Financial crime risk policies

HSBC is committed to high ethical standards. Our policies on anti-money laundering, sanctions, and anti-bribery and corruption aim to ensure that risks identified by the bank are appropriately mitigated.

HSBC (all wholly owned or controlled HSBC Group of companies) is committed to implementing minimum control standards across all jurisdictions for which it operates.

HSBC established a Global Anti-Money Laundering Policy (“AML Policy”) for this purpose. The objective of the AML Policy is to identify and appropriately manage money laundering risks identified by HSBC. This is achieved by establishing and implementing appropriate processes, systems and controls to protect HSBC, its customers, shareholders, employees, and the communities it serves from money laundering. The AML Policy sets out the minimum control standards to all HSBC group entities and employees, requiring them to conduct business in accordance with applicable AML laws, rules, and regulations.

The AML Policy is informed by applicable laws, regulations, regulatory guidance and best practice from the United Kingdom, European Union, Hong Kong and the United States of America. In cases where material differences exist between the rules and regulations of these authorities or countries, the AML Policy adopts the highest standard; while acknowledging the primacy of local law.

The Policy includes:

  • The appointment of a Global and Country Money Laundering Reporting Officer (“MLRO”) or alternative position as required by local regulation
  • Minimum Customer Due Diligence (“CDD”) requirements, incorporating Customer Identification and Verification (“ID&V”) and Know Your Customer (“KYC”) principles
  • Conducting enhanced due diligence (“EDD”) on customers assessed as higher risk; such as Politically Exposed Persons (“PEPs”) in senior positions, their relatives and close associates
  • Establishing processes and systems designed to monitor customer transactions for the purpose of identifying suspicious activity
  • The investigation and subsequent reporting of suspicious activity to the appropriate regulatory and/or law enforcement bodies
  • Mandated regular AML training of employees and contractors
  • The prohibition of the following products, services and customer types:
    • Anonymous accounts or numbered accounts or customers seeking to maintain an account in an obviously fictitious name
    • Shell banks, i.e. banks with no physical presence or staff
    • Hold Mail, i.e. where the customer has instructed all documentation related to the account are to be held on their behalf until collection
    • Payable-through-accounts, i.e. HSBC does not allow domestic or foreign bank customers to provide payable-through-accounts to their customers on their HSBC accounts
  • Mandated regular independent testing by second line assurance function and third line audit function; and
  • Any relevant additional local requirements

HSBC is a member of the Wolfsberg Group, an association of thirteen global banks that aims to develop financial services industry standards for KYC, AML and Counter Terrorist Financing.

HSBC has prepared a Global Certification for use by any financial institution that believes it requires a USA Patriot Act Certification from an HSBC Group company.


As a global financial institution, HSBC is committed to combatting financial crime and protecting the integrity of the global financial system. One of the ways in which we meet this objective is through HSBC’s Global Sanctions Policy (the “Policy”).

The Policy is derived from the sanctions resolutions, laws, regulations and regulatory guidance of the United Nations Security Council (“UN”), the United Kingdom (“UK”), the Hong Kong Special Administrative Region (“HK”), the European Union (“EU”) and the United States of America (“US”) and takes into account broader financial crime concerns. HSBC is required to comply with the applicable sanctions laws and regulations in all the jurisdictions in which we operate. Further, the Policy seeks, subject to the primacy of local law, to establish a globally consistent standard to effectively manage sanctions compliance risk across all HSBC wholly or majority-owned or controlled legal entities (“HSBC Group Entities”) in all jurisdictions in which HSBC operates. For this reason, we may not be able to support certain business activity even if it is permitted under local laws and regulations.

Minimum Standards

The Policy defines the minimum standards which all HSBC Group Entities must comply with, including:

  • Prohibiting or restricting customer relationships or transactions/business activity, involving:
    • parties named on certain sanctions lists issued by the UN, UK, HK, EU or US;
    • parties named on a sanctions list issued by the competent authority in the jurisdiction in which a HSBC Group Entity operates; and
    • any entity owned directly or indirectly 50% or more (individually or in the aggregate) or controlled by any of the parties described above, even if the entity is not named on a sanctions list.
  • Prohibiting customer relationships, or engaging in transactions or business activity, involving certain countries, territories or Governments1, including:
    • Iran and the Government of Iran;
    • North Korea and the Government of North Korea;
    • Syria and the Government of Syria1;
    • The Crimea Region;
    • The Government of Venezuela; and
    • Cuba and the Government of Cuba – relationships and transactions are prohibited to the extent that they involve a US nexus (that is, the US financial system, US persons or US-origin goods).
  • Restricting certain transactions and business activity involving, directly or indirectly, certain countries, governments, individuals, entities or industry sectors, including:
    • Belarus – prohibiting the direct funding of the Government of Belarus;
    • Libya – freezing of assets of certain Libyan entities (and any subsidiaries owned 50% or more or controlled by these entities) held outside Libya as at September 2011;
  • Russia – engaging in transactions or business activity involving:
    • the Russian military, intelligence or defence or related materiel sector;
    • the primary market for bonds issued by, or lending funds to, the Russian Sovereign2 outside of Russia;
    • the provision of goods, technology and services in support of certain Russian energy projects; or
    • debt and equity of certain entities operating in the Russian financial, energy and defence sectors; and
  • Zimbabwe – prohibiting the direct funding of the Government of Zimbabwe.

HSBC may, in its sole discretion, agree to process certain transactions prohibited or restricted under the Policy that are authorised by a licence from an appropriate authority or are otherwise permitted under applicable laws and regulation, such as those which relate to humanitarian aid. These transactions will be considered on a case-by-case basis and must be submitted in advance to HSBC for consideration and approval.

HSBC may, in its sole discretion, also decide not to process transactions, provide products or services or otherwise engage in transactions or other activity even where permitted by applicable sanctions laws and regulations where these activities fall outside of HSBC’s risk appetite.

In complying with applicable sanctions laws or regulations or the Policy, the processing of customer transactions may be delayed while we conduct additional due diligence on the underlying transaction and/or the parties involved. HSBC will block/freeze or reject transactions that appear to violate sanctions laws or regulations or the Policy where required to do so under applicable sanctions laws or regulations or the Policy, or will return transactions where they fall outside HSBC’s risk appetite. Further, HSBC will comply with obligations to report sanctions violations to the relevant regulatory authority, including where a violation relates to any attempt by a customer to evade or circumvent sanctions laws and regulations.

1 “Government” is generally broadly defined and generally includes the state and government of the relevant jurisdiction; any political subdivision, agency, or instrumentality thereof, including the jurisdiction’s central bank; any person owned or controlled, directly or indirectly, by any of the foregoing; and any person who or that has acted or purported to act directly or indirectly for or on behalf of, any of the foregoing, including current and former government officials, employees and contractors.

2 The term “Russian Sovereign” means any ministry, agency, or sovereign fund of the Russian Federation, including the Central Bank of Russia, the National Wealth Fund and the Ministry of Finance of the Russian Federation.


HSBC operates a zero tolerance approach to Bribery and Corruption and considers such activity to be unethical and contrary to good corporate governance. HSBC, its Staff and associated persons are prohibited from engaging in Bribery and Corruption.

The AB&C Policy sets out the Key Principles and minimum control requirements that enable HSBC to mitigate Bribery and Corruption risk and comply with all laws and regulations, including the UK Bribery Act, US Foreign Corrupt Practices Act, HK Prevention of Bribery Ordinance and France Loi Sapin II, as well as other similar laws and regulations in the countries where we operate.

Minimum Standards

The AB&C Policy defines the minimum standards which all HSBC Group Entities must comply. This include the AB&C Key Principles, which requires that all activity:

  • must be conducted without intent to bribe or corrupt;
  • must be reasonable and transparent;
  • must not be considered lavish or disproportionate to the professional relationship;
  • must be appropriately documented with business rationale; and
  • must be authorised at an appropriate level of seniority.

The AB&C Policy facilitates these Key Principles, by further setting minimum standards under four AB&C pillars:

  1. Staff
    All Staff (Staff means HSBC permanent and fixed term employees, contractors and consultants (including those on assignment or secondment to HSBC)) must ensure their interactions or relationships do not induce, or can be seen to induce, improper action in order to obtain or retain a business advantage. This covers the giving and receiving of Additional Benefits, which refers to:

    • Gifts and entertainment;
    • charitable donations and giving;
    • sponsorships and brand partnerships;
    • training;
    • speaker fees; and
    • hiring.

    The AB&C Policy sets out clear recording, approval and escalation requirements for Additional Benefits, together with any prohibited activity.

  2. Associated Persons
    The AB&C Policy requires that all HSBC associated persons must be identified, recorded and have appropriate due diligence completed.

  3. Customer
    Customers must not use HSBC products and services to facilitate the payment or receipt of bribes or funds from corrupt activity. In order to comply with the letter and spirit of applicable AB&C laws and regulation, the AB&C Policy requires risk-based controls are in place to prevent HSBC products and services being used for bribery or corruption. This includes customer due diligence, transaction monitoring and customer exit requirements.

  4. Strategic
    All HSBC strategic activity is required to identify and mitigate any bribery or corruption risk. The AB&C Policy sets these minimum standards, which includes due diligence and integration of AB&C controls, for:

    • strategic and proprietary investments and disposals;
    • new products and services design; and
    • corporate real estate transactions.


HSBC's AB&C compliance programme and AB&C Policy are overseen by the HSBC Holdings plc Board. HSBC requires all Staff, Board of Directors and Associated Persons comply with the principles in the AB&C Policy and annual mandatory AB&C training is provided to all Staff, with additional targeted training, tailored to the roles of individuals.

HSBC carries out regular, risk assessments, monitoring and testing of its AB&C programme, with any applicable findings included within the AB&C Policy. HSBC also maintains clear whistleblowing policies and processes, to ensure that individuals can confidentially report concerns. To view the statement on HSBC's whistleblowing arrangements see the Environmental, Social and Governance (ESG) update published on the ESG and responsible business page.

HSBC is an active user of Know Your Customer (“KYC”) data exchange platform SWIFT KYC Registry (opens in new window) in support of a more intelligence-based approach to identifying and managing financial crime risks. Third-party banks or vendors seeking HSBC AML or KYC due diligence information, including the detailed Wolfsberg Correspondent Banking Due Diligence Questionnaire (CBDDQ), should use this service in the first instance to collect relevant data and documents. Only if the information sought is not available, please send an e-mail request directly to HSBC using the following e-mail address:

As a supplement to the HSBC AML statement we also make available the Wolfsberg Financial Crime Compliance Questionnaire (FCCQ), which gives an overview of basic information about HSBC’s policies and processes relating to financial crime risk management.

HSBC news

HSBC holds informal meeting with Hong Kong shareholders

The meeting, attended by senior leaders, was held at the Kowloonbay International Trade and Exhibition Centre.

Roaring with Pride

We’ve been flying the flag for LGBTQ+ inclusion for years, as a look back at our history shows.

Enduring the pandemic together

We are continuing to support customers and communities affected by Covid-19 outbreaks in 2022.