Banking Exchange Magazine Logo

'Don't Bring Me Down'

Learning from enforcement actions

'Don't Bring Me Down'

Readers of this blog know that I strongly believe that the entire AML community (private and public sector) can benefit from studying the themes from enforcement actions.

No matter how dramatic the penalty, we need to remember that these actions are negotiated and what is public is never the whole story. Also, you won't benefit from just skimming an action; you need to go beyond summaries. Actually read the financial institution's response and compare the themes in the government's announcement to your own institutions' or clients' policies and procedures.

You can't simply throw up your hands and say the compliance obligations expected today are unattainable--learn from these situations.

Case in point--HSBC.

Reading and learning beyond the headlines

I leave to others the task of breaking down all of the documents from the Treasury's collective settlement announced this week. But I want to offer something you don't see mentioned very often--what the institution is doing in response to the action and has been doing for a period of time before the issuance of the fine, as well as the themes we must continue to address.

The comprehensive statement by HSBC is particularly compelling. This is both because of the acceptance by the bank of its past mistakes and its outline of how the institution has fundamentally changed and continues to address any deficiencies.

For example, the bank has increased their AML spending nine-fold between 2009-11. And there has been a ten-fold increase in AML staffing from 2010-2012. In addition, the bank exited a large number of correspondent bank relationships for risk reasons and dramatically changed the institution's overall control structure through changes such as creation of "a set of guidelines limiting business in countries that pose high financial crime risk." To ensure continued improvements, there is a five-year agreement with the Justice Department for an independent monitor to evaluate the bank's progress in implementing these and other measures.

A final note about HSBC's statement--the Justice Department also publicly stated that the institution's management has "made significant strides in improving ‘tone at the top' and ensuring that a culture of compliance permeates the institution."

In the Treasury Department's statement on the action, the emphasis is on how AML compliance failures impact an institution's ability to detect and report suspicious activity and that leads to law enforcement being placed at a distinct disadvantage in combating money laundering, terrorist financing, transnational organized crime, and both domestic and global financial threats.

Reading between the lines here tells me what I firmly believe--that AML obligations are not an end in themselves; the goal is law enforcement support, not regulatory compliance. (Note: As I have mentioned many times before, the AML community needs to take advantage of government outreach that seeks recommendations on modifications or changes to the range of AML and related laws. This is as good a time as any.)

Themes to understand

While I won't suggest that all actions are similar, many bankers have told me that an enforcement action against a peer institution does not make anyone feel anything other than--"It can happen to any of us."

There are a number of reasons for this view and I'll tackle them in future blogs. But suffice it to say we need to call out the major themes from this action and try to learn and improve from these penalties.

Today's AML program needs qualified personnel with appropriate training on how the vast number of banking products present vulnerabilities for money laundering , financial crime, and a whole host of illegal activity.

With these complicated products comes a need for "enterprise-wide, risk-based assessments of potential money laundering risks" because a failure to effectively put those controls in place will negatively impact the effectiveness of transaction monitoring. The last failure harms law enforcement, as mentioned above.

Returning to product risks, it is clear (and has also been constantly emphasized in the FFIEC Examination Manual) that the AML community needs to wrap its arms around the ability of criminals to misuse:

  • • Prepaid cards
  • • Cash letters
  • • Banknotes
  • • Lockboxes
  • • Remote deposit capture, and
  • • Many other bank products and services.

No AML process can be effectively maintained without proper independent testing that determines where risks are located and a proper notification of management of any discovered deficiencies.

There is more to understand in this week's actions. So continue to review, study, and perform gap analysis.

If you handle these announcements well, you will be able to say, "Don't  Bring Me Down"* because I will learn from this.

* Jeff Lynne, one of the most underappreciated music producers of the last 30 years  and known for his work with George Harrison, the Traveling Wilburys , among many others, wrote this song for his group--Electric Light Orchestra, or ELO.

For further reading, the November Banking Exchange contains a feature article by contributing editor Nancy Derr-Castiglione--who co-authors the Common Sense Compliance blog--on lessons from a number of recent enforcement actions issued prior to HSBC. Don't miss it!

Disclaimer: John Byrne's views do not necessarily reflect those of the American Bankers Association.

John Byrne

John Byrne is Senior Advisor to the Advisory Board  of the Association of Certified Anti-Money Laundering Specialists and Vice-Chairman of AML RightSource. ACAMS, with more than 70,000 members, develops anti-money laundering/sanctions/financial crime detection programs and certifies specialists in financial and non-financial businesses and government agencies. Byrne is a nationally known regulatory and legislative attorney with over 30 years of experience in a vast array of financial services issues, with particular expertise in all aspects of regulatory oversight, policy and management, anti-money laundering (AML), privacy, and consumer compliance. He has written hundreds of articles on AML; represented the banking industry in this area before Congress, state legislatures, and international bodies such as the Financial Action Task Force (FATF); and appeared on CNN, Good Morning America, the Today Show, and many other media outlets. Byrne has received a number of awards, including the Director's Medal for Exceptional Service from the Treasury Department's Financial Crimes Enforcement Network (FinCEN) and the ABA's Distinguished Service Award for his career work in the compliance field. His podcast, "AML Now" (on ITunes) received a 2017 Communicator Award for hosting from the Academy of Interactive and Visual Arts. Byrne's blog on AML and Fraud on received a Gold Hermes Award in 2016. John received the ACAMS Lifetime Service Award in September. Byrne can be e-mailed at [email protected]; and don't miss John's updates on Twitter! You can find him at @jbacams2011

back to top


About Us

Connect With Us



How to get the most out of Data and AI
with Ravi Loganathan from Sardine
and President of Sonar

Wednesday, July 24, 2024 at 11 AM ET / 8 AM PT

In this webinar we will cover:


This webinar is brought to you by:

SardineBanking Exchange