In January 2005, while under the cloud of its first double-secret-probation agreement with the U.S., HSBC decided to partially sever ties with Al Rajhi. Note the word "partially": The decision would only apply to Al Rajhi banking and not to its related trading company, a distinction that tickled executives inside the bank. In March 2005, Alan Ketley, a compliance officer for HSBC's American subsidiary, HBUS, gleefully told Paul Plesser, head of his bank's Global Foreign Exchange Department, that it was cool to do business with Al Rajhi Trading. "Looks like you're fine to continue dealing with Al Rajhi," he wrote. "You'd better be making lots of money!"
But this backdoor arrangement with bin Laden's suspected "Golden Chain" banker wasn't direct enough – many HSBC executives wanted the whole shebang restored. In a remarkable e-mail sent in May 2005, Christopher Lok, HSBC's head of global bank notes, asked a colleague if they could maybe go back to fully doing business with Al Rajhi as soon as one of America's primary banking regulators, the Office of the Comptroller of the Currency, lifted the 2003 cease-and-desist order: "After the OCC closeout and that chapter is hopefully finished, could we revisit Al Rajhi again? London compliance has taken a more lenient view."
After being slapped with the order in 2003, HSBC began blowing off its requirements both in letter and in spirit – and on a mass scale, too. Instead of punishing the bank, though, the government's response was to send it more angry letters. Typically, those came in the form of so-called "MRA" (Matters Requiring Attention) letters sent by the OCC. Most of these touched upon the same theme, i.e., HSBC failing to do due diligence on the shady characters who might be depositing money in its accounts or using its branches to wire money. HSBC racked up these "You're Still Screwing Up and We Know It" orders by the dozen, and in just one brief stretch between 2005 and 2006, it received 30 different formal warnings.
Nonetheless, in February 2006 the OCC under George Bush suddenly decided to release HSBC from the 2003 cease-and-desist order. In other words, HSBC basically violated its parole 30 times in just more than a year and got off anyway. The bank was, to use the street term, "off paper" – and free to let the Al Rajhis of the world come rushing back.
After HSBC fully restored its relationship with the apparently terrorist-friendly Al Rajhi Bank in Saudi Arabia, it supplied the bank with nearly 1 billion U.S. dollars. When asked by HSBC what it needed all its American cash for, Al Rajhi explained that people in Saudi Arabia need dollars for all sorts of reasons. "During summer time," the bank wrote, "we have a high demand from tourists traveling for their vacations."
The Treasury Department keeps a list compiled by the Office of Foreign Assets Control, or OFAC, and American banks are not supposed to do business with anyone on the OFAC list. But the bank knowingly helped banned individuals elude the sanctions process. One such individual was the powerful Syrian businessman Rami Makhlouf, a close confidant of the Assad family. When Makhlouf appeared on the OFAC list in 2008, HSBC responded not by severing ties with him but by trying to figure out what to do about the accounts the Syrian power broker had in its Geneva and Cayman Islands branches. "We have determined that accounts held in the Caymans are not in the jurisdiction of, and are not housed on any systems in, the United States," wrote one compliance officer. "Therefore, we will not be reporting this match to OFAC."
Translation: We know the guy's on a terrorist list, but his accounts are in a place the Americans can't search, so screw them.
Remember, this was in 2008 – five years after HSBC had first been caught doing this sort of thing. And even four years after that, when being grilled by Michigan Sen. Carl Levin in July 2012, an HSBC executive refused to absolutely say that the bank would inform the government if Makhlouf or another OFAC-listed name popped up in its system – saying only that it would "do everything we can."
The Senate exchange highlighted an extremely frustrating dynamic government investigators have had to face with Too Big to Jail megabanks: The same thing that makes them so attractive to shady customers – their ability to instantaneously move money around the world to places like the Cayman Islands and Switzerland – makes it easy for them to play dumb with regulators by hiding behind secrecy laws.
When it wasn't banking for shady Third World characters, HSBC was training its mental firepower on the problem of finding creative ways to allow it to do business with countries under U.S. sanction, particularly Iran. In one memo from HSBC's Middle East subsidiary, HBME, the bank notes that it could make a lot of money with Iran, provided it dealt with what it termed "difficulties" – you know, those pesky laws.
"It is anticipated that Iran will become a source of increasing income for the group going forward," the memo says, "and if we are to achieve this goal we must adopt a positive stance when encountering difficulties."
The "positive stance" included a technique called "stripping," in which foreign subsidiaries like HSBC Middle East or HSBC Europe would remove references to Iran in wire transactions to and from the United States, often putting themselves in place of the actual client name to avoid triggering OFAC alerts. (In other words, the transaction would have HBME listed on one end, instead of an Iranian client.)
For more than half a decade, a whopping $19 billion in transactions involving Iran went through the American financial system, with the Iranian connection kept hidden in 75 to 90 percent of those transactions. HSBC has been headquartered in England for more than two decades – it's Europe's largest bank, in fact – but it has major subsidiary operations in every corner of the world. What's come out in this investigation is that the chiefs in the parent company often knew about shady transactions when the regional subsidiary did not. In the case of banned Iranian transactions, for instance, there are multiple e-mails from HSBC's compliance head, David Bagley, in which he admits that HSBC's American subsidiary probably has no clue that HSBC Europe has been sending it buttloads of banned Iranian money.
"I am not sure that HBUS are aware of the fact that HBEU are already providing clearing facilities for four Iranian banks," he wrote in 2003. The following year, he made the same observation. "I suspect that HBUS are not aware that [Iranian] payments may be passing through them," he wrote.
What's the upside for a bank like HSBC to do business with banned individuals, crooks and so on? The answer is simple: "If you have clients who are interested in 'specialty services' – that's the euphemism for the bad stuff – you can charge 'em whatever you want," says former Senate investigator Blum. "The margin on laundered money for years has been roughly 20 percent."
Those charges might come in many forms, from upfront fees to promises to keep deposits at the bank for certain lengths of time. However you structure it, the possibilities for profit are enormous, provided you're willing to accept money from almost anywhere. HSBC, its roots in the raw battlefield capitalism of the old British colonies and its strong presence in Asia, Africa and the Middle East, had more access to customers needing "specialty services" than perhaps any other bank.
And it worked hard to satisfy those customers. In perhaps the pinnacle innovation in the history of sleazy banking practices, HSBC ran a preposterous offshore operation in Mexico that allowed anyone to walk into any HSBC Mexico branch and open a U.S.-dollar account (HSBC Mexico accounts had to be in pesos) via a so-called "Cayman Islands branch" of HSBC Mexico. The evidence suggests customers barely had to submit a real name and address, much less explain the legitimate origins of their deposits.
If you can imagine a drive-thru heart-transplant clinic or an airline that keeps a fully-stocked minibar in the cockpit of every airplane, you're in the ballpark of grasping the regulatory absurdity of HSBC Mexico's "Cayman Islands branch." The whole thing was a pure shell company, run by Mexicans in Mexican bank branches.
At one point, this figment of the bank's corporate imagination had 50,000 clients, holding a total of $2.1 billion in assets. In 2002, an internal audit found that 41 percent of reviewed accounts had incomplete client information. Six years later, an e-mail from a high-ranking HSBC employee noted that 15 percent of customers didn't even have a file. "How do you locate clients when you have no file?" complained the executive.
It wasn't until it was discovered that these accounts were being used to pay a U.S. company allegedly supplying aircraft to Mexican drug dealers that HSBC took action, and even then it closed only some of the "Cayman Islands branch" accounts. As late as 2012, when HSBC executives were being dragged before the U.S. Senate, the bank still had 20,000 such accounts worth some $670 million – and under oath would only say that the bank was "in the process" of closing them.
Meanwhile, throughout all of this time, U.S. regulators kept examining HSBC. In an absurdist pattern that would continue through the 2000s, OCC examiners would conduct annual reviews, find the same disturbing shit they'd found for years, and then write about the bank's problems as though they were being discovered for the first time. From the 2006 annual OCC review: "During the year, we identified a number of areas lacking consistent, vigilant adherence to BSA/AML policies. . . . Management responded positively and initiated steps to correct weaknesses and improve conformance with bank policy. We will validate corrective action in the next examination cycle."
Translation: These guys are assholes, but they admit it, so it's cool and we won't do anything.
A year later, on July 24th, 2007, OCC had this to say: "During the past year, examiners identified a number of common themes, in that businesses lacked consistent, vigilant adherence to BSA/AML policies. Bank policies are acceptable. . . . Management continues to respond positively and initiated steps to improve conformance with bank policy."
Translation: They're still assholes, but we've alerted them to the problem and everything'll be cool.
By then, HSBC's lax money-laundering controls had infected virtually the entire company. Russians identifying themselves as used-car salesmen were at one point depositing $500,000 a day into HSBC, mainly through a bent traveler's-checks operation in Japan. The company's special banking program for foreign embassies was so completely fucked that it had suspicious-activity alerts backed up by the thousands. There is also strong evidence that the bank was allowing clients in Sudan, Cuba, Burma and North Korea to evade sanctions.
When one of the company's compliance chiefs, Carolyn Wind, raised concerns that she didn't have enough staff to monitor suspicious activities at a board meeting in 2007, she was fired. The sheer balls it took for the bank to ignore its compliance executives and continue taking money from so many different shady sources while ostensibly it had regulators swarming all over its every move is incredible. "You can't make up more egregious money-laundering that permeated an entire institution," says Spitzer.
By the late 2000s, other law enforcement agencies were beginning to catch HSBC's scent. The Department of Homeland Security started investigating HSBC for laundering drug money, while the attorney general's office in West Virginia snooped around HSBC's involvement in a Medicare-fraud case. A federal intra-agency meeting was convened in Washington in September 2009, at which it was determined that HSBC was out of control and needed to be investigated more closely.
The bank itself was then notified that its usual OCC review was being "expanded." More OCC staff was assigned to pore through HSBC's books, and, among other things, they found a backlog of 17,000 alerts of suspicious activity that had not been processed. They also noted that the bank had a similar pileup of subpoenas in money-laundering cases.
Finally it seemed the government was on the verge of becoming genuinely pissed off. In March 2010, after seeing countless ultimatums ignored, they issued one more, giving HSBC three months to clear that goddamned 17,000-alert backlog or else there would be serious consequences. HSBC met that deadline, but months later the OCC again found the bank's money-laundering controls seriously wanting, forcing the government to take, well . . . drastic action, right?
Sort of! In October 2010, the OCC took a deep breath, strapped on its big-boy pants and . . . issued a second cease-and-desist order!
In other words, it was "Don't Do It Again" – again. The punishment for all of that dastardly defiance was to bring the regulatory process right back to the same kind of double-secret-probation order they'd tried in 2003.
Not to say that HSBC didn't make changes after the second Don't Do It Again order. It did – it hired some people.
To read the new issue of Rolling Stone online, plus the entire RS archive: Click Here
POLITICS No Price Big Banks Can't Fix
Picks From Around the Web
blog comments powered by Disqus