When is a record fine not all that impressive in the grand scheme of things? When it’s the $1.9 billion in penalties levied on HSBC by U.S. authorities for money laundering and violating sanctions rules. It’s more money than most of us will ever see in our lifetimes – unless, that is, we go to work for one of these giant banks or their offshoots, such as the private equity empires built up by former bankers. But while it seems awe-inspiring in absolute terms, it really amounts to a slap on the wrist for a giant global firm like HSBC.
Don’t misunderstand me. The fine is large enough to cause some degree of pain to HSBC. True, the bank raked in some $22 billion in pre-tax profits last year, so the fine is less than 10 percent of that sum, perhaps equivalent to forfeiting five weeks’ worth of income. (It’s even less significant than that in terms of the bank’s book value.) But no bank CEO wants to have that kind of blot on their record, and no board of directors will be happy with what that says about the bank’s ability to manage its risk.
However large or small it seems, the fine doesn’t begin to address the magnitude of what HSBC did when it helped drug traffickers launder nearly $1 billion of illegal proceeds, or helped Qadaffi’s Libya, the military junta in Burma, the Iranian theocracy and other so-called rogue states evade sanctions aimed at ensuring they couldn’t get access to the efficient and liquid U.S. financial system. That made the bank a de facto if not de jure facilitator of these governments, none of whom are known for their human rights track records.
Among the Mexican organized crime groups that benefitted from HSBC’s lackadaisical approach to oversight – the U.S. government’s investigation revealed that the bank even widened windows at some branches so that customers could hand bigger boxes stuffed with cash to tellers, while the drug traffickers used boxes tailor-made to fit through those HSBC windows – was the Sinaloa cartel. One of the most deadly such groups in the world, Sinaloan enforcers are known for filming the murders they commit – beheadings, and bodies that are dissolved in vats of acid or alkali – and posting them online.
In light of that, a fine of $1.9 billion and what has become the ritual mea culpa – in this case, a comment from HSBC execs that the bank is “profoundly sorry” for its “past mistakes” – looks like chicken feed.
The pattern of behavior is a chillingly familiar one. HSBC’s compliance department was understaffed, and when warnings did reach its senior ranks, they were ignored or downplayed. (Court documents revealed that the CEO of the bank’s Mexican division knew that law enforcement in the country had a recording of a cartel member saying that his bank was the best place to go to launder illicit money – back in 2008.) That’s uncannily similar to what we witnessed back in the years leading up to the financial crisis, when some of the largest U.S. banks left key risk management posts unfilled and CEOs either fired or pushed out any executives who questioned the relentless pursuit of profit at all cost in subprime CDOs.
Since then, it seems as if virtually every financial institution has humbled itself before the public and pledged to behave better in future. Barclays has done so in connection with the Libor scandal; Goldman Sachs has done so. Even JPMorgan Chase’s Jamie Dimon – an ardent defender of the banks’ ability to regulate their own behavior and control risk – found himself in the hot seat and having to do a degree of back-pedaling early this year when the London Whale created a multi-billion-dollar trading loss for his bank. The public bank apology is on the verge of becoming a form of performance art.
But apologies don’t cut it. U.S. authorities made it clear that the consequences of holding HSBC criminally responsible were just too great – had the bank lost its U.S. banking license, the fallout would have been too destabilizing. But the banks are aware of that, meaning that the biggest stick that regulators can wield is deprived of any meaningful force. The regulators extract pledges of better behavior in future, along with ever-larger fines, and that’s that. Until the next time.
It’s time to revisit this, and find a way to hold the CEOs, CFOs and other individuals personally liable for misdeeds like this that take place on their watch. I’m fairly confident that a CEO who is aware that frustrated regulators and government officials, fed up with slapping wrists, instead have the power to slap him with a criminal case will suddenly become a devoted adherent of risk management. Bankers are bound to be more vigilant if they know they risk not just a public apology but a jail term if they are found to have violated sanctions, helped traffickers hide money or shaken the financial system by failing Risk Management 101.
Odds are that bank officials would complain that it’s just too difficult to keep track of every possible misstep within today’s complex global banking institutions. If that’s the case, then the problem lies at their end: They need either to simplify their organizations to make it possible, or improve the controls at their disposal so that it becomes possible.
We may not, as U.S. officials reluctantly conceded, be able to live without HSBC or other giant “too big to fail; too big to penalize” banking institutions. But we can and should be able to live without a given bank CEO on whose watch such misdeeds take place. As soon as an institution becomes “too big to fail,” its executives should be subject to a higher standard of behavior. They should not be able to take refuge in bulletproof status when the pursuit of profit steps over the boundaries of what is acceptable, legal or manageable in terms of risk.