[Senate Hearing 112-597, Volume 1]
[From the U.S. Government Publishing Office]




                                                        S. Hrg. 112-597

                     U.S. VULNERABILITIES TO MONEY
                    LAUNDERING, DRUGS, AND TERRORIST
                      FINANCING: HSBC CASE HISTORY

=======================================================================

                                HEARING

                               before the

                PERMANENT SUBCOMMITTEE ON INVESTIGATIONS

                                 of the

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE

                      ONE HUNDRED TWELFTH CONGRESS


                             SECOND SESSION

                               ----------                              

                             VOLUME 1 OF 2

                               ----------                              

                             JULY 17, 2012

                               ----------                              

         Available via the World Wide Web: http://www.fdsys.gov

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs




[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]











                                                        S. Hrg. 112-597

                     U.S. VULNERABILITIES TO MONEY
                    LAUNDERING, DRUGS, AND TERRORIST
                      FINANCING: HSBC CASE HISTORY

=======================================================================

                                HEARING

                               before the

                PERMANENT SUBCOMMITTEE ON INVESTIGATIONS

                                 of the

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE

                      ONE HUNDRED TWELFTH CONGRESS


                             SECOND SESSION

                               __________

                             VOLUME 1 OF 2

                               __________

                             JULY 17, 2012

                               __________

         Available via the World Wide Web: http://www.fdsys.gov

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs




[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]







                                _____

                  U.S. GOVERNMENT PRINTING OFFICE

76-061PDF                 WASHINGTON : 2012
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001






        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

               JOSEPH I. LIEBERMAN, Connecticut, Chairman
CARL LEVIN, Michigan                 SUSAN M. COLLINS, Maine
DANIEL K. AKAKA, Hawaii              TOM COBURN, Oklahoma
THOMAS R. CARPER, Delaware           SCOTT P. BROWN, Massachusetts
MARK L. PRYOR, Arkansas              JOHN McCAIN, Arizona
MARY L. LANDRIEU, Louisiana          RON JOHNSON, Wisconsin
CLAIRE McCASKILL, Missouri           JOHN ENSIGN, Nevada
JON TESTER, Montana                  ROB PORTMAN, Ohio
MARK BEGICH, Alaska                  RAND PAUL, Kentucky
                                     JERRY MORAN, Kansas

                  Michael L. Alexander, Staff Director
               Nicholas A. Rossi, Minority Staff Director
                  Trina Driessnack Tyrer, Chief Clerk
                 Patricia R. Hogan, Publications Clerk
                                 ------                                

                PERMANENT SUBCOMMITTEE ON INVESTIGATIONS

                     CARL LEVIN, Michigan, Chairman
THOMAS R. CARPER, Delaware           TOM COBURN, Oklahoma
MARY L. LANDRIEU, Louisiana          SUSAN M. COLLINS, Maine
CLAIRE McCASKILL, Missouri           SCOTT P. BROWN, Massachusetts
JON TESTER, Montana                  JOHN McCAIN, Arizona
MARK BEGICH, Alaska                  RAND PAUL, Kentucky
            Elise J. Bean, Staff Director and Chief Counsel
            Robert L. Roach, Counsel and Chief Investigator
                    Laura E. Stuber, Senior Counsel
          Christopher Barkley, Staff Director to the Minority
          Keith B. Ashdown, Chief Investigator to the Minority
                     Mary D. Robertson, Chief Clerk














                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Levin................................................     1
    Senator Coburn...............................................     7
Prepared statements:
    Senator Levin................................................    85
    Senator Coburn...............................................    91

                               WITNESSES
                         Tuesday, July 17, 2012

Hon. David S. Cohen, Under Secretary for Terrorism and Financial 
  Intelligence, U.S. Department of the Treasury..................    10
Leigh H. Winchell, Assistant Director for Programs, Homeland 
  Security Investigations, U.S. Immigration and Customs 
  Enforcement, U.S. Department of Homeland Security..............    13
David B. Bagley, Head of Group Compliance, HSBC Holdings plc, 
  London, England................................................    21
Paul Thurston, Chief Executive, Retail Banking and Wealth 
  Management, HSBC Holdings plc, Hong Kong.......................    23
Michael Gallagher, Former Executive Vice President, Head of PCM 
  North America, HSBC Bank USA, N.A., New York, New York.........    24
Chiu Hon ``Christopher'' Lok, Former Head of Global Banknotes, 
  HSBC Bank USA, N.A., New York, New York........................    25
Irene Dorner, President and Chief Executive Officer, HSBC Bank 
  USA and HSBC North America Holdings, Inc., New York, New York..    47
Stuart A. Levey, Chief Legal Officer, HSBC Holdings plc, London, 
  England........................................................    49
Hon. Thomas J. Curry, Comptroller of the Currency, U.S. 
  Department of the Treasury.....................................    65
Grace E. Dailey, Former Deputy Comptroller for Large Bank 
  Supervision, Office of the Comptroller of the Currency.........    67
Daniel P. Stipano, Deputy Chief Counsel, Office of the 
  Comptroller of the Currency....................................    67

                     Alphabetical List of Witnesses

Bagley, David B.:
    Testimony....................................................    21
    Prepared statement...........................................   111
Cohen, Hon. David S.:
    Testimony....................................................    10
    Prepared statement...........................................    94
Curry, Hon. Tomas:
    Testimony....................................................    65
    Prepared statement...........................................   150
Dailey, Grace E.:
    Testimony....................................................    67
    Prepared statement...........................................   150
Dorner, Irene:
    Testimony....................................................    47
    Prepared statement...........................................   130
Gallagher, Michael:
    Testimony....................................................    24
    Prepared statement...........................................   124
Levey, Stuart A.:
    Testimony....................................................    49
    Prepared statement...........................................   137
Lok, Chiu Hon ``Christopher'':
    Testimony....................................................    25
    Prepared statement...........................................   127
Stipano, Daniel P.:
    Testimony....................................................    67
    Prepared statement...........................................   150
Thurston, Paul:
    Testimony....................................................    23
    Prepared statement...........................................   116
Winchell, Leigh H.:
    Testimony....................................................    13
    Prepared statement...........................................    99

                                APPENDIX

Report by the Permanent Subcommittee on Investigations Majority 
  and Minority Staff entitled ``U.S. Vulnerabilities to Money 
  Laundering, Drugs, and Terrorist Financing: HSBC Case 
  History,'' July 17, 2012.......................................   169

                              EXHIBIT LIST

 1. a. GMatters Requiring Attention (MRAs) and Recommendations in 
  OCCSupervisory Letters for HSBC Bank USA, N.A., January 2005-
  July 2009, chart prepared by the Permanent Subcommittee on 
  Investigations.................................................   575

   b. GHBMX Compliance Failures, chart prepared by the Permanent 
  Subcommittee on Investigations.................................   576

   c. GDisclosed v. Undisclosed Iranian U.S. Dollar Payments Sent 
  by HSBC Foreign Affiliates to U.S. Banks, Including HSBC Bank 
  USA, chart prepared by the Permanent Subcommittee on 
  Investigations.................................................   577

   d. GExcerpts from emails of David Bagley re HBUS awareness of 
  Iranian transactions, 2003-2004................................   578

   e. GRatings Used in OCC Report of Examinations, chart prepared 
  by the Permanent Subcommittee on Investigations................   579

   f. G31 USC Sec. 5318(h)--Anti-Money Laundering Programs.......   580

General Documents:

 2. a. GHSBC Group News, HSBC Group Chief Executive Stuart 
  Gulliver letter to all HSBC employees. [PSI-HSBC-76-0001-0002].   581

   b. GHSBC Group Circular Letters (GCL), GCL 120014--HSBC Global 
  Standards. [PSI-HSBC-75-0001]..................................   583

   c. GHSBC Group Standards Manual, Chapter 5 Legal, Compliance 
  and Reputation.................................................   585

 3. GHSBC internal email, dated September 2008, re: Kyc hires (. 
  . . still grappling with some of the grim realities of the 
  present--the upcoming OCC exam in November being one of those 
  grim realities.). [HSBC OCC 0616352-356].......................   587

 4. G30 Day Observations and Recommendations Report from AML 
  Director (Extremely high risk business model from AML 
  perspective * * * AML Director has the responsibility for AML 
  compliance, but very little control over its success). [HSBC-
  PSI-PROD-0065332-334]..........................................   592

 5. GHSBC internal email, dated October 2009, re: OFAC resources 
  (. . . not good in that we don't get the staffing levels we 
  need.). [OCC-PSI-00162661].....................................   595

 6. GHSBC internal email, dated February 2010, re: Received a 
  call from Kathy G this am. (we are in dire straights right now 
  over backlogs, and decisions being made by those that don't 
  understand the risks or consequences of their decisions!!!!). 
  [OCC-PSI-00165898].............................................   597

 7. GHSBC internal email, dated February 2010, re: Bco Nac Angola 
  (We don't appear to be on the same page as to who owns the 
  risk.). [OCC-PSI-00165932].....................................   599

Documents Related to HBMX and HSBC Mexico:

 8. GHSBC internal email, dated July 2002, re: BITAL (There is no 
  recognisable compliance or money laundering function in Bital 
  at present . . .) [HSBC OCC 8877797-798].......................   605

 9. GHSBC internal email, dated August 2002, re: HIGH NOON, 
  attaching copy of Group Internal Audit, Due Diligence Review--
  Project High Noon). [HSBC OCC 8873843-855].....................   607

10. GHSBC internal email, dated November 2002, re: COMPLIANCE DUE 
  DILIGENCE TRIP BY JOHN ROOT, BITAL (MEXICO CITY)--4-8NOV02. 
  [HSBC OCC 8877800-807].........................................   620

11. GMay 2004 Group Audit of HBMX (In our opinion, based upon the 
  foregoing, the Direction of Money Laundering Deterrence is 
  operating with a BELOW STANDARD level of Control Risk.). [HSBC 
  OCC 8874376-381]...............................................   628

12. GHSBC internal email, dated January 2005, re: COMPLIANCE 
  EXCEPTION (. . . 3 members of the Compliance function within 
  HBMX have alleged that senior persons within the Compliance 
  function fabricated records of certain mandatory anti-money 
  laundering meetings . . . * * * There appears little doubt that 
  the transaction is a breach of the relevant OFAC sanction on 
  the part of HBUS, . . .). [HSBC OCC 8873671-673]...............   634

13. GHSBC internal email, dated December 2005, re: OFAC (Some 
  Western authorities allege more sinister purposes, e.g. the 
  funding of terrorist Hizbollah activities . . .). [HSBC OCC 
  8876612-613]...................................................   637

14. GHSBC internal email, dated March 2007, re: Subject redacted 
  by HSBC (This is a very serious, and high profile, case which 
  has potential reputational damage to the HSBC Group, and must 
  be given the highest priority.). [HSBC OCC 8874315-326]........   639

15. GHSBC internal email, dated March 2007, re: Travellers 
  Cheques (. . . in the year through 3Q04, HBMX has sold over USD 
  110 million of travellers cheques, an amount that eclipses that 
  of HBEU here in the UK, . . .). [HSBC OCC 8876645-646].........   644

16. GHSBC internal email, dated April 2007, re: GROUP AUDIT 
  COMMITTEE--APR07 (Lack of a compliance culture, evidenced (in 
  the most serious way) by the number of staff defalcations and 
  (in a more widespread general negligence) in the number of 
  fines we receive from the regulators for avoidable errors . . 
  .). [HSBC OCC 8874328-330].....................................   646

17. GHSBC internal email, dated April 2007, re: Managerial 
  Letter: HBMX (. . . process he initiated over a month ago 
  following the seizure of the arms and money from our customer's 
  premises. . . . * * * Not a happy story.). [HSBC OCC 8875010-
  014]...........................................................   649

18. a. GHSBC Bank USA, National Association Office Memorandum, 
  dated May 1, 2007, re: Wall Street Journal Article Regarding 
  Wachovia (Sigue Corp.--A money service business that allegedly 
  processed $24.7 million in suspicious money remittances related 
  to drug-trafficking proceeds.). [OCC-PSI-01358514-517].........   654

   b. GExcerpt from Sigue Corporation Deferred Prosecution 
  Agreement, January 24, 2008....................................   658

19. GHSBC internal email, dated July 2007, re: Weekly Compliance 
  Report (It looks like the business is still retaining 
  unacceptable risks and the AML committee is going along after 
  some initial hemming and hawing.). [HSBC OCC 8875925-927]......   673

20. GHSBC internal email, dated July 2007, re: Subject redacted 
  by HSBC (The principal factor here is that the quality of 
  response from the CMB team has not been of the standard that 
  leads me to believe that they are on top of the compliance 
  risks here.). [HSBC OCC 8875132-135]...........................   676

21. GHSBC internal email, dated October 2007, re: CNBV Inspection 
  (This is disturbing and clearly we will need to look at the 
  management structure and practices.). [HSBC OCC 8873338-342]...   680

22. GHSBC internal email, dated November 2007, re: Mexico (. . . 
  there are numerous cases of accounts with multiple SARs (16 in 
  one case!!) in Mexico that remain open.). [HSBC OCC 8875423]...   685

23. GHSBC internal email, dated December 2007, re: Warren 
  Learning HBMX DEC Visit Issues (Sinaloa massive money-
  laundering scheme (+USD 100 million). [HSBC OCC 8875837].......   686

24. G12/2007 Audit of HBMX-Money Laundering Deterrence (MLD), 
  GROUP AUDIT MEXICO, AUDIT REPORT SUMMARY SCHEDULE (Main control 
  weaknesses identified during the audit . . .). [HSBC OCC 
  8876347].......................................................   687

25. GHSBC internal email, dated January 2009, re: US Issues--
  Various (. . . if they were contacted by US authorities then 
  they should have thought to advise HBUS.). [HSBC OCC 8873759]..   688

26. GHSBC internal email, dated December 2006, re: OFAC--Wire 
  payments blocked from HSBC offshore entities--USD 32,000 (re 
  SDGT) and USD 2,538,939.33 (re Sudan) (How is it that these 
  payments continue to be processed by our affiliates in light of 
  the GCLs?). [HSBC OCC 3407608-609].............................   689

27. GHSBC internal email, dated February 2008, re: CNBV (. . . 
  Mexico is suffering a major problem with drugs dealers and the 
  Government is being very robust. . . .). [HSBC-PSI-PROD-
  0198508-509]...................................................   691

28. GHSBC internal email, dated February 2008, re: Subject 
  redacted by HSBC (. . . in spite of the seriousness of this 
  case and the issues involved, CMB is proposing to retain this 
  relationship.). [HSBC OCC 8875139-141 and HSBC OCC 8875020-021]   693

29. GHSBC internal email, dated February 2008, re: CONFIDENTIAL--
  CNBV/FIU Meeting (This is most disturbing and we will need to 
  have the most thorough of investigations.). [HSBC OCC 8966014-
  018]...........................................................   698

30. GHSBC internal email, dated March 2008, re: HBMX (The 
  comments made by Leopoldo are quite concerning, and it would 
  appear that he was more aware of the weaknesses, and the 
  concerns of the CNBV, than Ramon has indicated.). [HSBC OCC 
  8874821-825]...................................................   703

31. GHSBC internal email, dated July 2008, re: HBMX Visit Update 
  (The report . . . concluded that KYC control was ``below 
  standard.'' A sampling showed that 15% of the customers did not 
  even have a file. For the files that could be found, there were 
  serious failures in following Group procedures.). [HSBC OCC 
  8873487-489]...................................................   708

32. GHSBC internal email, dated July 2008, re: HBMX--Cayman 
  Accounts (. . . it appears that our CAMP monitoring system 
  identified significant USD remittances being made by a number 
  of customers to a US company alleged to have been involved in 
  the supply of aircraft to drugs [sic] cartels.). [HSBC OCC 
  8874829-833]...................................................   711

33. GHSBC internal email, dated September 2008, re: Cayman 
  Accounts (Account opening documentation is generally poor or 
  non-existent and there is a lot of work to do. Money-laundering 
  risk is consequently high.). [HSBC OCC 8876784-787]............   716

34. GHSBC internal email, dated November 2008, re: Seriously 
  consider restricting the product Dollars accounts in the zona 
  frontera Product 63 Cuenta Maestra en Dolares P.F. (In the same 
  way we have already restricted new Caiman Island accounts from 
  opening, due to the massive misuse of them by organised crime . 
  . .). [HSBC OCC 8875736-738]...................................   720

35. GHSBC internal email, dated November 2008, re: Mexico (What I 
  find most frustrating is the way in which new issues constantly 
  emerge however much time is spent with HBMX.). [HSBC OCC 
  8875605-607]...................................................   723

36. GHSBC internal email, dated December 2008, re: Mexico Visit 
  (. . . significant backlog (3,659) of accounts to be closed. . 
  . . 675 accounts pending closure were ordered to be closed by 
  the CCC on suspicion that they are used for money laundering 
  activity. . . . 16 accounts that were sent for closure in 2005, 
  . . .). [HSBC-PSI-PROD-0197874-876]............................   726

37. a. GHBUS Banksnotes NY-USD Bought from or Sold to Customers 
  in Mexico: 3 Month Period (Nov-06 to Feb-07). [OCC-PSI-
  00151506]......................................................   729

   b. GBANKNOTES-NY Selected Customers' Activity Alerts & 
  Traders' Explanations for USD Purchases & Sales from 2005-2009, 
  prepared by OCC. [OCC-PSI-00005890-904]........................   730

38. GOCC internal email, dated June 2010, re: HSBC (. . . this 
  has the makings of potentially being a major criminal case . . 
  .). [OCC-PSI-00928756-758].....................................   745

39. GHSBC Presentation, Conducting an Enhanced KYC for Grand 
  Cayman Accountholders, undated (* * * almost no progress has 
  been made in enhanced KYC completion * * * success rate in file 
  completion is approximately 25%). [HSBC OCC 8874560-566].......   748

Documents Related to HSBC Affiliates--Circumventing OFAC 
  Prohibitions:

40. GHSBC internal email, dated May 2001, re: BANK MELLI (I wish 
  to be on the record as not comfortable with this piece of 
  business.). [HSBC-PSI-PROD-0096138-142]........................   755

41. GHSBC internal email, dated July 2001, re: Bank Melli (With 
  the amount of smoke coming off this gun, remind me again why we 
  think we should be supporting this business?). [HSBC OCC 
  8876128-136]...................................................   760

42. GHSBC internal email, dated October 2001, re: OFAC SANCTIONS 
  (. . . bear in mind pending US legislation which will in effect 
  give the US extra-territorial authority over foreign banks, 
  particularly if we are unfortunate enough to process a payment 
  which turns out to be connected to terrorism.). [HSBC OCC 
  8873890-893]...................................................   769

43. GHSBC internal email, dated October 2002, re: IRAN (Your 
  already processing USD payments from two existing accounts held 
  in London.). [HSBC OCC 7687373-377]............................   773

44. GHSBC internal email, dated January 2003, re: USD Payments 
  from Iranian Banks (As you may recall, it was agreed that our 
  London/Middle East office would put together a business case 
  regarding plans for providing USD payment services to Iranian 
  Banks . . .). [HSBC OCC 3407510-515]...........................   778

45. GHSBC internal email, dated February 2003, re: BUSINESS 
  CASE--US PAYMENTS FROM IRANIAN BANKS/ENTITIES (The business 
  case includes a number of express references to practices which 
  may constitute a breach of US sanctions, including the OFAC 
  provisions, and could provide the basis for action against the 
  HSBC Group . . .). [HSBC OCC 8876487-488]......................   784

46. GHSBC internal email, dated October 2003, re: IRAN--STRATEGY 
  DISCUSSION PAPER (. . . there remain serious political and 
  reputational risks within the USA if they proceed with this . . 
  .). [HSBC OCC 8873941-947].....................................   786

47. GHSBC Document, IRAN--STRATEGY DISCUSSION PAPER, undated, 
  (The Iranian market offers substantial untapped potential for 
  the HSBC Group.). [HSBC OCC 8873949-956].......................   793

48. GHSBC internal email, dated October 2003, re: USD Clearing--
  Iranian Banks (. . . HBEU have been manually intervening in the 
  processing of Iranian bank payment instructions by removing the 
  remitter's name and country to prevent the probable trigger of 
  a filter in the US, and the subsequent declaration to OFAC (and 
  possible freezing) of the funds.). [HSBC OCC 8875217-218]......   801

49. GHSBC internal email, dated October 2003, re: Iran (The 
  practice of amending instructions is clearly a long standing 
  one which has hitherto continued despite the RMs believing it 
  had ceased some years ago.). [HSBC OCC 8874660-663]............   803

50. a. GHSBC internal email, dated December 2003, re: 
  COMPLIANCE--OFAC ISSUES IN GENERAL AND SPECIFIC TO IRAN (I 
  currently feel that we may be exposing ourselves to unnecessary 
  and unacceptable Reputational and Operational Risk when we are 
  handling payments originating from FIs domiciled in or who are 
  a local branch of an FI domiciled in an OFAC regulated 
  country.). [HSBC OCC 3407517-522]..............................   807

   b. GHSBC internal email, dated June 2003, re: PLC--Re ``do not 
  mention our name'' (When Funds Transfer staff noted the 
  messages in the BBI field stating ``do not mention our name'' 
  the payment was rejected, per our policy, due to concerns about 
  evasion issues under the OFAC regulations.). [HSBC OCC 8873922-
  928]...........................................................   813

   c. GHSBC internal email, dated May 2005, re: Wire Payments 
  Suspended (Wire payment suspended re ``Iran''--USD 
  6,912,607.82). [HSBC OCC 8874710-712]..........................   820

   d. GHSBC internal email, dated February 2008, re: Rami 
  Makhlouf (Please be advised that we currently maintain a 
  relationship with Sellor, Mohamad Makhlouf in our capacity as 
  Trustee and the individual named in your search request (Rami 
  Makhlouf) is actually a beneficiary of the Trust . . .). [HSBC-
  OCC-8878838-840]...............................................   823

51. GHSBC internal email, dated March 2004, re: BankMarkazi 
  Payment (. . . I remain extremely uncomfortable with the 
  practice of amending Iranian payment orders for whatever 
  means.). [HSBC OCC 8873979-982]................................   826

52. GHSBC internal email, dated March 2004, re: Bank Markazi 
  Payment (The complexity of the OFAC regulations, and the fact 
  that HBUS were unaware that any arrangements existed with 
  Iranian Banks, has made speedy resolution of this issue 
  difficult.). [HSBC OCC 8873985-986]............................   830

53. GHSBC internal email, dated April 2004, re: Iran 
  Correspondent Banking Services--OFAC (. . . the most pressing 
  issue to be resolved is that relating to the limited number of 
  existing relationships that we have (for two small Iranian 
  Banks) where I suspect that HBUS are not aware that payments 
  may be passing through them.). [HSBC OCC 8873994-997]..........   832

54. GHSBC internal email, dated June 2004, re: Iran (. . . there 
  are very compelling commercial reasons which need to be borne 
  in mind when making this decision, not least of which is the 
  threat to the Group's position in and business with Iran over 
  the medium term.). [HSBC OCC 8874001-004]......................   836

55. GHSBC internal email, dated June 2004, re: Iran (. . . our 
  interpretation was that we were being asked to ``fudge'' the 
  nature of the payments to avoid the U.S. embargo and seizure . 
  . .). [HSBC OCC 8873999].......................................   840

56. GHSBC internal email, dated July 2004, re: HBEU Iranian 
  Payments Business (. . . we are being asked to amend 
  instructions or, assume responsibility that the contents of the 
  payment message do not attract the fed's attention and seize 
  the payment. . . .). [HSBC OCC 8876861-863]....................   841

57. GHSBC internal email, dated November 2004, re: U-turns (. . . 
  initially there were concerns about the potential intentional 
  removal of wording ``off limit payments'' from these 
  payments.). [HSBC-PSI-PROD-0096165-167]........................   844

58. GHSBC internal email, dated December 2004, re: U-turns 
  (Attached are the conditions under which HBUS will accept U-
  Turn transactions.). [HSBC OCC 3407526-527]....................   847

59. GHSBC internal email, dated June 2005, re: IRANIAN PAYMENTS 
  (. . . HBME is currently seeking to open a USD account with JP 
  Morgan Chase as our first choice . . . in order to process 
  Iranian related USD payments.). [HSBC OCC 8878026-029].........   849

60. GHSBC internal email, dated May 2006, re: TP GATEWAYS (I 
  would have thought the US regulators would have taken a dim 
  view of routing stuff around the US.). [HSBC OCC 7687437-438]..   853

61. GHSBC internal email, dated May 2006, re: U Turns (I 
  anticipate that you would prefer to see Field 72 completed, but 
  this will mean more hits in the filters even if they will then 
  be passed.). [HSBC OCC 3243782-787]............................   855

62. GHSBC internal email, dated January 2007, re: Transactions 
  with Iran/Cuba, etc (. . . let's set up a completely different 
  Swift address to help avoid any problems with Cuba and Iran.). 
  [HSBC OCC 8876921-931].........................................   861

63. GHSBC internal email, dated June 2007, re: Iran (There are 
  further complications surrounding the process of closure with 
  all Iranian banks as we have some USD 9m in reimbursements due 
  from Sepah, where we are running off trade lines . . .). [HSBC 
  OCC 8878214-216]...............................................   872

64. GHSBC internal email, dated June 2007, re: GROUP MESSAGING 
  GATEWAY FOR LAM--CLEAR CHOICE REPORT (We have not engaged with 
  CI and Nassau as we have no leadership responsibility for this 
  geography.). [HSBC OCC 8874349-355]............................   875

65. GHSBC internal email, dated June 2008, re: OFAC processing in 
  GSC's (. . . we're strapped and getting behind in 
  investigations (on OFAC cases) and have some of our key 
  managers in the queues releasing items . . . I cannot hire 
  first level staff unless it's offshored . . .) [HSBC OCC 
  0616349-350]...................................................   882

66. GHSBC internal email, dated December 2009, re: OFAC Payments 
  (. . . we could use 5 or 6 people for 10 days who can review 
  payments to clear the 700 and building backlog of payments that 
  have been held over and need to be worked to process.). [HSBC 
  OCC 7688668-670]...............................................   884

67. GHSBC internal email, dated August 2010, re: Project Topaz US 
  Urgent Requirements (We need to move quickly to reduce the AML 
  alerts and the connected KYC issues as it is impossible to plan 
  the required capacity * * * Attached is a list of 121 
  international banks that we can no longer support and need to 
  exit. * * * the US requirements cut across business lines and 
  it is crucial that the strategies of PCM, TSC and FIG are 
  aligned to prevent this situation occurring in the future.). 
  [HSBC OCC 8876104-106].........................................   887

68. GExcerpt from Deloitte Review of OFAC transactions, RESULTS 
  OF THE TRANSACTIONS REVIEW--UK GATEWAY, March 29, 2012. [HSBC-
  PSI-PROD-0197919, 930-931, 940, 968-969, 976, 980].............   890

69. GExcerpt from March 29, 2012 Presentation, prepared by 
  Sullivan & Cromwell LLP and Cahill Gordon & Reindel LLP on OFAC 
  compliance by HSBC Bank USA. [HSBC OCC 8966113, 118, 143]......   898

70. GHSBC Group Circular Letters (GCL):
   a. GGCL 050047--Compliance with sanctions (28/Jul/2005) [HSBC 
  OCC 3407560-561];..............................................   901

   b. GGCL 060011--US Dollar Payments (06/Apr/2006) [HSBC OCC 
  3407587];......................................................   905

   c. GGCL 060041--US OFAC Sanctions against Iran--U-Turn 
  Exemption (25/Oct/2006) [HSBC OCC 3407606];....................   907

   d. GGCL 070049--Sanctions Against Iran (24/Sep/2007). [OCC-
  PSI-00141530-531]..............................................   909

Documents related to other countries:

71. a. GHSBC internal email, dated September 2005, re: OFAC 
  sanctions (In particular regard to the Sudanese payments, but 
  also to a lesser extent, Cuban and Burmese, there are a 
  considerable number of USD denominated transactions.). [HSBC 
  OCC 8877213-214]                                                  912

   b. GHSBC document prepared May 2007. INFORMATION REQUESTED IN 
  CONNECTION WITH: NORTH KOREA, CUBA, AND MYANMAR (We were 
  notified that there are relationships with Cuban and North 
  Korean customers.). [HSBC OCC 8876093-095].....................   914

   c. GHSBC internal email, dated October 2005, re: GCL 050047--
  Compliance with Sanctions (I note HBMX continues to process USD 
  payments involving Cuba. It is very important this is stopped 
  immediately as the regulators are getting very tough and the 
  cost to the Group could be considerable if a breach occurs, 
  both in terms of the fine and in the rectification work which 
  is likely to be a pre-requisite to any settlement. If this 
  identifies further breaches, the cost could spiral.). [HSBC OCC 
  8874357-362]...................................................   917

   d. GExcerpt from Deloitte, Transaction Review Progress and 
  Results Reporting, 18th & 19th October 2011 (Correspondent and 
  other accounts . . .). [HSBC-PSI-PROD-0096628, 649]............   923

Documents Related to Al Rajhi Bank--Disregarding Links to 
  Terrorist Financing:

72. GHSBC internal email, dated January 2005, re: Al Ra[jh]i 
  Trading/Al Ra[jh]i Banking (. . . Group Compliance has 
  recommended that the US businesses sever ties with these 
  clients based on the current regulatory environment and the 
  interest of US law enforcement.). [HSBC OCC 1884218]...........   925

73. GHSBC internal email, dated March 2005, re: Al Ra[jh]i 
  Guidance Clarified (Looks like you're fine to continue dealing 
  with Al Rajhi. You'd better be making lots of money!). [HSBC 
  OCC 3114022]...................................................   926

74. GHSBC internal email, dated May 2005, re: Al Rajhi (After the 
  OCC close out and that chapter hopefully finished, could we re-
  visit Al Rajhi again. London compliance has taken a more 
  lenient view . . .). [OCC-PSI-00144350]........................   927

75. GHSBC internal email, dated August 2005, re: Al Rajhi (We've 
  gotten push back from OCC on Al Ra[jh]i Trading, which is less 
  controversial than the bank.). [OCC-PSI-00343527]..............   929

76. GExcerpt from HBUS Global Banknotes--Purchases & Sales USD--
  2008 vs 2009. [HSBC OCC 5364770, 784, 793, 794]................   932

77. GHSBC internal email, dated November 2006, re: Al Rajhi 
  Banking (. . . the PCM Regional Sales Manager at HBME in 
  Bahrain . . . has called to say that Al Rajhi has now run out 
  of patience waiting for us to re-start our banknote trading 
  relationship . . .). [HSBC OCC 3280505]........................   936

78. GHSBC internal email, dated November 2006, re: Al Rajhi 
  Banking (At the end of the day, its Compliance who's the key.). 
  [OCC-PSI-00150795].............................................   937

79. GHSBC internal email, dated November 2006, re: Alrajhi [sic] 
  (To cancel the Amanah business is much bigger than not dealing 
  with banknotes.). [OCC-PSI-00150798]...........................   939

80. GHSBC internal email, dated December 2006, re: Al Rajhi Bank 
  (. . . the notion of `no smoke without fire' is one we must 
  bear in mind and any business unit dealing with this entity 
  must acknowledge the associated risks.). [OCC-PSI-00150892]....   942

81. GHSBC internal email, dated July 2007, re: Al Rajhi Bank in 
  Saudi Arabia (This article on Al Rajhi Bank & TF was in the 
  Wall Street Journal today.). [HSBC OCC 2830874-879]............   943

82. GHSBC internal email, dated November 2007, re: ISLAMI BANK 
  BANGLADESH LIMITED (. . . the money is there and we should go 
  for this account.). [HSBC OCC 0739987-991].....................   949

83. GHSBC internal email, dated November 2007, re: ISLAMI BANK 
  BANGLADESH LIMITED--Bangladesh (. . . the Al-Rajhi family has 
  been associated with Islami Bank, Bangladesh Limited, since its 
  inception.). [OCC-PSI-00154139]................................   954

84. a. GHSBC internal email, dated August 2009, re: EDD Report of 
  Findings [redacted] Bank Ltd in Bangladesh (BN-SP & PCM) (I 
  support Hersel's stance that this is such a large bank hence 
  malfeasance is expected.). [HSBC OCC 7688017-024]..............   958

   b. GHSBC internal email, dated September 2005, re: Report of 
  Findings--[redacted] Bank--FIG (Yes, corruption can be rampant 
  in this bank. . . .). [HSBC OCC 7690024-032]...................   964

85. GHSBC Know Your Customer Profile for Al Rajhi Banking & 
  Investment Corp, October 2010. [HSBC-PSI-PROD-0102310-324].....   967

86. GHSBC Know Your Customer Profile for Islami Bank Bangladesh 
  Limited, June 2011. [HSBC-PSI-PROD-0117222-237]................   982

87. a. GIslami Bank Bangladesh Ltd. responses to questions from 
  the U.S. Senate Permanent Subcommittee on Investigations, July 
  4, 2012. [PSI-IBBL-01-0001-003]................................   998

   b. GSocial Islami Bank Ltd. responses to questions from the 
  U.S. Senate Permanent Subcommittee on Investigations, July 10, 
  2012. [PSI-SIBL-01-0001-004]...................................  1001

Documents Related to Hokuriku Bank--Cashing Bulk Travelers 
  Checks:

88. GHSBC internal email, September 2008, re: Hokuriku Bank Ltd--
  Compliance query (Information from Hokuriku Bank regarding some 
  of the car dealerships they do business with that we 
  questioned. Its very limited information that took us over a 
  month to get.). [OCC-PSI-00409214-216].........................  1005

89. GHSBC internal email, dated November 2008, re: Hokuriku Bank 
  (This use of cash letter is inappropriate and the Committee has 
  concluded that PCM should no longer allow Hokuriku to send 
  traveler's checks through cash letter.). [OCC-PSI-00808695]....  1017

90. GHSBC internal email, dated December 2008, re: Hokuriku 
  Bank--information needed (They have been good enough to provide 
  information so far but as you may understand from bank secrecy 
  view point, they should not or cannot disclose customer 
  information.). [OCC-PSI-00811358]..............................  1024

91. GHSBC internal email, dated December 2008, re: SK Trading (. 
  . . we uncovered huge amounts of [redacted] travelers' checks 
  (daily averages of $500M to $700M per day) being processed by 
  HSBC for their correspondent Hokuriku Bank in Japan.). [OCC-
  PSI-00888526]..................................................  1037

92. GHokuriku Bank, Ltd. responses to questions from the U.S. 
  Senate Permanent Subcommittee on Investigations, June 26 and 
  29, 2012. [PSI-HokurikuBank-01-0001-005 and PSI-HokurikuBank-
  02-0001].......................................................  1038

Documents Related to HBUS Private Bank Americas--Offering Bearer 
  Share Accounts:

93. GHSBC internal email, dated August 2007, re: Bearer Share 
  Companies (The following is our current policy for Bearer Share 
  Corporations in NY . . .). [OCC-PSI-00318438]..................  1044

94. GHSBC internal email, dated December 2007, re: Bearer Share 
  Corporation Policy (IPB Miami maintains existing accounts for 
  1,679 Bearer Share Corporations of which 126 are considered 
  High Risk.). [OCC-PSI-00226652]................................  1059

95. GTranscript of 4/25/2007 telephone conversation between HBUS 
  Claude Mandel and Mauricio Cohen (Mr. Cohen: But I can't put 
  that, otherwise I have to declare them in the United States? I 
  can't do that, I don't want to declare . . . otherwise, I have 
  to close the accounts with you and go to Geneva.). [HSBC-PSI-
  PROD-0024791-795]..............................................  1062

96. a. GHSBC internal email, dated June 2007, re: Waiver Request 
  (The two accounts are bearer shares. The client does not want 
  neither to register nor custodize the shares, and they do not 
  want to sign the BOL.). [OCC-PSI-00214516].....................  1067

   b. GHSBC internal email, dated June 2007, re: Waiver Request 
  (I would do it without going to Geneva but audit wrote up DPB 
  on a similar situation.). [OCC-PSI-00214534]...................  1071

97. Documents related to Peruvian Family:

   a. GHSBC internal email, dated June 2007, re: [redacted] 
  Family (I spoke to Susan Wright, Group Head of AML. She is 
  reluctant to grant the exception but will consider it.). [OCC-
  PSI-00214880]..................................................  1073

   b. GHSBC internal email, dated June and July, 2007, re: 
  [redacted] Family (This is too important a family in Peru for 
  us not to want to do business with, . . .). [OCC-PSI-00215211].  1075

Documents Related to OCC--Exercising Ineffective AML Oversight:

98. GHSBC internal email, dated February 2010, re: OCC Meeting 
  (In light of the extent of our alert backlogs, Sally indicated 
  that they will shortly be issuing a Supervisory Letter . . .). 
  [HSBC OCC 3405315-316].........................................  1081

99. GHSBC internal email, dated June 2009, re: GMO business 
  reviews--LATAM (The inherent AML risk in Mexico is still very 
  high . . .). [HSBC OCC 8874895]................................  1083

Additional Documents:

100. GCorrespondence from the Comptroller of the Currency (OCC) 
  to the Permanent Subcommittee on Investigation, September 20, 
  2012, on actions taken by the OCC since the Subcommittee's July 
  2012 hearing. [PSI-OCC-45-0000010-016].........................  1084

101. GResponses to supplemental questions for the record from 
  HSBC, September 11 and 25, 2012. [PSI-HSBC-80-000001-006, PSI-
  HSBC-81-000001-003]............................................  1100

                                VOLUME 2

102. GDocuments cited in footnotes to U.S. Vulnerabilities to 
  Money Laundering, Drugs, and Terrorist Financing: HSBC Case 
  History, the Report released in conjunction with the 
  Subcommittee hearing on July 17, 2012. A Document Locator List 
  provides Bates numbers and document descriptions of the 
  documents cited in the Report. Not included are documents 
  related to Subcommittee interviews, which are not available to 
  the public, and widely available public documents..............  1109

 
                     U.S. VULNERABILITIES TO MONEY
                    LAUNDERING, DRUGS, AND TERRORIST
                      FINANCING: HSBC CASE HISTORY

                              ----------                              


                         TUESDAY, JULY 17, 2012

                                 U.S. Senate,      
              Permanent Subcommittee on Investigations,    
                    of the Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 9:36 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Carl Levin, 
Chairman of the Subcommittee, presiding.
    Present: Senators Levin and Coburn.
    Staff Present: Elise J. Bean, Staff Director/Chief Counsel; 
Mary D. Robertson, Chief Clerk; Laura E. Stuber, Senior 
Counsel; Robert L. Roach, Counsel and Chief Investigator; Eric 
Walker, Detailee; Kristin Gwin, Congressional Fellow; 
Christopher Barkley, Staff Director to the Minority; Keith B. 
Ashdown, Chief Investigator to the Minority; Adam Henderson, 
Professional Staff Member; Dennis Bogucz, Congressional Fellow; 
Brian Egger, Detailee; Beth Baltzan, Congressional Fellow; Noah 
Czarny, Law Clerk; Bill Gaertner, Law Clerk; Curtis Kowalk, Law 
Clerk; Lane Powell, Law Clerk; Arielle Woronoff, Law Clerk; 
Sofia Knutsson, Intern; and Jacquelyn Jones, Law Clerk.

               OPENING STATEMENT OF SENATOR LEVIN

    Senator Levin. Good morning, everybody. Today's hearing 
will examine the money-laundering, drug-trafficking, and 
terrorist-financing risks created in the United States when a 
global bank uses its U.S. affiliate to provide U.S. dollars and 
access to the U.S. financial system to a network of high-risk 
affiliates, high-risk correspondent banks, and high-risk 
clients.
    Most international banks have a U.S. affiliate. They use it 
in part to compete for U.S. clients and business, but also to 
provide themselves with access to the U.S. financial system. 
Global banks want access to U.S. dollars because they are 
accepted internationally, they are the leading trade currency, 
and they hold their value better than any other currency. They 
want access to U.S. wire transfer systems because they move 
money across international lines quickly, securely, and to the 
farthest corners of the Earth. They want to clear U.S. dollar 
monetary instruments like travelers checks, bank checks, and 
money orders. And they want the safety, efficiency, and 
reliability that are the hallmarks of U.S. banking.
    The problem here is that some international banks abuse 
their U.S. access. Some allow affiliates operating in countries 
with severe money-laundering, drug-trafficking, or terrorist-
financing threats to open up U.S. dollar accounts without 
establishing safeguards at their U.S. affiliate. Some operate 
in secrecy jurisdictions. Some allow poorly managed or corrupt 
foreign banks to make use of an affiliate's U.S. dollar 
account. Others allow high-risk clients to use those accounts 
without taking adequate anti-money laundering (AML) steps. Some 
even allow their affiliates to pressure their U.S. cousins to 
ease up on U.S. AML restrictions or look the other way when 
they spot suspicious activity. The end result is that the U.S. 
affiliate can become a sinkhole of risk for an entire network 
of bank affiliates and their clients around the world playing 
fast and loose with U.S. rules.
    The consequences are the ones you would expect from 
operating a U.S. bank with inadequate safeguards against money 
laundering. The U.S. bank can end up aiding and abetting 
transactions that fund terrorists, drug cartels, corrupt 
dictators, and tax cheats, because all of them want access to 
the U.S. financial system, too, and for the same reasons. 
Wrongdoers can use U.S. dollars and U.S. wire transfers to 
commit crimes, arm terror groups, produce and transport illegal 
drugs, loot government coffers, and even pursue weapons of mass 
destruction. That is why our country has made combating money 
laundering and terrorist financing a national security 
imperative.
    For the last decade, this Subcommittee has contributed to 
the battle against money laundering and terrorist financing by 
exposing problems that increase U.S. vulnerabilities to abuse. 
In 2001, for example, this Subcommittee released a report 
showing how U.S. banks that offer accounts to foreign banks, 
engaging in what is known as correspondent banking, can become 
conduits for illegal proceeds involving organized crime, drug 
trafficking, or financial fraud. Back then, most U.S. banks 
opened a correspondent account for any foreign bank with a 
banking license. After our hearing, U.S. banks took a harder 
look and assessed the risks before opening a correspondent 
account. In 2002, Congress cited our hearings when enacting 
tougher AML laws in the PATRIOT Act, including in that Act a 
provision making it a legal obligation for U.S. banks to 
conduct a due diligence review before opening an account for a 
foreign bank.
    Tougher AML laws have helped deny criminals access to the 
U.S. financial system. But as our report that we are releasing 
today shows, enormous problems remain.
    To illustrate those problems, today's hearing focuses on a 
case study involving HSBC, one of the largest banks in the 
world. Headquartered in London, HSBC has a network of over 
7,200 offices in more than 80 countries, 300,000 employees, and 
2011 profits of nearly $22 billion. HSBC has been among the 
most active banks in Asia, the Middle East, and Africa. It 
first acquired a U.S. presence in the 1980s; today its leading 
U.S. affiliate is HSBC Bank USA, sometimes called ``H-BUS.'' 
That HBUS affiliate now has 470 branches across the United 
States and 4 million customers here.
    HBUS is the key U.S. nexus for the entire HSBC worldwide 
network. In 2008, HBUS processed 600,000 wire transfers per 
week; in 2009, two-thirds of the U.S. dollar payments that HBUS 
processed came from HSBC affiliates in other countries. One 
HSBC executive told us that a major reason why HSBC opened its 
U.S. bank was to provide its overseas clients with a gateway 
into the U.S. financial system.
    Now, add on top of that, HBUS's history of weak AML 
controls, and you have a recipe for trouble. In 2003, the 
Federal Reserve and New York State Banking Department took a 
formal enforcement action requiring HBUS to revamp its AML 
program. HBUS, which was then converting to a nationally 
chartered bank under the supervision of the Office of the 
Comptroller of the Currency (OCC) made changes, but even before 
the OCC lifted its order in 2006, the bank's AML program began 
deteriorating. In September 2010, the OCC issued a supervisory 
letter, 31 pages long, describing a long list of severe AML 
deficiencies, and followed in October 2010 with a cease and 
desist order requiring HBUS to revamp its AML program a second 
time.
    The OCC cited, among other problems, a massive backlog of 
unreviewed alerts identifying potentially suspicious activity; 
a failure to monitor $60 trillion in wire transfers and account 
activity; a failure to examine risks at HSBC's overseas 
affiliates before providing them correspondent banking 
services; and a failure, over a 3-year period, to conduct AML 
checks on more than $15 billion in bulk cash transactions with 
those same affiliates.
    To examine the issues, the Subcommittee issued subpoenas, 
reviewed more than 1.4 million documents, and conducted 
extensive interviews with HSBC officials from around the world, 
as well as officials at other banks, and with Federal 
regulators. HSBC has cooperated fully with our investigation.
    The Subcommittee's work identified five key areas of 
vulnerability exposed by the HSBC history. The five areas 
involve the following:
    First, providing U.S. correspondent accounts to high-risk 
HSBC affiliates without performing due diligence, including a 
Mexican affiliate with unreliable AML controls.
    Second, failing to stop deceptive conduct by HSBC 
affiliates to circumvent a screening device designed to block 
transactions by terrorists, drug kingpins, and rogue nations 
like Iran;
    Third, providing bank accounts to overseas banks with links 
to terrorist financing;
    Fourth, clearing hundreds of millions of dollars in bulk 
U.S. dollar travelers checks, despite serious suspicious 
circumstances;
    And, finally, offering bearer share accounts, a high-risk 
account that invites wrongdoing by facilitating hidden 
corporate ownership.
    Let us take each in turn.
    First, the issue of high-risk affiliates. HSBC operates 
affiliates in 80 countries, including jurisdictions facing 
major money-laundering, drug-trafficking, or terrorist-
financing challenges as well as weak AML laws and oversight. 
Yet, until recently, HSBC's London-based parent company, known 
as the HSBC Group, instructed its affiliates to assume that 
every HSBC affiliate met the group's AML standards and 
automatically was told to provide it with correspondent banking 
services. HBUS did as told and opened U.S. correspondent 
accounts for more than 80 HSBC affiliates, ignoring our law, 
the American law requiring due diligence reviews before opening 
U.S. accounts for foreign banks.
    HBUS's dealings with an HSBC affiliate in Mexico illustrate 
the money laundering dangers. HSBC Mexico (HBMX), operates in a 
high-risk country battling drug cartels; it has had high-risk 
clients such as casas de cambios; and it has offered high-risk 
products such as U.S. dollar accounts in the Cayman Islands, a 
jurisdiction known for secrecy and money laundering. HBMX also 
has a long history of severe AML deficiencies. You add all that 
up and the U.S. bank should have treated HBMX, the Mexican 
affiliate, as a high-risk account for AML purposes. But it did 
not.
    Instead, HBUS treated HBMX as such a low-risk client bank 
that it did not even monitor their account activity for 
suspicious transactions. In addition, for 3 years, from mid-
2006 to mid-2009, HBUS conducted no monitoring of a banknotes 
account used by HBMX to physically deposit billions of U.S. 
dollars from clients, even though large cash transactions are 
inherently risky and Mexican drug cartels launder U.S. dollars 
from illegal drug sales. Because our tough AML laws in the 
United States have made it hard for drug cartels to find a U.S. 
bank willing to accept huge unexplained deposits of cash, they 
now smuggle U.S. dollars across the border into Mexico and look 
for a Mexican bank or casa de cambio willing to take the cash. 
Some of those casas de cambios had accounts at HBMX, which in 
turn took all the physical dollars that it got, transported 
them by armored car or aircraft back across the border to HBUS 
for deposit into its U.S. banknotes account, completing the 
laundering cycle.
    Over 2 years, from 2007 to 2008, HBMX shipped $7 billion in 
physical U.S. dollars to HBUS. That was more than any other 
Mexican bank, even one twice HBMX's size. When law enforcement 
and bank regulators in Mexico and the United States got wind of 
the banknotes transactions, they warned HBMX and HBUS that such 
large dollar volumes were red flags for drug proceeds moving 
through the HSBC network. In 2008, after warnings from 
regulators, HBMX stopped taking large deposits of U.S. dollars, 
but for years, HBUS provided an easy gateway into our financial 
system for suspicious cash from their foreign affiliate in 
Mexico.
    Next, a second problem involves actions taken by some HSBC 
affiliates to circumvent a U.S. ban on bank transactions 
involving designated drug traffickers, terrorists, or rogue 
regimes such as Iran. To enforce that ban, the U.S. Treasury 
Department's Office of Foreign Assets Control (OFAC) has 
developed a list of prohibited persons which banks use to 
develop what is known as an ``OFAC filter'' to identify and 
stop prohibited or suspicious transactions.
    The Subcommittee found that for years HSBC affiliates in 
Europe and the Middle East acted to circumvent the OFAC filter 
when sending U.S. dollar transactions involving Iran through 
their accounts at HBUS. Although they viewed these transactions 
as legal under a U.S. exception for so-called ``U-turn'' 
transactions, the affiliates did not want to trigger the OFAC 
filter and undergo the individualized reviews required to make 
sure that they were legal. So they stripped out or omitted any 
reference to Iran from the paperwork. An outside auditor hired 
by HBUS has found that, from 2001 to 2007, HSBC affiliates sent 
nearly 25,000 transactions involving Iran, worth over $19 
billion, through HBUS and other U.S. accounts while concealing 
any link to Iran in 85 percent of the transactions.
    HSBC's chief compliance officer and other senior executives 
in London knew what was going on, but allowed the deceptive 
conduct to continue. While some HBUS officials in the United 
States claim not to have known they were processing undisclosed 
Iranian transactions, documents show that key HBUS officials 
were informed early on. HBUS compliance and payment executives 
repeatedly told HSBC affiliates that they had to use fully 
transparent Iranian transactions, but when faced with evidence 
that the affiliates were secretly circumventing the OFAC 
filter, nobody in HBUS confronted those affiliates, brought the 
issue to a head, and forced the transactions to the light. 
Problems also arose when some HSBC affiliates tried to 
circumvent the OFAC filter to send potentially prohibited 
transactions involving other countries like Sudan or North 
Korea.
    OFAC programs are aimed at exposing and disabling the 
financial dealings of some of the most dangerous persons and 
regimes in the world, including terrorists, persons involved 
with weapons of mass destruction, drug traffickers, and rogue 
jurisdictions. The OFAC filter is the key to blocking 
prohibited transactions from polluting the U.S. financial 
system. Global financial institutions have a special 
responsibility to respect OFAC prohibitions, but that is not 
what happened here. While HSBC affiliates may have been aiming 
simply at avoiding processing delays, circumventing OFAC 
safeguards can also facilitate transactions undertaken by some 
of the world's worst wrongdoers.
    A third issue involves the fact that HSBC is active in 
regions of the world with significant terrorism challenges 
while demonstrating a worrisome willingness to do business with 
banks that have links to terrorist financing. One example 
involves Al Rajhi Bank, the largest private bank in Saudi 
Arabia. After the September 11, 2001 terrorist attack on the 
United States, evidence emerged that the bank's key founder was 
an early financial benefactor of al-Qaeda and that it provided 
accounts to suspect clients.
    In 2005, HSBC Group told its affiliates to sever ties with 
that bank, but they made an exception for HSBC Middle East. 
Four months later, without explaining why, HSBC Group reversed 
itself and said that all of its affiliates could decide whether 
to do business with Al Rajhi Bank. HBUS chose to close its Al 
Rajhi accounts. Over the next 2 years, however, its own bankers 
and bankers from other HSBC affiliates pressed HBUS to resume 
ties with Al Rajhi Bank. And in 2006, after Al Rajhi Bank 
threatened to pull all of its business from HSBC unless HBUS 
reinstated its U.S. dollar banknotes account, HSBC gave in. And 
over the next 4 years, HBUS supplied Al Rajhi Bank with nearly 
$1 billion in U.S. dollars, stopping only when HSBC made a 
global decision to exit the banknotes business altogether.
    The fourth area of concern involves HBUS's willingness to 
clear suspicious bulk travelers checks for foreign banks. From 
2005 to 2008, on a regular basis, HBUS cleared $500,000 or more 
per day in bulk travelers checks for the Hokuriku Bank of 
Japan. Routinely, these checks arrived in large stacks of 
sequentially numbered checks signed and countersigned with the 
same illegible signature. Forced by the Office of the 
Comptroller (OCC) of the Currency--to investigate, HBUS found 
the Japanese bank could not provide any ``know your client'' 
information or any explanation of why two dozen of its 
customers, supposedly in the used-car business, were often 
depositing $500,000 a day in U.S. dollar travelers checks 
purchased from the same bank in Russia. Under OCC pressure, 
HBUS stopped clearing the travelers checks in 2008, but kept 
open the correspondent account, despite the Japanese bank's 
poor AML controls. In less than 4 years, HBUS provided over 
$290 million in U.S. dollars to a Japanese bank for the benefit 
of Russians, again, supposedly in the used-car business.
    Finally, there is HBUS's willingness to offer accounts to 
bearer share corporations. These corporations are prime 
vehicles for money laundering and other illicit activity by 
providing anonymity through assigning legal ownership of the 
corporation to whoever has physical possession of its shares. 
Over a decade, HBUS opened accounts for 2,000 such 
corporations, despite warnings by internal auditors and outside 
regulators that the accounts posed high money-laundering risks. 
Documents show that the actual account owners deliberately 
pressured the bank to help hide their identities. One such 
account was used by a father-son team of Miami Beach hotel 
developers who were later convicted of tax fraud for hiding 
$150 million in assets.
    Bearer share accounts, suspicious travelers checks, banks 
with terrorist-financing links, hidden transactions dodging 
OFAC safeguards, and Mexican drug money--none of them represent 
the types of transactions we want in a U.S. bank. If the parent 
corporation of a global bank cannot do a better job policing 
its affiliates, we should not be providing a bank charter to 
their U.S. affiliate. If the U.S. affiliate cannot do a better 
job of standing up to affiliate pressures and safeguarding the 
U.S. financial system, Federal regulators should consider 
whether to pull its charter.
    HSBC Group recently issued a policy statement declaring 
that all of its affiliates would be subject to the highest AML 
standards among them; that its affiliates would start sharing 
information to strengthen their AML defenses; and that all 
affiliates would be subject to diligence reviews. HBUS has more 
than doubled the size of its AML compliance department, put in 
a new AML monitoring system, and closed over 395 high-risk 
correspondent accounts. These are all good steps, but we saw 
this movie before in 2003. The recent commitments are welcome. 
Apologies and commitments to improve are also welcome. But 
accountability for past conduct is essential, and that is what 
has been missing here.
    It is bad enough that a single bank such as HSBC exposes 
the U.S. financial system to multiple-money laundering risks. 
It is made worse when there is a failure of anti-money 
laundering oversight by the regulator which is supposed to 
oversee our biggest banks--the OCC. It is of great concern to 
the Subcommittee, and it should be of great concern to every 
American, that the OCC tolerated the mounting AML problems at 
HBUS for 5 years, without taking any formal or informal 
enforcement action. In addition, when the OCC decided the 
problems had gone far enough, it lowered HBUS's consumer 
compliance rating instead of its safety and soundness rating. 
Every other Federal banking agency treats anti-money laundering 
deficiencies as a matter of safety and soundness of the bank. 
Only the OCC treats anti-money laundering deficiencies as if 
they were a matter of consumer protection law. Anti-money 
laundering safeguards are not aimed at protecting bank 
customers; they are aimed at protecting the entire American 
public from wrongdoers seeking to misuse the U.S. financial 
system.
    The new leadership at the OCC needs to move swiftly to 
correct the previous oversight shortfalls and to assure that 
promised changes at HSBC are implemented promptly and 
effectively.
    Our report contains many recommendations to address the 
abuses that we have identified. Among the most important are 
the following:
    HBUS should identify which of its sister affiliates are 
high risk, subject them to enhanced monitoring, and in 
particular, review whether it should close the account of 
HSBC's Mexican affiliate.
    HBUS should beef up its OFAC compliance program by auditing 
affiliate transactions to see if they are circumventing the 
safeguards that protect our country and other countries from 
terrorists, drug traffickers, and rogue jurisdictions.
    HBUS should close accounts with banks suspected of 
involvement in terrorist financing, revamp its travelers check 
controls, and eliminate bearer share accounts.
    HSBC should require affiliates to share information to 
strengthen their anti-money laundering defenses, and should 
continue to beef up its compliance program which was given 
short shrift in the past.
    At the OCC, the agency should follow the lead of other 
regulators and treat anti-money laundering compliance as a 
matter of safety and soundness of banks.
    The new OCC leadership needs to get the OCC moving against 
money laundering by identifying statutory violations, not just 
identifying failures of banks as Matters Requiring Attention, 
in the face of significant anti-money laundering deficiencies.
    Global banks have caused the world a lot of heartache. Our 
focus today is one global bank that failed to comply with rules 
aimed at combating terrorism, drug trafficking, and the money 
laundering that fuels so much of what threatens the global 
community. I want to thank my staff for their extraordinary 
work. I want to thank Senator Coburn for all of his support and 
for the work of his staff. And I now turn to him for his 
opening statement.

              OPENING STATEMENT OF SENATOR COBURN

    Senator Coburn. Thank you, Mr. Chairman. I normally submit 
an opening statement for the record and make a few short 
comments. I will not do that today because of the gravity of 
the problem that we face, and I want to make sure my words are 
heard and part of the record.
    I agree with most of what we heard Senator Levin say. I 
want to thank him for his tireless work on this issue. He is 
one of my favorite bulldogs in terms of when he gets a hold of 
something, he really does not let go of it. I do not always 
agree with the number of teeth that he loses when he grabs hold 
of it, but the fact is that he does grab hold of it.
    I would also like to thank both the Office of the 
Comptroller of the Currency and HSBC Bank, and the reason I am 
thanking them is because in the years that I have been on this 
Subcommittee and this Committee, which is 8 years now, I have 
never seen the type of cooperation that we received both from a 
government agency and a private entity. OCC provided a number 
of people for interviews as well as essential documents about 
the regulatory process. HSBC Bank officials likewise sat for 
dozens of interviews and handed over millions of pages of 
documents. Some of today's witnesses were flown in from posts 
around the world.
    As Chairman Levin laid out in his statement, the 
Subcommittee's investigation into anti-money laundering and 
anti-terror finance efforts at HSBC has covered quite a bit of 
ground. PSI examined in detail the types of vulnerabilities our 
Nation faces from criminals and terrorists who want to take 
advantage and abuse our banking system and take away our 
freedoms. What we learned is that the United States faces some 
very unique risks, both because of our post-September 11, 2001 
security needs and because of the strength of our financial 
system, which attracts worldwide attention.
    Every day, countless transactions denominated in U.S. 
dollars occur around the world. This is good for our economy, 
which benefits from a strengthened currency and increased 
economic activity. But criminals around the globe are also 
drawn to U.S. banks, which offer the attractive option of 
making illicit funds look legitimate. If they can pass criminal 
proceeds through a U.S. bank unnoticed and untouched, the funds 
are unlikely ever to be stopped or ever be recovered.
    This hearing raises the big and important questions. Banks 
want to obey the law, but also grow their businesses. What 
happens when the two goals conflict? Banks want to know their 
customers, but some customers want privacy. How do we resolve 
this? As we write AML policy, we should look for ways to get 
all boats rowing in the same direction, letting banks and 
government each do what they do best as we all work to combat 
crime and terror.
    At HSBC, we uncovered a number of troubling examples in 
which weak AML systems may have let criminal or terrorist funds 
pass through. In Mexico, for example, as the Chairman said, 
billions of U.S. dollars flowed from the HSBC affiliate in 
Mexico. The Mexico affiliate was the single largest exporter of 
U.S. dollars in Mexico to HBUS. U.S law enforcement and the 
regulatory entities have concluded that because of the volume 
of money, it likely came from proceeds of the illegal drug 
trade--not a far assumption.
    In another case, an Iranian bank was allowed to initiate 
U.S. dollar transactions that HSBC would process through the 
United States without explaining where they came from. At the 
time, however, there were severe legal restrictions on any 
payments coming from or going to Iran, most often meaning they 
would be manually inspected. HSBC's affiliate in London coached 
the Iranian bank on how to get the payments through the United 
States without inspection and simply requested the bank send 
transactions that would not violate U.S. law. In effect, it 
relied exclusively on an Iranian bank to comply with a law 
intended to catch payments from Iranian banks. The bank or the 
officials that made the decision were either naive or willfully 
blind.
    This is why tough AML laws are important. If illicit funds 
can be tracked and stopped, there are fewer places for 
criminals and terrorists to hide. And while our focus has been 
on the problems we found at HSBC Bank, we also have to 
emphasize that similar problems exist at other banks. For 
example, Citibank, Bank of America, Wachovia, Western Union, 
and others have come under scrutiny for laundering drug cartel 
profits.
    The purpose of this hearing, then, is not just to make an 
example of HSBC as if it were an anomaly. Rather, this hearing 
is to help Congress understand what kind of risks this Nation 
faces and what we should do to reduce them. If we can get a 
better handle on the risks by looking closely at the operations 
of a single bank, we can write better laws and achieve our true 
goals: Stopping crime and preventing terror.
    With that in mind, I believe there are several lessons we 
can learn from the problems that we uncovered at HSBC Bank.
    First, banks around the world operate under different laws, 
creating different sensitivities to money laundering. While 
this seems apparent, it was not clear how much this would 
affect a bank with worldwide affiliates until we took a closer 
look. In the case of HSBC, its bank in the United States 
operated differently even than its own affiliates in London, 
Mexico, and the Middle East. Failure to recognize this can lull 
us into thinking we can rely on foreign banks to carry out U.S. 
law.
    Second, bank regulators are sometimes better at identifying 
money-laundering vulnerabilities than knowing how to fix them. 
Throughout this inquiry, it became clear the Office of the 
Comptroller of the Currency was aware of many of HSBC's AML 
weaknesses, which it frequently pointed out. It was often at a 
loss, however, to prescribe how HSBC could eliminate the 
weaknesses. And so its record of enforcement at HSBC resembles 
a lapdog rather a watchdog that we sorely need.
    We have also learned recently that investigators from 
Treasury's own Office of Inspector General have cited OCC 
personnel for unethical practices. This, unfortunately, does 
not seem to be an isolated incident, and we will go into 
greater detail in that as we see the facts unfold. Taken 
together with our Subcommittee's findings in this 
investigation, these conflicts are startling and suggest 
Congress should give closer scrutiny to the OCC's actions.
    The purpose here is to stop criminals from hiding their 
illicit funds and preventing terrorists from having the freedom 
to plot and plan. The metrics we use to measure a bank's AML 
compliance need to focus less on form and more on substance. 
How well are we achieving our goal?
    This Subcommittee has shown the kinds of vulnerabilities 
that we now face. Too often what we found left us very 
troubled, both for the risks to our Nation and for the level of 
effort we saw to eliminate them. HSBC made its share of 
mistakes, for which it is now being held accountable.
    But what we must all remember is that money laundering 
always begins with a crime, and this ultimately is what we mean 
to fight. To the extent that this hearing results in criminals 
and terrorists having fewer options to rob and harm the public, 
we will count it a success.
    It may be impossible to stop all money laundering. Most of 
what we call money laundering in a certain context is a benign 
transaction in another. Buying travelers checks is innocent 
behavior for the tourist, but suspicious behavior when they are 
purchased in bulk by terrorists or drug lords. This does not 
mean we should not try to stop criminals from laundering their 
money through U.S. banks, but we need to do so wisely.
    I appreciate the efforts that HSBC has made thus far to 
improve their AML systems, and I sincerely hope they stick. I 
look forward to hearing from their witnesses, as well as from 
the OCC, and appreciate their appearance before us today.
    Thank you, Mr. Chairman.
    Senator Levin. Thank you very much, Senator Coburn.
    I would now like to call our first panel of witnesses for 
this morning's hearing: The Hon. David S. Cohen, the Under 
Secretary for Terrorism and Financial Intelligence at the U.S. 
Department of the Treasury; and Leigh Winchell, the Assistant 
Director for Investigative Programs at the U.S. Immigration and 
Customs Enforcement (ICE). I very much appreciate both of you 
being with us this morning. We look forward to your testimony.
    Pursuant to our Rule VI, all witnesses who testify before 
the Subcommittee are required to be sworn, so at this time I 
would ask you both to please stand and raise your right hand. 
Do you swear that the testimony you are about to give before 
this Subcommittee will be the truth, the whole truth, and 
nothing but the truth, so help you, God?
    Mr. Cohen. I do.
    Mr. Winchell. I do.
    Senator Levin. We will use a timing system today. About 1 
minute before the red light comes on, you will see the lights 
change from green to yellow. That will give you an opportunity 
to conclude your remarks. Your written testimony, of course, 
will be printed in the record in its entirety, so please try to 
limit your oral testimony to 7 minutes.
    Mr. Cohen, we are going to have you go first, followed by 
Mr. Winchell, and after we have heard your testimony, we will 
then turn to questions. Please proceed, Mr. Cohen.

   TESTIMONY OF HON. DAVID S. COHEN,\1\ UNDER SECRETARY FOR 
 TERRORISM AND FINANCIAL INTELLIGENCE, U.S. DEPARTMENT OF THE 
                            TREASURY

    Mr. Cohen. Thank you, Chairman Levin and Senator Coburn. 
Thank you for inviting me to testify today. I am pleased to 
have the opportunity to discuss the importance of the Treasury 
Department's efforts to identify and combat money laundering 
and terrorist financing in the U.S. banking sector.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Cohen appears in the Appendix on 
page 94.
---------------------------------------------------------------------------
    At the outset, it is important to recognize that the United 
States maintains one of the strongest and most effective anti-
money laundering and counter-terrorist financing regimes in the 
world. This is a testament to the work of the Congress, 
including this Subcommittee, the regulators, the enforcement 
agencies, and the financial institutions themselves. But the 
scale, efficiency, and sophistication of the United States' 
financial system--particularly its banking sector--make it a 
prime target for those who seek to conceal and move illicit 
money. This involves not just money launderers, of course, but 
also terrorists, weapon proliferators, drug lords, and 
organized crime figures, who all at some point rely on the 
financial system to store, move, and launder the funds 
supporting or derived from their operations.
    Treasury's ability to protect the integrity of the U.S. 
financial system from abuse and to combat critical threats to 
our national security and foreign policy depends to a 
significant extent on the implementation by U.S. financial 
institutions of robust programs to prevent money laundering, 
terrorist financing, and sanctions evasion.
    This morning I would like to briefly address why effective 
anti-money laundering, counter-terrorist financing, and 
sanctions compliance programs are so critical to our national 
security and the integrity of our financial system, as well as 
some of the steps we are taking, along with our partners in 
Congress, the Executive Branch, and internationally, to improve 
the effectiveness of our anti-money laundering, counter-
terrorist financing, and sanctions compliance regime.
    Although it is difficult to measure with precision, by any 
estimate, the total amount of dirty money moved through and 
concealed within the U.S. financial system is massive--in the 
hundreds of billions annually. The sheer volume of money moving 
through the banking system in particular makes banks both the 
most vulnerable financial institutions for money laundering and 
terrorist financing and the most important line of defense 
against money laundering and terrorist financing. Our 
regulatory framework, overseen by Treasury's Financial Crimes 
Enforcement Network (FinCEN), along with the Federal functional 
regulators, was built to require financial institutions to 
implement risk-based anti-money laundering programs, to collect 
and report useful information to law enforcement and national 
security authorities for the purpose of combating the full 
range of illicit finance. This regulatory framework assists 
banks in identifying and managing risk and creates the 
foundation of financial transparency required to apply targeted 
financial measures, such as sanctions against specific actors 
or prohibitions against specific activity.
    To implement targeted financial sanctions, banks must 
screen clients and transactions against the Specially 
Designated Nationals (SDN) list, maintained by the Treasury's 
Office of Foreign Assets Control. This is a list of drug 
traffickers, weapons proliferators, terrorists, officials from 
rogue regimes, and other threats to our national security whose 
U.S. assets are frozen and who are generally forbidden from 
engaging in any transactions in the U.S. financial system.
    Despite the importance of robust anti-money laundering and 
sanctions compliance programs, recent civil enforcement actions 
by OFAC, FinCEN, and the Federal banking regulators illustrate 
that sometimes financial institutions fail to implement 
adequate programs, exposing the U.S. financial system to 
significant risks of money laundering and resulting in illicit 
actors gaining access to the U.S. financial system.
    We have seen, for example, an instance where a bank failed 
effectively to monitor its correspondent banking relationship 
with high-risk customers, resulting the processing of $420 
billion in cross-border financial transactions with 13 high-
risk Mexican casas de cambio from 2004 to 2007. We have also 
seen several cases where foreign banks stripped out the names 
of Iran or other sanctioned entities in wire transaction 
messages routed through the United States, resulting in 
billions of dollars of benefits to sanctioned parties.
    These and other similar cases have resulted in criminal 
fines and forfeitures of more than $4.6 billion over the past 6 
years. These cases raise important questions about 
vulnerabilities in the framework of anti-money laundering and 
counter-terrorist financing requirements that require immediate 
attention. As a result, Treasury is working closely with our 
interagency partners and the private sector to better 
understand the compliance challenges faced by financial 
institutions, clarify U.S. Government expectations of financial 
institutions, and strengthen the overall anti-money laundering 
and counter-terrorist financing regulatory structure.
    In addition to continuing to impose sanctions on weapons 
proliferators, narcotics traffickers, transnational criminals, 
human rights abusers, and terrorist financiers, my office is 
also focused on improvements to our regulatory framework. One 
of our most important initiatives is to examine whether the 
customer due diligence rules, the foundation of financial 
transparency, should be improved.
    Earlier this year, FinCEN issued an Advance Notice of 
Proposed Rulemaking suggesting ways to clarify, consolidate, 
and strengthen customer due diligence requirements for 
financial institutions, including an obligation to collect 
beneficial ownership information. We are also focused on 
combating the use of shell companies and other opaque legal 
structures that facilitate illicit financial activity. We 
strongly support legislation requiring disclosure of beneficial 
ownership information in the company formation process. And 
because strengthening anti-money laundering and counter-
terrorist financing regimes internationally directly benefits 
the integrity of the U.S. financial system, my office works 
with others in the U.S. Government through the Financial Action 
Task Force, the International Monetary Fund, the World Bank, 
and the United Nations to encourage foreign jurisdictions to 
implement measures to combat illicit finance.
    I began my testimony this morning by noting that the United 
States is home to one of the strongest anti-money laundering 
and counter-terrorist financing regimes in the world. In order 
to continue as the world leader in financial integrity, 
something we can and must do, we are obligated to push 
ourselves to identify where we can do better and to work 
tirelessly to get there. Today's hearing is one important step 
on this road, and I look forward to continuing to work with 
this Subcommittee to achieve this critical goal. Thank you.
    Senator Levin. Thank you very much, Mr. Cohen. Mr. 
Winchell.

   TESTIMONY OF LEIGH H. WINCHELL,\1\ ASSISTANT DIRECTOR FOR 
 PROGRAMS, HOMELAND SECURITY INVESTIGATIONS, U.S. IMMIGRATION 
 AND CUSTOMS ENFORCEMENT, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Winchell. Good morning, Chairman Levin and Senator 
Coburn. Thank you for the opportunity to appear before you 
today and discuss the efforts of the U.S. Immigration and 
Customs Enforcement to combat transnational criminal 
organizations and the illicit proceeds used to fund their 
criminal activities.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Winchell appears in the Appendix 
on page 99.
---------------------------------------------------------------------------
    Over the past two decades, transnational organized crime 
has transformed in size, scope, and impact, posing a 
significant threat to the national and international security. 
While the globalization of organized crime is not new, the 
magnitude, pace, and violence accompanying the illicit 
activities is alarming.
    For example, in the past 5 years, we have seen an 
unprecedented level of drug-related violence south of our 
border which has claimed over 47,000 lives since 2006.
    The fight against transnational organized crime is one of 
the highest priorities of ICE. With the most expansive 
investigative authority and the largest investigative force in 
the Department of Homeland Security (DHS), we work closely 
across agency and international boundaries with our law 
enforcement partners, creating a united front to disrupt and 
dismantle transnational criminal organizations. This is aided 
by our expansive global footprint. With a force of nearly 7,000 
special agents assigned to more than 200 U.S. cities in 71 
offices in 47 countries worldwide, our domestic and 
international network of agents all work in concert to target 
transnational crime.
    One of the most effective methods of dismantling a 
transnational criminal organization is to attack the criminal 
proceeds that is the lifeblood of their operations. In fiscal 
year 2011, Homeland Security Investigation special agents 
initiated nearly 4,300 financial investigations, resulting in 
nearly 1,800 arrests, over 1,000 criminal convictions, more 
than 7,700 seizures worth approximately $359 million, including 
$331 million in currency and monetary instruments.
    In 2010, ICE initiated a financial investigative project in 
the State of Arizona following an increase in cash activity at 
financial institutions along the U.S. and Mexican international 
border. As a result of recent changes in Mexican financial 
regulations, many criminal organizations were forced to explore 
new ways to exploit legitimate financial systems in order to 
launder their proceeds. A new trend emerged, known as the 
repatriation of the U.S. dollar, and coupled with the Mexican 
black market peso exchange, has led to an increase in 
identified U.S. currency along the southwest border region, in 
the last year and a half or so, approximately two-thirds of $1 
billion in the form of outbound international wires or 
cashier's check purchases from border branches of U.S. 
financial institutions, mostly to Mexico.
    In 2005, ICE initiated Operation Firewall as an effort to 
raise worldwide awareness of the dangers posed by the cross-
border movement and smuggling of illicit funds. Operation 
Firewall targets methods used to move and smuggle currency by 
focusing on all aspects of illicit cash movements. Since its 
inception, Operation Firewall has resulted in more than 5,700 
arrests, totaling more than $553 million, and the arrest of 
1,182 individuals. These efforts include 367 international 
seizures totaling nearly $258 million and 253 international 
arrests.
    In August 2009, ICE officially launched the National Bulk 
Cash Smuggling Center (BCSC) as a 24/7 investigative support 
and operations facility. Since its inception, the BCSC 
initiated over 500 criminal investigations, resulting in 
millions of dollars seized. The center has also provided 
training and outreach to over 21,000 Federal, State, and local 
law enforcement.
    ICE's interaction with the financial institutions from an 
anti-money laundering perspective is multilayered. Through our 
Cornerstone Outreach Initiative, ICE HSI special agents share 
lessons learned, best practices, and money-laundering 
typologies with the AML personnel from financial institutions 
throughout the world. As part of these outreach efforts, 
special agents show how the bank systems and processes can and 
are being exploited. By sharing this information, the financial 
institutions are better able to understand the threats, 
inherent vulnerabilities, and build counter measures into their 
training and automatic monitoring systems. These outreach 
presentations take place at local branch bank locations as well 
as through speaking engagements at AML conferences such as 
those hosted by the Association of Certified Anti-Money 
Laundering Specialists (ACAMS).
    In late 2009, HSI expanded their working relationship with 
the private sector through ACAMS to assist bank AML specialists 
to better identify and monitor financial activity related to 
non-traditional criminal groups. This expanded working 
relationship allows the members to learn more about current 
active financial indicators related to those crimes. The 
members can then incorporate what they have learned into 
creating models and filters within their AML software to more 
accurately identify financial transactions indicative of those 
crimes. The CAMS certification, obtained through ACAMS, is the 
most widely recognized AML certification among compliance 
professionals worldwide.
    Since its inception, HSI special agents have conducted over 
11,800 Cornerstone presentations and trained over 243,000 
participants worldwide. This outreach has resulted in the 
initiation of over 447 criminal investigations, led to the 
arrest of approximately 330 individuals, 280 indictments, and 
over $666 million seized.
    Recognizing the magnitude of transnational organized crime, 
ICE will continue to work closely with our law enforcement 
partners as well as with the industry to identify potential 
vulnerabilities that could be exploited by terrorists and other 
criminal organizations to earn, move, and store their illicit 
proceeds.
    I want to thank you again for the opportunity to appear 
before you today, and I would be pleased to answer any 
questions at this time.
    Senator Levin. Thank you both. Let us start with a 7-minute 
first round.
    Mr. Winchell, in your prepared testimony you talk about 
bulk cash, and we will be seeing a lot of discussion of that, 
about drug cartels smuggling U.S. dollars from the United 
States into Mexico, finding a Mexican bank or a casa de cambio 
willing to accept the cash, after which the financial 
institution brings or tried to bring the dollars back to the 
United States.
    Now, why would a drug cartel bother to smuggle U.S. dollars 
across the border into Mexico only to send those dollars or try 
to send those dollars back here again for deposit in our bank? 
Explain that circle. And why is it that process takes place? I 
tried in my opening statement to do it, but I would like to 
hear you try it also.
    Mr. Winchell. The laws that were initiated in Mexico 
involving the banking industry set certain limits on the amount 
of U.S. currency that could go into banks in any particular 
period of time; $7,000 for a business and $4,000 per individual 
per month, I believe, are what the figures are. Bulk cash is 
moved south across the border as the proceeds of their illicit 
activity in the United States and pooled in Mexico. They are 
sold then to money brokers anywhere between 4 to 7 percent 
discounted rate. That may be casas de cambios and others that 
they use then to move in bulk cash back across the United 
States border into U.S. institutions and then wired back into 
Mexico and exchanged at the current rate between Mexican 
dollars and pesos, and in essence completing the laundering 
process of cleaning the money.
    Senator Levin. But to put it simply, they cannot just 
directly deposit these drug sales money into U.S. banks because 
we have a Know Your Customer requirement. Is that correct?
    Mr. Winchell. That would be correct, sir. They have to find 
someone in Mexico that would be complicit with their activity.
    Senator Levin. But they want that money to be in U.S. 
banks, to get there and to be laundered.
    Mr. Winchell. Yes, sir.
    Senator Levin. So the short answer is they cannot do it 
directly, so they have to go through this process of sending it 
to a Mexican bank, if they can, and then having it returned 
cleansed. Is that correct?
    Mr. Winchell. That is correct.
    Senator Levin. Now, what is the relationship between the 
strength of a drug cartel and the ability of that drug cartel 
to launder money? Is it clear that the more it is able to 
launder its money, the stronger the cartel is?
    Mr. Winchell. Their profits fuel their activity. The more 
profit they have, in other words, the more legitimate money 
they can appear to have, the more they can fuel their illicit 
activity and then diversify their criminal activity. So the 
larger the cartel, the richer the cartel, the more powerful 
they get.
    Senator Levin. But also they will be more powerful if they 
can launder that money so that they can then diversify?
    Mr. Winchell. Absolutely.
    Senator Levin. All right. So that, again, we have all this 
huge violence on the border. We have drug cartels down in 
Mexico and drug groups here as well fighting for power, 
bringing violence to their streets and to our streets. And if 
they can successfully launder money, they are stronger. Is that 
accurate?
    Mr. Winchell. That would be very accurate.
    Senator Levin. OK. Mr. Cohen, would you agree that the more 
a terrorist can get their money through our system, the 
stronger a terrorist group will be?
    Mr. Cohen. I would, Mr. Chairman.
    Senator Levin. All right. Now, even though they have new 
rules down in Mexico, as you have just pointed out, I think 
starting in 2010, are illicit drug proceeds still being 
laundered into U.S. financial institutions, Mr. Cohen?
    Mr. Cohen. I think there is no question that there 
continues to be a problem with money laundering in U.S. 
financial institutions coming from Mexico, from the casas de 
cambio and other institutions in Mexico, as well as from other 
sources where illicit proceeds are placed into the U.S. 
financial system.
    Senator Levin. And, therefore, even though there have been 
changes in the laws, for instance, in Mexico and other efforts 
made to clamp down on the ability to launder money for these 
groups, the terrorist groups or drug cartels, it is still going 
on, and the efforts have continued. Can you give us some of the 
new efforts that are being made, the new challenges, Mr. Cohen, 
in this area of money laundering?
    Mr. Cohen. Well, to pick up on what Mr. Winchell was 
discussing earlier, with respect to Mexico, obviously there is 
a substantial amount of legitimate trade with Mexico and a 
substantial amount of legitimate U.S. dollars that are spent in 
Mexico. And what we see is these Mexican financial institutions 
working with casas de cambio and then working with U.S. 
financial institutions to take in U.S. dollars from the Mexican 
economy. Dirty money is layered in with legitimate funds and 
placed into U.S. financial institutions. That continues to be a 
serious problem even after the really very important and 
aggressive steps that the Mexican Government has taken to 
restrict the ability of businesses and individuals to deposit 
U.S. dollars directly into Mexican financial institutions.
    We have also seen some displacement of the money-laundering 
cycle, so instead of the drug dollars just moving into Mexico, 
because of the steps the Mexican Government has taken, we have 
seen some of these dollars move further south in coming back 
into the U.S. financial system from countries further into 
Central America.
    Senator Levin. Now, when law enforcement or bank regulators 
see a bank in a country with drug-trafficking challenges 
transporting large volumes of U.S. dollars to the United 
States, is a red flag that illegal drug proceeds might be 
involved?
    Mr. Cohen. I think financial institutions have in their 
anti-money laundering programs a whole series of factors that 
they look at to determine whether what is happening is normal, 
typical behavior or something out of the ordinary and whether 
it spikes in the amount of bulk cash coming in or other sort of 
anomalous activity. Those are the sorts of things that a well-
tuned anti-money laundering program should identify and cause a 
financial institution to look at more carefully.
    Senator Levin. OK. Senator Coburn.
    Senator Coburn. Thank you.
    Mr. Cohen, in your testimony, you stated that when 
safeguards are not stringently enforced, illicit actors are 
able to take advantage of the U.S. financial system. If they 
were all enforced 100 percent of the time, basically what I am 
hearing is they would still be able to take advantage of the 
U.S. financial system because when you blend good with bad from 
a legitimate organization--so what are the next steps to limit 
that down?
    Mr. Cohen. Well, Senator Coburn, I would draw a distinction 
between the OFAC list, the SDN list, and anti-money laundering 
programs in responding to this question. A properly functioning 
compliance program with respect to the SDN list should prohibit 
anybody on that list from getting access to any U.S. financial 
institution because banks can run the filter, run the names, 
and if a transaction is coming through from someone who is on 
the SDN list, it should be stopped.
    Preventing money laundering is a more difficult task, and 
the regulatory structure that we have implemented and that 
Congress has legislated through the Bank Secrecy Act and the 
PATRIOT Act and other amendments to Title 31 require a risk-
based approach by financial institutions to have an anti-money 
laundering program that is appropriate given the risk that the 
bank faces across the range of its activities.
    Every bank is going to approach this in a slightly 
different way, and every bank has a slightly different risk 
profile given its customer base domestically and how they 
interact with affiliates and non-affiliates overseas.
    I do not think anyone expects to ever achieve a financial 
system where there is absolutely no money laundering, but it is 
also the case that when financial institutions do not implement 
robust anti-money laundering programs across the range of their 
activities that is appropriately tuned to the risk that they 
face, there is a greater opportunity for illicit acts to get 
access to----
    Senator Coburn. So whose responsibility is it to see that 
the banks do just that?
    Mr. Cohen. Well, I think it is all of our responsibility--
--
    Senator Coburn. No, but it is specific to the Treasury, 
right?
    Mr. Cohen. Sure.
    Senator Coburn. It is the Treasury Department. Who in the 
Treasury Department is responsible for that? What agency?
    Mr. Cohen. Well, my office is responsible for helping to 
set policy. We have obviously the OCC, which is part of the 
Treasury Department, that is a bank regulator. It undertakes 
its regulatory activities independently from the Secretary of 
the Treasury by statute.
    Senator Coburn. Right.
    Mr. Cohen. There are obviously other bank regulators as 
well that regulate other financial institutions.
    Senator Coburn. But it is not necessarily that we do not 
have enough good regulations. Part of the problem is that the 
regulations we have are not being monitored and enforced 
properly. Would you agree with that statement?
    Mr. Cohen. Senator, I think as we continue to work on the 
issue of money laundering, I think we need to look both at the 
regulatory structure itself and see whether there are 
modifications that would be appropriate. And I also think we 
need to look at how effectively the regulators are overseeing 
financial institutions----
    Senator Coburn. Well, I think we have seen that. Our 
investigation is going to show a lot of lack of effectiveness. 
As a matter of fact, it does show a lot of a lack of 
effectiveness. So the point I am trying to get to is we can 
write all the rules and regulations in the world, but if they, 
in fact, are not carried out by the bureaucracy assigned to do 
that, it does not matter. So the whole point is: Do we write a 
whole bunch more regs? Do we make it even more complicated?
    One of the questions I had for you I am not going to ask. I 
will, if I may, Mr. Chairman, send supplemental questions to 
both of these witnesses. Of the people that are doing it 
right--and I am going to ask HSBC this, too. What is the cost 
of compliance with this as a percentage of the volume in their 
banks? And is there going to become a point at which it is not 
worth dealing with us? In other words, can we do it more 
effectively and more efficiently? And are we doing the right 
things?
    Mr. Cohen. Well, Senator, I think we are looking at, as I 
said, whether the regulatory structure needs some modification, 
not to make it more complicated but to make it more effective. 
I think we are looking at whether the financial institutions 
themselves need to do a better job in complying with the 
regulations. And we are working very closely with the bank 
regulators across the spectrum of regulators, both bank 
regulators and the regulators in the securities industry, to 
talk about how we all can do a better job of overseeing 
compliance in the regulated industries.
    Senator Coburn. Thank you.
    Mr. Winchell, just one question. I am going to submit my 
questions for the record to both of you, if I might, and have 
you respond to them, hopefully in a timely fashion. You talked 
about your outreach efforts have resulted in the initiation of 
950 criminal investigations. Did HSI agents identify the 
illicit funds or did the banks?
    Mr. Winchell. It was usually the banks that--I would think 
I would be safe in answering that question. Our outreach 
efforts are an attempt to educate them on the red flags, and 
then they would bring those to our----
    Senator Coburn. So you are getting some response?
    Mr. Winchell. Yes, sir.
    Senator Coburn. All right. And does your Trade Transparency 
Unit include partnerships with countries other than Central and 
South America?
    Mr. Winchell. Our Trade Transparency Unit continues to 
grow.
    Senator Coburn. But where is it now? Is it mainly Central 
and South America?
    Mr. Winchell. It is primarily Central and South America, 
but it is expanding towards the Philippines and others, now.
    Senator Coburn. And one thing I will ask you. Prepaid cards 
and stored value devices seems to be a new, novel method. I 
would love in the response to my questions from both of you on 
that, how are we going to handle that one? That one seems even 
more difficult.
    Mr. Winchell. That one is a bit of a challenge for us; 
particularly as the individual crosses back and forth across 
the border in bearer form, it is basically a bearer instrument. 
Of greater concern to us are the loadable and reloadable cards.
    Senator Coburn. All right. Thank you, Mr. Chairman.
    Senator Levin. Thank you very much, Senator Coburn.
    I just have one more question. You touched on this in the 
answer to Senator Coburn's question. Just explain for us, if 
you would, Mr. Cohen, very simply, what the SDN list is, what 
the OFAC filter is, and how the OFAC filter relates to the SDN 
list and why these are important.
    Mr. Cohen. Sure. The SDN list is the compilation of 
individuals and entities that have been subject to sanctions 
under the range of sanctions programs that OFAC and the 
Treasury Department implement. These sanctions programs cover 
illicit actors like terrorist financiers, weapons 
proliferators, transnational organized criminal groups, 
narcotics traffickers, as well as rogue regimes--Iran, North 
Korea, Syria, and others. Everybody who is subject to sanctions 
under those sanctions programs appears on the SDN list. This is 
a list that is published by OFAC, available to every financial 
institution, and by and large, financial institutions 
incorporate this list into their compliance programs and screen 
transactions coming through their financial institutions 
against this list, because everybody who appears on that list 
is forbidden from dealing with any U.S. person, including any 
U.S. financial institution, and their assets are to be frozen.
    It is critically important that financial institutions run 
the OFAC list in their filters so that our sanctions programs 
are effectively implemented. We rely on financial institutions 
to ensure that those for whom we have applied sanctions are not 
able to access the U.S. financial system. That makes our 
sanctions programs, which at root are designed to pursue our 
most important national security and foreign policy objectives, 
as effective as they can be.
    Senator Levin. How effective is the OFAC filter, in your 
judgment?
    Mr. Cohen. There are some notable examples of situations 
where financial institutions have taken steps to try and evade 
the OFAC filter. We have over the course of the last 5 or 6 
years entered into a number of significant settlements with 
major financial institutions that all have essentially the same 
fact pattern, which is that the foreign financial institution 
was stripping information from transaction messages running 
through the United States as a means to evade their U.S. 
partners' OFAC filter. Those are very important cases for us 
and I think illustrate how seriously we take this issue. But, 
at the same time, I think by and large, U.S. financial 
institutions do a good job of incorporating into their 
compliance programs the list of names and entities that are on 
the OFAC SDN list and screening transactions to prevent access 
to their institutions by those who are subject to sanctions.
    Senator Levin. Will you put in your words now--I asked Mr. 
Winchell this before. Put in your words why it is that these 
entities we are trying to keep out of our financial system try 
to get into our financial system. Why is it that they make this 
effort, in your words?
    Mr. Cohen. I think the simple answer is if you can run 
money through the United States, it helps to create an air of 
legitimacy to those funds that makes it easier for you to then 
make use of those funds for whatever purpose you want to put 
them to. And if this is dirty money that you are trying to 
portray as clean funds, being able to run it try the U.S. 
financial system helps you achieve that objective.
    Senator Levin. And makes you stronger.
    Mr. Cohen. It helps you achieve whatever illicit objective 
it is that you are trying to achieve, whether it is weapons 
proliferation, terrorist financing, or any of the other 
activities that are the subject of our sanctions, all of which 
we are trying to combat by weakening their financial support.
    Senator Levin. It helps you achieve the very activities 
that we are trying to stop.
    Mr. Cohen. It does.
    Senator Levin. Do you have any additional questions?
    Senator Coburn. No, but I would make one observation. The 
better we get, the more they are going to want to be here. That 
is one. And number two is it is hard for us to know what an 
excellent anti-money laundering system is because we can always 
do better. But I would remind us that the cost of that is borne 
by the banks, which is ultimately the American consumer. And so 
efficiency in how we do this and the worry about too much--in 
other words, for the next regulation, what are we achieving for 
it? Cost-effectiveness has got to be part of our concern as we 
look to handle this.
    Thank you, Mr. Chairman.
    Senator Levin. Thank you very much, Senator Coburn.
    There will be additional questions for the record for you 
both, and that will be true with all of our panelists this 
morning and afternoon. And talking about this afternoon, I 
think we have talked to your staff about it, Senator Coburn. 
The likelihood is that we will need to break at some point here 
for lunch. We will see how quickly the next panel goes.
    We thank you both. We thank you and your agencies for the 
work that you do. It is critically important to our Nation's 
security, and you are excused.
    Mr. Cohen. Thank you, Mr. Chairman.
    Senator Levin. We will now call our second panel of 
witnesses for this morning's hearing: David Bagley, the head of 
Group Compliance of HSBC Holdings in London; Paul Thurston, 
Chief Executive for Retail Banking and Wealth Management at 
HSBC Holdings in Hong Kong; Michael Gallagher, the Former 
Executive Vice President and Head of PCM North America for HSBC 
Bank USA in New York; and, finally, Christopher Lok, the Former 
Head of Global Banknotes at HSBC Bank USA in New York.
    We appreciate all of you being here this morning. We look 
forward to your testimony. And as you heard, we have Rule VI, 
which requires that all witnesses who testify before the 
Subcommittee are required to be sworn, so we would ask each of 
you to please stand and raise your right hand. Do you swear 
that the testimony that you are about to give will be the 
truth, the whole truth, and nothing but the truth, so help you, 
God?
    Mr. Bagley. I do.
    Mr. Thurston. I do.
    Mr. Gallagher. I do.
    Mr. Lok. I do.
    Senator Levin. The timing system that we will be using 
today will give you a warning 1 minute before the red light 
comes on, and than it will shift from green to yellow. It will 
give you an opportunity to conclude your remarks. Your written 
testimony will be printed in the record in its entirety. Please 
try to limit your oral testimony to no more than 5 minutes 
each.
    Before you start, I want to thank HSBC for their 
cooperation. As I said in my opening statement, HSBC was 
totally cooperative with this investigation. We appreciate 
that.
    So, Mr. Bagley, I guess we are going to have you go first 
followed by Mr. Thurston, then Mr. Gallagher, and then Mr. Lok. 
And then we will turn to questions. So, Mr. Bagley, please 
proceed.

TESTIMONY OF DAVID B. BAGLEY,\1\ HEAD OF GROUP COMPLIANCE, HSBC 
                 HOLDINGS PLC, LONDON, ENGLAND

    Mr. Bagley. Thank you. Good morning, Chairman Levin, 
Senator Coburn, and Members of the Subcommittee. My name is 
David Bagley. Thank you for the opportunity to be here today. I 
have submitted written testimony, but in the interest of time, 
I have confined my remarks to a few points.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Bagley appears in the Appendix on 
page 111.
---------------------------------------------------------------------------
    Since 2002, I have been the head of Group Compliance at 
HSBC Holdings plc, which is the global parent of HSBC. Having 
been a compliance officer for 13 years in a bank that operates 
in approximately 80 jurisdictions worldwide, I have dedicated 
my career--not only within HSBC but through my broader industry 
work as well--to meeting the significant challenges that 
confront global banking institutions in the world we live in. I 
have followed the work of this Subcommittee and have seen how 
your work has advanced important dialogues and helped the 
international banking community, including HSBC, identify and 
address potential vulnerabilities.
    My chief focus as the head of Group Compliance at HSBC has 
been promoting the values that we, as a bank, have set for 
ourselves and the values that you and our regulators, both in 
the United States and around the world, rightly expect from a 
global bank like HSBC. And while there have been successes on 
many compliance issues, I recognize that there have been some 
significant areas of failure. I have said before and I will say 
again: Despite the best efforts and intentions of many 
dedicated professionals, HSBC has fallen short of our own 
expectations and the expectations of our regulators. This is 
something that a bank seeking to conduct business in the United 
States and globally must acknowledge, learn from, and, most 
importantly, take steps to avoid in the future.
    The group has always had as a core element of its 
compliance policy a focus on both the letter and the spirit of 
laws and regulations, not just what is permissible but what is 
prudent and responsible.
    In hindsight, as I reflect on the dialogue from 2002 to 
2007, and specifically the wider lessons learned out of both 
the OFAC and Mexico issues, I think we all sometimes allowed a 
focus on what was lawful and compliant to obscure what should 
be best practices for a global bank. Transparency is a 
principle that HSBC and every bank should always make a top 
priority, even when it is not legally required. I think that 
with our revised structure and approach, this is where we are 
today.
    Indeed, we have learned a number of valuable lessons, and 
the bank is well along the way of converting those lessons into 
solutions. As I expect my colleague, Stuart Levey, to describe 
in some detail, HSBC is in the process of shedding the 
historical compliance model that the bank has outgrown. This 
departure from the old model is very significant. Our former 
compliance structure was a product of historical growth by 
acquisition, and it was a major factor behind some of the 
issues that I expect we will be discussing today.
    Under the former model, my mandate was limited to advising, 
recommending, and reporting. My job was not to ensure that all 
of our global affiliates followed the group's compliance 
standards, and I did not have the authority, resources, 
support, or infrastructure to do so. Rather, final authority 
and decisionmaking rested with local line management in each of 
the bank's affiliates.
    Now a major overhaul is underway. The new compliance model 
is a product of deep reflection and is tailored to address 
today's challenges as well as the inevitable challenges of 
tomorrow. Significantly, the Group Compliance function now for 
the first time has authority over the compliance departments at 
every one of the bank's affiliates. This is a stark break from 
the past. Now Group Compliance has both the mandate and the 
resources to ensure that affiliates are compliant. In other 
words, for the first time, Group Compliance is an advisory and 
a control function. In addition, personnel at the affiliates 
are now accountable to Group Compliance for their conduct.
    Second, under the new model, Group Compliance oversees the 
bank's nearly 3,500 compliance officers worldwide and takes the 
lead on decisions about resource allocation, compensation, 
objectives, strategy, and accountability.
    Last, while I do not have the time to describe all of the 
recent enhancements, I would like to emphasize the creation of 
our assurance function. In short, the authority of the head of 
Group Compliance and, therefore, the function as a whole is 
greatly increased.
    As I have thought about the structural transformation of 
the bank's compliance function, I recommended to the group that 
now is the appropriate time, for me and for the bank, for 
someone new to serve as the head of Group Compliance. I have 
agreed to work with the bank's senior management towards an 
orderly transition of this important role.
    Thank you for your time. I welcome this opportunity to 
answer any questions.
    Senator Levin. Thank you very much, Mr. Bagley. Mr. 
Thurston.

TESTIMONY OF PAUL THURSTON,\1\ CHIEF EXECUTIVE, RETAIL BANKING 
      AND WEALTH MANAGEMENT, HSBC HOLDINGS PLC, HONG KONG

    Mr. Thurston. Thank you and good morning, Chairman Levin, 
Senator Coburn, and Members of the Subcommittee. My name is 
Paul Thurston. I am the Chief Executive of Retail Banking and 
Wealth Management for the HSBC Group. I have submitted written 
testimony, but in the interest of time today, I will confine my 
comments to a few points as well.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Thurston appears in the Appendix 
on page 116.
---------------------------------------------------------------------------
    I have worked in the banking industry for 37 years, and I 
have served at various roles in HSBC around the world. I was 
the Chief Executive of HSBC for 14 challenging and stressful 
months beginning in February 2007.
    When I arrived in Mexico, I set out to find out the most 
important business issues and risks that there were in the 
business. I met with business heads, risk management, audit, 
and also with the regulators, and it became clear that a number 
of group systems and policies had been put in place by that 
time but that this was not HSBC as I knew it. There were 
significant weaknesses in the control infrastructure, and these 
weaknesses existed in Know-Your-Client (KYC) and AML management 
and in other areas of the bank as well, including credit risk 
management, card fraud prevention, technology, and management 
information.
    As I investigated these issues and tried to assess why the 
problems persisted, I came to learn that they were exacerbated 
by a business model and a performance management system that we 
had inherited from the former Bital Bank that was heavily 
focused on business growth rather than control.
    I should add that we were operating in an external 
environment in Mexico that was incredibly challenging. Bank 
employees faced very real risks of being targeted for bribery, 
extortion, and kidnapping. And, indeed, there were many 
kidnappings during my tenure, and high levels of security were 
required for staff working in Mexico. In addition, unlike the 
United States, Mexico was a data-poor environment, making it 
difficult to verify the identity of customers.
    Some of the things I found, frankly, took my breath away. 
But every time I found a weakness, I tried to ensure that we 
took action, not just in dealing with the immediate issues but 
also in setting up programs to improve the infrastructure, 
processes, and business model for the future. I frequently 
requested audit and group compliance reviews to be scheduled so 
that I would have an independent review of progress, and I kept 
the board, the regional audit committee, and group management 
informed of everything that I saw and did. And I also ensured 
that we cooperated fully with the regulators, as indeed the 
group has done with this investigation.
    Effective AML depends upon properly knowing your customers, 
and this was a major area of concern to me, with substandard 
files and KYC documentation housed across a network of 1,300 
branches. I committed to invest in technology and people, to 
centralize the review of all files for all new and existing 
accounts, and to keep central records that could be used for 
ongoing alert management. I recognized that this would take 
time to develop and install, but it would give us a more robust 
platform, provide more reliable reports, and improve the 
quality and speed of remediation once implemented.
    I believe that we made real progress at HSBC Mexico during 
my short tenure. We changed the business model, the performance 
management systems, and we enhanced our compliance systems. 
But, clearly, after only a short period of time, there was 
still much work to be done upon my departure in April 2008, and 
the scale of the remediation work alongside an escalating drug 
war in Mexico and ever more adept criminals continued to raise 
challenges and new issues.
    After I left, further steps continued to be taken. 
Decisions were made to stop U.S. dollar cash handling in 
Mexico. We closed branches in areas where there was a high risk 
of money laundering. We are now in the process of closing all 
the HSBC Mexico accounts in the Caymans. We will continue to 
scrutinize our business in Mexico to determine how we can 
further mitigate compliance risk.
    We know that criminals operate globally, and as an 
international bank, we will be a target. We have to be sure 
that we have the best and strongest defense in place in every 
business, in every market in which we operate, regardless of 
the local challenges, and we are committed to doing this. We 
know we should have done this better, sooner.
    There are many learnings in our experience in Mexico for us 
and others, and I will be pleased to answer any questions that 
you have.
    Senator Levin. Thank you very much, Mr. Thurston. Mr. 
Gallagher.

   TESTIMONY OF MICHAEL GALLAGHER,\1\ FORMER EXECUTIVE VICE 
PRESIDENT, HEAD OF PCM NORTH AMERICA, HSBC BANK USA, N.A., NEW 
                         YORK, NEW YORK

    Mr. Gallagher. Good morning. Chairman Levin, Senator 
Coburn, and Members of the Subcommittee, my name is Michael 
Gallagher, and I reside in Lincroft, New Jersey. From 2001 
until last year, I was an Executive Vice President at HSBC Bank 
USA, also referred to as ``HBUS,'' and I was responsible for 
the Payments and Cash Management Business in North America. On 
November 21, 2011, I was subject to a reduction in force at the 
bank and, therefore, have not been a member of the bank for the 
past 8 months.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Gallagher appears in the Appendix 
on page 124.
---------------------------------------------------------------------------
    During my time at HSBC, PCM developed and marketed payments 
and cash management services to corporate middle-market clients 
as well as financial institutions, including HSBC-affiliated 
banks. While PCM generally did not manage the various 
operational units within PCM processing PCM products, we worked 
very closely with our operations colleagues to manage and 
maintain the expected standards of quality and control.
    I understand the Subcommittee is interested in HBUS's anti-
money laundering efforts. During my tenure at HBUS, my team and 
I took compliance matters very seriously. We were active 
participants in the efforts of the compliance department to 
ensure safety and soundness. PCM assisted the compliance 
department operations as well as relationship managers in this 
regard. In instances, when PCM became aware of negative 
information regarding the client, PCM worked closely with the 
compliance department operations and the relationship managers 
to ensure that they received the information they needed.
    PCM also made resources available to relationship managers 
and the compliance department to assist in any way that we 
could. At various times, PCM made staff available or seconded 
these staff to different departments to assist in various 
projects and problem resolution.
    In summary, I would like to thank the Chairman of the 
Subcommittee for allowing me to speak at the hearing on these 
critical matters. Anti-money laundering, terrorism financing, 
and global access to the U.S. financial systems are issues of 
critical importance to the banking industry, to national 
security, and to me.
    HSBC and the banking industry as a whole have learned many 
important lessons over the past decade or so. I believe that 
HSBC's experience, especially in light of its uniquely global 
footprint, can add real value to understanding more broadly the 
risks and opportunities for enhance safety in this industry.
    During my time at HSBC, there were steps taken to tighten 
anti-money laundering controls, and I understand that 
significant progress has been made in this regard since my 
departure. But with hindsight, it is clear that we did not 
always fully understand the risks of our businesses or the 
challenges of the global, cross-border nature of the business. 
It is clear that we could have done much more and done it more 
quickly.
    I appreciate the opportunity to provide this information to 
the Subcommittee, and I am prepared to answer any additional 
questions that the Subcommittee may have at this hearing. Thank 
you.
    Senator Levin. Thank you very much, Mr. Gallagher. Mr. Lok.

 TESTIMONY OF CHIU HON ``CHRISTOPHER'' LOK,\1\ FORMER HEAD OF 
   GLOBAL BANKNOTES, HSBC BANK USA, N.A., NEW YORK, NEW YORK

    Mr. Lok. Good morning. Chairman Levin, Senator Coburn, and 
Members of the Subcommittee, I appreciate the opportunity to be 
here today. My name is Christopher Lok, and from 2001 until 
2010 I served as the global head of the banknotes business at 
HSBC.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Lok appears in the Appendix on 
page 127.
---------------------------------------------------------------------------
    In my statement today, I will cover three topics. First, I 
will provide my background. Second, I will provide an overview 
of the banknotes business at HSBC. And, third, I will address 
some of the specific problems and issues that I believe the 
Subcommittee is interested in.
    For me, it is painful and embarrassing to talk about the 
areas where, in hindsight, we fell short. At the same time, it 
is valuable to do so in order to find constructive solutions 
and so that others do not make the same mistakes going forward.
    I was born and raised in Hong Kong. In 1981, I started 
working in the banknotes business, and that is what I did for 
29 years. During the entire time from 1981 through 2010, I 
worked for HSBC or a predecessor institution. For most of my 
career I was based in Asia, but I was privileged to have lived 
and worked in New York for a brief period in the 1990s and 
again from 2001 until 2010. Even though I am not a U.S. 
citizen, I had a wonderful experience living and working in 
this country, and I have a great admiration and affection for 
the United States.
    I would like to provide a brief overview of the banknotes 
business. In essence, the business is about the buying and 
selling of physical currency at the wholesale level. Our 
clients were banks and other financial institutions around the 
world. We employed about 275 people, including traders, back 
office staff, and people who focused on operations and 
logistics. We dealt with approximately 800 customers in over 
100 countries, and we transacted in about 75 different 
currencies. These customers have natural demand for and supply 
of currency banknotes, driven by various economic activities. 
To them, HSBC was a safe and reliable counterparty, and I 
believe that we provided them with a valuable service.
    I understand that the Subcommittee is focused on some of 
the compliance challenges that we faced in the banknotes 
business.
    Let me start by emphasizing that compliance was a critical 
part of the HSBC banknotes business. Over a period of years, 
there were some occasions when I communicated with my 
colleagues in compliance in a manner that was unnecessarily 
aggressive and harsh. These communications were unprofessional, 
and I deeply regret them.
    In reality, the business line and compliance shared the 
same objective: To avoid the bank being used by inappropriate 
people for improper transactions. Despite my overly critical 
emails, I believe banknotes business and compliance people 
actually had a good working partnership. While I did not always 
communicate this, I had great respect for my colleagues in 
compliance, and I valued their work.
    With respect to banknotes transactions with customers in 
Mexico, up until December 2008 I was under the impression that 
HSBC's Mexican affiliate, HBMX, was operating under HSBC group 
standards. In December 2008, HBMX announced that it would no 
longer be accepting U.S. currency in Mexico. I was surprised by 
this announcement, and I tried to find out what was the reason 
behind it. It was not until early 2009 that I learned, as a 
result of my own inquiries, that HBMX had gotten into problems 
because their anti-money laundering controls were seriously 
compromised. I was surprised and concerned about this news. I 
was not previously aware of the AML problems at HBMX. If we had 
known of these problems, I am certain that we, in the banknotes 
business, would have done things differently.
    As time went by, some questions were raised about the 
banknotes business in Mexico. In retrospect, we did not 
adequately appreciate the concerns being raised about the 
business environment in Mexico. While we did our best to deal 
with these inquiries, I am sorry to say that I did not 
understand what later became apparent. With the benefit of 
hindsight, it is now clear that we did not perceive the extent 
of the anti-money laundering deficiencies and the risks present 
in Mexico. Thank you very much.
    Senator Levin. Thank you very much, Mr. Lok.
    Let us have a 10-minute first round, if that is all right. 
Does that give you enough time?
    Senator Coburn. Yes.
    Senator Levin. Because we will have more than one round.
    Mr. Thurston, HBMX was a bank that had a longstanding 
severe money-laundering problem, and we describe this at length 
in our report. The bank was purchased in 2002. You did not 
arrive until 2007. Take a look, if you would, at the exhibit 
book, Mr. Thurston, in front of you there, Exhibit 1b.\1\ What 
we have done here is we have put together a chart summarizing 
some of the exhibits. Just a few highlights from those 
exhibits, which are really a litany of money-laundering 
deficiencies at HBMX from 2002 to 2009.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 1b, which appears in the Appendix on page 576.
---------------------------------------------------------------------------
    The first reference is to 2002 in this exhibit. Here is 
what the audit found: ``There is no recognizable compliance or 
money laundering function'' at Bital. That is the bank that you 
bought. That is 2002.
    Then in 2005, 3 years later now, ``senior persons within 
the compliance function fabricated records of certain mandatory 
anti-money laundering meetings.'' This quote is taken from 
Exhibit 12,\2\ but we put together these quotes on this Exhibit 
1b.
---------------------------------------------------------------------------
    \2\ See Exhibit No. 12, which appears in the Appendix on page 634.
---------------------------------------------------------------------------
    Now, the fabrications were ordered by the head of the anti-
money laundering compliance program who was asked then to leave 
the bank. This email was sent by Mr. Bagley to Stephen Green, 
who was then CEO of the HSBC Group.
    Next, 2007. This is a quote from a July 7, 2007, email from 
a senior compliance person at HSBC Group, John Root. It is 
taken from Exhibit 19.\3\ It is an email to the head of HBMX 
compliance after finding out that the anti-money laundering 
committee allowed three different high-risk accounts with 
suspected illegal drug proceeds to stay open, and he writes, 
``What is this, the School of Low Expectations banking?''
---------------------------------------------------------------------------
    \3\ See Exhibit No. 19, which appears in the Appendix on page 673.
---------------------------------------------------------------------------
    Then in 2008, this is a statement from HBMX's own AML 
director who was leaving that Mexican affiliate, and he was 
participating in an exit interview with Mr. Bagley, and he said 
the following: That there were allegations of 60 percent to 70 
percent of laundered proceeds in Mexico going through HBMX. He 
also stated that HBMX executives did not care about AML 
controls. That comes from Exhibit 30.\4\ This is 2008.
---------------------------------------------------------------------------
    \4\ See Exhibit No. 30, which appears in the Appendix on page 703.
---------------------------------------------------------------------------
    And then another quote from Mr. Bagley in 2008: ``What I 
find most frustrating is the way in which new issues constantly 
emerged, however much time is spent with HBMX.''
    In 2009, a statement from an email from Mr. Bagley to the 
CEO of HSBC Latin America, Mr. Alonso: ``The inherent anti-
money laundering risk in Mexico is still very high.''
    So this had been going on for 7 years, money-laundering 
problems at the HBMX bank, the Mexican affiliate.
    So, Mr. Thurston, when you arrived in 2008, you began 
immediately making some changes. The problems that you faced 
had been longstanding. They were not corrected before you got 
there, and some of them, plenty of them, were not corrected 
until you got there, and then some remained and they were 
corrected, some of them, after you left.
    Why did you discover that these had festered for so many 
years? What was there about that bank, that culture that you 
discovered that allowed these things to go on and on and on? 
These are not thing which were discovered later. These were 
known at the time. Emails show that they were known at the 
time. A number of you have talked about hindsight. These are 
contemporaneous emails. This is not something discovered in 
hindsight or learned in hindsight. This is something that 
people knew was going on at that bank. Why was it allowed to 
continue? What did you find when you got there?
    Mr. Thurston. Thank you, Mr. Chairman. My assessment was 
that starting from before the acquisition, this bank had been a 
fast-growth bank. In fact, that was the reason why it got into 
trouble, and that was the reason that we were able to acquire 
it. It grew fast, but it had no controls. The business model 
was completely decentralized. All the files, all the decisions 
were taken in a distributed branch network. It was very 
difficult from the center to get controls, and there was a very 
strong incentive scheme that backed continued volume growth 
rather than quality of controls.
    A number of steps were taken to install group processes and 
group systems, but if you are confronted with that, as I said 
in my opening remarks, you need to address the business model 
that is underneath it and put something systemic in. So one of 
the steps that I took was to create this centralized platform 
where, instead of relying on 1,300 branches to do the KYC, we 
would have all of those papers imaged to a central site where 
we could check and see that we had all the documents, that we 
had all the papers, and if we did not, then we would not open 
the accounts.
    But that kind of investment takes time, and there was a 
significant remediation task to be done to put right the files 
from the past. So there were multiple problems that existed in 
the bank, as I saw it when I was there.
    Senator Levin. These were problems which were known for 
years. This is not something which was looking back. This is 
something which year after year after year, starting in 2002, 
was known by this bank. And yet these problems festered for 
years.
    Here is another email, Exhibit 36.\1\ This was an HSBC 
Group deputy head of compliance, a 2008 email. Now, he had been 
sent to Mexico to try to get a handle on money-laundering 
problems there. One of the problems discussed was a backlog of 
3,600 accounts that were supposed to be closed but were not, 
including 675 which had been identified as potentially 
involving money laundering that had been ordered closed by 
HBMX's anti-money laundering committee, known as CCC, or Triple 
C. Here is what the email noted, and this is Exhibit 36: That 
of the 675 accounts, 16 had been ordered closed in 2005, 130 in 
2006, 172 in 2007, 309 in 2008. So it took 3 or 4 years to 
close a suspicious account.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 36, which appears in the Appendix on page 726.
---------------------------------------------------------------------------
    Now, is there any way that should have been allowed to have 
happened at the time? Forget the business case and anything 
else.
    Mr. Thurston. No, Senator.
    Senator Levin. Now, another problem involving HBMX was the 
committee at the bank which was mandated under Mexican law and 
is composed of both business and compliance personnel charged 
with resolving anti-money laundering issues, such as what 
accounts should be closed.
    In July 2008, after the CCC committee decided to allow 
several suspect accounts to remain open, a senior compliance 
official at HSBC Group, John Root--so now this is the group 
now--sends a blistering letter to HBMX compliance head, Mr. 
Garcia, at Exhibit 19.\1\ I am going to read from this exhibit. 
``A number of items jump out from your most recent weekly 
report . . . but everything pales in comparison with the 
[money-laundering] items on page 4,'' he writes. ``It looks 
like the business is still retaining unacceptable risks and the 
AML committee is going along after some initial hemming and 
hawing. I am quite concerned that the committee is not 
functioning properly. Alarmed, even. I am close to picking up 
the phone to your CEO.''
---------------------------------------------------------------------------
    \1\ See Exhibit No. 19, which appears in the Appendix on page 673.
---------------------------------------------------------------------------
    ``What on earth is an `assumption responsibility letter' 
and how would it protect the bank if the client is a money 
launderer? Please note,'' he writes, ``that you can dress up 
the USD 10 million to be paid . . . to the U.S. authorities as 
an `economic penalty' if you wish but a fine is a fine is a 
fine, and a hefty one at that. What is this, the School of Low 
Expectations Banking? (`We didn't go to jail! We merely signed 
a settlement with the Feds for $10 million!')''
    ``So,'' he said, one problem was ``strike one.'' Another is 
``strike two. Let's now look at strike three,'' he writes. ``(I 
hope you like baseball.)''
    ``The same person who is giving''--this is his writing--
``the sacrosanct `assumption responsibility letter' . . . is 
being asked by the CEO to explain why he retained Casa de 
Cambio Puebla relationship after USD 11 million was seized by 
the authorities in Puebla in an account with Wachovia in Miami. 
What?! The business was OK with this?''
    And then he says, ``The [anti-money laundering] committee 
just can't keep rubber-stamping unacceptable risks merely 
because someone on the business side writes a nice letter. It 
needs to take a firmer stand. It needs some cojones. We have 
seen this movie before, and it ends badly.''
    Why is it that the bank--the bank that is the group bank--
that sees these kind of problems just does not flat out hold 
some folks accountable and fire some folks? I mean, they can 
write this kind of a letter, and they did, and we dug this out 
of the emails. Why, if the folks running this bank are so bad, 
why isn't action taken against them by the parent bank?
    Mr. Thurston. Mr. Chairman, in the time that I was in 
Mexico, we were very firm on discipline. We took strict 
disciplinary action against many members of staff, even at 
senior management levels, including dismissals. So we were 
certainly taking it seriously within Mexico.
    Senator Levin. My time is up. Thank you. Senator Coburn.
    Senator Coburn. I want to go to Mr. Bagley for a moment, if 
I might. I think your testimony was that you were in charge of 
compliance, but you had no essential line authority to enforce 
that compliance. Is that correct?
    Mr. Bagley. That is right. The core responsibility of Group 
Compliance was to set policy, to report, to escalate issues 
when they were reported to us, but we did not manage and 
control the individual compliance departments in each one of 
the affiliates or subsidiaries.
    Senator Coburn. Those individual compliance departments in 
those subsidiaries reported to the head of whatever that 
subsidiary was, correct?
    Mr. Bagley. There were two reporting lines: One to the 
Group Compliance team for reporting and other reasons, and then 
another line to the local CEO or business head.
    Senator Coburn. And I think it was also your testimony that 
had now been changed and that there is a line function for 
compliance from corporate HSBC all the way down to every bank. 
Is that correct?
    Mr. Bagley. It has fundamentally changed in that the 
hardest line of reporting is now through the function, so I am 
accountable, responsible, and have authority over the whole 
function globally, 3,500 people across the group, and that 
means I control resource, allocation, budget, remuneration, the 
performance and the function, and can ensure that the adequate 
resources, the right amount of money is spent on this effort. 
It is a radical shift, a significant change.
    Senator Coburn. There is the answer to the question you 
asked. In other words, there is no line authority--you can have 
a compliance officer all you want. If they have no line 
authority to cause people to change actions and the same people 
they are guiding have a line authority that says here is your 
profit, how well our affiliate or our subsidiary does, one of 
those is going to have more power than the other. Thank you.
    Mr. Gallagher, you said in your testimony, ``But with 
hindsight, it is clear that we did not always fully understand 
the risks of our businesses'' and ``that we could have done 
much more and done it more quickly.''
    Looking at the whole of this, that to me is almost an 
unbelievable statement when you have things going on in Mexico, 
things going on elsewhere. It is almost like you were not aware 
that these things were happening?
    Mr. Gallagher. It is a fact that there are certain things 
that we were not aware were happening. Within certain entities 
that is true.
    Senator Coburn. What were the efforts made to try to become 
aware of what was happening? My natural inclination is to say 
you were not--did not fully understand the risk or you ignored 
reality, based on the testimony and the data that we have 
collected from inside your own operations. Would you just 
expand on that a little bit so I can gain a clearer 
understanding?
    Mr. Gallagher. Yes, I appreciate the question, and I share 
your concern on this matter. One of the lessons we have 
certainly learned is the sharing of information not only 
throughout the organization across various operations and 
silos, as it were, but across geography is something that 
requires significant improvement. I am led to believe that has 
improved significantly since I left, and even during my time 
there, there was improvement in the process. But heretofore it 
was not easy to move information across organizations and to 
filter it down to the appropriate levels to get action.
    Compliance and monitoring was our first level of finding 
issues and looking after them, and whenever we found issues, in 
my experience, I believe we inquired, we reacted, and we 
pursued. So I think we did a lot at the time, but as has been 
said by others this morning, we have learned a lot as we have 
gone along.
    Senator Coburn. OK. Thank you.
    Mr. Thurston, in early 2007, right when you started, one of 
HBMX's clients was Zhenli Ye Gon, a reported drug lord who got 
caught selling precursor chemicals for methamphetamine 
production for La Familia and the Sinaloa cartels. When you 
learned that Mr. Ye Gon was a client of HBMX, what was your 
reaction? What did you do?
    Mr. Thurston. Well, I was horrified by the case, and this 
really exposed a whole series of weaknesses within the bank. So 
I personally conducted an investigation. I brought in the audit 
team. I brought in the security and fraud team. I brought in 
the compliance team. And we made a number of changes. This is 
where I found, for example, the business heads were overriding 
the people in the Compliance Department on decisions on 
accounts. So I put up an escalation process so that Compliance 
had a route to the chief operating officer and then to me if 
they were not comfortable with the decisions that were being 
made through that legal committee.
    I looked at the fact that we had here a business account 
that was being managed in the personal consumer part of the 
bank, which would make it very hard for people then to spot the 
underlying activity and compare it with normal activity. So we 
made a number of changes about that, and that is where we 
started to--we dismissed a number of people who had falsified 
visit records, not been to visit the premises when they said 
they had. That is when I realized that practice existed.
    We looked to see if there was any sign whatsoever of any 
collusion. We investigated all the staff's accounts. And as a 
result of that, we found some incidents of staff lending to 
each other, so we created policies on that.
    So there were a whole series of actions that stemmed out of 
finding that incident.
    Senator Coburn. There was, in fact, significant attention 
from the compliance officer at that time, correct? Prior to 
your knowledge of it, that had been raised as an issue.
    Mr. Thurston. That is correct, Senator Coburn.
    Senator Coburn. All right. Thank you.
    During your tenure at HBMX, I understand that law 
enforcement in Mexico raised concerns about high-risk money 
laundering at HBMX. Why was it that the Mexican legal 
authorities think now today that your record was worse than any 
other bank in Mexico? Is it a fact or is there some assumptions 
there that the Subcommittee should know about?
    Mr. Thurston. They found that whenever they wanted 
information from the banks, HSBC was one of the slowest to 
respond. So when they were conducting investigations, HSBC took 
longer to produce documents and had more challenges producing 
documents than most of the other banks. When we investigated 
that, again, we looked to see is this collusion, is this people 
deliberately trying to hold information from the authorities, 
and we found no sign of that whatsoever. But what we did find 
was a process where these things would go out to branches. 
Because all the files were held out in all the branches around 
the country and the quality was so poor, it would take a long 
time to collate effective information and get it back, and 
there were things that were missing, which is why the 
centralized program we had was so important. But we were also 
swamped with information requests. We had on average 1,000 a 
week coming from the regulators, not distinguishing between 
different types.
    So we then set up a direct line with the financial 
intelligence unit within Mexico so that where they were 
conducting urgent investigations, they could come through 
straight to the bank so that we could respond more quickly.
    Senator Coburn. OK. Thank you. I will yield back for right 
now.
    Senator Levin. Thank you.
    Mr. Thurston, you were at the bank there for a year, you 
have testified, and while there, you made some improvements. 
But the problems continued, and part of the reason was the 
nature of high-risk products and clients that the bank had, and 
I want to get to some of that issue by discussing with you the 
Cayman accounts.
    Now, when you bought the Mexican bank, when HSBC bought the 
Mexican bank, it found that HBMX kept open a so-called branch 
office in the Cayman Islands. Now, I say ``so-called branch 
office'' because my understanding is there was no actual 
building, no office, no employees. It was just a shell 
operation that offered U.S. dollar accounts.
    The branch, so-called, in the Caymans was run by HBMX 
itself using its own employees in Mexico. Any HBMX branch could 
open a U.S. dollar account for a client, and at one point 
50,000 clients had these Cayman accounts, holding $2.1 billion 
in assets.
    Now, we have spent a lot of time on this Subcommittee 
raising questions about Caymans and other tax havens for tax 
avoidance purposes, but this is a little bit different, and 
this Subcommittee has a lot of interest in these issues 
involving the Caymans because they are shell corporations, and 
they pose significant money-laundering problems, and they do it 
as soon as they are organized because nobody knows who is 
behind those corporations. And here are a few of the highlights 
relative to the Caymans.
    Exhibit 9 \1\ is a 2002 audit of HBMX, and that audit notes 
that 41 percent of the accounts in the Cayman Islands had no 
client information.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 9, which appears in the Appendix on page 607.
---------------------------------------------------------------------------
    Exhibit 31\2\ is a 2008 email by Mr. Root saying that ``15 
percent of the customers there did not even have a file.''
---------------------------------------------------------------------------
    \2\ See Exhibit No. 31, which appears in the Appendix on page 708.
---------------------------------------------------------------------------
    ``Fixing the Cayman accounts will be a huge struggle.'' He 
says, ``How do you locate clients when there is no file?''
    Exhibit 32 \3\ is a July 2008 email noting that HBMX has 
discovered ``significant U.S. dollar remittances being made by 
a number of HBMX Cayman customers to a U.S. company alleged to 
be involved in the supply of aircraft to drug cartels.''
---------------------------------------------------------------------------
    \3\ See Exhibit No. 32, which appears in the Appendix on page 711.
---------------------------------------------------------------------------
    A later email, November 2008, which is Exhibit 34,\4\ 
describes the Cayman accounts as having been frozen ``due to 
massive misuse of them by organized crime.''
---------------------------------------------------------------------------
    \4\ See Exhibit No. 34, which appears in the Appendix on page 720.
---------------------------------------------------------------------------
    So, Mr. Thurston, first of all, did you know that the 
Cayman branch was fictitious, just a shell?
    Mr. Thurston. It is what is called a cat B license, I 
believe.
    Senator Levin. But did you know that it was just a shell 
company? There were no employees there, no office there. Were 
you aware of that?
    Mr. Thurston. I know now, sir.
    Senator Levin. And did you know about the problems at the 
Cayman accounts that I have just read?
    Mr. Thurston. Mr. Chairman, no, I did not during the time 
that I was there, and on reading your report, I was really 
angry to find there had been an audit report on these in the 
previous year, but that it had been closed off with no action. 
So when I got there and went through what are the top risks and 
the big audit outstanding items, these were nowhere to be seen.
    Senator Levin. All right. So you were unaware of the Cayman 
accounts at the time that you were head of that office?
    Mr. Thurston. Correct, sir.
    Senator Levin. Now, Mr. Bagley, you indicated to the 
Subcommittee during an interview that although you were aware 
of the accounts since 2002, the Cayman accounts, you focused on 
them only after a July 2008 incident involving funds going to 
buy planes for drug cartels. Now, I do not know, given the 
history here, how you could possibly not know of the severity 
of the problems involving the Caymans until that time, but in 
any event, after that incident, the new head of HBMX decided--
and this is, I think, 2008 now--Mr. Pena decided to suspend 
opening new Cayman Island accounts.
    So under Mr. Pena, HBMX initiated a review of the accounts, 
eventually closed 9,000 of them. But as of the beginning of 
2012, there were still about 20,000 accounts with $670 million 
in assets. So two-thirds of the money-laundering risk 
continues.
    So, Mr. Bagley, this Subcommittee really has found out that 
these kind of shell corporations in the Caymans and other 
places create all kinds of tax avoidance problems, but this is 
a different kind of an issue here. This is a money-laundering 
issue, and we have now two-thirds of those accounts which were 
in the Caymans, with that many assets apparently still sitting 
there. What are you going to do about it?
    Mr. Bagley. Thank you. The point is that when we became 
aware of those Cayman accounts, the ones that remain have all 
been fully remediated. So when we became aware and focused on 
the Cayman accounts themselves, what we did as a group, what 
HBMX did was work through each and every one of those accounts, 
revised and refreshed the KYC to satisfy ourselves that there 
was an explanation for the monies and that we were satisfied 
with the source of the funds. And, therefore, what is left has 
been subject to revised and enhanced due diligence and a 
refreshment of all of the information that we are holding.
    Senator Levin. Does that mean 20,000 accounts now that you 
are going to keep there?
    Mr. Bagley. Well, actually, the group has recently arrived 
at a decision, which I support, which is to actually close all 
of those Cayman accounts.
    Senator Levin. ``No.'' Well, that is the short answer, a 
very welcome answer, and particularly I think this Subcommittee 
can really look at its work as contributing to this kind of 
pressure on you to do the right thing.
    Mr. Bagley. Sorry to interrupt. I should just be very clear 
that we are in the process of closing those accounts. They are 
not yet closed, but they will all be closed.
    Senator Levin. That is good news.
    Now, HBMX did not inform HBUS about the Cayman U.S. dollar 
accounts for many years. Is that correct, Mr. Gallagher?
    Mr. Gallagher. Yes, sir, that is correct.
    Senator Levin. So these transactions were run through the 
U.S. dollar correspondent account that HBMX had at HBUS. Would 
HBUS have wanted to know about these high-risk accounts in a 
secrecy jurisdiction? Would you have wanted to know that?
    Mr. Gallagher. Absolutely.
    Senator Levin. Do you know why you were not informed?
    Mr. Gallagher. No, sir, I cannot answer that question.
    Senator Levin. Maybe Mr. Bagley or Mr. Thurston. Why 
wouldn't HBUS have been informed of those accounts?
    Mr. Bagley. It is a very appropriate question. I think 
there are two or three reasons. One is that at that stage 
neither HBUS, as your report reflects, was conducting affiliate 
due diligence. Second, we at that time did not do affiliate due 
diligence across the rest of the group. And as a consequence, 
the questions that you would normally expect to be asked by one 
affiliate of another, one correspondent bank of another, were 
not asked. They are now.
    Senator Levin. Under your new rules now, you are going to 
be notifying each of the affiliates of this kind of action?
    Mr. Bagley. What we are doing and have introduced and are 
in the process of rolling out is affiliate due diligence across 
the whole group, so every affiliate will do due diligence on 
its own affiliates. That will be to the same standard as we 
apply to an entirely independent third party.
    In addition, we have put in place a process that ensures 
that if there is a material AML deficiency or issue or risk in 
one affiliate, that will be reported on a mandatory basis 
across the group and will automatically go to the head of 
compliance for each region. So what that will mean, when that 
work is complete, is that each affiliate will treat its 
affiliates at arm's length, will ask all of the appropriate 
questions, will know everything that it needs to know about the 
risk profile that one affiliate presents to another.
    Senator Levin. And when will this be put in place? You said 
it is being put in place. When will this be accomplished?
    Mr. Bagley. We are rolling out--it will take a while, 
obviously, to complete those due diligence profiles. We will 
use the ones we have already completed for the United States in 
response to the cease and desist orders. We will do it as fast 
as we can. We have already put in place the mandatory reporting 
of AML deficiencies, and we have that up and running as a 
process.
    Senator Levin. When will it be completed, do you know?
    Mr. Bagley. I do not know exactly when it will be 
completed, but we will do the highest risk as quickly as we 
can.
    Senator Levin. All right. Will you let the Subcommittee 
know when it is completed?
    Mr. Bagley. I would be very happy to.
    Senator Levin. Thank you very much. Senator Coburn.
    Senator Coburn. Mr. Gallagher, if you would turn to Exhibit 
40.\1\ The Bank Melli in Iran, prior to September 11, 2001, 
HSBC had a relationship with this bank in Iran which, because 
of its home country, would get more scrutiny in the United 
States. HSBC in Europe helped coach Bank Melli to send payments 
through the United States without getting slowed down.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 40, which appears in the Appendix on page 755.
---------------------------------------------------------------------------
    Why was HSBC interested in doing business with this bank?
    Mr. Gallagher. I cannot speak specifically for all of the 
reasons. The business desire was coming out of Europe and the 
Middle East, not coming out of the United States. There was a 
memo that described some opportunities that they saw for growth 
in business generally, but HBUS was not driving that business 
decision.
    Senator Coburn. What was it exactly that made you say in 
this email, ``I wish to be on the record as not comfortable 
with this piece of business''?
    Mr. Gallagher. Yes, thank you. That is a very important 
question. I was very concerned about the lack of transparency 
in the proposal that had been put forward that described how 
the payments would flow. So in this particular case, there 
seemed to be an inability for the bank--that is to say, Melli--
to describe in advance who its primary beneficiaries would be. 
That caused me to say we should not want to engage in business 
with a client who cannot provide that level of transparency to 
our system.
    Senator Coburn. So there was really no Know Your Customer 
here?
    Mr. Gallagher. I cannot speak to that because Know Your 
Customer would have been done on the European side. But when I 
became aware that there was seemingly a lack of transparency in 
one of my roles, I thought that was inappropriate and very 
strongly suggested we should not proceed.
    Senator Coburn. And so what was the response to that?
    Mr. Gallagher. Well, ultimately the transaction never was 
approved.
    Senator Coburn. And do you know why?
    Mr. Gallagher. Discussion went on for some time back and 
forth across the regions and the world. I do not recall the 
specific reason, but I was delighted to know that my 
recommendation was part of the solution.
    Senator Coburn. Did you raise other concerns other than in 
this email that we have documented under Exhibit 40? \1\
---------------------------------------------------------------------------
    \1\ See Exhibit No. 40, which appears in the Appendix on page 755.
---------------------------------------------------------------------------
    Mr. Gallagher. About Bank Melli specifically?
    Senator Coburn. Yes.
    Mr. Gallagher. I do not recall.
    Senator Coburn. OK. If you would turn to Exhibit 57,\2\ 
Iranian U-turn payments, in November 2004. This email suggests 
that some inside HSBC thought that all Iranian payments through 
the United States should be fully disclosed. Nonetheless, many 
payments still went through without full transparency, 
sometimes because information was removed by HBEU. This email 
says, ``HBEU would be advised to not alter the payment details 
in any way.''
---------------------------------------------------------------------------
    \2\ See Exhibit No. 57, which appears in the Appendix on page 844.
---------------------------------------------------------------------------
    Was it well understood within HSBC that information was 
being removed from payments before they arrived in the United 
States?
    Mr. Gallagher. I do not know how well understood it was, 
and I do not recall specifically some of these exchanges. But 
if I had to speculate, consistent with my earlier position, 
which was unchanged, regarding the importance of transparency 
in these messages, I am quite comfortable that the proper 
people were alerted and it was in the proper hands for 
resolution. But specific details on this I do not recall.
    Senator Coburn. But the decision went really against your 
advice?
    Mr. Gallagher. Yes.
    Senator Coburn. Because, in fact, they were altered, 
correct?
    Mr. Gallagher. It would seem so, yes.
    Senator Coburn. OK. Do you have any idea how HSBC intended 
to make sure all these payments complied with U.S. law?
    Mr. Gallagher. There was a view at the time that the team 
in London and/or subsequently elsewhere was going to ensure 
that the payments were going to be U-turn compliant before they 
got to the United States.
    Senator Coburn. Do you think they were?
    Mr. Gallagher. I do not honestly know specifically that 
they were not. Some of this information is slightly new to me 
in being involved in this investigation and catching up. So I 
do not know the specific answer to that question.
    Senator Coburn. Who would know the answer to that question?
    Mr. Gallagher. I would suggest either operational staff 
doing the work on the other side and/or possibly somebody in 
Compliance.
    Senator Coburn. Should they have relied on people in Iran 
to do that?
    Mr. Gallagher. No. Certainly, in retrospect, we should not 
have relied on anybody but ourselves to ensure the soundness of 
the payments coming into our system.
    Senator Coburn. Mr. Lok, in your testimony, you said 
compliance was a critical part of the HSBC banknotes business.
    Mr. Lok. Correct, sir.
    Senator Coburn. Can you explain to me exactly what you mean 
by this? And tell me what it looked like.
    Mr. Lok. We have a system in place whereby customers are 
risk-rated, and they are rated according to different 
categories, and then, therefore, the high-risk customers, we 
need to make sure that there is a process in place whereby the 
information about a client is laid out in the open so that 
people can come in, including the relationship managers, the 
business people, as well as compliance, so that we can evaluate 
the risk. And, finally, compliance has to be the final sign-off 
so that we can do business with these people. In other words, 
we consider compliance a very important partner in our 
business.
    Senator Coburn. Did you recognize certain vulnerabilities 
in your compliance strategy in the banknote business?
    Mr. Lok. At that moment, honestly, no.
    Senator Coburn. You would agree that there were, though, in 
hindsight?
    Mr. Lok. In hindsight, yes. Looking at all these documents, 
yes. The answer is definitely yes.
    Senator Coburn. Just for our educational purposes and given 
your broad experience, are there certain challenges that are 
different in the banknote business related to specific 
currencies over other currencies?
    Mr. Lok. I am sorry. Can you repeat the question?
    Senator Coburn. Are there specific challenges in the 
banknote business in terms of compliance related to one 
currency over another, not necessarily in terms of geographic 
location, but, for example, is it easier to run a scam or play 
the game with the U.S. dollar, the British pound, the euro, the 
Japanese yen, the renminbi? In other words, does the same 
compliance vulnerabilities that you see now in hindsight apply 
differently to different currencies and different geographic 
locations?
    Mr. Lok. At that moment, no, it did not strike me that 
there is a difference in terms of compliance risk because the 
policy itself spells out exactly how we run it, analyzing the 
risk. No, we were not--no. The answer is no.
    Senator Coburn. All right. I will yield back.
    Senator Levin. Let me ask some questions about the Sigue 
Corporation, which was a U.S. money service business that 
transmitted funds from U.S. clients to Mexico and Latin 
America. The Drug Enforcement Association undertook a sting 
operation in 2007 in which its agents told Sigue's operators 
that they wanted to send drug proceeds to Mexico, and more than 
two dozen of those Sigue operators obliged.
    In January 2008, Sigue entered into a deferred prosecution 
agreement with the U.S. Department of Justice, admitting the 
facts, for failing to have adequate money-laundering programs. 
HBUS determined that in 2007 alone it had processed 159 U.S. 
dollar wire transfers for Sigue involving about half a billion 
dollars, and they were all sent through the HBMX correspondent 
account with HBUS.
    Then if you would look at Exhibit 18a,\1\ Mr. Gallagher, 
this was a memo that was prepared by HBUS after a 2008 Wall 
Street Journal article on the Wachovia case. It talks about the 
Sigue case and its use of the HBMX account, but it also notes 
that Sigue was not added to the HBUS filter so that it could be 
subjected to enhanced anti-money laundering to identify 
suspicious activity.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 18a, which appears in the Appendix on page 654.
---------------------------------------------------------------------------
    Now, you were the head of PCM at that time, Mr. Gallagher, 
and that handles wire monitoring. Do you know why HBUS did not 
subject Sigue to enhanced monitoring after the 2008 deferred 
prosecution agreement?
    Mr. Gallagher. No, Mr. Chairman, I do not know. Looking at 
the memo, I note that I am not addressed on the memo. I cannot 
honestly recall if I saw the memo. But the decision as to 
whether or not to add any name to enhanced monitoring or to a 
filter, etc., is a decision that would be taken in Compliance, 
not in PCM.
    Senator Levin. But you do not know why. You are saying it 
is not your department, but you just do not know why it was not 
added. Should it have been added?
    Mr. Gallagher. Seemingly, absolutely it should have been 
added. I do not know why it was not.
    Senator Levin. OK. In 2007--this is Exhibit 30 \2\--a man 
named Mr. Barroso, who was head of the HBMX anti-money 
laundering program, was leaving the bank. He had an exit 
meeting with you, Mr. Bagley, I believe, and according to a 
meeting summary that you wrote, Mr. Barroso told you that there 
were allegations that ``60 to 70 percent of laundered proceeds 
in Mexico went through HBMX,'' and he did not think that senior 
management had any commitment to robust anti-money laundering 
controls.
---------------------------------------------------------------------------
    \2\ See Exhibit No. 30, which appears in the Appendix on page 703.
---------------------------------------------------------------------------
    That memo, I believe, Exhibit 30, was written to you, Mr. 
Thurston, if I have that correct.
    Mr. Thurston. That is correct, Chairman.
    Senator Levin. What was your reaction when you got that 
memo?
    Mr. Thurston. Mr. Chairman, I was incredibly distressed. I 
do not think anybody wants to hear those sorts of things coming 
through, so we made sure that we investigated. We made sure 
that we took the points that were there. We had recently had 
discussion with the regulators in Mexico, and we made sure that 
we took account of those points within the remediation program 
that we were looking at in Mexico to make sure there was 
nothing new that we had missed. It also caused us to question 
whether our head of compliance was sufficiently good for the 
role as well.
    Senator Levin. All right. Let me now turn to the Iranian 
issue, which Senator Coburn asked some questions about as well.
    Now, Iran had been subject to sanctions in the United 
States for a long time as a rogue nation. It had long been on 
the U.S. SDN list, as we heard about this morning, as a 
prohibited country. Our laws consistently prohibited U.S. 
persons from doing business directly with Iran, but until 2008, 
U.S. banks were allowed to process transactions that might 
involve Iran but which were sent to the United States by 
foreign banks located outside of Iran. Now, those transactions 
were called ``U-turns'' because they went from Iran to a non-
Iranian bank, a foreign bank, then to a U.S. bank and then back 
to a different non-Iranian foreign bank and then to the final 
party. So there was a U-turn that was made through the U.S. 
bank.
    The issue with HBUS is that the HSBC affiliates in Europe 
and the Middle East wanted to send U-turn transactions through 
their accounts at HBUS without triggering that OFAC filter or 
an individualized review to make sure that they were permissive 
U-turns. They wanted to remove any reference to Iran and to go 
through the HBUS systems without any manual or more detailed 
review. So this was a battle over transparency.
    The United States wanted full transparency so that it knew 
it was dealing with an Iranian U-turn and could make sure it 
complied with U.S. law. The affiliates did not want to trigger 
these reviews or to take the time for those reviews. So HBUS 
and the affiliates fought over this issue for 3 years, from 
2001 to 2004. But while they were arguing, the overseas HSBC 
affiliates were sending undisclosed Iranian U-turns through 
their HBUS accounts, anyway. And to do that, the HSBC affiliate 
in Europe, HBEU, stripped out the references to Iran. Senior 
employees at HBEU protested in 2003 and 2004--and I believe one 
of these protests was read by Senator Coburn--that they did not 
want to be altering wire transfer documents for Iran. They even 
set two deadlines in 2004 when they said that they would stop 
doing it, but both deadlines were ignored.
    HSBC issued group-wide policy statements on Iran in 2005 
and 2006, but neither resolved the U-turn issue. The issue was 
resolved only in 2007 when HSBC made a global decision to exit 
Iran.
    Now, I believe that Exhibit 41 was referred to by Senator 
Coburn, and if so, I will not read it again.
    Senator Coburn. I did Exhibit 40.
    Senator Levin. OK. So Exhibit 40 was read by Senator 
Coburn, which made reference to the statement about, ``I wish 
to be on record as not comfortable with this piece of 
business.''
    Exhibit 41\1\ was, ``With the amount of smoke coming off of 
this gun, remind me again why we think we should be supporting 
this business?'' So that is another HBUS employee describing 
the Iranian business. But at HBEU, the Europe branch, they were 
stripping payment information, so the United States was unaware 
of these Iranian payments.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 41, which appears in the Appendix on page 760.
---------------------------------------------------------------------------
    Senior officials at HSBC, at the headquarters in London 
from 2001 to 2007, knew that affiliates in England and the 
Middle East, the HBEU and HBME, were sending undisclosed 
payments through their HBUS accounts but did not stop them or 
inform HBUS of the extent of the activity. So they knew that 
their affiliates were hiding key information from each other.
    Now, at HBUS, senior compliance officials were on notice as 
early as 2001 that this stripping was occurring but took no 
decisive action to stop it. They stopped occasional wire 
transfers from Iran with the words, ``Do not use our name in 
New York.''
    So, first, Mr. Bagley, didn't the European and Middle East 
affiliates--why weren't those affiliates told, why wasn't HBUS 
told, what possible justification is there for not telling an 
affiliate that key information to them so that they can comply 
with their own laws has been removed?
    Mr. Bagley. It is a very fair question, Senator. My 
understanding of the position was that HBEU was checking each 
one of those transactions to ensure that they were U-turn 
compliant, that I was always advised that they were U-turn 
compliant. When I first focused on this issue, which was, I 
think, in mid-2003, although there were indications in emails 
before that, I emphasized and recommended that there should be 
full transparency given to HBUS so that they could check the U-
turn compliance--compliance with the U-turn themselves.
    Senator Levin. Was it?
    Mr. Bagley. It was not.
    Senator Levin. So as Exhibit 55 says so simply and 
eloquently and dramatically, your own people ``were being asked 
to `fudge' the nature of the payments to avoid the U.S. embargo 
and seizure.'' That is Exhibit 55.\1\
---------------------------------------------------------------------------
    \1\ See Exhibit No. 55, which appears in the Appendix on page 840.
---------------------------------------------------------------------------
    Then you were not the only one that was uncomfortable, Mr. 
Gallagher, with this piece of business. People in this bank, 
this global bank, were being asked to fudge the nature of the 
payments to avoid the U.S. embargo and seizure. And it is 
pretty shocking stuff.
    Now, in 2002 and 2003, HSBC affiliates continued to send 
thousands of these undisclosed Iranian transactions through 
HBUS. Exhibit 1c \2\ is a chart that shows the numbers. So even 
though the HSBC Group was on notice as early as 2001 that HSBC 
affiliates were sending these hidden Iranian transactions 
through their accounts in the United States, nobody did 
anything to stop it for years.
---------------------------------------------------------------------------
    \2\ See Exhibit No. 1c, which appears in the Appendix on page 577.
---------------------------------------------------------------------------
    Mr. Bagley, in 2003, you had recently become head of 
compliance for the entire HSBC Group. Earlier that month, the 
Middle East affiliate, HBME, sent HBUS a memo laying out the 
business case for it to process Iranian transactions. Why were 
they processing them? Because there was a substantial income 
opportunity, and here is what you wrote in 2003, Exhibit 45:\3\ 
``The business case includes a number of express references to 
practices which may constitute a breach of U.S. sanctions.'' 
But then in October 2003--and this is Exhibit 48 \4\--one of 
your attorneys in Group Compliance, John Root, wrote to you 
that six banks were processing U.S. dollar payments and that 
these payments were being altered by HBEU before going to HBUS. 
He said HBEU was removing the remitter's name. Breaching these 
U.S. sanctions is a serious matter, and as the head of 
Compliance, you were making that point.
---------------------------------------------------------------------------
    \3\ See Exhibit No. 45, which appears in the Appendix on page 784.
    \4\ See Exhibit No. 48, which appears in the Appendix on page 801.
---------------------------------------------------------------------------
    When you learned that HBEU was removing the names of 
Iranian banks, why was not the practice simply stopped right 
then? Why did it take so long to fix?
    Mr. Bagley. Mr. Chairman, that is an absolutely appropriate 
question, and with the absolute benefit of hindsight, this 
clearly took far too long to resolve.
    What I can say is that when it came to my attention, I very 
clearly recommended that all transactions should be compliant, 
should be transparent, and should be made in a way which HBUS 
was comfortable with, and that recommendation went to the 
relevant parts of the group and ultimately was escalated to 
senior management within the group.
    Senator Levin. How long did it take?
    Mr. Bagley. I think as you have indicated, there were then 
various discussions between different parts of the group, and I 
think we progressively started to introduce transparency into 
the payments in 2006.
    Senator Levin. So that would be about what, 3 years?
    Mr. Bagley. Far too long.
    Senator Levin. But about 3 years?
    Mr. Bagley. Yes.
    Senator Levin. Senator Coburn.
    Senator Coburn. If a U-turn transaction is fully compliant 
and fully transparent, I would make the point it is legal, and 
nobody here is claiming illegality. But if one of these--and 
this is for you, Mr. Bagley. If one of these U-turn payments 
was not compliant with U.S. law, who is responsible?
    Mr. Bagley. Ultimately I anticipate that the transaction 
passing through the U.S. bank may expose the U.S. bank to risk. 
And if there was malign intent, then it could expose somebody 
else to risk as well.
    Senator Coburn. So in this great big organization called 
HSBC, is it fair for one profit center to put another profit 
center at that kind of risk? Not only is it fair, is it the 
right thing to do?
    Mr. Bagley. I neither think it is fair nor the right thing 
to do, which is why I urged transparency so that HBUS could 
satisfy itself. But I would like to stress that at all times we 
were told and believed that those transactions were compliant 
and lawful and that there was a process where people seriously 
tried to ensure within HBEU that the transactions that were 
sent were compliant.
    Senator Coburn. So it is your feeling--and you cannot know 
this for a fact because you have not looked at all of them. But 
it is your feeling that none of these transactions that HBUS 
saw no transparency on, it is your testimony that you feel that 
they all met the intent that our government says if you are 
going to run it through U.S. dollar banks, that you actually 
met that expectation?
    Mr. Bagley. I do not think I can say that all of those 
transactions were. What I was always told was that people were 
seeking to ensure they were compliant----
    Senator Coburn. Who are those people?
    Mr. Bagley. The processing unit within HBEU.
    Senator Coburn. And who are those? Who is the head of the 
processing unit at HBEU?
    Mr. Bagley. I cannot recall the name.
    Senator Coburn. Who could recall the name?
    Mr. Bagley. I am sure we could find that name.
    Senator Coburn. Would you do that for the Subcommittee, 
please?
    Mr. Bagley. Absolutely.
    Senator Coburn. I would love to have that name during our 
questioning this afternoon because that is a key point. Either 
they were legitimate U-turns or they were not.
    Mr. Bagley. I believe that the results of the lookback that 
has been conducted by Deloitte indicates that most, if not all, 
of those transactions were compliant, or a significant number, 
I believe. That is not a report I have seen, but that is my 
understanding.
    Senator Coburn. OK. And who has that report?
    Mr. Bagley. I believe the results of that report have been 
disclosed to the Subcommittee.
    Senator Coburn. OK. Thank you.
    Mr. Lok, on Al Rajhi Bank, Exhibit 78,\1\ if you would take 
a look at that. You were interested in carrying on a business 
relationship with this bank to sell it banknotes, as this email 
shows. Page 2 of the email also shows that one of your 
compliance people wrote, ``I am not trying to be difficult,'' 
but that she did not want to approve the business.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 78, which appears in the Appendix on page 937.
---------------------------------------------------------------------------
    What was your impression at the time why she would be 
concerned about being difficult?
    Mr. Lok. The way I read her message, ``difficult'' refers 
to her reluctance to sign off the profile, and she is saying 
here that she is not comfortable signing it because she does 
not know the client.
    Senator Coburn. Did she feel like she was being difficult 
because somebody was pressing her to approve something that she 
did not feel comfortable with?
    Mr. Lok. No, that is not my interpretation. It is just 
because she was asked, and then she turned it down. That could 
be interpreted as difficult. I think that is what she is 
referring to.
    Senator Coburn. All right. She also states, ``I cannot 
answer questions if/when the Al Rajhi name appears in the U.S. 
media.'' What kind of concerns were you aware of that would 
rise to that level?
    Mr. Lok. I know that this name had appeared numerous times 
in the papers, negative reports about the family members, and 
all sorts of allegations. So it is a very controversial name.
    Senator Coburn. All right. You also, on page 1 of this 
email, wrote it is compliance that is the key. Were you 
suggesting that you needed to convince somebody in compliance 
to approve the deal or that you were willing to submit to 
whatever compliance said?
    Mr. Lok. Because this is a very difficult case, it is not 
simple at all. When it was passed on to me by my colleague, on 
the one hand, there were these negative news in the paper, etc. 
But, on the other hand, there was this very supportive report 
coming out from the RMs based in Saudi Arabia. And at the same 
time, the Group Compliance had actually reversed its decision 
saying that they were happy to let individual entities resume 
doing business.
    So, to me, it is a balancing act where you have some very 
bad news, but, on the other hand, you cannot ignore the news 
that appeared to be favorable. So that is why I presented this 
to the compliance so that we can engage in an open dialogue, 
show it to a few more people for elevating the issue, so that 
more people who know this thing a lot better than me can engage 
in and arrive at a decision.
    Senator Coburn. And ultimately you did not do this deal? Is 
that correct?
    Mr. Lok. I am sorry. No. I think after a very long period 
of time, New York Compliance had agreed to letting us resume 
the relationship. I mean the U.S. side. But it took a long 
time, because I had read this file before coming here, the 
dialogue first started in May, and then a decision was made in 
New York that we could resume for trading, that this was in 
December 2006.
    Senator Coburn. OK. Thank you.
    Senator Levin. Thank you.
    Mr. Gallagher, take a look at Exhibit 50a,\1\ if you would, 
when Denise Reilly of HBUS writes to Teresa Pesce at HBUS, 
anti-money laundering director, that the so-called Eastwood 
memo, which was referring to alterations to remove references 
to Iran, that the memo was discussed at a meeting with you, Mr. 
Gallagher.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 50a, which appears in the Appendix on page 807.
---------------------------------------------------------------------------
    This is dated December 17, 2003, so the question is--when 
you learned that HBEU was sending these hidden Iranian payments 
through their HBUS account, you saw it as a problem, you said 
so, and the real question is: What steps did you take to stop 
the practice? You objected to it. But what did you do beyond 
that?
    Mr. Gallagher. Yes, thank you for that. I have reread these 
documents as well, and while I do not recall the specific 
meeting that is discussed there, mentioned there, I feel very 
comfortable about two things: First, that my position on this 
with respect to the necessity for transparency and full 
compliance was unchanged throughout the process; and, second, 
that this was really in the right hands. Denise Reilly at the 
time was in Compliance, I believe already, and Terry Pesce was 
the head of AML Compliance. So all the right hands from an HSBC 
Bank USA perspective into which this needed to be elevated 
were, in fact, contained in this memo. I do not recall my 
specific discussions here, but I would have to speculate they 
would be consistent with my prior positions, which is an 
abundance of caution.
    Senator Levin. So you objected in 2001 to the practice. By 
2003, you were the head of the HBUS's Payments and Cash 
Management Division. Why not just pick up the phone in 2003, 
call the CEO of HBUS or somebody in the HSBC Group and just 
raise hell? Why not do that?
    Mr. Gallagher. Well, certainly with----
    Senator Levin. I think you knew whoever was supposed to be 
taking care of it was not taking care of it.
    Mr. Gallagher. Yes. With the benefit of hindsight, that is 
exactly what I should have done, and I think we have all 
learned the lesson that we should have been louder sooner and 
more broadly in the organization.
    Senator Levin. Mr. Lok, let me ask you about Exhibit 
84b.\1\ You were the head of HBUS's global banknotes business 
that supplied physical U.S. dollars to financial institutions 
around the world. Some of your clients, to put it mildly, did 
not inspire confidence and were either opposed by HBUS's 
Compliance, the division there, or they sought to subject them 
to special anti-money laundering monitoring. But you often 
opposed those recommendations, and here are a few examples, 84b 
is one.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 84b, which appears in the Appendix on page 964.
---------------------------------------------------------------------------
    This is an email exchange in 2005. This was about whether 
to classify a particular HBUS banknotes client as a special 
category client (SCC), which means that is a high-risk client 
that undergoes additional scrutiny.
    HBUS Compliance described the foreign bank as one in which, 
``the bank's senior management and employees have been involved 
in numerous significant instances of corruption, fraud, and 
embezzlement over the past few years,'' and recommended that it 
be classified as a SCC.
    You responded as follows: ``Yes, corruption can be rampant 
in this bank, but it is not unique'' to that bank. So you 
opposed the SCC designation.
    Now, the HBUS compliance officer for banknotes, Daniel 
Jack, described a bank as ``government-owned, in a high-risk 
country with a politically exposed person,'' which is someone 
who requires enhanced due diligence, ``and reputational risk 
due to corruption, etc.'' This is now Exhibit 84a.\2\ And he 
recommended an SCC designation, and your response: ``. . . this 
is such a large bank hence malfeasance is expected.''
---------------------------------------------------------------------------
    \2\ See Exhibit No. 84a, which appears in the Appendix on page 958.
---------------------------------------------------------------------------
    ``However,'' you wrote, ``I do not agree that just on these 
numerous breaches that the bank should be classified.''
    So your position was that malfeasance is to be expected at 
a large bank so do not even bother to do additional anti-money 
laundering monitoring.
    And then Exhibit 82 \3\--this is from 2007--in this email 
chain, an HBUS banknotes colleague asks if you--and, Mr. Lok, 
we are referring to you--would be willing to help open a 
banknotes account for Islami Bank Bangladesh, which was partly 
owned by Al Rajhi Bank, a Saudi Arabian bank whose account was 
closed by HBUS in 2005 for terrorist-financing reasons, 
although in part in 2007, because of your urging, HBUS reopened 
that account.
---------------------------------------------------------------------------
    \3\ See Exhibit No. 82, which appears in the Appendix on page 949.
---------------------------------------------------------------------------
    Here is what you wrote: ``I am happy to be the relationship 
manager if this is an account worth chasing. How much money can 
you expect to make from this name?''
    And then when you were told the account would produce about 
$75,000 in revenues per year, you wrote: ``One, the money is 
there, and we should go for this account. Two, I will jump in 
and wear the [global relationship manager] hat.''
    So your test, apparently, for opening an account was, 
first, how much revenue it would produce, but what about the 
second test, Mr. Lok? What about a test is the bank involved in 
wrongdoing, whether it is terrorist financing, corruption, or 
malfeasance? Why weren't those factors enough for you to say we 
are not going to do it?
    Mr. Lok. Mr. Chairman, let me try to explain what had 
happened. Exhibit 84b,\1\ that was about classifying that 
particular client in China as a SCC. The thinking was China is 
a different country from a lot of other countries. It has its 
own characteristics. And this bank actually shared the same 
characteristics of the other big banks as well. So it is not 
one just on this particular bank. So my point at that time was 
if FIG, which is a unit within Compliance, wants to say that 
this should be SCC, that means the other banks should also be 
subject to the same rating.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 84b, which appears in the Appendix on page 964.
---------------------------------------------------------------------------
    Senator Levin. Well, why not all banks that, in your words, 
where corruption is rampant? Why shouldn't they all be subject 
to that rating?
    Mr. Lok. First of all, I have to apologize the colorful 
words I used that. It was not the appropriate----
    Senator Levin. Apologize to whom?
    Mr. Lok. Well, that email give the impression that I was 
very tolerant of this malfeasance. That is why I said that the 
word itself is not the right word to use.
    Senator Levin. I am afraid it was the right word to use if 
you believed it. Corruption was rampant at that bank. Did you 
believe it was rampant?
    Mr. Lok. Well, it is a very large organization. I think 
just like other organizations, when you have such a large bank, 
yes, there are bound to be cases of malfeasance.
    Senator Levin. You did not really mean what you said, that 
it was rampant? Is that what you are saying? At the time you 
wrote it was rampant and that it was not unique to that bank. 
So were you inaccurate in your email? Did you express what you 
believed at the time?
    Mr. Lok. At that time, yes, but I need to qualify that 
statement, which is the email came forward, I was overwhelmed 
by this feeling that if this bank were to have been SCC, that 
means the other banks need to be SCC. And at that time China 
was a country that the group itself looked at as a very 
important market. So I wanted to elevate the issue. That is why 
I copied my colleagues in London, bring in Group Compliance, 
take a look at this. That was what I was trying to do at that 
time.
    Senator Levin. What about your Exhibit 84a? \2\ Here you 
are recommending you proceed despite the fact that the 
compliance officer for banknotes, Daniel Jack, described this 
as a government-owned bank in a high-risk country with 
politically exposed persons that require enhanced due diligence 
and a reputational risk--that is to you, to your bank--due to 
corruption. And your recommendation was go ahead anyway. ``It 
is a large bank. Hence''--your word--``malfeasance is expected. 
I do not agree,'' you said, ``that just on these numerous 
breaches the bank should be classified''--in other words, given 
enhanced review.
---------------------------------------------------------------------------
    \2\ See Exhibit No. 84a, which appears in the Appendix on page 958.
---------------------------------------------------------------------------
    Did that reflect your view at the time? Did you believe 
what you wrote at that time?
    Mr. Lok. At that moment, yes.
    Senator Levin. OK. What about this Bangladeshi bank? When 
you said--all you seemed to be interested in is how much money 
will it make for us, how much money can we expect. Then $75,000 
in revenues. And then you say, ``We ought to go for it.'' You 
will be happy to wear the hat, the global relationship hat.
    You are head of the Banknotes Department, and when your 
employees see those kinds of remarks in your emails from their 
boss, what kind of an impact do you think it has on their 
willingness to consider compliance issues when deciding whether 
to open an account for a potentially lucrative but a high-risk 
client? What do you think the effect of those words are on your 
employees?
    Mr. Lok. Mr. Chairman, I agree that this is not portraying 
a right image, not giving the right message, looking at the 
message right now.
    Senator Levin. Senator Coburn.
    Senator Coburn. Just for the record, the email that Mr. Lok 
sent did not say it was rampant. It actually said ``can be 
rampant.'' And some of the realism of the world we live in in 
global commerce, if you take this particular bank--and this is 
not a defense, but if you look at their own bank in Mexico, I 
would tell you it looked like it could be rampant there as 
well. And I think that Mr. Thurston certainly found that, that 
corruption could be rampant in that.
    I think we have a better understanding, Mr. Chairman, of 
what went on. Someone taught me a long time ago that greed 
tends to conquer all technologic difficulties, and so we are 
about anti-money laundering. That is what this hearing is 
about. And it is not the accusation of illegality. It is the 
accusation of poor judgment and mistakes and not good line 
authority inside a very large and very successful organization.
    I would just say, one, I appreciate the candor of the 
witnesses today. It is a very difficult issue. I am still 
concerned even though Deloitte said there are 79 accounts they 
could not account for in terms of U-turns. I still think it is 
a difficult issue when the world is dealing with a terrorist 
state like Iran and we are allowing them the flexibility. So my 
hope is that we can learn some things, and I know HSBC 
certainly has, and I appreciate our witnesses' testimony.
    Senator Levin. Thank you, Senator Coburn. I think I read 
the email correctly. I will read it again. ``Yes, corruption 
can be rampant in this bank, but it is not unique to'' the 
bank.'' And so I think it speaks for itself. If I at one point 
said that he said it is rampant instead of, ``Yes, it can be 
rampant'' and ``it is not unique,'' then your quote is exactly 
right, and the one I just read I think is also exactly right. 
But there is not much difference between ``it can be rampant'' 
and ``it is not unique'' to what the point was of this question 
and Mr. Lok's answer.
    [Pause.]
    Senator Levin. We thank our witnesses, and, again, we 
appreciate the cooperation with this investigation of your 
bank.
    We are going to recess now until 2 o'clock. We thank our 
witnesses, and you are discharged.
    [Whereupon, at 12:34 p.m., the Subcommittee was recessed, 
to reconvene at 2 p.m., this same day.]
    Senator Levin. The Subcommittee will now come back to 
order.
    I would like to call our third panel of witnesses for this 
hearing, Irene Dorner, the President and Chief Executive 
Officer of HSBC Bank USA and HSBC North America Holdings in New 
York; and Stuart Levey, the Chief Legal Officer of HSBC 
Holdings in London.
    We welcome you both. We appreciate both of you being with 
us this morning. We look forward to your testimony, and we also 
want to tell you that we appreciate the cooperation of your 
bank. It has been consistently cooperative with us and we are 
grateful for that.
    Pursuant to Rule VI, all witnesses who testify before the 
Subcommittee are required to be sworn, so I would ask you both 
to please stand and raise your right hand.
    Do you swear that the testimony you will give before this 
Subcommittee will be the truth, the whole truth, and nothing 
but the truth, so help you, God?
    Ms. Dorner. I do.
    Mr. Levey. I do.
    Senator Levin. The timing system that we have will give you 
a red light after 5 minutes, but a minute before that it will 
shift from green to yellow to give you an opportunity to 
conclude your remarks. Your entire written testimony will be 
printed in the record. And we would, again, appreciate that you 
attempt to limit your oral testimony to 5 minutes each.
    Ms. Dorner, we will have you go first, followed by Mr. 
Levey, and then we will proceed to questions. But first, let me 
turn to Senator Coburn.
    Senator Coburn. Thank you. I privately greeted our 
witnesses and I would apologize. This afternoon, I will be in 
and out, but I will be here to ask my share of the questions. 
So if you are in the midst of your testimony and I leave, 
please forgive me.
    Senator Levin. Thank you very much, Senator Coburn. Ms. 
Dorner.

  TESTIMONY OF IRENE DORNER,\1\ PRESIDENT AND CHIEF EXECUTIVE 
 OFFICER, HSBC BANK USA AND HSBC NORTH AMERICA HOLDINGS, INC., 
                       NEW YORK, NEW YORK

    Ms. Dorner. Thank you, Chairman Levin and Senator Coburn. 
My name is Irene Dorner and I serve as President and CEO of 
HSBC Bank USA and HSBC North America Holdings, Inc. I have led 
the bank in the United States since January 2010.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Dorner appears in the Appendix on 
page 130.
---------------------------------------------------------------------------
    I fully appreciate why we are here and believe that the 
discussion about controls at global banks is an important one 
to have. We deeply regret and apologize for the fact that HSBC 
did not live up to our own expectations, the expectations of 
our regulators, our customers, our employees, and the general 
public.
    HSBC's compliance history as examined today is 
unacceptable. HSBC has learned some very hard lessons from the 
experience of the past few years, but we have taken very 
substantial steps to address the problems that we, our 
regulators, and this Subcommittee have identified. We have made 
fundamental changes in governance, culture, training, and 
funding to ensure that we can effectively deter illicit use of 
our bank in a manner that will be embedded and sustained going 
forward. The process is ongoing and requires vigilance.
    As you know, these issues and challenges do not end at the 
water's edge, so we are combining our efforts with reforms that 
apply throughout HSBC's global businesses, and I am joined 
today by our new Chief Legal Officer, Stuart Levey, who is here 
on behalf of the HSBC group, and who will describe HSBC's 
global compliance commitment.
    Given my experience working for HSBC in other parts of the 
world, I am cognizant of the risks and obligations that come 
with serving our customers who have a need for global banking 
services, and at an absolute minimum, we must have the proper 
controls and systems in place to ensure that we are doing the 
right business in the right places with the right customers and 
that our customers' transactions are properly monitored. If, 
for any reason, a transaction appears to be unlawful or 
suspicious, then we scrutinize the customer and report this 
information to the authorities in a timely manner.
    As the Subcommittee has documented, we have fallen short in 
a number of serious ways. In October 2010, the U.S. bank 
entered into a consent order with the OCC. With the full 
support of our board and of the HSBC group, I took the lead in 
overseeing our remediation efforts and we have taken 
significant steps.
    First, we have worked hard to foster a new culture that 
values and rewards effective compliance and that starts at the 
top. By the end of 2010, we had a new U.S. senior management 
team in place. We overhauled our AML compliance function, 
improving the quality, coverage, and strength of our AML 
program through additional staffing and training. We have 
increased spending in AML compliance nine-fold from 2009 to 
2011. And today, we have 892 full-time AML compliance 
professionals.
    Second, we have undertaken an enterprise-wide risk 
assessment and have exited customer relationships and 
businesses that do not represent acceptable manageable risks. 
This is an ongoing process and we continue to do a formal risk 
assessment twice a year.
    Third, we have made changes to our ``know your customer'' 
policies because proper KYC must be robust to be effective. We 
must know a significant amount about our customers to be 
satisfied that we want their business. Our new KYC policy 
delivers a critical look at each customer, including our own 
HSBC affiliates. We have also implemented a new customer risk 
rating methodology which takes a holistic view of customer 
risk. I chair the project to apply our new KYC standards to our 
entire customer base. Many of the changes we are making are 
being adopted as HSBC Global best practices.
    And finally, we have made significant investments in 
technology and we have built better controls around our 
automated monitoring system, although we recognize that there 
is more to be done. The intended consequence of these changes 
is to embed a new culture of responsibility, accountability, 
and deterrence within our U.S. bank. It has been my mission and 
the mission of my new senior team to make sure that compliance 
is on every employee's mind at every level in the organization.
    In closing, let me say that I do appreciate this 
Subcommittee's efforts to examine and improve the steps taken 
by industry and government to address these challenges and the 
recommendations you have made. We are committed to fulfilling 
our responsibilities in an effective and sustained manner.
    Thank you, and I am happy to address any questions.
    Senator Levin. Thank you very much, Ms. Dorner. Now, Mr. 
Levey.

  TESTIMONY OF STUART A. LEVEY,\1\ CHIEF LEGAL OFFICER, HSBC 
                 HOLDINGS PLC, LONDON, ENGLAND

    Mr. Levey. Thank you, Mr. Chairman and Senator Coburn. My 
name is Stuart Levey. I am the Chief Legal Officer of HSBC, a 
position I have held for the past 6 months. I am pleased to be 
here at the Subcommittee's request to participate in today's 
hearing, and I would also like to express the appreciation to 
the Subcommittee staff for its hard work and professionalism.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Levey appears in the Appendix on 
page 137.
---------------------------------------------------------------------------
    Some of the information discussed earlier today and in the 
Subcommittee's report is sobering. It highlights serious 
historical problems at HSBC, and we have not shied away from 
that. In fact, we have gone to great lengths to cooperate, not 
only to be helpful to you, but to help us diagnose the problems 
and identify solutions. We obviously have a great deal of work 
to do.
    I know from experience that it is critically important to 
our safety and security to stop illicit actors from gaining 
access to the financial system. At HSBC, we must do everything 
in our power to prevent that access through our bank and we 
embrace that responsibility. That is why we are taking action 
not only to address the specific deficiencies the Subcommittee 
identified, but also to implement a global strategy to tackle 
their root causes. This is a complex undertaking, given the 
scale of our institution and our multinational footprint. But 
if we get this right, it will make a difference.
    At the beginning of 2011, there was a transition at HSBC to 
a new CEO, Stuart Gulliver, and our new Chairman, Douglas 
Flint. Our new leadership team understands these challenges and 
they approached me to join them to help drive the necessary 
changes. My views on these issues were public and well known 
and HSBC's leadership wanted me to bring my experience and 
commitment to bear on their challenges.
    I would like to outline for you the path that we are on. 
First, beginning in January 2011, we have reorganized HSBC 
around four global businesses and 10 global functions. This 
means for the first time that the global head of a function, 
like myself, has authority over the operations and personnel of 
that function wherever we operate. This makes it easier to 
manage our risk globally. The historical decentralized 
corporate structure that concentrated authority on country 
heads has been replaced.
    Second, we have simplified our business model to make HSBC 
easier to manage. We are reducing our footprint and product 
lines. We have focused on selling and exiting non-core 
businesses, such as our global banknotes business. Over the 
past 18 months, we have sold or exited 31 businesses and are 
already withdrawing from nine countries.
    Third, we have elevated and strengthened the role of group 
compliance so it is now in power to set standards across the 
organization and has the necessary authority to ensure that 
those standards are enforced. Our new Chief Risk Officer, Marc 
Moses, is also providing fresh leadership in this area.
    Fourth, on April 30 of this year, our CEO issued a 
directive to the entire bank requiring adoption of high uniform 
standards across the firm. We are adopting a highest common 
denominator approach, applying everywhere the highest standard 
that we must apply anywhere. That will most often mean that we 
will be applying U.S. standards globally. This means that 
instead of the United States taking on risk from abroad, as you 
discussed in your opening statement, Mr. Chairman, instead, 
high U.S. standards will be exported globally, thereby 
promoting the integrity of the financial system.
    Among other things, that directive, or group circular 
letter, also requires that we maximize information sharing for 
risk management purposes and that we apply a globally 
consistent approach to knowing and retaining our customers. The 
CEO has also directed the Chief Risk Officer and me to co-chair 
a steering committee, on which Ms. Dorner also sits, to drive 
implementation of this new approach.
    We have already begun our work. For example, we adopted a 
new global sanctions policy. We ordered global application of 
the obligation to conduct affiliate due diligence. And we 
adopted a new risk filter to reduce and better control the 
business we do in any high-risk country where we operate. This 
is the process under which we decided to close the Mexican 
Cayman accounts that were discussed this morning.
    This is the beginning of the journey and we have a long way 
to go, and we agree with you, as you say in your report, that 
the burden of proof is on HSBC to demonstrate progress on these 
reforms.
    In addition, in 2011, our CEO introduced a new values 
program under which all senior executives are evaluated on 
whether they adhere to the bank's core values, including 
respect for compliance.
    In the end, sustainability of these reforms depends 
critically on the commitment of HSBC's top leadership. I have 
confidence because I know our board and senior leadership are 
committed to seeing these reforms through. We understand that 
this is something that absolutely must be done for the long-
term success of the bank.
    I appreciate the opportunity to speak to you today and I 
look forward to answering your questions.
    Senator Levin. Thank you very much, Mr. Levey.
    Let me start. We will have, I think, a 10-minute round.
    Senator Coburn. You may go 20 minutes.
    Senator Levin. OK. In 2003, HBUS was the subject of a 
formal enforcement order by its regulators at the time, the 
Federal Reserve of New York and the New York State Banking 
Department, and it required the bank to revise and revamp its 
AML program due to some very serious deficiencies. HBUS made a 
commitment at that time to correct the problems. And after 3 
years, in 2006, the Office of the Comptroller of the Currency 
(OCC), lifted the enforcement action despite a host of 
unresolved issues.
    Four years later, in 2010, the bank was right back in the 
soup, the subject of another enforcement action by its 
regulator, this time the OCC, requiring the bank to revamp its 
AML program due to severe deficiencies. And many of those were 
similar to the problems that had been identified in 2003, 
including many violations of Federal AML law, a backlog of over 
17,000 un-reviewed alerts regarding possible suspicious 
activity, failure to conduct any anti-money laundering 
monitoring of $60 trillion annually in wire transfer activity 
by customers domiciled in countries rated by HBUS as lower 
risk, and failure to conduct any due diligence of HSBC 
affiliates.
    Now, on April 30 of this year, the HSBC group, as you have 
testified, issued a new group-wide policy that applies to all 
of its affiliates around the world, and that is Exhibit 2b.\1\ 
Now, this group circular letter requires all HSBC affiliates to 
meet the most stringent standards anywhere in the group, and it 
states that, ``The bank and its affiliates will adopt and 
enforce the adherence to a single standard globally that is 
determined by the highest standard that we must apply anywhere. 
Often, this will mean adhering globally to U.S. regulatory 
standards. But to the extent another jurisdiction requires 
higher standards, then that jurisdiction's requirements must 
shape our global standard.''
---------------------------------------------------------------------------
    \1\ See Exhibit No. 2b, which appears in the Appendix on page 583.
---------------------------------------------------------------------------
    That new policy statement could be a groundbreaking 
commitment that will force the entire HSBC network to improve, 
and I hope it does. I understand, Mr. Levey, that you are co-
chairing a committee--you have just testified about that--aimed 
at implementing the new group circular letter.
    But here is what HSBC said in 1993. ``Group members should 
comply with both the letter and spirit of all relevant laws, 
codes, rules, regulations, and standards of good market 
practice in each jurisdiction around the world where they 
conduct business.''
    The 2012 and the 1993 compliance policy statement have good 
sentiments and they sound very similar in a lot of regards. 
They promise the bank will adhere to high standards, and as I 
have said before, commitments and promises are welcome. But 
accountability for previous failures and conduct that has 
already taken place is essential as a deterrent, and it is that 
accountability that has been missing.
    My first question is the following, and either one of you 
can answer. Let me try you first, Ms. Dorner. Do you agree that 
given past commitments that have not been kept that the bank 
has a heavy burden of proof that they mean what they say, or 
you mean what you say, both as to changing behavior and as to 
changing the culture?
    Ms. Dorner. Thank you, Mr. Chairman. I can entirely 
understand these concerns. It is quite clear that we have had 
failures in the past, which we deeply regret, and I would agree 
that we have some way to go to regain the trust of our 
regulators and of yourselves on this Subcommittee.
    Senator Levin. Thank you.
    Exhibit 71d \2\ is a chart which was prepared by an outside 
auditor at HBUS's request. It lists accounts that are held by 
HSBC affiliates in the United Kingdom and Hong Kong for banks 
in rogue regimes subject to U.S. sanctions, such as Iran, Iraq, 
North Korea, and Sudan, a total of 55 suspect banks with U.S. 
dollar accounts made possible by the HSBC affiliates' 
correspondent accounts at HBUS.
---------------------------------------------------------------------------
    \2\ See Exhibit No. 71d, which appears in the Appendix on page 923.
---------------------------------------------------------------------------
    Basically, how could HSBC affiliates accept such clients 
and do you know whether HSBC told HBUS that it was servicing 
these type of clients?
    Ms. Dorner. Mr. Chairman, clearly, this predates my tenure 
of being in the United States and so I cannot comment 
specifically on this. I can tell you now that HBUS does not 
hold accounts for any of these names.
    Senator Levin. Thank you.
    One of the accounts that was in an HSBC affiliate is a U.S. 
dollar account for an Afghan bank on the SDN list from October 
of 1999 through February 2002. It was on the SDN list because 
of its ties to the Taliban. It is incredible to me that an 
affiliate of HSBC, an affiliate which is located in the United 
Kingdom, could even consider owning an account for a Taliban-
affiliated organization and continue the relationship after the 
September 11, 2001 attack.
    Now, there is another extraordinary example here, as well, 
and that is Exhibit 50d.\1\ That is an exchange of emails in 
2008 between HSBC employees in the U.S. and the Cayman Islands. 
An AML compliance officer at HBUS received an inquiry from OFAC 
regarding a trust account in the HSBC Cayman affiliate which 
was administered by HSBC Geneva and which had been established 
to benefit a well-known international terrorist named Rami 
Makhlouf. He is from Syria. The exchange is stunning, if you 
will take a look at this one.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 50d, which appears in the Appendix on page 823.
---------------------------------------------------------------------------
    The Internal Control Officer for Compliance in the Cayman 
Islands admits that the trust for Makhlouf exists and the 
Cayman affiliate is the trustee. In a subsequent email, she 
informs the HBUS AML officer that a year earlier, in 2007, 
concerns about this client were raised and the relationship was 
viewed at the group level, which decided to maintain it. In 
other words, people at HSBC headquarters made a conscious, 
knowing decision to maintain the account for the benefit of an 
international terrorist.
    So how is it that HSBC Geneva or its Cayman affiliate, or 
any affiliate in the HSBC system, could have maintained a trust 
benefitting a terrorist or gotten permission from group 
headquarters to service such an individual, and if you wish to 
comment, as well, on that account that was being held for a 
Taliban-affiliated organization, you can do so at the same 
time. Ms. Dorner.
    Ms. Dorner. Mr. Chairman, I am afraid I am not able to 
assist you on the account for Mr. Makhlouf because he is not a 
customer of HBUS and I am not acquainted with this chain of 
events.
    Senator Levin. Could you become acquainted and then give us 
your comment for the record?
    Ms. Dorner. I can look at the chain of emails, yes.
    Senator Levin. Will you do that?
    Ms. Dorner. I can do that.
    Senator Levin. OK. Mr. Levey, do you have a comment?
    Mr. Levey. Naturally, this is long before my tenure. I do 
know who this individual is. He is someone that we designated 
when I was in the government. He was designated in 2008, I am 
pretty sure, under the sanctions program by the United States. 
I do not think this is the kind of thing that we need to 
change. I do think this is the kind of thing that we need to 
change.
    Senator Levin. You made reference to your service with the 
U.S. Government. If I remember, you were the Under Secretary of 
the Treasury for Terrorism and Financial Intelligence. Do I 
have it right?
    Mr. Levey. Yes, sir.
    Senator Levin. How would you have reacted if you knew that 
HSBC was engaged in such a practice and that an HSBC affiliate 
knew of the HSBC account and did not report it?
    Mr. Levey. I think that would be unacceptable.
    Senator Levin. Would it not be even stunningly 
unacceptable? I mean, a lot of things are unacceptable. But on 
degrees of unacceptability, is this not kind of shocking?
    Mr. Levey. I am not going to quarrel with you, Senator. Of 
course, this is exactly the kind of thing, I should say, that 
we are trying to change, where we are trying to make important 
compliance information mandatorily shared to compliance 
officers around the world. This would be the kind of thing that 
would, in my view, fall into that category.
    Senator Levin. Senator Coburn.
    Senator Coburn. Thank you.
    Ms. Dorner, as I understand from the report, you arrived to 
run the U.S. affiliate or the U.S. organization in 2010 and 
were handed a pretty good sized mess. But why, irrespective of 
these challenges, does HSBC choose to have a presence in the 
United States in the first place? I mean, what is the value to 
HSBC? You are in all these countries. You are worldwide. What 
is the value? Why are you here?
    Ms. Dorner. Senator, that is a great question. This is a 
terrific place to do business. There are more than 10,000 U.S. 
headquarters of international companies based here in the 
United States. We, as an international bank, it is our business 
to help our customers realize their aspirations. And so we have 
many United States companies who want to grow internationally 
and they use us and we help them to do that. We connect them 
with international business.
    And then there is incoming business, and, of course, as you 
know, we do have businesses in other parts of the world, and I 
am thinking particularly here of Asia and emerging markets, 
where many companies wish to do business and wish to invest in 
the United States. And it is the role of HSBC as an 
international bank to facilitate that. The United States is the 
biggest trading Nation in the world. It is a massive 
opportunity.
    Senator Coburn. So given the mess you have had and what you 
have seen, the consequences, both financial and from a business 
standpoint, as a result of the consent order with OCC, would 
you outline what the impacts have been on your organization, 
the latest consent order?
    Ms. Dorner. The latest consent order has had a massive 
impact. Clearly, it happened just after I arrived, and I can 
tell you that what we have done is that we have changed the 
senior management here in the United States. We have changed 
our General Counsel. We have changed our Head of Compliance. We 
changed our AML Director. We have had a top-to-bottom overhaul 
of the way that we actually do AML compliance. We are burning 
the bridges to make sure nobody can get back to the way it was 
before. We have new governance in place. We have new 
structures. We have new policies.
    But actually, the processes and the policies are never 
enough. This is actually about the people. And so it is my job 
to make sure that the right way down the whole organization, 
the DNA of HBUS, we actually get compliance on the front foot 
in everybody's mind.
    And in terms of fixing it, that is what CEOs do. I am 
clearly absolutely committed to fixing this. But the reality 
is, the change that will take place and is taking place is that 
this has to be fixed for the future. This has got to be BAU. So 
business as usual is not just about fixing the consent order. 
It is driving this through into the future as a full-scale 
remediation that will last.
    Senator Coburn. So you put all these steps forward and all 
these changes, but the real thing that you have to change is 
the culture.
    Ms. Dorner. That is correct, Senator.
    Senator Coburn. So how are you doing that? I mean, you have 
outlined the steps, but where is the leadership that is going 
to change the culture? Where is the example so far since you 
have been there changing the culture? When somebody has 
violated some of these policies, what has been the consequence? 
The only way you change a culture is if everybody in the 
organization sees when you violate the core values of the 
institution that there is a consequence.
    Ms. Dorner. Senator, I can tell you unequivocally since I 
have been here that I have fired people for not complying, that 
I have clawed back in terms of future remuneration, and I have 
reduced compensation. Of course, that is the negative side of 
things. Equally, we have celebrated success. We have examples 
of compliance officers who have been put onto our Internet to 
show people that this is where it is at that they should be 
looking at, these kind of standards to drive the way that we do 
business. It is quite clear that we need to make further 
changes. There is never enough done. We can always improve. But 
this has got to be on everybody's lips, from top to bottom of 
the organization.
    And I would just say that one of the big changes that has 
helped me in this is that this group has changed in terms of 
how it wishes compliance to be viewed, and compliance now has a 
control function role within the whole group. And so I am 
totally supported by the HSBC group in this and by the HSBC 
group's senior management.
    Senator Coburn. OK. I just have one more question for you. 
You mentioned the changes you made to ``Know Your Customer'' 
policies have enabled you to make better decisions about 
whether a customer fits your risk appetite. Would you describe 
what your risk appetite is at HSBC or HBUS?
    Ms. Dorner. I can do that. I think that the thing about 
risk is it has to be taken at the highest level. You are trying 
to find the right customer, and so it is about understanding 
customers' business, where they do business, why they do 
business, and what they want to do with us. And, therefore, 
when you put a KYC process in place, those are the things that 
you are looking for throughout, and not only are we looking for 
that in our future customers, we are actually remediating the 
existing customer base we have to make sure that the customers 
that we already have fit within the risk appetite that we have. 
And I can tell you now that we have exited, as a result of 
rolling out this remediation, in the order of 14,000 customers 
because they simply did not fit our risk appetite.
    Senator Coburn. OK. Thank you.
    Mr. Levey, this was a 300,000 person organization. You have 
an impressive resume, but there is just one of you. And you 
have entered into an organization that has an admittedly poor 
record and presumably a poor culture for compliance to match 
that poor record. When you leave here today and resume business 
as usual, go back, what is going to be the impact of a hearing 
like this or a meeting with the government like this in terms 
of how it affects the bank, the bank operations, the structure, 
and the culture?
    Mr. Levey. Well, Senator, I can assure you that the top 
leadership of this company is very focused on your report, on 
this hearing, on all the information that has been developed in 
the course of this investigation. In fact, it was not just when 
the report was issued or we were coming to testify today that 
there was engagement from the top. As I said, the change began 
when the new CEO took office at the beginning of 2011 and they 
reached out to me soon thereafter to ask if I would come and 
help drive the change that they were pursuing.
    I believe that the culture and the tone at the top is 
excellent. We have risk management meetings where the top 
executives of the firm sit around the table and we share the 
information in ways that apparently did not happen as robustly 
before and make the kinds of decisions that are necessary for 
controlling these sorts of risks.
    I believe that this whole experience is one in which, as 
our CEO has said, we are going to be judged by how we respond 
to this sort of adversity, and he is absolutely committed to 
getting this right--in large part, because we think it is 
critical to our success. If we are going to be a successful, 
the leading international bank, which is our aspiration, we 
have to be successful at this. We have to lead in this area, as 
well.
    Senator Coburn. Is there a conflict within your board to--I 
am trying to think of the best way to phrase this--compliance 
here does not necessarily have to be difficult, but it has to 
be right, and there are some variables that affect that. How 
well do the regulators do? Are they fair? But are they trying 
to do the right thing, not just be right? Is there a conflict 
or tension between the potential, as Ms. Dorner outlined, of 
being a global bank with a large number of multinational 
countries here, and the cost of compliance, because I actually 
see that is where things really went awry. How do you manage 
that tension so that when they are looking--if this is a great 
business opportunity for HSBC, is this too much of a compliance 
hurdle or cost given the potential capital appreciation 
opportunities for your organization?
    Mr. Levey. Senator, I do not believe we view this as a 
tension or a tough call. We are going to have to get this 
right, whatever it takes to get this compliance in order. I do 
not think there is any ambivalence about that on our board. And 
we view it as our responsibility--quite aside from the 
regulators, candidly--it is our responsibility to get this 
right and we appreciate the help we have had from the 
Subcommittee and the recommendations, but we have--it is our 
responsibility to look at those and improve and also identify 
the improvements ourselves that we need to make.
    Senator Coburn. With the changes that Ms. Dorner has put in 
and with your expertise, is it your opinion that not only will 
you be better in terms of compliance, but you will be a better 
organization and a more profitable organization as a result of 
it?
    Mr. Levey. I agree with that entirely, Senator. I think 
that there is no conflict in the long run between those two 
things. Being compliant, having the right controls in place, is 
in our long-term financial interest.
    Senator Coburn. Thank you, Mr. Chairman.
    Senator Levin. I want to go back just for a moment to that 
situation with the Syrian terrorist. There was an inquiry from 
OFAC. We want to start with that. It was an inquiry regarding a 
trust account in the HSBC Cayman affiliate that was 
administered by HSBC Geneva. What happened then is that an AML 
officer at HBUS--and this, again, is Exhibit 50d \1\--an AML 
officer at HBUS wrote the following, ``that we have determined 
that accounts held in HSBC Cayman are not in the jurisdiction 
of and are not housed on any systems in the United States. 
Therefore, we will not be reporting this match to OFAC.''
---------------------------------------------------------------------------
    \1\ See Exhibit No. 50d, which appears in the Appendix on page 823.
---------------------------------------------------------------------------
    So HBUS knew the account existed, knew that there had been 
a request about this account from OFAC, knew that an HSBC 
affiliate maintained it, but was not going to get that 
information to OFAC based on this jurisdictional line. In 
effect, what the AML official decided to do is to use the 
affiliates' separate entity status as a reason to not report a 
Syrian terrorist's HSBC account to OFAC.
    So we have HSBC crossing international lines to establish 
and service the trust, to protect its assets, and to facilitate 
Makhlouf's transactions. And this is 2008, by the way. And yet 
they rely on that technicality not to report the information to 
OFAC.
    And so my question to you folks is, if this same thing 
happened today, would you get that information to OFAC?
    Mr. Levey. Mr. Chairman, I am--obviously, this is, again, 
several years before I arrived. I do not know the details of 
what happened here. What I can tell you is that one thing we 
have done that would handle this kind of situation is that we 
have now adopted a global sanctions policy so that anyone who 
is designated by OFAC will be--we will search across the entire 
bank in all jurisdictions and all currencies to ensure that we 
catch all those situations and either freeze accounts if we are 
permitted to, because in some--if it is a U.S.-only 
designation, we may not be able to freeze the account--or exit 
or reject transactions. I am not in a position to go into the 
details of transaction.
    Senator Levin. Well, I think you have answered the 
question, without going into details. You are saying that, 
first of all, every affiliate is going to apply the same catch 
mechanism. So, presumably, they would have caught this.
    Mr. Levey. Yes. What I do not know----
    Senator Levin. If it would have been caught by HBUS, it 
would have been caught by Cayman.
    Mr. Levey. Right.
    Senator Levin. Right? OK. Presumably.
    Mr. Levey. Presumably, yes.
    Senator Levin. It should be.
    Mr. Levey. What I do not know is when Rami Makhlouf was 
actually designated. I do not have the date in my head.
    Senator Levin. Well, putting aside that, the question is, 
presumably, it will be caught by the same mechanism being 
applied in every one of your banks, wherever they are located. 
My question, though, is if for some reason it fails and if one 
bank knows that information is being sought by OFAC, will it 
make sure that the information is provided?
    Mr. Levey. Again, my view on this would be that we would 
give to any government as much information as we are legally 
permitted to do when we had a valid request. So I cannot tell 
you whether there will be some legal restriction, but we would 
do everything we could to get them the information.
    Senator Levin. Well, when you say what you are legally 
permitted to do, were you legally permitted by the Caymans, by 
their law, to provide this? Do you know, Cayman law will not 
allow this. They are a secrecy jurisdiction.
    Mr. Levey. I do not know, Senator.
    Senator Levin. Well, but you need to find out.
    Mr. Levey. Will I find out?
    Senator Levin. Are you going to be bound by a secrecy 
jurisdiction's law that says you cannot share that information, 
or are you going to be carrying out your commitment here that 
you are going to treat all of your affiliates as though they 
are in one place globally and you are going to respond to law 
enforcement with their request? I mean, if you are going to 
say, if legally permitted by the Caymans or by any other 
country, you have tax havens, and so forth with secrecy 
jurisdictions, Caymans being one of them. Are you bound by 
that? Are you going to work with law enforcement or are you 
going to be bound by Caymans?
    Mr. Levey. We are going to do everything we can to 
cooperate with law enforcement.
    Senator Levin. Well, you say, though, that if it is legally 
permitted. That is your hedge word. U.S. law binds you to 
report to OFAC. What are you going to do, live up to Cayman law 
or U.S. law?
    Mr. Levey. I do not know if there would be a conflict 
there.
    Senator Levin. There is. Assume there is.
    Mr. Levey. If there is, we do everything we can to get it 
to OFAC.
    Senator Levin. To comply with U.S. law?
    Mr. Levey. Yes.
    Senator Levin. Now, sharing information across 
international lines is not just an ancient problem at HSBC, it 
is still a current problem, and I am going to give you what has 
happened recently involving this Subcommittee. In 2010, in a 
hearing before this Subcommittee, we reviewed an incident in 
which an HSBC affiliate in the Bahamas was asked to open an 
account for the Central Bank of Angola. Email exchanges 
obtained by the Subcommittee made it clear at that time that 
the Angolan Central Bank wanted to use an offshore secrecy 
jurisdiction--that is the Bahamas--to hold its funds in order 
to avoid court orders that might lead to a freezing of its 
funds. At the 2010 Subcommittee hearing, I asked HSBC if the 
account was ever opened, and not surprisingly, HSBC refused to 
answer, citing jurisdictional constraints.
    Last week, HSBC informed us that the account had been 
opened and was opened at the time of our 2010 hearing, but that 
it was closed 45 days ago. HSBC also revealed that the only 
reason it could provide that information to the Subcommittee 
was because HSBC had received permission from the Central Bank 
of Angola. HSBC Bahamas could not release it to HBUS without 
the client's permission, so that is the problem with what you 
are telling us today. It is the problem with HSBC's word, the 
subject of being legally permitted, that description, which is 
a real big loophole, and it is a problem with other 
international banks.
    The international banking system established a financial 
system that enables them to facilitate financial transactions 
and move around the globe across jurisdictional lines in a 
matter of seconds, but when it comes time to sharing critical 
information with U.S. authorities about clients and their 
accounts and transactions, then things begin to grind to a halt 
and banks point to jurisdictional rules and local laws, 
sometimes using that argument disingenuously. But putting that 
aside, that is the reason given by HSBC not to share that 
information.
    Now, in the most recent group-wide policy, your GCL, on 
April 30, you say that you will ``maximize the sharing of 
information for risk management purposes amongst group 
companies and amongst global businesses and functions.'' You 
have noted that HSBC is going to maximize the sharing of 
information to ``the extent permitted by laws.'' And that, 
again, is the rub.
    What policies are you going to enact or implement to ensure 
that you provide law enforcement and governmental officials in 
this country which has given HBUS a charter--rather than using 
jurisdictional constraints as the excuse to avoid sharing 
information, what are you going to do with your new rules and 
regulations to make sure that this government and the proper 
authorities are given information upon request?
    Mr. Levey. Mr. Chairman, as you indicate, we have committed 
within the company in the GCL to maximize the sharing of 
information for risk management purposes among our companies 
and functions. We have decided that is the value that we are 
going to pursue, which is that we need to share information. I 
think your report highlights the serious consequences that 
occur when we do not.
    We have also decided through this policy that when there 
is--we are going to do everything we can to share information 
across borders. We have found, as you indicated in your 
question, that sometimes the secrecy jurisdiction was being 
used as a comfort, in a way. Well, no, we cannot share the 
information because of the jurisdictional rules.
    It is my job as the Chief Legal Officer to look at that, 
right, and to try to work that out and make sure that we are 
not using it as an excuse. But in the end, of course, we have 
to abide by the law wherever we operate. That is true of any 
multinational company. All we can commit to do is--whenever 
there is any discretion, to exercise it in favor of sharing 
information. I do not know that we can do more than that or 
that any multinational organization can do more than that.
    Senator Levin. Senator Coburn.
    Senator Coburn. Ms. Dorner, in how many locales does HSBC 
now have operations that have such agreements as the Bahamas? 
In other words, what percentage of HSBC's locations throughout 
the world are tax havens or isolated places where 
jurisdictional differences preclude the sharing of information?
    Ms. Dorner. I am sorry, Senator. I cannot actually put a 
number on that for you.
    Senator Coburn. We have seen changes in Liechtenstein, for 
example, from pressure from this Subcommittee and others, where 
they have actually changed their laws. But could you get that 
to us?
    Ms. Dorner. I am sure that we could. I think it is fair to 
say that all countries have privacy rules of one sort or 
another.
    Senator Coburn. I understand, but we are talking about 
those countries that have privacy rules intended to not be 
transparent in the commission or the suppression of information 
that may or may not be, in fact, in the best interest of the 
global economy as a whole and may be associated with illicit 
activity.
    Ms. Dorner. I understand. I am sure we could do that.
    Senator Coburn. Thank you.
    Do you know of any history in your experience where a bank 
charter has been pulled for cross-jurisdictional violations or 
what was perceived as a violation, but what was also perceived 
as in the best interest of your company as a whole or in the 
best interest of transparency in terms of fighting illicit 
activity?
    Ms. Dorner. I am not aware of any.
    Senator Coburn. OK. Thank you.
    Back to Mr. Levey just for a minute. Do you believe there 
is sufficient oversight of the affiliates that make up the 
group compliance right now in your organization?
    Mr. Levey. I think we are on the path to getting there, 
Senator, but I do not think I can sit here today and tell you 
that we are at the end of the road. I think we are at the 
beginning of the journey and we do have our work cut out for 
us, but we are on the right path.
    Senator Coburn. As I said, I believe you have the best of 
intentions. This is not to question the new management at all, 
but I think some questions need to be asked. Do you know of any 
affiliates now that are not complying with the set standards?
    Mr. Levey. Senator, I do not have knowledge of such a 
thing, but I also cannot sit here and tell you I am comfortable 
with the scope of this whole----
    Senator Coburn. One further question along that line. If 
today you found out an affiliate that was not in compliance, 
what are the consequences?
    Mr. Levey. The consequence is they would have to improve 
immediately, and the new thing, though, is that information 
would be shared with all other affiliates so that Ms. Dorner 
here in the United States would not be blind to it in the ways 
that we saw in the examples in the report.
    Senator Coburn. You have powerful experience in the 
government and now applying that in the private sector. Do you 
have a recommendation for Senator Levin and I in terms of what 
we could do to make us both more effective, less burdensome, 
and more efficient as--even though you stated it is in your own 
best interest to be compliant, the point is, are there ways 
that we can help do that in a more efficient way that gets a 
better result.
    Mr. Levey. I have to say, that sounds like a dangerous 
question. I did not come here to give you recommendations.
    Senator Coburn. I have a reputation of being a straight 
shooter. I am asking that because I really want to know. I 
actually like to try to fix what is wrong with government 
rather than pile on another program that is supposed to do the 
same thing that is going to fail again. So if you would like to 
think about that and shoot me a short note, I would love to 
hear from you, but that was not meant in jest or as a trap----
    Mr. Levey. No, I did not intend that.
    Senator Coburn. It is my intent to try to make government 
work, and too often, it does not. Having been on both sides of 
the wall, you have a perspective that not many people have and 
I think you could offer us lots of suggestions on how we might 
be better at what we are doing, much like we have made 
recommendations in our report.
    Mr. Levey. Well, I appreciate that, Senator. Of course, we 
have a lot to do to fix ourselves, but I do think that there 
are ways in which the sharing of information, which is the key 
here, right? The sharing of information is the key to these 
kinds of controls being effective and there are ways to improve 
that. There are changes that can be made in the way governments 
share information with the private sector and in which the 
private sector shares information amongst itself. That is 
ultimately what needs to be done. If we are going to really get 
these illicit actors, we are going to have to have better 
visibility. But I would be happy to try to follow up.
    Senator Coburn. Thank you. Which would mean you need better 
information from us on illicit conduct. You need a more robust 
PATRIOT ACT in the areas of this illicit conduct. And you also 
need access to beneficial ownership information from us.
    Mr. Levey. I agree with all of that.
    Senator Coburn. OK. Thank you. Mr. Chairman, I yield back 
to you.
    Senator Levin. I want to go back to the question about an 
affiliate that does not share information with you because of a 
local law that says that secrecy is the order of the day. These 
are the secrecy jurisdiction entities, and Ms. Dorner, I guess 
you are going to give us how many of those jurisdictions there 
are affiliates in, is that correct? You were asked to do that 
and you are going to give us that for the record, I believe.
    Now, you are committed to do a whole bunch of things. You 
are going to police the HSBC affiliates that use your accounts. 
You are going to audit so-called cover payments sent by HSBC 
affiliates to see if they are circumventing the OFAC filter. I 
think you prepared in your new approach to look at affiliates' 
internal audit findings to look for those with weak AML 
controls. I think you were just asked by Senator Coburn, what 
are you prepared to do if an affiliate does not provide 
information to you or to a law enforcement entity in a country 
that you have a charter, the United States.
    I guess one of the ways you could enforce it would be to 
deny a U.S. correspondent account to an affiliate. Do you know 
whether or not that has ever been done? Has HBUS ever said no 
to an HSBC affiliate?
    Ms. Dorner. The direct answer to your question is no, we 
have not. But we now have KYC at a level for all of our 
affiliates that we use for third parties and I can assure you 
that in the event that one of our affiliates did not pass the 
KYC as it stands now, I would have no hesitation in not opening 
an account or, indeed, closing an account.
    Senator Levin. And what about if they do not share 
information with you? That was the question which I believe 
Senator Coburn was asking. Is not one of the remedies you just 
simply say, we are not going to let you have a correspondent 
account with us?
    Ms. Dorner. The same rules would apply for any third party. 
If we asked for information and did not get it, we would close 
the account.
    Senator Levin. But you will apply that test to an 
affiliate?
    Ms. Dorner. We would.
    Senator Levin. OK. Talking about secrecy jurisdictions and 
beneficial owners, I think you and I talked about this issue 
before, but let me get you on the record in this setting, Mr. 
Levey, and that is should the U.S. Government get the 
beneficial ownership information for U.S. corporations?
    Mr. Levey. I believe so, Mr. Chairman, and it would also be 
helpful to banks--it would be helpful to us so that we could 
better know our customers because, as you know and you probably 
better than anyone, this is one of the obstacles that we 
sometimes face.
    Senator Levin. That is very helpful and we will be sure to 
be quoting you for that in different places. [Laughter.]
    I want to talk to you both about bearer shares. Bearer 
share corporations, so-called, are notorious vehicles for money 
laundering and for other illicit activity because they provide 
anonymity through assigning legal ownership of the corporation 
to whoever has the physical possession of its shares. There is 
no paper trail. There is no way of knowing who owns those 
corporations, just the way there is no way of knowing who is 
the real beneficial owner of a bank account unless we require 
people owning the accounts to tell us who the beneficial owners 
are.
    But at times over the last decade, HBUS maintained over 
2,000 bearer share accounts despite warnings by internal 
auditors and outside regulators that the accounts posed high 
money laundering risks. Internal bank documents show the 
account owners deliberately pressured the bank to help hide 
their identities, and Exhibit 95 \1\ is one example of that, of 
a phone conversation between a man named Mauricio Cohen and an 
HBUS banker in Miami. I made reference to that in my opening 
statement.
---------------------------------------------------------------------------
    \1\ See Exhibit No. 95, which appears in the Appendix on page 1062.
---------------------------------------------------------------------------
    I know that HBUS has reduced the total number of bearer 
share accounts, and I guess my question is why have any?
    Ms. Dorner. Mr. Chairman----
    Senator Levin. Could I interrupt your answer, and forgive 
me for this. I want to just read one thing to you before you 
answer, and that is what the World Bank has had to say about 
these bearer share accounts in its report last year. It said 
that no bank with any sort of due diligence standards is 
willing to conduct business with a company that has free-
floating bearer shares. That is what the World Bank said. So, 
now, please.
    Ms. Dorner. Thank you, Mr. Chairman. Entirely understand 
the concern with bearer shares, a matter of great concern to 
me. It is always very important for us to know our customer. We 
have changed our policy here in the United States. We have 
toughened it up. We do not really want to do this business. To 
the extent we do it at all, it is going to be done under very 
limited circumstances, only when we can hold the shares 
ourselves or get them into a custodial agent that we know so 
that we can actually understand the movement of the shares.
    I think that because this is such a matter of general 
concern, the group--we are considering, or the new Group 
Standards Committee, on which I sit with Mr. Levey, they are 
looking, or we are looking at the U.S. policy with a view to 
extending that around the world.
    Senator Levin. OK. That is really a step forward.
    Another issue that I raised in the opening statement was 
HBUS's willingness to clear suspicious bulk travelers' checks 
for foreign banks. From 2005 to 2008, on a regular basis, HBUS 
cleared up to a half-million dollars or more a day in bulk 
travelers' checks from the Hokuriku Bank of Japan. They 
routinely arrived in large stacks of sequentially numbered 
checks signed and countersigned with the same signature, which 
was unreadable. HBUS found that the Japanese bank could not 
provide any ``know your client'' information or explain why two 
dozen of its customers were often depositing large stacks of 
U.S. dollar travelers' checks all purchased from the same bank 
in Russia, allegedly for the used car business people.
    Now, this was under OCC pressure. HBUS stopped clearing the 
travelers' checks in 2008, but it kept open the correspondent 
account despite that Japanese bank's poor AML controls, and in 
less than 4 years, HBUS provided over $290 million in U.S. 
dollars to a Japanese bank for the benefit of unknown clients 
dealing with unknown Russians who, again, were allegedly in the 
used car business.
    So I guess the real question is, would that happen again? 
Would that correspondent account be kept open again under your 
new rules?
    Ms. Dorner. Mr. Chairman, first, may I say I entirely 
understand the issue with travelers' checks and I have asked 
the AML Director immediately to do a full review.
    As regards Hokuriku, they failed our new KYC standards in 
2012, which is why we have closed the account, and I have now 
exited, or we have now exited 326 correspondent banking 
accounts since we instituted the new KYC procedures. And, 
therefore, I would hope that we would close any bank such as 
this because they would fail the new KYC procedures.
    Senator Levin. A number of money laundering problems 
identified by the OCC in 2010 related to inadequate monitoring 
for suspicious activity. Among other problems, the failure to 
monitor for suspicious activity for the $60 trillion in wire 
activity, failed to monitor the bank notes accounts held by its 
affiliates, used poor procedures to identify who could get 
enhanced monitoring, and a backlog of alerts that were not 
reviewed, and the OCC provided several pages of criticism 
related to the weak parameters that the bank used to review 
wire and account activity.
    Now, one of the key provisions in that cease and desist 
order of the OCC in 2010 required HBUS to install a new AML 
monitoring system to replace its old one, called CAMP. The new 
one is called NORKOM, I believe, and the bank is supposed to 
ensure that it has useful parameters to identify potentially 
suspicious activity for review. Can you tell us whether or not 
that effort has been completed and whether you have fully met 
the requirements of the cease and desist order with respect to 
a new AML monitoring system?
    Ms. Dorner. Thank you, Chairman. The whole point about the 
system, and this is, I know, why you are interested in it, the 
whole point about installing a system is it has to be 
absolutely fit for purpose. It absolutely has to fit the 
parameters of the business. It must identify the correct risks. 
And we must be able to monitor it.
    We have installed NORKOM. It has been a huge investment. I 
would be the first to say that with all systems, as usual, 
improvements can always be made, and it has been pointed out to 
us that there are two ways that we need to improve this system. 
We entirely agree. We are on the front foot. We are taking 
these as a priority and we will fix it. I would imagine that we 
will be improving this system going forward forever because 
there are always new ways to fix these systems in such a way 
that they can deter illicit actors.
    Senator Levin. As I understand the history here, when this 
was not working properly by the deadline of 180 days, rather 
than seeking an extension of the 180 days, the implementation 
plan was modified and then ended up in noncompliance with the 
consent order. Is that accurate?
    Ms. Dorner. There are two MRAs that have been raised and 
they are very technical. They are very important because they 
are about the validation of the model and we will have to fix 
those two things. To the extent that the OCC have raised other 
issues, we have replied in full and I believe that you have a 
copy of that letter.
    Senator Levin. Is there a new deadline?
    Ms. Dorner. There is not, to my knowledge, a deadline as 
such, but it is closely monitored and we are in day-to-day 
contact, literally, with the OCC, who are clearly very 
interested in getting this fixed.
    [Pause.]
    Senator Levin. OK. We have a vote on now, and I think what 
we will do is we will release this panel. We sure hope that you 
are going to carry out the commitments which have been made by 
this bank because our report raises just a lot of serious 
issues about international banking and this particular bank. 
Again, the bank has been cooperative, but we hope this 
visibility will actually help reform efforts at the bank.
    Again, as I have said a couple of times this morning, we 
welcome the commitments. We welcome the apologies. It is the 
change in culture and actions which are critical. But there is 
that nagging question of accountability which others are going 
to have to judge. We are not in the prosecution business here. 
We are in the oversight business. Others will have to judge the 
accountability issues. But it has been significantly missing, 
not just in this situation, but generally in a whole lot of 
other banking situations and other situations in modern times. 
We hope that, somehow or other, the hearing and the 
investigation will also lead to some greater accountability.
    But we will now release you and thank you.
    Ms. Dorner. Thank you very much.
    Mr. Levey. Thank you, Mr. Chairman.
    Senator Levin. And we are going to stand adjourned for 10 
minutes or until Senator Coburn gets back, whichever comes 
earlier.
    [Recess.]
    Senator Levin. The meeting will restart. I am told Senator 
Coburn will be coming back, but he told me we should start if 
he was not back, so here we go.
    Let me now call on our next panel of witnesses, Thomas J. 
Curry, the Comptroller of the Currency; Grace E. Dailey, the 
former Deputy Comptroller for Large Bank Supervision at the 
Office of the Comptroller of the Currency; and finally Daniel 
Stipano, the Deputy Chief Counsel at the OCC.
    Mr. Curry, I am sure this is the first time that you have 
appeared before this Subcommittee and we welcome you and look 
forward to your testimony.
    Mr. Stipano, I believe you appeared before us about 8 years 
ago at our hearing on money laundering and foreign corruption.
    Mr. Stipano. Yes, sir.
    Senator Levin. We welcome you back, and I think this is Ms. 
Dailey's first appearance here. We welcome you, as well. We 
appreciate all of you being with us and we look forward to your 
testimony.
    I think as you have heard or are familiar with our rules, 
all witnesses who testify before this Subcommittee are required 
to be sworn, so I would ask that each of you stand and raise 
your right hand.
    Do you swear that the testimony that you will give before 
this Subcommittee will be the truth, the whole truth, and 
nothing but the truth, so help you, God?
    Mr. Curry. I do.
    Ms. Dailey. I do.
    Mr. Stipano. I do.
    Senator Levin. Under our timing system, you will get a red 
light a minute before a 5-minute--well, I guess now we are 
going to have a 10-minute testimony as the limit, so a minute 
before the 10 minutes is up, it will go from green to yellow 
and then you could conclude your remarks, and we would ask that 
you do limit your oral testimony to no more than 10 minutes. I 
believe, Mr. Curry, you are going to be presenting the 
statement, of course, for the OCC, so please proceed.

   TESTIMONY OF HON. THOMAS J. CURRY,\1\ COMPTROLLER OF THE 
           CURRENCY, U.S. DEPARTMENT OF THE TREASURY

    Mr. Curry. Thank you, Chairman Levin, Senator Coburn, and 
Members of the Subcommittee. I appreciate the opportunity to 
appear before you today to discuss the OCC's work in ensuring 
compliance with the Bank Secrecy Act and the work we are doing 
to improve our Bank Secrecy Act (BSA) and AML compliance 
program.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Curry appears in the Appendix on 
page 150.
---------------------------------------------------------------------------
    The Subcommittee's staff report has identified important 
concerns with the activities of HSBC and with oversight and 
enforcement of BSA and AML requirements by the OCC in the case 
of HSBC. As I will describe below, we agree with the concerns 
reflected in the report's recommendations concerning the OCC 
and will fully implement those recommendations.
    In one of my first speeches after becoming Comptroller of 
the Currency just a little more than 3 months ago, I 
highlighted the importance of BSA compliance. I also noted that 
this is an inherently difficult area. It requires banks to sift 
through large volumes of transactions to identify those that 
are suspicious, a task that is complicated by the ingenuity 
that criminal and terrorist elements bring to bear in finding 
new ways to conceal the true nature of their transactions.
    In my speech on operational risk, I emphasized, and I want 
to reaffirm today, that no matter how difficult compliance is, 
I expect institutions we supervise to have effective programs 
in place to comply fully with the requirements of the BSA. We 
will insist on that.
    Our testimony today provides details about the OCC's BSA 
and AML supervisory policies and practices. It further 
describes how the OCC monitors compliance with BSA requirements 
and ongoing supervision that we provide at the largest national 
banks and thrifts, as well as our current enforcement process 
when problems or concerns are identified through our 
supervision and our enforcement record for BSA.
    As requested in the invitation to this hearing, our written 
statement also discusses our supervision of HSBC. In 2010, the 
OCC issued a comprehensive cease and desist order against HSBC. 
As our written statement details, with the benefit of 
hindsight, the OCC could have and should have taken this action 
sooner. But the issuance of this order does not conclude our 
activities with respect to the matters covered by the cease and 
desist order. We are now actively evaluating the bank's 
compliance with the order and considering the assessment of 
monetary penalties.
    The Subcommittee's report contains three specific 
recommendations focused on the OCC's BSA/AML supervision. I 
agree with the concerns reflected in each of the 
recommendations and the OCC has begun taking actions in 
response.
    First, we have already identified a new approach that we 
will implement to assure that BSA/AML deficiencies are fully 
considered in the safety and soundness context and are taken 
into account as part of the management component of a bank's 
CAMELS rating. We will direct our examiners to view serious 
deficiencies in a bank's BSA/AML compliance area, including 
program violations, as presumptively adversely affecting a 
bank's management component rating. We will also provide 
guidance on how to document application of this approach in 
determining the management component rating.
    Second, we are revising and clarifying the operation of our 
Large Bank BSA Review Team to enhance our ability to bring 
different perspectives to bear and to react on a more timely 
basis to circumstances where a bank has multiple instances of 
matters requiring attention or apparent violations of the 
required components of its BSA/AML program. We will also 
explore how we track and review relevant information in this 
regard and whether new initiatives are appropriate in that 
area, as well.
    Third, we will also revamp our current approach to citing 
BSA/AML violations to provide more flexibility for individual 
pillar violations to be cited and we will identify what steps 
we can take in our examinations to obtain a holistic view of a 
bank's BSA/AML compliance more promptly. One of the reasons for 
the current OCC approach is that it requires the OCC to focus 
on determining whether the deficiencies in a bank's program 
amount to a BSA compliance program violation, which requires a 
mandatory cease and desist order. Therefore, in implementing 
changes on this point, it will be important not to create 
disincentives to making the necessary tough calls when there 
are BSA compliance program violations mandating the issuance of 
a cease and desist order.
    Finally, we will review other areas, such as training, 
staffing, recruitment, policies, and interagency coordination 
to make improvements in our BSA/AML supervision program.
    I am joined today by Dan Stipano, Deputy Chief Counsel, and 
Grace Dailey, who served as the Deputy Comptroller for Large 
Banks from 2001 until November 2010. The three of us share a 
commitment to a rigorous BSA/AML supervisory and enforcement 
program at the OCC and we are continually seeking ways to 
improve our supervision in this important area.
    I have asked Ms. Dailey and Mr. Stipano to introduce 
themselves to the Subcommittee, and then we will be pleased to 
answer your questions. Ms. Dailey.

TESTIMONY OF GRACE E. DAILEY,\1\ FORMER DEPUTY COMPTROLLER FOR 
   LARGE BANK SUPERVISION, OFFICE OF THE COMPTROLLER OF THE 
                            CURRENCY

    Ms. Dailey. Chairman Levin, Senator Coburn, my name is 
Grace Dailey and I have been with the OCC for 29 years as an 
examiner. I am currently the Examiner in Charge of a large bank 
in Minneapolis, where I oversee a team of examiners responsible 
for that bank's supervision.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Dailey appears in the Appendix on 
page 150.
---------------------------------------------------------------------------
    From the end of 2001 through late 2010, I served as one of 
three Deputy Comptrollers in the OCC's Large Bank Division. In 
that role, I oversaw the supervision of a portfolio of large 
national banks. That portfolio changed over time, but included 
HSBC Bank USA, N.A., from July 2004 through November 2010. 
Prior to becoming Deputy Comptroller for Large Banks, I held a 
variety of roles supporting bank supervision, including serving 
as Examiner in Charge and other field positions in Minneapolis, 
Chicago, and New York.
    I look forward to answering your questions.
    Senator Levin. Thank you very much, Ms. Dailey. Mr. 
Stipano.

TESTIMONY OF DANIEL P. STIPANO,\2\ DEPUTY CHIEF COUNSEL, OFFICE 
               OF THE COMPTROLLER OF THE CURRENCY

    Mr. Stipano. Chairman Levin, Senator Coburn, and Members of 
the Subcommittee, my name is Daniel P. Stipano and I am one of 
two Deputy Chief Counsels at the Office of the Comptroller of 
the Currency. I have spent 27 years at the OCC, with the 
majority of that time working in enforcement and compliance. In 
my current role, I supervise the OCC's enforcement and 
compliance, litigation, community and consumer law, and 
administrative and internal law divisions, as well as the OCC 
District Counsel staffs in the OCC's Southern and Western 
Districts.
---------------------------------------------------------------------------
    \2\ The prepared statement of Mr. Stipano appears in the Appendix 
on page 150.
---------------------------------------------------------------------------
    Prior to becoming Deputy Chief Counsel, I served as the 
Director for Enforcement and Compliance at the OCC, where I was 
responsible for taking administrative enforcement actions 
against national banks and their institution-affiliated 
parties. From 1989 to 1995, I was an Assistant Director in the 
Enforcement and Compliance Division after joining the OCC in 
1985 as a Staff Attorney in the Division.
    Senator Levin. OK. We thank you all.
    Let us try 10 minutes for our first round of questions.
    Let me start with a question for you, Ms. Dailey. You were 
the OCC Deputy Comptroller for Large Banks from 2001 to 2010 
and were in charge of the OCC's supervision of a number of 
large international banks, including HBUS. When the OCC became 
HBUS's primary regulator in July 2004, the bank was already 
under a formal enforcement action by the Federal Reserve Bank 
of New York and the New York State Banking Department for 
having an inadequate AML program. As a condition for allowing 
HBUS to become a nationally chartered bank, the OCC required 
HBUS to complete all of the corrective actions set out in the 
written agreement that was the result of the enforcement 
action.
    In 2006, the OCC determined that HBUS had fulfilled the 
requirements and terminated that agreement. Were you involved, 
first of all, in the decision to terminate the agreement?
    Ms. Dailey. I was one of the recommending officials. I was 
not the final decisionmaker.
    Senator Levin. OK. Did you recommend that it be terminated?
    Ms. Dailey. Yes, I did.
    Senator Levin. All right. Now, the Subcommittee has 
prepared a chart, Exhibit 1a,\1\ that tracks the 44 AML 
examinations conducted by the OCC at HBUS from 2004 to 2010. As 
you can see from the chart in your book--you will not be able 
to follow that one, but it is also in your book--the OCC 
conducted seven exams before it voted to terminate the 2003 
agreement in 2006. Those seven exams all took place in about 1 
year, from 2005 to 2006, and identified 35 matters requiring 
attention, or MRAs, which are practices that the OCC defines as 
deviating from sound fundamental principles and ``may adversely 
impact earnings or capital, risk profile or reputation,'' or 
``result in substantive non-compliance with laws.''
---------------------------------------------------------------------------
    \1\ See Exhibit No. 1a, which appears in the Appendix on page 575.
---------------------------------------------------------------------------
    First, are 35 MRAs, matters requiring attention, a high 
number for a bank to accumulate in 12 months?
    Ms. Dailey. Yes, it is a high number to accumulate in 12 
months.
    Senator Levin. So the 35 MRAs identified in those first 
seven examinations found that in most instances that the bank 
was not following its policies, was not monitoring properly, 
was not conducting appropriate due diligence, that written 
policies were not adequate, and that staff needed training, all 
of that while the bank was still under the 2003 enforcement 
actions. So all of those are matters that the Bank Secrecy Act 
specifically identifies as pillars or key components that a 
bank must have for an effective Bank Secrecy Act program. So 
how could that bank, with all of those outstanding problems in 
2006, be considered to have an effective AML program?
    Ms. Dailey. Well, we did a lot of work in that time period, 
as you have pointed out by the chart, and we did find a lot of 
issues. Many of those issues--in fact, I think most of those 
issues--were corrected quite soon after they were detected. So 
some of the issues were not longstanding problems from the 
standpoint that it would take the institution a long time to 
fix, so they were corrected and when we made our determination, 
we went through the WSRC process. So it is a process to 
determine when we think a bank is in compliance with the 
articles, how to go about lifting that. Our examiners felt that 
the bank did have an adequate program at that time, was in 
technical compliance with the conditions, and we proceeded 
through our process, which is to take that through our WSRC 
process, which is members of management, and there was a 
recommendation and then a final decision was made. But I 
understand your concern that there were a lot of issues that 
were identified at that time.
    Senator Levin. Well, there not only were a lot of other 
issues identified, but 23 of the 35 identified issues were also 
identified in four supervisory letters written in January 2006. 
Now, all four of those supervisory letters were dated within 20 
days of the decision, February 6, 2006, to terminate the 
agreement. So it is hard--I do not know how you can say that 
most of them had been dealt with, and then you have those four 
supervisory letters written within 20 days of the decision to 
terminate, and here are some of the issues that were listed in 
those four letters, again, within a 20-day period.
    Monitoring problems were noted in all four letters. 
Policies in need of enhancements were cited in all four 
letters. Not following policies was identified in three of the 
four letters. Customer due diligence issues in three of the 
four letters. And staff in need of training in three of the 
four letters.
    So I do not know how the OCC could rank and rate the bank's 
AML program as satisfactory and how they could cancel the 
enforcement action.
    Senator Levin. I just do not understand it.
    Ms. Dailey. In hindsight, we should not have. From what we 
know today, they did not have an effective BSA program, and in 
fact, many of the problems that we detected in our 2009 
examination were in existence during this time. So in 
retrospect and from what we know now, we would not have lifted 
those conditions.
    Senator Levin. Well, but my point is that looking back now 
at what you knew then, it should not have been lifted, because 
what you knew then when you lifted it, 23 of the 35 matters 
requiring attention were still outstanding.
    Ms. Dailey. We probably did not appreciate the systemic 
nature of some of those issues. I understand the concern.
    Senator Levin. Now, over the next 4 years, the MRAs or 
matters requiring attention did not stop. OCC examinations 
repeatedly found significant AML problems across a number of 
business lines, many of which were high risk and vulnerable to 
illicit activity. Fourteen of the examinations found AML 
monitoring problems. Eight found weak customer due diligence. 
Seven found insufficient staffing. Five found that the bank was 
not following its own policies. These problems existed in 
critical, high-risk business units such as banknotes, foreign 
correspondent banking, embassy, banking, international and 
domestic private banking, wire transfers, and pouch services. 
By 2009, HBUS had 83 MRAs, more than any other national bank. 
The next closest had 20 fewer.
    So with this kind of a record, the first question that one 
wonders is why the OCC never took formal enforcement action 
against HBUS prior to 2010. Do you know why it did not?
    Ms. Dailey. Stepping back and looking at it, we should 
have. We could have and we should have taken action sooner.
    Senator Levin. I am talking about formal enforcement 
action, right? That is what we are talking about.
    Ms. Dailey. Yes. I agree that we could have and should have 
taken formal enforcement action. With the benefit of hindsight, 
we should have.
    Senator Levin. Well, these words are the benefit of 
hindsight. Given what you knew then, should you not have taken 
enforcement action?
    Ms. Dailey. Had we applied the process that we plan to 
apply going forward, which is to have the flexibility to cite 
pillar violations, we would have cited pillar violations in 
these instances and we may have drawn a different conclusion 
then to cite a program violation.
    Senator Levin. What about informal enforcement action? Was 
there any informal enforcement action taken against HBUS prior 
to 2010?
    Ms. Dailey. There was not.
    Senator Levin. This is pretty feeble enforcement. Mr. 
Curry, what do you think about this record that you inherited?
    Mr. Curry. I would like to see going forward a much more 
aggressive posture by the OCC. If there is evidence of material 
weaknesses in a BSA/AML program, I would like to see, at the 
very least, a progressive remedial program being instituted and 
to use all the tools that are available to us, including cease 
and desist orders.
    Senator Levin. Did the OCC ever cite a violation of law for 
noncompliance with AML statutes prior to 2010? Do you know, Ms. 
Dailey?
    Ms. Dailey. I do not believe we did prior to 2010.
    Senator Levin. Mr. Stipano, you are the Deputy Chief Legal 
Counsel for the OCC. You told the Subcommittee staff that you 
did not have much involvement with HBUS prior to 2009 because 
the Supervision Division was responsible for examinations and 
the Legal Department generally gets involved only in 
enforcement actions, investigations, or legal actions brought 
against the bank by the Supervision Division. But in the spring 
of 2009, the OCC was contacted by two Federal enforcement 
agencies regarding investigations that they were conducting of 
possible money laundering, going through accounts at HBUS, and 
the OCC met with representatives of those agencies in 
Washington, DC, on September 1, 2009. When the meeting 
concluded, the OCC staff continued to discuss the HBUS 
situation. Was it at that meeting that you learned for the 
first time about the findings of previous AML exams of HBUS and 
that they had resulted in 83 MRAs?
    Mr. Stipano. To the best of my recollection, that was the 
first time that I learned about the 83 MRAs.
    Senator Levin. Had you encountered some of the problems at 
HBUS before that?
    Mr. Stipano. Yes. One situation I remember, and I do not 
have a date on it, was the agency was contacted by two former 
HSBC employees who were essentially whistleblowers and they had 
concerns about the way that the bank was managing its embassy 
banking business. At that time, I directed the Director of 
Enforcement to meet with Ms. Dailey, to set up a meeting and to 
have them come in and interview them and find out what the 
basis of their concerns were. That meeting did take place. I 
was not personally a participant. Following that, an 
examination was opened into the embassy banking area and I 
believe that findings were made and that supervisory actions 
were taken as a consequence.
    Senator Levin. When you learned that there were 83 MRAs 
that were specific to the Bank Secrecy Act, were you surprised 
by the number?
    Mr. Stipano. Yes.
    Senator Levin. And did you also learn that there had been 
two recommendations that cease and desist orders be issued 
against HBUS?
    Mr. Stipano. I did learn that, but I do not recall whether 
I learned that following that meeting or if I learned that 
subsequently. But I was not aware of that, to my knowledge, 
prior to that meeting.
    Senator Levin. Did anyone ever explain why the Supervision 
Division never tried to elevate the issue and take some kind of 
regulatory action?
    Mr. Stipano. I do not recall anybody explaining that to me. 
I think that judgments were made by bank supervision that the 
matter did not rise to the level of warranting a cease and 
desist order or another enforcement action up to that point.
    Senator Levin. And what was your reaction to that?
    Mr. Stipano. I was very concerned. I think that learning 
what we learned both through our discussions with the law 
enforcement agents and what we learned from the examiners 
following the meeting, it was apparent to me that there was a 
serious problem in the BSA/AML area and that it needed to be 
addressed promptly.
    Senator Levin. Did you start an investigation in which both 
the Legal and Enforcement Divisions got involved at that time?
    Mr. Stipano. Yes. I do not have precise dates, but 
shortly----
    Senator Levin. About that time?
    Mr. Stipano. Yes, shortly thereafter.
    Senator Levin. And did you then expand an ongoing AML exam? 
You set time tables, secured an order of investigation, helped 
craft the two supervisory letters to HBUS in 2010 which were 
the first to cite the bank for violations of AML laws and OFAC 
regulations? Did that happen?
    Mr. Stipano. Yes, but there was an ongoing examination into 
the banknotes area, and this was something that the agency 
became concerned about following an enforcement action at 
Wachovia that concerned banknotes and bulk cash services. So 
the examiners were already looking into it, but I think that 
the consequence of the meeting with law enforcement and the 
information that we obtained at that time was to expand the 
examination and open a formal investigation.
    Senator Levin. Why did the Legal Department and the 
Enforcement Department have to get involved before some 
regulatory action was taken? Was that ever explained to you?
    Mr. Stipano. I think that if we are talking about actually 
doing an investigation or taking an enforcement action, that 
really cannot be done without the participation of lawyers. Our 
investigations involve issuance of subpoenas, subpoenas for 
documents, and subpoenas for testimony. It is not something 
that examiners can do on their own, and the same thing with our 
enforcement actions. The document is a legal document. It is 
legally enforceable. The respondent bank or individual has due 
process rights. So the Legal and the Enforcement Division need 
to be involved.
    Senator Levin. But apparently, your level and the 
enforcement folks were not contacted until after the OCC was 
contacted by law enforcement agencies in the midst of a 
criminal investigation involving the bank. So you had all of 
this background, having all of these unresolved issues, 
important issues, but yet you were not contacted and you just 
point out how important it is that the Legal Department and the 
Enforcement Department be contacted before some regulatory 
action was taken. But until that time, with all of the problems 
that were identified in the exams, which had been recurring and 
mounting for years, it did not reach your level, is that 
correct?
    Mr. Stipano. That is basically correct. I mean, there could 
have been incidental contact. There could have been 
discussions. There is a senior counsel of the Law Department 
who works for me that is on the Large Bank Review Team. His 
role in that capacity is to review supervisory letters and 
conclusion memos. So it was not like nobody in the Legal 
Department ever spoke to anybody in Large Banks. But in terms 
of actually getting a referral or being brought in in order to 
conduct an investigation or take an action, that did not happen 
prior to 2009.
    Senator Levin. So, Mr. Curry, this was not a case where OCC 
examiners failed to do their job, by the way. They were 
identifying the AML problems at HBUS all along the way. The 
higher-ups were overly passive. They were waiting until the 
problems grew into a very huge one before taking any action, 
before there had to be criminal investigations that were begun, 
before there was any real referral to the enforcement folks or 
the legal folks.
    Now, you are new there. You are only there a couple months, 
so you may not know the answer yet to this question, but when a 
bank is exhibiting the kind of problems that this bank showed, 
the problems that continually occur in multiple business lines, 
do you not believe that the OCC should take some type of 
regulatory action before those problems become so great that 
they are the subject of a criminal grand jury, for instance?
    Mr. Curry. One of the most troubling aspects of the 
Subcommittee's report really is the issue of our ability to 
identify and act upon the cumulative effect of BSA/AML 
deficiencies and that is an area that I would like to see much 
greater clarity as to the posture of enforcement at the agency, 
and also is the rationale for the expansion of the Large Bank 
Review Team's mandate to actually be the vehicle to look at the 
entire compliance posture of our largest institutions to take a 
holistic view and to react accordingly.
    Senator Levin. Are you ready, Senator Coburn?
    Senator Coburn. Yes.
    Senator Levin. OK. Senator Coburn.
    Senator Coburn. I apologize for being absent during your 
opening statements and your questions, so if I get ready to 
repeat a question that was already asked, I hope you will stop 
me.
    Senator Levin. Well, you may be getting a better answer. 
One never knows. [Laughter.]
    I think the answers have been responsive. I should not 
suggest otherwise.
    Senator Coburn. This is for Mr. Curry, how do you respond 
to the charge that the OCC, by giving such high scores to HSBC 
for so many years, became an enabler because it gave false 
comfort?
    Mr. Curry. I think, again, judging on what I am familiar 
with, the Subcommittee's record and from the information I have 
determined as Comptroller, the agency has been much too slow in 
responding and addressing what are significant weaknesses or 
violations at this institution. And going forward, I would hope 
that we would be much more nimble and take into account the 
entire picture, what we are looking at in terms of compliance.
    Senator Coburn. Knowing what you know now, I mean, what 
this Subcommittee's report has exposed and what also was known 
by you at times, is it a matter of being nimble and more 
responsive, or is it a matter of competency?
    Mr. Curry. I believe it is really a matter of being more 
nimble and recognizing the importance of BSA/AML compliance as 
both a national interest and in terms of it being a significant 
and serious safety and soundness issue. And my hope is that, 
going forward, we will react accordingly, which requires direct 
and progressive remedial action as supervisors.
    Senator Coburn. So have some of those actions taken place 
now?
    Mr. Curry. Yes. We have begun to already implement the 
specific recommendations of the Subcommittee. We are also 
taking an independent look at how we recruit, train, our 
policies, and also how we can improve our coordination with 
both our fellow bank regulatory agencies and with law 
enforcement agencies. This is an opportunity for us to look at 
the big picture of how we are implementing our responsibilities 
under the Bank Secrecy Act and AML statutes.
    Senator Coburn. This kind of reminds me, but on a much 
larger scale, of the Homeland Security Oversight Subcommittee 
and Federal Financial Management Subcommittee in terms of the 
Defense Audit Agency. And what we found there is they never 
hired new blood. It was all promoted from within. And the vast 
majority of those auditors never had real experience auditing, 
and so you kind of got a downward trend of the least favorable 
aspects as they promoted people with lesser and lesser 
experience and no variety of their experience.
    How do you go about hiring people now?
    Mr. Curry. It is a challenge to obtain people with the 
requisite skills that you need to assess bank operations and 
the specific legal requirements and regulatory requirements of 
the BSA and AML. That being said, I am committed in renewing a 
real effort to attract competent personnel from both within and 
outside the agency.
    Senator Coburn. Would not one source be people who have 
been very good at figuring out how to duck your issues and 
having them work for you?
    Mr. Curry. Yes, and that is part of our training. We do 
seek to understand or have presentations by individuals who 
have experience with how the criminal element exploits our Bank 
Secrecy Act and AML----
    Senator Coburn. Well, I was not talking about the criminal 
element. I was talking about the people who were on the other 
side on compliance in terms of recruiting them.
    Mr. Curry. Yes, that would be a source of personnel.
    Senator Coburn. A lot has been said in our report about 
HSBC allowing drug cartels and terrorists to move money through 
its banks. Since you all knew all of this was happening and did 
not stop it, are you not somewhat complicit in it?
    Mr. Curry. I deeply regret that we did not act sooner and 
more decisively.
    Senator Coburn. So is that a yes?
    Mr. Curry. Yes. Absolutely.
    Senator Coburn. This is a little harder question. Take a 
little bit longer time. But with as much specificity as 
possible, can you explain what a good AML system within a bank 
should look like? And I am not talking about pillars or 
principles. I am talking about the actuality of what a bank--
what would you all ideally--I know what your regulations say. I 
know what we have recommended. What would you, if I came to you 
and I had a 150-bank operation and it is international and I 
said, what should my AML look like, what would you tell me?
    Mr. Curry. I think the No. 1 principle or attribute would 
be having management and the board being committed to 
developing and funding a BSA/AML program that was appropriate 
for the business activities of that institution. That is 
probably the No. 1 thing. And then in a successful program, all 
other requirements would flow from that--hiring competent 
personnel with the requisite experience to implement a credible 
program, building the management information systems that are 
necessary to monitor BSA/AML activities, as well. And at the 
end of the day, it is a corporate commitment to compliance.
    Senator Coburn. Did you happen to hear Ms. Dorner and Mr. 
Levey's testimony today?
    Mr. Curry. I was able to hear the tail end of their 
testimony.
    Senator Coburn. Do you think they have put in place a good 
AML system?
    Mr. Curry. That is our expectation as their primary 
supervisor.
    Senator Coburn. But based on what they said here today, is 
it your belief, if they carry out what they have said here 
today, that they will have a great AML system?
    Mr. Curry. I would hope that is the case. I think we are in 
the position as their supervisor that we need to verify that 
and I do not believe we are in a position to do that right now.
    Senator Coburn. OK. So how do you know when somebody has a 
good AML system?
    Mr. Curry. Personally, as the Comptroller, I am relying on 
the expertise and the supervision programs of our examinations 
staff.
    Senator Coburn. And so who directly under you is 
responsible for that?
    Mr. Curry. The Senior Deputy Comptrollers of both our Large 
Bank Division and our Mid-Size and Community Bank Divisions are 
the primary people responsible for our BSA examination 
programs. We also have, which Mr. Stipano mentioned and I 
mentioned in response to an earlier question, a Large Bank 
Review Team, which is really the Washington-based clearing 
function for making sure that there is coordination and 
consistency within our supervision programs, and especially in 
the area of enforcement.
    Senator Coburn. I would be interested if you would get the 
videotape of Ms. Dorner and Mr. Levey and share with the 
Subcommittee your thoughts in terms--I know you have to prove 
and make sure, that is your responsibility, but I would love to 
hear your thoughts about what they said they were doing, how 
they were doing it, how they were implementing it, how they 
were doing clawbacks, how they were holding people accountable, 
and how they were trying to change the culture within their 
organization.
    Mr. Curry. I would be happy to do that, Senator, and to get 
back to you.
    Senator Coburn. Thank you.
    Ms. Dailey, our investigation found in 2007 that examiners 
recommended the OCC take formal enforcement action against HBUS 
for weakness in how it monitored how its pouch services report. 
That is on page 304. But the OCC decided to take no such 
action. Do you recall that?
    Ms. Dailey. To the best of my recollection, that 
recommendation did not reach me.
    Senator Coburn. OK. Do you have any idea how high up it 
got?
    Ms. Dailey. Generally, what would happen is an examiner 
would make a recommendation and present that to an Examiner in 
Charge. I do not know if that happened or not.
    Senator Coburn. Well, that would seem to suggest to me that 
some of the same problems are going on at the OCC that were 
going on at HSBC. We heard testimony from our first two panels 
of what was not happening, where information was not flowing 
that should be flowing, some of it for profit motive, some of 
it from incompetence. Is it possible that line-level examiners 
thought a tough enforcement action was needed but were 
overruled by their supervisors?
    Ms. Dailey. I do not know that. I do not have any knowledge 
to that effect because it did not come to me. It could have 
been presented to the Examiner in Charge and they could have 
made a different determination once looking at the facts. 
Oftentimes, when the examiners make determinations, they sit 
down with the Examiner in Charge and go through the different 
criteria and the different facts and they could come to a 
different conclusion. I do not know that, though, because I was 
not part of any of those types of discussions.
    Senator Coburn. All right. And it is easy for us to arm 
chair quarterback it now, looking backwards, and I understand 
that.
    Does the agency or did the agency have any processes in 
place to make sure all proper enforcement actions were handled 
consistently across the various banks that OCC regulated?
    Ms. Dailey. Yes. We have what we call a WSRC process in 
place, and what happens is whenever an enforcement action, 
whether it is informal or formal, is recommended, it goes 
through the examination team. It would be presented to the 
Large Bank Review Team. If the Large Bank Review Team agreed 
with those findings, it would be presented to the WSRC 
committee, and that committee is made up of members of across 
our agency in supervision, policy, enforcement, etc., and that 
committee is a recommending body for an informal or formal 
action and the final decision would be made by a Senior Deputy 
Comptroller.
    Senator Coburn. So as you look back through the past few 
years, where do you think you all have failed? I mean, just an 
honest assessment of where was our management not good? Where 
was our quality of instruction and direction, where were our 
employees not up to the task? In other words, we obviously had 
a great big problem here. Everybody agrees with that. So from 
just your viewpoint, where you sit, where do you think the 
problem was?
    Ms. Dailey. I think we did a lot of work. We did a lot of 
examinations. We found a lot of issues. We received some 
corrective action along the way. But we did not probably step 
back as well as we should, and with the benefit of hindsight, 
we could have and should have taken action sooner.
    Senator Coburn. Mr. Chairman, that is the kind of answer we 
get all the time. The fact is, is what that means is things are 
going to be repeated, and what our whole goal is, is so that 
things are not repeated.
    Mr. Curry. Senator Coburn, I think from my perspective as 
Comptroller, I really want to address the same issues that you 
asked me to look at how HSBC was addressing. I want to have a 
culture at the OCC in which examiners feel free to voice 
documented, well founded concerns about the performance of the 
banks that they are examined, to know that those concerns are 
going to be fairly and thoroughly reviewed, and at the end of 
the day, the appropriate action or, in some cases, inaction 
will be taken by the agency as a whole.
    Senator Coburn. So what happens right now when an examiner 
feels strongly that some action needs to be taken and the 
person in charge of that examination disagrees? Where is the 
outlet pressure for somebody to appeal without it costing them?
    Mr. Curry. I would encourage them and they have the 
opportunity to appeal to me. We also have review functions, 
whether it is in the case of BSA and the Large Bank Review 
Team, or to contact our Committee on Bank Supervision or any 
one of the senior members of the agency.
    Senator Coburn. So how many times has that happened?
    Mr. Curry. In my short tenure, I am not aware of that 
number.
    Senator Coburn. Has it happened? Has anyone called you?
    Mr. Curry. No one has called me specifically, but I want to 
create a culture at the OCC, or to reinforce a culture that we 
are here to be bank supervisors and that we are to be fair and 
reasonable in how we approach that. But at the end of the day, 
we are to do what we are being paid to do.
    Senator Coburn. All right. I have gone over time. It is 
yours.
    Senator Levin. How many months have you been there?
    Mr. Curry. A little over 3 months.
    Senator Levin. All right. Well, I would believe that in the 
next 3 months, you will be getting some phone calls and it is 
important that line of communication be kept open, that people 
be able to appeal denials of their strong urgings after 
notifying their supervisor that they are going to do it. You 
have to be able to go around your supervisor, and if they do it 
privately, without notice to the supervisor, I guess they would 
become a whistleblower at that point and they have to be 
protected under our whistleblower laws because the stakes here 
are just too huge and the failures here are too massive to 
allow them to be repeated.
    My own belief is that part of the reason has been a 
culture, but the other part is that there has been just a lack 
of accountability. It was true, at least, inside this agency.
    This is not a matter of hindsight, by the way. I would 
disagree with you here, Ms. Dailey. This is where at the time 
things were known and were not acted on. And that is what is so 
troubling here. We obviously want to use hindsight to improve. 
We always can use hindsight to benefit us. But what we have 
seen throughout this hearing today is that at the time, 
contemporaneously with these events, that there were people who 
knew better. There were sometimes efforts made that were 
ignored and squelched. But it is not just a matter of with the 
benefit of hindsight here.
    The testimony that you have given us today, Mr. Curry, is 
that the agency is reviewing the matter in which MRAs are 
reported to ensure that banks with high numbers of MRAs will 
receive additional supervisory attention and consideration of 
formal enforcement action and I would like to get some 
additional details on this matter, who is going to be involved 
in this revised approach, looking at matters requiring 
attention when there are a number of these that are issued. Who 
is going to be looking at it, just supervision, or are the 
Legal and Enforcement Divisions going to be in the mix? Give us 
some details on how this is going to work.
    Mr. Curry. Initially, we are looking to expand the mandate 
of our Large Bank Review Team to take on that function. That is 
our initial response to the report's findings. My hope is that 
we will have additional recommendations after we look at this 
matter further, as we examine our policies and procedures. 
There may be a more effective measure that we will employ. In 
any event, I will endeavor to keep this Subcommittee informed 
of the improvements that we will be making on an ongoing basis.
    Senator Levin. So that the enforcement folks and the legal 
folks are going to be involved in this new process early?
    Mr. Curry. That is the intention.
    Senator Levin. Is the revised approach going to have some 
sort of thresholds that they are going to apply, maybe to 
different time frames, such as how many MRAs in a month, how 
many MRAs in a year, and so forth?
    Mr. Curry. I cannot say that we will come up with an 
arithmetical floor, but we will have a process that looks at 
the totality of circumstances of which the number of MRAs will 
be a critical factor.
    Senator Levin. The Subcommittee investigation found that in 
some instances, the conclusion memos of exams at HBUS were a 
lot stronger than the supervisory letters that were sent to the 
bank. So in those instances, the real message about the 
seriousness of problems was not being delivered to the bank. Is 
your Large Bank Review Team going to get better information now 
than in prior years?
    Mr. Curry. That particular practice has already been 
corrected. Both the conclusion memo and the supervisory letter 
draft will be reviewed by the Large Bank Review Team.
    Senator Levin. I am also encouraged by your testimony today 
and by the OCC's willingness to look for ways to improve the 
exam supervision, and here is what our report noted, that there 
are some practices at the OCC that depart from the practices 
utilized by other Federal bank regulators, and more 
importantly, seem to act as a barrier to your examiners, your 
AML examiners. Those barriers made it difficult for your AML 
examiners to get the appropriate attention of their supervisors 
when AML problems were quite evident. In your testimony, you 
acknowledge that your agency does differ from other agencies 
with respect to including AML exam findings in the consumer 
compliance exam process and you are going to correct that.
    By the way, has anyone explained to you exactly why the 
anti-money laundering was inserted into customer compliance 
examinations and ratings? That was a longstanding process. It 
did not occur by happenstance. We are delighted today to hear 
that you are correcting that. Your testimony is very clear on 
that, that you are going to now follow the same practice that 
other examiners do in this regard.
    But was it ever explained to you why it was part of the 
customer compliance ratings?
    Mr. Curry. I did ask why we deviated from the other Federal 
bank regulatory agencies in that regard. Personally, my view is 
that BSA/AML is a significant or serious safety and soundness 
issue and that it is appropriately addressed by looking at it 
in the context of the management component in the CAMELS rating 
system and that policy has been adopted at the agency already 
and we are simply in the process of communicating that decision 
and making appropriate changes to the examination procedures 
for our staff.
    Senator Levin. And when will the new AML exam process take 
effect? Will it take effect immediately?
    Mr. Curry. It is immediate. There will be some lag in 
communicating the actual procedures to staff, but we will, 
again, keep you informed on that process, if you would like.
    Senator Levin. So the exams are going to be considered this 
year when assigning CAMELS management ratings?
    Mr. Curry. Yes, as soon as possible. I would expect it to 
be sooner rather than later.
    Senator Levin. A matter of months?
    Mr. Curry. Yes. Less than that, hopefully.
    Senator Levin. Good. Might this have implications for the 
current rating at some banks, including HBUS?
    Mr. Curry. I believe our position is that serious and 
significant BSA violations should be presumptively a factor in 
an adverse management rating.
    Senator Levin. All right. And if it applies, if it has an 
impact on HBUS, so be it?
    Mr. Curry. So be it.
    Senator Levin. The Subcommittee report also recommended 
that the OCC cite violations when a bank fails to meet any one 
of the statutory minimum requirements for an AML program. You 
state in your testimony that the OCC is going to ``revisit its 
current approach in order to provide more flexibility for 
individual pillar violations to be cited.'' Can you give us 
just a little bit more detail on what you mean by ``revisiting 
our current approach''?
    Mr. Curry. We are looking to broaden the range and types of 
violations that examiners will be reporting in the reports of 
examination and in supervisory communications. The only 
reservation that we stated was we want to make sure that where 
there are program violations, that is clear that they will 
result in a mandatory cease and desist order.
    Senator Levin. OK. Senator Coburn.
    Senator Coburn. Just a few more questions. Ms. Dailey, in 
September 2009, OCC officials, including you, met with 
officials from DHS, Immigration and Customs Enforcement who 
were investigating money laundering. After the meeting, the 
lead AML examiner for HBUS said he had twice recommended cease 
and desist orders against HBUS for AML weaknesses. Do you 
recall that?
    Ms. Dailey. I recall the meeting afterward and I recall the 
gentleman discussing the MRAs. I do not recall whether he 
discussed or mentioned that there had been previous 
recommendations or not.
    Senator Coburn. Yes. So you cannot tell me whether that was 
an accurate statement he made to us?
    Ms. Dailey. I do not recall that part of the conversation.
    Senator Coburn. Well, Mr. Stipano, a memo following that 
September 2009 meeting states that when learning of the cease 
and desist recommendations that were not followed, you said you 
were unaware of the recent history of HBUS and that you 
requested the thorough review. Is that right?
    Mr. Stipano. Yes. My recollection, and Senator Coburn, we 
did talk about this a little bit when you were out of the 
room----
    Senator Coburn. All right.
    Mr. Stipano. But my recollection of it was that following 
the broader meeting with law enforcement, we had a smaller 
internal meeting and I learned at that point for the first time 
about the 83 MRAs. I do not recall whether I also learned at 
the same time that there had been past recommendations for 
cease and desist orders. I did learn that at some point 
subsequent to that. It could have been at that meeting. It 
could have been later. I just do not remember.
    Senator Coburn. But the fact is, there were recommendations 
made for cease and desist orders from examiners, correct?
    Mr. Stipano. We know that now.
    Senator Coburn. Yes.
    Mr. Stipano. Yes.
    Senator Coburn. So back to Mr. Curry. Here is a prime 
example where recommendations were made and got squelched, 
essentially. Somebody made a decision that it was not going to 
happen. To me, I would use that as one of the learning models. 
Here is what we do not want to happen in the future, so here is 
how our policies and procedures are going to make sure this 
does not happen, because you obviously had a problem. Everybody 
agrees there was a problem. The examiner made probably the 
right recommendation, except nothing happened on it. The whole 
purpose of this is to learn, to get better, and to make the 
changes so that does not happen. Any disagreement with that?
    Mr. Curry. No, none at all, Senator Coburn. I think it is 
important as a supervisor that when we detect significant 
weaknesses in any program, particularly BSA/AML, that the 
sooner that we take appropriate remedial action or corrective 
action, the better all of us are, both the institution, the 
agency, and the public.
    Senator Coburn. You made an offer to communicate with this 
Subcommittee on your progress. I would hope that as you do 
that, that situations like this are specifically addressed. 
Here is what we have done to make sure that this does not 
happen. Here is the policies and procedures. And I know this is 
not easy stuff that you are tasked with. Let me say I 
understand that. But it also is not rocket science and key 
management metrics and culture change to where somebody can 
scream, something is going wrong here, and it is heard all the 
way to the top.
    Mr. Curry. I agree with you completely, Senator Coburn. It 
is also clear that, from the top, that we be clear as to what 
the objective is and what the expectations are, and that is 
something that I intend to do, and to do forcefully.
    Senator Coburn. All right. I think my staff tells me the 
rest of this has been pretty well covered by you. And you have 
talked about the conflict of interest on bank examiners, on 
examiners while I was gone?
    Senator Levin. No.
    Senator Coburn. Well, let us just do that for a moment. 
Earlier this month, the Treasury Inspector General released a 
report detailing significant ethical breaches by an OCC 
national bank examiner. And I will not go into what those are, 
but the breaches occurred at times when he was supposed to be 
examining their bank and he was off doing something else other 
than that. Also, it was noted that he was dishonest on time 
sheets, etc.
    Based on this one finding, have you had time to look into 
this and to say, is this an isolated incident or is this 
occurring more than we might think, and does this put our 
examinations at risk?
    Mr. Curry. This particular conduct, which I just recently 
became aware of, is totally unacceptable and reprehensible 
conduct by a bank examiner, and what I find particularly 
troubling is the potential for disrepute that it places on the 
many fine people, the 3,600 people who work for the OCC. That 
is not our standard of ethical conduct. We take great pains to 
advise and to educate our staff about what conduct is expected 
from a bank examiner, particularly given the significance of 
their duties as examiners. So it is troubling to me.
    The preliminary information I have been able to gather from 
the Treasury IG data is that this appears to be a very isolated 
case. There were only six cases that were reviewed by the IG. 
And I might add that in this particular case, the agency itself 
referred it to the Inspector General of the Treasury to 
investigate. But only three of those six had any merit, and 
that was over a 3-year period. That is not the conduct that I 
or my colleagues at the OCC expect of an examiner.
    Senator Coburn. It speaks well for you, because the 
complaint was initiated by one of your other examiners and so 
there was responsiveness on the part of the OCC to that 
complaint.
    Mr. Chairman, I yield to you.
    Senator Levin. Thank you very much, Senator Coburn.
    Just a few more questions from me. The question was raised 
with the earlier panel about whether HBUS is complying with the 
2010 cease and desist order which was issued in October of that 
year. Article 9 of the order required the bank within 180 days 
to install, test, and activate a new wire transaction 
monitoring system. I understand that there was a supervisory 
letter which was written by the OCC on May 25 of this year 
informing the bank that it was not in compliance with the order 
and you identified two MRAs that instructed the bank to address 
deficiencies. The two MRAs instructed the bank to implement an 
effective AML automated monitoring system and an effective 
automated alert risk scoring prioritization function to 
identify the more important alerts.
    They were supposed to do that in 180 days. It is now 2 
years later. Are the bank's deficiencies in how it is 
monitoring for suspicious activity a problem as far as the OCC 
is concerned?
    Mr. Stipano. Chairman Levin, you are correct that the OCC 
did recently issue a supervisory letter that cited the bank for 
noncompliance with an article of the cease and desist order 
concerning their automated monitoring system for wire 
transfers. That is a matter that we are currently reviewing 
along with other current examination findings and will be taken 
into account in any subsequent enforcement actions that we may 
take.
    Senator Levin. Now, another article of the consent order 
required that the bank retain one or more independent 
consultants to conduct an independent review of account and 
transaction activities, a so-called look back, to determine 
whether suspicious activity was timely identified by the bank 
and, if appropriate, suspicious activity reports were timely 
filed with law enforcement. Are you satisfied that the 
requirement has been met?
    Mr. Stipano. My understanding is that we are presently 
looking at all areas of potential noncompliance with the cease 
and desist order and we are in a process right now of making 
some determinations and we will take appropriate action.
    Senator Levin. Article 8 of that order required that the 
bank develop and implement appropriate policies and procedures 
for gathering customer due diligence for new and existing 
accounts. As part of that requirement, the OCC directed HBUS to 
identify accounts opened for offshore banks, in other words, 
for banks with a license that prohibits them from conducting 
banking activities with citizens of or with the local currency 
of the country which issued the license. I understand that the 
bank identified having accounts for 57 offshore banks, of which 
it will close 23 and keep 33. Has the OCC reviewed that effort, 
and how high of an anti-money laundering risk is attached to 
those 33 banks?
    Mr. Stipano. Chairman Levin, I am really not in a position 
to discuss details of the bank's compliance beyond what I had 
said earlier. We are in the midst of a civil money penalty 
proceeding. We will be looking at the total record of 
compliance with the document in making our determinations.
    Senator Levin. Also, will you give us for the record, then, 
also whether you have reviewed these accounts where there is a 
so-called politically exposed person because in your order you 
required that the bank's ``know your customer'' program 
identify and conduct an enhanced due diligence review of all 
accounts opened for political figures, which are referred to 
internationally as politically exposed persons. Will you give 
us for the record the status of that effort?
    Mr. Stipano. I cannot report on the details. I can tell you 
that our examiners, our supervisory staff, and our enforcement 
attorneys, are very much focused on the level of compliance 
with our document. We will do a thorough review and we will 
take appropriate action.
    Senator Levin. And will you let us know what that leads to?
    Mr. Stipano. Yes, sir.
    Senator Levin. Has HSBC established an effective program to 
identify the beneficial owners of any bearer share accounts?
    Mr. Stipano. I think that is something that we need to 
determine.
    Senator Levin. OK, and you are going to let us know that?
    Mr. Stipano. Yes, sir.
    Senator Levin. Why should banks open accounts for bearer 
share corporations? Maybe I should ask you, Mr. Curry. Or any 
one of you can answer it.
    Mr. Curry. Given the high-risk nature of those accounts, I 
do not know.
    Senator Levin. Will you take a look at that whole issue 
because it sort of continues. They have said they have taken 
some steps, and I take their word for it. The steps that they 
identified this morning were that they are going to hold those 
shares in escrow or put them with an agent, I believe they 
said, who would be a reliable agent. But there is a waiver 
provision in there and that waiver provision is an easy 
loophole, I am afraid. I did not ask the panel about that at 
the time. I forgot to do that, and I can ask that for the 
record, as a matter of fact. But take a look at that issue and 
see whether or not the loophole in that new step that they are 
going to take is acceptable to the OCC.
    Mr. Curry. Yes. I would expect that would be a focus of our 
ongoing supervision.
    Senator Coburn. Mr. Chairman, I would just add one point. 
It is interesting. We have already established the fact that 
there was some complicity with OCC and HSBC. But there is some 
irony in the fact that this organization that is now going to 
fine them, I wonder who is going to fine you?
    Mr. Curry. No, in terms of accountability, I am accountable 
and I will hold myself accountable and I know you will hold me 
accountable. Also, I want to emphasize that the vast majority 
of the people at the Office of the Comptroller of the Currency, 
particularly the supervisory personnel, are committed. They are 
very proud to be commissioned national bank examiners and that 
pride--we will appeal to that pride to make sure that it is 
evident in the work that we do going forward.
    Senator Coburn. I guess my point is, is there is no 
financial consequence when we have an agency responsible for 
something and yet fails, but there is a financial consequence 
to the people that were regulated by the agency that actually 
failed to do what the agency was supposed to hold them 
accountable not to do. That was the only point I was making.
    Senator Levin. I agree with that and I also agree that 
Congress has responsibility, too, in our oversight.
    Senator Coburn. And that is why we are here.
    Senator Levin. That is exactly what this Subcommittee is 
about and other committees and subcommittees are involved in 
and should be involved in. The oversight function is critically 
important and that is our responsibility, to bring about 
accountability through oversight. But it has been missing in 
many places and in many places where it deserves to be applied. 
That is one of the results, I hope, of these hearings and what 
our Subcommittee has tried to do over the years is to promote 
accountability wherever it needs to be achieved.
    I do not have any further questions. Do you have any 
further questions, Senator Coburn?
    Senator Coburn. No.
    Senator Levin. Let me just summarize very briefly, and that 
is that we have seen today what the problems are, and our 
staffs, both of them working together so beautifully as they 
do, have put together a powerful report, a compelling report 
and it speaks for itself, but we have tried to summarize the 
best we could here today.
    HBUS and HSBC have made commitments to improve in a number 
of ways. They have improved by a big increase in the number of 
compliance personnel. The compliance resources have been 
increased. The affiliate due diligence requirements that they 
are putting in are extremely important. They sure were missing 
in the history so far. They have closed 325 correspondent 
accounts, including those accounts of 55 banks in sanctioned 
countries, such as Iran, Syria, and North Korea. They closed 
the Cayman accounts, and that is a real beginning of some 
action against these kind of hidden accounts kept secret from 
the world that can be put to such dubious purposes as we have 
seen here today. We have seen, in other words, the beginning, 
we hope, of the cleanup of this global bank, and if it happens, 
it is going to strengthen protections for people in countries 
around the world.
    The OCC has agreed to strengthen its anti-money laundering 
oversight. It is going to treat the failures as safety and 
soundness problems, not just consumer compliance problems. That 
is going to have a very strong impact and a deterrent impact on 
our banks. It will cite statutory violations for banks that 
fail to meet the requirements for the four mandatory components 
of an AML program. It has agreed as part of its strengthening 
of anti-money laundering oversight to have a large bank review 
whenever a bank hits a threshold of a certain number or 
approximate number of MRAs or violations.
    So if everybody carries out the violations--excuse me. If 
everyone carries out the commitments--they have already carried 
out the violations, so if folks carry out all the commitments 
which we have heard about here today, we are going to take a 
major step towards stopping terrorists, drug traffickers, and 
other wrongdoers from misusing and abusing the U.S. financial 
system for their nefarious purposes.
    I want to again thank my colleague and my friend, Senator 
Coburn, and our staffs for the way they worked together and put 
together an extremely powerful report and for helping us to 
understand a very complex area.
    We want to thank you, Mr. Curry, because you have taken 
over a very difficult job. You have done it with gusto. You 
have brought in a real sense of newness and a freshness, a 
determination to clean up that situation at OCC.
    And with that, I will turn to Senator Coburn to see if he 
has any comments. ----------------------------------------
    Senator Coburn. I just want to thank you all for your 
cooperation with us for your straightforwardness. What you have 
in front of you is not easy. Nobody ever said it was easy, but 
it is really important. So I take you, Mr. Curry, at your word 
that you are going to continue to communicate with this 
Subcommittee because decisive action and follow through--it is 
not enough to have a plan to fix this, you have to have a plan 
that gets executed and then monitored, and my hope is that we 
see a vigorous OCC that is the right amount, does not overreact 
but it is the right amount to do what we can do to stop some of 
the things that are going on that really only benefit those of 
criminal intent. So I thank you for your testimony and your 
time and your patience.
    Thank you, Mr. Chairman.
    Senator Levin. Thank you all. The record will be kept open 
for questions of this panel and all of our other panels and we 
will stand adjourned.
    [Whereupon, at 4:49 p.m., the Subcommittee was adjourned.]










                            A P P E N D I X

                              ----------                              







[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



                                 
