/2007),http://online.wsj.com/article/SB118530038250476405.html. 1172 See Al Rajhi Banking & Investment Corp. v. Holder, Case No. 1:10-MC-00055-ESH, Memorandum of Pointsand Authorities In Support of Petitioner’s Motion to Quash USA Patriot Act Subpoena (1/19/2010). This case was later closed as “moot.” See Order Dismissing Action As Moot (3/2/2010) (“It is hereby ordered that this action is dismissed as moot in light of the ruling issued on February 26, 2010, by Judge Michael R. Hogan of the U.S. District Court for the District of Oregon in United States v. Sedaghaty…granting the government’s motion to compel petitioner Al-Rajhi Banking and Investment Corp.’s compliance with an administrative subpoena.”) (emphasis in original omitted). 1173 See, e.g., “Saudi Bank Refuses to Cooperate in U.S. Investigation into Terrorist Financiers,” For The Record -The IPT Blog (1/26/2010), http://www.investigativeproject.org/1753/saudi-bank-refuses-to-cooperate-in-us. 200 suspect banks, Bank al Taqwa and Akida Bank Private Ltd. 1174 Both banks have been deemedby the United States as Specially Designated Global Terrorist Entities. 1175 Regarding Bank alTaqwa, the lawsuit noted that two individuals who were former executives at Bank al Taqwa, Ibrahim Hassabella and Samir Salah, were also associated with the SAAR Foundation. 1176 Mr.Hassabella was a former secretary of al Taqwa Bank and a shareholder of SAAR Foundation Inc. Mr. Saleh was a former director and treasurer of the Bahamas branch of al Taqwa Bank, and president of the Piedmont Trading Corporation which was part of the SAAR network. The U.S. Treasury Department has stated: “The Al Taqwa group has long acted as financial advisers to al Qaeda, with offices in Switzerland, Lichenstein, Italy and the Caribbean.” 1177 Regarding AkidaBank, the lawsuit complaint alleged that Sulaiman bin Abdul Aziz Al Rajhi was “on the board of directors of Akida Bank in the Bahamas” and that “Akida Bank was run by Youssef Nada, a noted terrorist financier.” 1178As explained below, Al Rajhi Bank was also associated with Islami Bank Bangladesh Ltd., which was located in a country at high risk for money laundering, provided an account to a Bangladeshi accused of involvement with a terrorist bombing, and had been fined three times for violating AML requirements in connection with providing bank services to “militants.” 1179HSBC’s own research indicated that the Al Rajhi group held about one-third of the bank’s shares. In addition, Al Rajhi Bank provided a correspondent account to Social Islami Bank, a Bangladesh-based bank whose largest single shareholder for many years was the International Islamic Relief Organization, which was designated by the United States in 2006, as a terrorist organization. 1180 A second shareholder was the precursor to the Benevolence IslamicFoundation, also later designated by the United States as a terrorist organization. Suspect Bank Clients. A final source of concern about Al Rajhi Bank involves accounts it provided to specific clients linked to terrorism. The accounts provided to the al-Haramain Islamic Foundation and Soliman Al-Buthe, both designated by the United States as linked to terrorism, have already been discussed. Another example is the International Islamic Relief Organization (IIRO) which, as mentioned earlier, is a Saudi-based nonprofit organization which was added to the SDN list by the United States for “facilitating fundraising for Al Qaida and affiliated terrorist groups”. 11811174 See Lloyd’s lawsuit at ¶¶ 459-460. This lawsuit was withdrawn 11 days after being filed, with no prejudiceagainst its re-filing in the future. See Lloyd’s lawsuit, Notice of Voluntary Dismissal, Docket document 5, 9/19/2011. In 2003, HSBC’s internal Financial Intelligence Group (FIG) 1175 See “The United States Designates Twenty-Five New Financiers of Terror,” U.S. Treasury Department pressrelease (8/29/2002), http://www.treasury.gov/press-center/press-releases/Pages/po3380.aspx. See also E.O. 13224, “Blocking Property and Prohibiting Transactions With Persons Who Commit, Threaten To Commit, or Support Terrorism,” 66 FR 49079 (9/23/2001); Kane affidavit at ¶ 112. 1176 Lloyd’s lawsuit at ¶ 459.1177 Statement by Treasury Secretary Paul O’Neill (11/7/2001).1178 Lloyd’s lawsuit at ¶ 459. Youssef Nada was designated as a terrorist financier by the United States in November2001. See “Recent OFAC Actions,” U.S. Department of the Treasury, (11/7/2001), http://www.treasury.gov/resource-center/sanctions/OFAC-Enforcement/Pages/20011107.aspx. 1179 See Subsection (i), below.1180 See Subsection (i), below. See also “Islamic Charity Charged with Terrorist Financing,” U.S. JusticeDepartment, (1/16/2008), http://www.justice.gov/usao/mow/news2008/iara.ind2.htm. 1181 See 8/3/2006 press release, “Treasury Designates Director, Branches of Charity Bankrolling Al Qaida Network,”U.S. Treasury Department, reprinted in 8/3/2006 email from HBUS Sharyn Malone to HBUS Stephanie Napier and others, “Social Investment Bank, Bangladesh,” HSBC OCC 3259936. See also 8/3/2006 “Treasury Takes 201 raised questions about the IIRO; in 2006 a FIG report noted that the IIRO had been linked to Al Qaeda and other terrorist groups, plots to assassinate President Bill Clinton and the Pope, attacks on the Brooklyn Bridge and Lincoln Tunnel, and the 1993 attack on the World Trade Center. 1182According to a CRS report, press reports indicated that, until at least December 2004, the IIRO had arranged for donors to send donations directly to accounts it held at Al Rajhi Bank, advertizing the accounts in various publications. 1183 In addition, the Lloyd’s lawsuit alleged thatAl Rajhi Bank made or arranged for large donations to the IIRO. 1184 Sulaiman bin Abdul AzizAl Rajhi, the most senior official at Al Rajhi Bank, is also alleged to have been an officer of IIRO. 1185Al Rajhi Bank gained notoriety as well for providing banking services to several of the hijackers in the 9-11 terrorist attack, including Abdulaziz al Omari who was aboard American Airlines Flight 11. A civil lawsuit described the bank’s involvement with him as follows: “[M]oney was funneled to the Hamburg, Germany al Qaeda cell through the Al Rajhi Bank to businessmen Mahm |