In 2012, cited by US senate investigators as being money launderers for “drug kingpins and rogue nations,” the British bank HSBC agreed to pay $1.9 billion in penalties, a record at that time. In an agreement with the US Department of Justice, it promised to improve its internal safeguards against money laundering and allow an independent monitor to evaluate its progress. Thus HBSC ushered in the current era of compliance with US economic sanctions, with the US increasingly exercising its authority on foreign corporations. Nonetheless, the lesson was not learned by all parties.
Two years later, France’s largest bank, BNP Paribas, pled guilty to criminal charges for transferring billions of dollars on behalf of nations sanctioned by the US, including Sudan, Cuba, and Iran. It had continued its illegal transactions despite warnings from both the bank’s own compliance staff and the US government, concealing the names of its clients when sending its transactions through the American financial system. It was fined an eye-watering $8.9 billion and ordered to enhance its compliance procedures and policies. The US attorney in Manhattan said the bank was guilty of “perpetrating what was truly a tour de force fraud.”
Compliance failures: weak internal structures coupled with willful misdeeds
The US Treasury Department publishes a continually evolving list of sanctioned individuals, organizations, and countries, a list that is currently more than 1,200 pages long. Companies are responsible for ensuring that they do not enter into transactions with the sanctioned entities. Our paper “U.S. Economic Sanctions and the Corporate Compliance of Foreign Banks” focuses on what went wrong inside corporations in cases such as the above, and what has changed since the US began to forcefully impose sanctions.
Companies are responsible for ensuring that they do not enter into transactions with the sanctioned entities.
Often we found that banks were not structurally organized to handle compliance effectively, including issues concerning corporations’ chief compliance officer and chief legal officer. In some cases, both figures were aware of the bank’s illegal practices, but possessed no tools to effect real change in corporate conduct. In others, they sided with the business managers, who, in at least one instance, encouraged the legal office to continue illegal practices. In the case of BNP, the firm’s compliance office lacked both internal effectiveness and the necessary independence from the firm’s management.
We found that in many cases firms were not structurally organized to handle compliance effectively.
Americanization of international banks’ compliance services
Beginning with HSBC, which instituted a large-scale internal transformation of its compliance services, large international banks have been progressively implementing reforms to comply with US economic sanctions.
Large international banks have been progressively implementing reforms to comply with US economic sanctions.
Because companies wish to avoid the uncertainty, bad publicity, and expense of a trial, these cases have all, up until now, been settled in either standard plea agreements (in which a company will agree to plead guilty in exchange for concessions), deferred prosecution agreements (or DPAs, in which prosecution is delayed, and charges waived, if the defendant fulfills certain conditions), or non-prosecution agreements (or NPAs, in which the prosecutor agrees not to pursue charges if certain conditions are met).
Our key finding is that demands made by the US government under such agreements have resulted in the undeniable Americanization of the compliance services of non-American banks.
The agreements commit firms to the heavy burden of restructuring, staffing, and empowering their compliance officers. A typical requirement under such agreements would be to create a compliance department separate from the legal department, which would allow dedicated staff to focus on compliance issues.
Other requested changes might include a modification of reporting lines, with the compliance officer reporting to the chief risk officer, not the chief legal officer.
Some agreements go even further by requiring that a corporate monitor, appointed by the US Department of Justice, oversee the firm’s compliance service, with access to corporate documents and board meetings.
Deep structural and organizational changes: is it enough?
The deep changes in HSBC’s structure and organization are emblematic of the Americanization that we found is taking hold in the compliance services of non-American banks.
At the time of US authority’s investigation of HSBC, HSBC’s compliance function was so dramatically understaffed that there were only four employees to review the 13,000 to 15,000 suspicious transactions that the bank carried out every month. As a result of its DPA with the US Department of Justice, HSBC took extensive actions — for which it spent over $290 million — to remedy the bank’s failures regarding money laundering.
Furthermore, HSBC Bank USA increased its anti-money laundering staffing by tenfold, from 92 employees and 25 consultants in January 2010 to approximately 880 employees and 267 consultants in May 2012. HSBC Group also appointed new senior officers. By 2014, HSBC Group counted 7,000 employees working in risk and compliance, about 10 percent of the bank’s total staff. This example was followed by other European banks such ING, Standard Chartered, and CommerzBank, as part of a DPA with US prosecution authorities.
These sorts of changes are still in their early days, so it is an open question of how effective the US government’s use of DPAs and NPAs is in reining in wrongdoing and changing the culture at the world’s largest banks.
Only a transparent, effective, public monitoring system will prove whether current methods are the right tools for deterring bank corruption.
Will these structural changes really affect the way corporations behave? We feel the situation requires further monitoring, because, at a time when DPAs are on the rise, only a transparent, effective, public monitoring system will prove whether current methods are the right tools for deterring bank corruption.