The Result of Inadequate Compliance

20 September 2020 news about HSBC’s moving millions of Ponzi scheme money through its US business to Hong Kong, soon after the UK’s biggest bank had been heavily fined in the US over money laundering, clearly shows that even heavy weights are susceptible to flaws in the compliance function that inevitably result in enormous damage.

According to BBC, “The investment scam that HSBC was warned about was called WCM777. It was started by Chinese national Ming Xu. Little is known about how he came to be living in the US, although he claims to have studied for an MA in California… Through travelling seminars, Facebook and webinars on YouTube, it raised $80m selling supposed investment opportunities in cloud computing.” Clearly, this was not a difficult scheme to uncover.

Although the facts were revealed by the leaked bank’s ‘suspicious activity reports’ (SARs), indicating that the compliance department had done part of their duty duly informing the authorities on suspected dealings, the overall situation demonstrates that, firstly, the KYC procedures in place were flawed, and, secondly, that the compliance staff involved, up to the highest level, lacked the knowledge and understanding that simply filing SARs in hope that action would be taken by ‘them’ whilst continuing to illegally moving the money, was not ’compliant’ or legal!

Such actions parallel the collapse of Wirecard AG which went into insolvency in June of 2020 owing creditors almost $4 billion and resulted in a downfall of a multi-billion European financial business, not least due to poor governance and ineffective compliance. Reuters confirmed that “The ascent of Wirecard, which was founded in 1999 and is based in a Munich suburb, was dogged by allegations from whistleblowers, reporters and speculators that its revenue and profits had been pumped up through fake transactions.”

Although clearly internal corruption and lack of robust regulatory oversight contributed to the disastrous outcomes, nevertheless these contributing factors do not replace the need for clear and sustainable governance and effective and enforceable compliance measures. Furthermore, no governance or compliance functions can operate in isolation; organisations must train and continuously upskill their staff to be able to identify and mitigate risks on a continuous basis.

The global arena has barely recovered from the most recent financial crisis in 2007-2008. The aftermath saw a myriad of international legislation and regulation, bolstering of the role and powers of regulators and tightening of procedures across different sectors and different firms. Let us abandon the tick box, superficial governance, risk and compliance farces for robust, transparent, accountable and enforceable processes!

Let us ensure that we do not allow another devastating financial and social catastrophe.