Gangster Bankers: Too Big to Jail

How HSBC hooked up with drug traffickers and terrorists. And got away with it

The deal was announced quietly, just before the holidays, almost like the government was hoping people were too busy hanging stockings by the fireplace to notice. Flooring politicians, lawyers and investigators all over the world, the U.S. Justice Department granted a total walk to executives of the British-based bank HSBC for the largest drug-and-terrorism money-laundering case ever. Yes, they issued a fine - $1.9 billion, or about five weeks' profit - but they didn't extract so much as one dollar or one day in jail from any individual, despite a decade of stupefying abuses.

People may have outrage fatigue about Wall Street, and more stories about billionaire greedheads getting away with more stealing often cease to amaze. But the HSBC case went miles beyond the usual paper-pushing, keypad-punching sort-of crime, committed by geeks in ties, normally associated with Wall Street. In this case, the bank literally got away with murder - well, aiding and abetting it, anyway.

For at least half a decade, the storied British colonial banking power helped to wash hundreds of millions of dollars for drug mobs, including Mexico's Sinaloa drug cartel, suspected in tens of thousands of murders just in the past 10 years - people so totally evil, jokes former New York Attorney General Eliot Spitzer, that "they make the guys on Wall Street look good." The bank also moved money for organizations linked to Al Qaeda and Hezbollah, and for Russian gangsters; helped countries like Iran, the Sudan and North Korea evade sanctions; and, in between helping murderers and terrorists and rogue states, aided countless common tax cheats in hiding their cash.

"They violated every goddamn law in the book," says Jack Blum, an attorney and former Senate investigator who headed a major bribery investigation against Lockheed in the 1970s that led to the passage of the Foreign Corrupt Practices Act. "They took every imaginable form of illegal and illicit business."

That nobody from the bank went to jail or paid a dollar in individual fines is nothing new in this era of financial crisis. What is different about this settlement is that the Justice Department, for the first time, admitted why it decided to go soft on this particular kind of criminal. It was worried that anything more than a wrist slap for HSBC might undermine the world economy. "Had the U.S. authorities decided to press criminal charges," said Assistant Attorney General Lanny Breuer at a press conference to announce the settlement, "HSBC would almost certainly have lost its banking license in the U.S., the future of the institution would have been under threat and the entire banking system would have been destabilized."

It was the dawn of a new era. In the years just after 9/11, even being breathed on by a suspected terrorist could land you in extralegal detention for the rest of your life. But now, when you're Too Big to Jail, you can cop to laundering terrorist cash and violating the Trading With the Enemy Act, and not only will you not be prosecuted for it, but the government will go out of its way to make sure you won't lose your license. Some on the Hill put it to me this way: OK, fine, no jail time, but they can't even pull their charter? Are you kidding?

But the Justice Department wasn't finished handing out Christmas goodies. A little over a week later, Breuer was back in front of the press, giving a cushy deal to another huge international firm, the Swiss bank UBS, which had just admitted to a key role in perhaps the biggest antitrust/price-fixing case in history, the so-called LIBOR scandal, a massive interest-raterigging conspiracy involving hundreds of trillions ("trillions," with a "t") of dollars in financial products. While two minor players did face charges, Breuer and the Justice Department worried aloud about global stability as they explained why no criminal charges were being filed against the parent company.

"Our goal here," Breuer said, "is not to destroy a major financial institution."

A reporter at the UBS presser pointed out to Breuer that UBS had already been busted in 2009 in a major tax-evasion case, and asked a sensible question. "This is a bank that has broken the law before," the reporter said. "So why not be tougher?"

"I don't know what tougher means," answered the assistant attorney general.

Also known as the Hong Kong and Shanghai Banking Corporation, HSBC has always been associated with drugs. Founded in 1865, HSBC became the major commercial bank in colonial China after the conclusion of the Second Opium War. If you're rusty in your history of Britain's various wars of Imperial Rape, the Second Opium War was the one where Britain and other European powers basically slaughtered lots of Chinese people until they agreed to legalize the dope trade (much like they had done in the First Opium War, which ended in 1842).

A century and a half later, it appears not much has changed. With its strong on-the-ground presence in many of the various ex-colonial territories in Asia and Africa, and its rich history of cross-cultural moral flexibility, HSBC has a very different international footprint than other Too Big to Fail banks like Wells Fargo or Bank of America. While the American banking behemoths mainly gorged themselves on the toxic residential-mortgage trade that caused the 2008 financial bubble, HSBC took a slightly different path, turning itself into the destination bank for domestic and international scoundrels of every possible persuasion.

Three-time losers doing life in California prisons for street felonies might be surprised to learn that the no-jail settlement Lanny Breuer worked out for HSBC was already the bank's third strike. In fact, as a mortifying 334-page report issued by the Senate Permanent Subcommittee on Investigations last summer made plain, HSBC ignored a truly awesome quantity of official warnings.

In April 2003, with 9/11 still fresh in the minds of American regulators, the Federal Reserve sent HSBC's American subsidiary a cease-and-desist letter, ordering it to clean up its act and make a better effort to keep criminals and terrorists from opening accounts at its bank. One of the bank's bigger customers, for instance, was Saudi Arabia's Al Rajhi bank, which had been linked by the CIA and other government agencies to terrorism. According to a document cited in a Senate report, one of the bank's founders, Sulaiman bin Abdul Aziz Al Rajhi, was among 20 early financiers of Al Qaeda, a member of what Osama bin Laden himself apparently called the "Golden Chain." In 2003, the CIA wrote a confidential report about the bank, describing Al Rajhi as a "conduit for extremist finance." In the report, details of which leaked to the public by 2007, the agency noted that Sulaiman Al Rajhi consciously worked to help Islamic "charities" hide their true nature, ordering the bank's board to "explore financial instruments that would allow the bank's charitable contributions to avoid official Saudi scrutiny." (The bank has denied any role in financing extremists.)

In January 2005, while under the cloud of its first double-secret-probation agreement with the U.S., HSBC decided to partially sever ties with Al Rajhi. Note the word "partially": The decision would only apply to Al Rajhi banking and not to its related trading company, a distinction that tickled executives inside the bank. In March 2005, Alan Ketley, a compliance officer for HSBC's American subsidiary, HBUS, gleefully told Paul Plesser, head of his bank's Global Foreign Exchange Department, that it was cool to do business with Al Rajhi Trading. "Looks like you're fine to continue dealing with Al Rajhi," he wrote. "You'd better be making lots of money!"

But this backdoor arrangement with bin Laden's suspected "Golden Chain" banker wasn't direct enough - many HSBC executives wanted the whole shebang restored. In a remarkable e-mail sent in May 2005, Christopher Lok, HSBC's head of global bank notes, asked a colleague if they could maybe go back to fully doing business with Al Rajhi as soon as one of America's primary banking regulators, the Office of the Comptroller of the Currency, lifted the 2003 cease-and-desist order: "After the OCC closeout and that chapter is hopefully finished, could we revisit Al Rajhi again? London compliance has taken a more lenient view."

After being slapped with the order in 2003, HSBC began blowing off its requirements both in letter and in spirit - and on a mass scale, too. Instead of punishing the bank, though, the government's response was to send it more angry letters. Typically, those came in the form of so-called "MRA" (Matters Requiring Attention) letters sent by the OCC. Most of these touched upon the same theme, i.e., HSBC failing to do due diligence on the shady characters who might be depositing money in its accounts or using its branches to wire money. HSBC racked up these "You're Still Screwing Up and We Know It" orders by the dozen, and in just one brief stretch between 2005 and 2006, it received 30 different formal warnings.

Nonetheless, in February 2006 the OCC under George Bush suddenly decided to release HSBC from the 2003 cease-and-desist order. In other words, HSBC basically violated its parole 30 times in just more than a year and got off anyway. The bank was, to use the street term, "off paper" - and free to let the Al Rajhis of the world come rushing back.

After HSBC fully restored its relationship with the apparently terrorist-friendly Al Rajhi Bank in Saudi Arabia, it supplied the bank with nearly 1 billion U.S. dollars. When asked by HSBC what it needed all its American cash for, Al Rajhi explained that people in Saudi Arabia need dollars for all sorts of reasons. "During summer time," the bank wrote, "we have a high demand from tourists traveling for their vacations."

The Treasury Department keeps a list compiled by the Office of Foreign Assets Control, or OFAC, and American banks are not supposed to do business with anyone on the OFAC list. But the bank knowingly helped banned individuals elude the sanctions process. One such individual was the powerful Syrian businessman Rami Makhlouf, a close confidant of the Assad family. When Makhlouf appeared on the OFAC list in 2008, HSBC responded not by severing ties with him but by trying to figure out what to do about the accounts the Syrian power broker had in its Geneva and Cayman Islands branches. "We have determined that accounts held in the Caymans are not in the jurisdiction of, and are not housed on any systems in, the United States," wrote one compliance officer. "Therefore, we will not be reporting this match to OFAC."

Translation: We know the guy's on a terrorist list, but his accounts are in a place the Americans can't search, so screw them.

Remember, this was in 2008 - five years after HSBC had first been caught doing this sort of thing. And even four years after that, when being grilled by Michigan Sen. Carl Levin in July 2012, an HSBC executive refused to absolutely say that the bank would inform the government if Makhlouf or another OFAC-listed name popped up in its system - saying only that it would "do everything we can."

The Senate exchange highlighted an extremely frustrating dynamic government investigators have had to face with Too Big to Jail megabanks: The same thing that makes them so attractive to shady customers - their ability to instantaneously move money around the world to places like the Cayman Islands and Switzerland - makes it easy for them to play dumb with regulators by hiding behind secrecy laws.

When it wasn't banking for shady Third World characters, HSBC was training its mental firepower on the problem of finding creative ways to allow it to do business with countries under U.S. sanction, particularly Iran. In one memo from HSBC's Middle East subsidiary, HBME, the bank notes that it could make a lot of money with Iran, provided it dealt with what it termed "difficulties" - you know, those pesky laws.

"It is anticipated that Iran will become a source of increasing income for the group going forward," the memo says, "and if we are to achieve this goal we must adopt a positive stance when encountering difficulties."

The "positive stance" included a technique called "stripping," in which foreign subsidiaries like HSBC Middle East or HSBC Europe would remove references to Iran in wire transactions to and from the United States, often putting themselves in place of the actual client name to avoid triggering OFAC alerts. (In other words, the transaction would have HBME listed on one end, instead of an Iranian client.)

For more than half a decade, a whopping $19 billion in transactions involving Iran went through the American financial system, with the Iranian connection kept hidden in 75 to 90 percent of those transactions. HSBC has been headquartered in England for more than two decades - it's Europe's largest bank, in fact - but it has major subsidiary operations in every corner of the world. What's come out in this investigation is that the chiefs in the parent company often knew about shady transactions when the regional subsidiary did not. In the case of banned Iranian transactions, for instance, there are multiple e-mails from HSBC's compliance head, David Bagley, in which he admits that HSBC's American subsidiary probably has no clue that HSBC Europe has been sending it buttloads of banned Iranian money.

"I am not sure that HBUS are aware of the fact that HBEU are already providing clearing facilities for four Iranian banks," he wrote in 2003. The following year, he made the same observation. "I suspect that HBUS are not aware that [Iranian] payments may be passing through them," he wrote.

What's the upside for a bank like HSBC to do business with banned individuals, crooks and so on? The answer is simple: "If you have clients who are interested in 'specialty services' - that's the euphemism for the bad stuff - you can charge 'em whatever you want," says former Senate investigator Blum. "The margin on laundered money for years has been roughly 20 percent."

Those charges might come in many forms, from upfront fees to promises to keep deposits at the bank for certain lengths of time. However you structure it, the possibilities for profit are enormous, provided you're willing to accept money from almost anywhere. HSBC, its roots in the raw battlefield capitalism of the old British colonies and its strong presence in Asia, Africa and the Middle East, had more access to customers needing "specialty services" than perhaps any other bank.

And it worked hard to satisfy those customers. In perhaps the pinnacle innovation in the history of sleazy banking practices, HSBC ran a preposterous offshore operation in Mexico that allowed anyone to walk into any HSBC Mexico branch and open a U.S.-dollar account (HSBC Mexico accounts had to be in pesos) via a so-called "Cayman Islands branch" of HSBC Mexico. The evidence suggests customers barely had to submit a real name and address, much less explain the legitimate origins of their deposits.

If you can imagine a drive-thru heart-transplant clinic or an airline that keeps a fully-stocked minibar in the cockpit of every airplane, you're in the ballpark of grasping the regulatory absurdity of HSBC Mexico's "Cayman Islands branch." The whole thing was a pure shell company, run by Mexicans in Mexican bank branches.

At one point, this figment of the bank's corporate imagination had 50,000 clients, holding a total of $2.1 billion in assets. In 2002, an internal audit found that 41 percent of reviewed accounts had incomplete client information. Six years later, an e-mail from a high-ranking HSBC employee noted that 15 percent of customers didn't even have a file. "How do you locate clients when you have no file?" complained the executive.

It wasn't until it was discovered that these accounts were being used to pay a U.S. company allegedly supplying aircraft to Mexican drug dealers that HSBC took action, and even then it closed only some of the "Cayman Islands branch" accounts. As late as 2012, when HSBC executives were being dragged before the U.S. Senate, the bank still had 20,000 such accounts worth some $670 million - and under oath would only say that the bank was "in the process" of closing them.

Meanwhile, throughout all of this time, U.S. regulators kept examining HSBC. In an absurdist pattern that would continue through the 2000s, OCC examiners would conduct annual reviews, find the same disturbing shit they'd found for years, and then write about the bank's problems as though they were being discovered for the first time. From the 2006 annual OCC review: "During the year, we identified a number of areas lacking consistent, vigilant adherence to BSA/AML policies. . . . Management responded positively and initiated steps to correct weaknesses and improve conformance with bank policy. We will validate corrective action in the next examination cycle."

Translation: These guys are assholes, but they admit it, so it's cool and we won't do anything.

A year later, on July 24th, 2007, OCC had this to say: "During the past year, examiners identified a number of common themes, in that businesses lacked consistent, vigilant adherence to BSA/AML policies. Bank policies are acceptable. . . . Management continues to respond positively and initiated steps to improve conformance with bank policy."

Translation: They're still assholes, but we've alerted them to the problem and everything'll be cool.

By then, HSBC's lax money-laundering controls had infected virtually the entire company. Russians identifying themselves as used-car salesmen were at one point depositing $500,000 a day into HSBC, mainly through a bent traveler's-checks operation in Japan. The company's special banking program for foreign embassies was so completely fucked that it had suspicious-activity alerts backed up by the thousands. There is also strong evidence that the bank was allowing clients in Sudan, Cuba, Burma and North Korea to evade sanctions.

When one of the company's compliance chiefs, Carolyn Wind, raised concerns that she didn't have enough staff to monitor suspicious activities at a board meeting in 2007, she was fired. The sheer balls it took for the bank to ignore its compliance executives and continue taking money from so many different shady sources while ostensibly it had regulators swarming all over its every move is incredible. "You can't make up more egregious money-laundering that permeated an entire institution," says Spitzer.

By the late 2000s, other law enforcement agencies were beginning to catch HSBC's scent. The Department of Homeland Security started investigating HSBC for laundering drug money, while the attorney general's office in West Virginia snooped around HSBC's involvement in a Medicare-fraud case. A federal intra-agency meeting was convened in Washington in September 2009, at which it was determined that HSBC was out of control and needed to be investigated more closely.

The bank itself was then notified that its usual OCC review was being "expanded." More OCC staff was assigned to pore through HSBC's books, and, among other things, they found a backlog of 17,000 alerts of suspicious activity that had not been processed. They also noted that the bank had a similar pileup of subpoenas in money-laundering cases.

Finally it seemed the government was on the verge of becoming genuinely pissed off. In March 2010, after seeing countless ultimatums ignored, they issued one more, giving HSBC three months to clear that goddamned 17,000-alert backlog or else there would be serious consequences. HSBC met that deadline, but months later the OCC again found the bank's money-laundering controls seriously wanting, forcing the government to take, well . . . drastic action, right?

Sort of! In October 2010, the OCC took a deep breath, strapped on its big-boy pants and . . . issued a second cease-and-desist order!

In other words, it was "Don't Do It Again" - again. The punishment for all of that dastardly defiance was to bring the regulatory process right back to the same kind of double-secret-probation order they'd tried in 2003.

Not to say that HSBC didn't make changes after the second Don't Do It Again order. It did - it hired some people.

Continue reading at Rolling Stone.

© 2023 Rolling Stone