Thank you Chairman Levin, Senator Coburn, and members of the Subcommittee. My name is Irene Dorner and I serve as President and CEO of HSBC Bank USA (“HBUS”) and HSBC North America Holdings, Inc. (“HNAH”). I have led the Bank in the U.S. since January 2010. This is one of the many entities across the globe that forms HSBC Group, which is headquartered in London.
At the outset, let me state clearly that we deeply regret and apologize for the fact that HSBC did not live up to the expectations of our regulators, our customers, our employees, and the general public. HSBC’s compliance history, as examined today, is unacceptable. Therefore, I fully appreciate why we are here and believe that this is an important discussion. HSBC has learned some very hard lessons from the experience of the past few years. But we have taken very substantial steps to address the problems that we, our regulators, and this Subcommittee have identified. We have made fundamental changes in governance, culture, training, and funding to ensure that we can effectively deter illicit use of our bank. These changes will be embedded and sustained going forward.
As you know, these issues and challenges do not end at the water’s edge. So we are combining our efforts with reforms that apply throughout HSBC’s global business. And I am joined today by our new Chief Legal Officer, Stuart Levey, who is here on behalf of the HSBC Group and who will describe HSBC’s global compliance commitment. Stuart and I sit on HSBC Group’s new Global Standards Steering Committee that is charged with establishing a uniform set of high standards for all HSBC affiliates around the world. I sit on this Committee because senior leadership at HSBC Group recognizes that often U.S. standards will be the highest standard globally. We have taken the lessons we learned from our experiences in the U.S. and are applying them on a global basis.
Today, I would like to address two topics. First, I would like to tell you about HSBC and describe the importance of an effective compliance program to an institution of our size and global reach. Second, I would like to talk about the work we have done to address our AML Compliance deficiencies.
II. HSBC in the United States
HSBC is in a unique position: we are among a handful of financial institutions with a truly global footprint. HSBC entered the United States in the 1980s when we acquired Marine Midland Bank and we have been building on this foundation ever since. Today, our U.S. business has 16,500 employees and serves about 3.5 million customers. We have four main business lines: Global Banking and Markets; Retail Banking and Wealth Management; Commercial Banking; and Private Banking.
HSBC has a truly global footprint. Our customers have a need for global banking services. In the United States, HSBC is one of the largest dollar clearers; this is important because the U.S. dollar is the currency of trade and commerce virtually no matter where you are. When a U.S. manufacturer wants to sell its products to a retailer in Hong Kong, the transaction is settled in U.S. dollars. When a manufacturer in Singapore sells its goods to a purchaser in Germany, or a raw materials supplier in Brazil sells its products to a purchaser in Canada, chances are those transactions are settled in U.S. dollars as well.
This global reach gives us a tremendous opportunity to attract customers who are internationally focused. But it also brings with it a tremendous responsibility. Given my experience working for HSBC in other parts of the world, I am cognizant of the risks and obligations that come with serving our customers. At an absolute minimum, we must have the proper controls and systems in place to ensure that we are doing the right business, in the right places, with the right customers, and that our customers’ transactions are properly monitored. If for any reason a transaction appears to be unlawful or suspicious, then we scrutinize the customer and report this information to the authorities in a timely manner.
In the world of banking, there is nothing more important than our reputation, not just for financial strength but also for trustworthiness and integrity. Not only is it important to our customers and our regulators, it’s important to me, and it’s important to my management team. I have made clear that I expect every member of my senior management team to stand up for doing what is right.
III. AML Compliance Remediation
As the subcommittee has documented, we have fallen short in a number of serious ways. In October 2010, the U.S. bank entered into a Consent Order with the OCC. The OCC criticized various aspects of the Bank’s AML program, including failure to provide adequate resources for our AML Compliance function, gaps in automated monitoring of certain wire transfers and banknotes transactions, failure to conduct due diligence on our own HSBC affiliates, and an inadequate process of risk-rating certain customers. We had not invested what we should have in our AML resources and systems. With the full support of our Board and of HSBC Group, I took the lead in overseeing our remediation efforts, and we have taken significant steps forward.
I want to turn now to highlight several of the changes we have implemented.
A. People and Culture
We’ve worked hard to foster a new culture that values and rewards effective compliance, and that starts at the top. By the end of 2010, we had a new U.S. senior management team in place, including myself as CEO, a new General Counsel, a new Head of Compliance, and a new AML Director. Previously the role of General Counsel and head of Compliance had been combined under one person. We also elevated the role of the AML Director, who now reports directly to the Chief Compliance Officer and regularly reports directly to the Board and senior management about the AML program. The Chief Compliance Officer and AML Director also have an independent line to a non-executive member of our Board of Directors.
We have improved the quality, coverage, and strength of our AML program through additional staffing and training. We have worked to build an AML team that has the right subject matter expertise and the right operational expertise.
The U.S. bank has made significant investments in our AML Compliance program over the past two years. We increased AML Compliance spending to $244 million in 2011, approximately nine-fold what we spent in 2009. A big part of this investment has been in hiring and retaining the right people: today we have about 892 full-time AML Compliance professionals. This includes our monitoring and alert review team, local compliance officers, Financial Intelligence Unit team, sanctions screening team, and other AML subject matter experts.
B. Policies and Procedures
Another area we needed to address was that we did not adequately appreciate the risks of our businesses and of our customers. In early 2010, the HNAH Board undertook an enterprise- wide risk assessment and made the decision to exit or scale back several businesses that we decided presented significant compliance risk. Since 2010, we have closed down the Banknotes business, we have exited about 28 embassy banking relationships, and we have closed 326 correspondent banking relationships. This is an ongoing process – we continue to do a formal Enterprise Risk Assessment twice a year to ensure that we are properly managing our risk enterprise-wide.
We also needed to make changes to our Know-Your-Customer (“KYC”) policies. We had previously not been doing customer due diligence on our own HSBC affiliates. We now do the same level of customer due diligence on our own affiliates as we do on third-party customers. We have also improved the way we approach customer diligence for all our customers. We have developed and implemented new bank-wide KYC standards that apply to all our business lines to ensure consistency. Our new KYC policy forces a more critical look at each customer at the onboarding phase, which enables us to make better decisions about whether that customer fits within our risk appetite.
I firmly believe that KYC is about more than just checking a box – it’s about really understanding who your customer is so that you know whether this is a customer you want to do business with. Importantly, we are enforcing this message across our entire employee team through robust and continual training, outreach, and communications.
We also developed a new country risk-rating methodology, as well as a new customer risk-rating methodology. The new customer risk-rating methodology takes a holistic view of customer risk, evaluating risk based on country of residence, products and services utilized, legal entity structure, and type of business or customer. We now have a better way of identifying where our risks lie and we can make good decisions about whether we have the right controls and the right level of diligence on a particular customer, and if we do not, we will either fix it or we will exit that customer.
Once we had our new customer risk-rating methodology and KYC policy in place, we started rolling out a large-scale KYC remediation project across all our business lines, which I chair. Through this process, we have been reviewing our entire customer base, exiting certain customers, and remediating all our remaining customers up to our new KYC standards. Our KYC remediation project is a huge undertaking and this project has integrated our business people with our Compliance people in a way that did not happen before. Many of the changes we are making are being adopted as HSBC global best practices.
We also needed a more robust transaction monitoring system that was sustainable and had the right controls. We have made significant investments in technology and we believe that our new transaction monitoring system more effectively detects suspicious activity. We have also built better controls around that system so that any changes to the way we monitor are vetted by an independent team.
In addition to improving our technology, we recognized that we needed the right structure around the technology so that we not only get better alerts, but are better able to analyze those alerts and report suspicious activity to law enforcement. So we looked not just at the numbers of analysts we needed to hire but the types of people we needed. We brought more subject matter experts into our monitoring team and have built out our Financial Intelligence Unit.
While we have made real progress, we recognize that there is more to do. This is difficult, it is complicated, and it takes time to do it right. Our regulators recently raised issues about some aspects of our model validation process. Addressing these issues is a top priority.
IV . Sustainability
We understand that we have to rebuild the trust of our regulators, our customers, and our other stakeholders. For this reason, the sustainability of our AML Compliance program is a top priority. The intended consequence of the changes I have discussed is to embed a new culture of responsibility, accountability, and deterrence within the U.S. bank. In many ways, an organization’s culture is a product of the “tone at the top,” and it has been my mission, and the mission of my new senior team, to make sure that compliance is on every employee’s mind at every level in the organization.
We understand that an effective AML Compliance program requires an ongoing process of learning, adapting, and improving. There is no point at which we can just sit back and say, “Our program can’t get any better.” We need to evolve and improve constantly; we need to respond not only to regulatory changes but also to advances in technology and to the risks posed by the ingenuity of drug traffickers, money launderers, tax evaders, and others seeking to use our financial system for illicit purposes. We want our doors to be closed to these bad actors. We will never catch every single illicit transaction, but our goal must be to ensure that we are in the best position possible to do so. This is my goal and commitment, and this is the goal and commitment of the HSBC Group, supported fully by our Board of Directors. My commitment also extends to the thousands of HSBC employees here in the U.S. who have been working tirelessly over many months to remediate compliance issues and create a sustainable compliance capability.
V . Conclusion
In closing, let me say that I appreciate this Subcommittee’s efforts to examine and improve the steps taken by industry and government to address these challenges, and we are committed to fulfilling our responsibilities in an effective and sustained manner'.