Money Laundering

Two high-profile incidents remind CUs of the importance of BSA & OFAC compliance.

October 1, 2012

Credit unions’ regulatory compliance costs are staggering, but the costs of noncompliance are even higher.

Consider the following case studies culled from this summer’s headlines. They both involve Bank Secrecy Act (BSA) and Office of Foreign Assets Control (OFAC) violations.

In June, OFAC announced a $619 million settlement with ING Bank to settle potential liability for apparent violations of U.S. sanctions against primarily Cuba, as well as a number of other countries.

OFAC is a division of the U.S. Treasury Department that administers and enforces economic and trade sanctions against targeted foreign countries and their agents, terrorism sponsoring agencies and organizations, and international narcotics traffickers based on U.S. foreign policy and national security objectives. The settlement with ING Bank was the largest reached in a U.S. sanctions case.  

In July, the Senate Permanent Subcommittee on Investigations conducted a probe and found global banking giant HSBC and its U.S. affiliate—HSBC Bank USA—had a number of deficiencies in their anti-money laundering (AML) programs. These deficiencies “exposed the U.S. financial system to a wide array of money laundering, drug trafficking, and terrorist financing risks.” The subcommittee conducted a yearlong investigation into HSBC and detailed its findings in a 335-page report. The report also criticized the Office of the Comptroller of the Currency (OCC) for overlooking HSBC’s “weak AML system for years.”

Here’s a closer look at the case studies.

ING Bank

OFAC’s investigation of ING focused on the apparent manipulation and deletion of information about U.S.-sanctioned parties in more than 20,000 financial and trade transactions routed through third-party banks located in the U.S. between 2002 and 2007. More than $1.6 billion was routed through the U.S. in apparent violation of U.S. sanctions programs, involving primarily Cuba.

The term “apparent violation” under OFAC regulations means conduct that constitutes an actual or possible violation of U.S. economic sanctions laws, as well as executive orders, regulations, or other directives.

The violations arose out of policies at multiple offices of ING Bank’s Wholesale Banking Division. Beginning in the 1990s, senior bank management instructed ING Bank employees in Curacao to omit references to Cuba in payment messages sent to the U.S.

This prevented U.S. financial institutions from identifying and interdicting prohibited transactions, and was  an apparent violation of OFAC’s Cuba Sanction regulations.

Other branches of ING Bank’s Wholesale Banking Division—in France, Belgium, and the Netherlands—also began removing and omitting this information as they processed U.S. dollar payments and trade finance transactions through the U.S. 

In addition, ING Bank’s senior management in France authorized, advised, and ultimately provided fraudulent endorsement stamps for use by Cuban financial institutions in processing traveler’s check transactions. This disguised the involvement of Cuban banks in these transactions when they were processed through the U.S. 

In its settlement agreement with OFAC, ING Bank agreed that it had:

♦ Terminated the conduct that violated OFAC sanctions; 

♦ Established policies and procedures that prohibited and minimized the risk of similar conduct in the future; and 

♦ Agreed to pay a $619 million settlement as a result of alleged violations of federal laws, OFAC regulations, and executive orders.  

The historic settlement figure “should serve as a clear warning to anyone who would consider profiting by evading U.S. sanctions,” reports the Treasury Department. In addition to civil monetary penalties, OFAC referred the matter for criminal investigation because of its seriousness. 


The U.S. Senate Permanent Subcommittee on Investigations selected HSBC as a case study to examine the current money laundering and terrorist financing threats associated with correspondent banking.

The subcommittee’s report examined the AML and terrorist-financing vulnerabilities created when a global bank uses a U.S. affiliate to provide U.S. dollars and services. It also examined access to the U.S. financial system by high-risk affiliates, correspondent banks, and clients.  

The subcommittee selected HSBC and its U.S. affiliate for its case study due to the many BSA and OFAC violations cited in a September 2010 OCC Supervisory Letter. The AML deficiencies of HSBC Bank USA included:

♦ A failure to conduct any due diligence to assess the risks of HSBC affiliates before opening accounts, 

♦ A failure to file timely suspicious activity reports (SARs), 

♦ An overall failure to maintain an inadequate AML program, including unqualified ALM staffing, leadership problems, and inadequate resources.

The subcommittee’s report identified the following five problem areas: 

1. Servicing high-risk affiliates. For years, HSBC Bank USA followed a policy of opening U.S. correspondent accounts for HSBC affiliates without conducting any AML due diligence.

This turned out to be a huge mistake when it came to its relationship with HSBC Bank Mexico. HSBC Bank USA treated HSBC Bank Mexico as a low-risk client, even when Mexican and U.S. authorities expressed concerns regarding bulk cash shipments tied to proceeds from illegal drug sales in the U.S.

2. Circumventing OFAC safeguards. U.S. financial institutions must screen for and block/reject transactions from prohibited parties identified on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List). Most institutions have software programs to identify and halt potentially prohibited transactions.

The subcommittee found HSBC affiliates took action to circumvent OFAC filters when sending transactions through U.S. correspondent accounts at HSBC Bank USA.

In one case, two HSBC affiliates sent nearly 25,000 transactions involving billions of dollars through their HSBC Bank USA accounts over seven years without disclosing the transactions’ links to Iran.

3. Disregarding terrorist financing links. HSBC Bank USA provided U.S. dollars and banking services to some banks in Saudi Arabia and Bangladesh despite links to terrorist financing.

4. Clearing suspicious bulk traveler’s checks. In less than four years, HSBC cleared $290 million in suspicious U.S. traveler’s checks for a Japanese bank, despite evidence of suspicious activity. The checks were purchased in Russia and deposited on a daily basis into 30 different accounts of persons and corporations supposedly in the used-car business.

5. Offering bearer share accounts. HSBC offered accounts to bearer share corporations, which are entities that assign ownership to anyone who has physical possession of the shares. These accounts pose a high-risk of money laundering and illicit conduct because their ownership can be readily transferred without a trail.   

The report recommended a number of changes at HSBC Bank USA, including:

♦ Scrutinizing HSBC affiliates at higher levels for money laundering risk,

♦ Closing accounts of banks linked to financing terrorist organizations, and 

♦ Taking steps to ensure the bank doesn’t process transactions with prohibited entities such as terrorists, drug lords, and “rogue regimes.”  

It also recommended overhauling the AML controls on traveler’s checks and eliminating bearer share accounts. And the report offers several criticisms of the OCC’s AML oversight, recommending the agency treat money laundering as a threat to a bank’s safety and soundness, rather than as a consumer compliance concern.  

VALERIE Y. MOSS is CUNA’s director of compliance information. Contact CUNA’s compliance department at