Over recent years HSBC has transformed its ability to manage financial crime risk. Since 2011, we have reduced the number of countries in which we operate and put in place far greater central control over our operations, including over financial crime compliance.
As part of de-risking our business we have ended relationships with customers that we consider too risky, and continue to review on an ongoing basis. Customers exited for financial crime reasons in one HSBC market are exited in all HSBC markets.
Beginning in 2012, we designed and implemented across all our operations consistent global policies on anti-money laundering and sanctions, with standards often extending well beyond local laws.
We have also have significantly strengthened the bank’s Financial Crime Risk function, which is five times larger than in 2013, including hiring a number of experts in the fields of law enforcement and regulation in leadership roles. Independent supervision is now provided by a dedicated Board committee, the Financial System Vulnerabilities Committee.
Putting in place defences
From 2015 we began rolling out a number of major IT systems including for customer due diligence (CDD) and monitoring and screening. Our centralised CDD system, which was in place across all countries and business lines by the end of 2016, enables a consistent risk assessment process to be applied to customers.
By the end of 2017 we had completed our major IT architecture changes, having invested USD1 billion in new and upgraded systems since 2015. The end result is a substantially improved IT infrastructure to help identify and analyse financial crime. We constantly explore technologies to help us build on our existing capabilities, including working with, or investing in, financial technology (fintech) firms.
We have put in place a robust three lines of defence model. Frontline employees are supported by the Financial Crime Risk function as the second line of defence to provide oversight and challenge. The third line of defence is Internal Audit, which acts independently to assure the effectiveness of our controls and risk management.
We recognised the importance of training, rolling out annual mandatory financial crime learning to all employees as well as role-specific training for individuals in particular jobs. We have also focused on creating the right culture. By the end of 2016, 200,000 employees had taken part in our day-long face-to-face training on values and speaking up with a further 30,000 managers undergoing an intensive two-day course.
Ensuring our defences operate effectively
In 2017 we focused on completing the job of putting in place the new and upgraded systems and processes, and assessing all countries to ensure that our controls operate effectively everywhere.
We completed a country-by-country assessment against the core capabilities set out in our financial crime risk framework. This gives us a clear view of our progress and detailed plans to ensure we embed the capabilities and integrate them fully into our day-to-day operations during 2018.
During 2017, we introduced a strengthened financial crime risk management governance framework, mandating Financial Crime Risk Management Committees with a standardised agenda at country, region and global business line level. This was supported by new dashboard of consistent management information based on a set of standardised financial crime controls.
HSBC’s progress in strengthening our anti-money laundering and sanctions compliance capabilities was recognised in December 2017 when our five-year Deferred Prosecution Agreement with the US Department of Justice expired.
Our journey to fight financial crime will never end. In 2018 and beyond we will continue to work to fine tune our systems and to ensure that our improvements are fully integrated into our day-to-day risk management practices, and effective and sustainable over the long term.
Criminals are constantly adapting their techniques, so we will continuously adapt how we manage financial crime risk to keep them out of the banking system that we all depend on.