Question 1 From around January 2001 to December 2006, HSBC holdings, with its subsidiaries, violated various law and regulations which led to criminal charge. No effective Anti-Money Laundering Program HSBC failed to knowingly and willfully implement and maintain an effective Anti-Money Laundering program required by the Bank Secrecy Act. An effective anti-money laundering program would provide internal policy, procedure and controls to guard against money laundering. Without an effective anti-money laundering program, HSBC failed to accomplish at least following requirements: (1) HSBC failed to obtain and maintain due diligence or know your customer information;(2) HSBC failed to monitor wire transfers from customers located in countries which is classified as standard or medium risk; (3) HSBC failed to monitor purchase of Physical US dollars (banknotes); and (4), HSBC failed to provide adequate staffing and other resources to maintain anti-money laundering program. No Monitor and Training Program HSBC has also failed to implement a compliance officer to coordinate and monitor daily compliance with legal requirements. HSBC has failed to maintain the Anti-Money Laundering program to detect and report any suspicious activity, to maintain certain records and file reported related to the activity, which might be especially useful in investigation proceedings. Besides, an ongoing employee training program and independent audit function program are also needed in a comprehensive and effective compliance program. No Due Diligence and Report System on Suspicious Activity HSBC has failed to conduct due diligence, policies, procedure and controls on correspondent bank accounts involving foreign persons by detecting and reporting any suspicious activity among them. By failing to conduct due diligence, HSBC has failed to maintain accounts and information once collected would have allowed for the detention and reporting of money laundering instances and other suspicious activity. Violation of BSA and Related Regulations HSBC willfully violated and attempted to violate International Emergency Economic Powers Act and Trading with the Enemy Act. HSBC facilitated prohibited transactions for sanctioned entities in Iran, Libya, Sudan and Burma, which has been an unusual or extraordinary threat to the national security, foreign policy or economy of U.S. President Clinton issued Executive Order to impose trade and financial sanctions in Iran to prohibit activity on exportation, reexportation, sales and transportation and any conduct by any US persons evading or avoiding the sanctions. President Reagan issued Executive Order to block any property and interests in property of the Government of Libya in US or under the possession of US persons. Sundanese sanctions was imposed to prohibit all trade and investment activity between US and Sudan. Exportation of service to Sudan was generally prohibited by OFAC. The Burmese sanctions prohibited the financial service from US as well, no matter directly or indirectly. Last, HSBC willfully and knowingly violated and attempted to violate the Trading with the Enemy Act. The Trading with the Enemy Act is an economic embargo act against Cuba. Any financial and commercial dealings and transactions with Cuba, involving Cuba or benefiting Cuba is prohibited under the Act. The transactions not only include all transfers of credit and all payments and transactions in foreign exchange, but also include all transactions which has the effect of evading or avoiding any of the prohibitions in the Act. Question 2 For both management and compliance Department, they could have implemented various programs to avoid the criminal charges and liability. For Management The management should adopt a set of guidelines to be considered when deciding whether it should do business in countries that posing a particularly high corruption or rule of law risk as well as limiting business in those countries that pose a high financial crime risk. In this way, HSBC could avoid the financial crime risks from beginning. Meanwhile, the Board should periodically assess its financial transactions and relationship with various countries and regions by implementing a “know your customer” program and a customer risk-rating methodology based on a multifaceted approach that weighs: the location of the customer; the products and services utilized by the customer; the customer’s legal entity structure; and the customer and business type and exit risk relationship to avoid potential criminal liability. The management should conduct due diligence time to time to make sure all the transaction related to high risk foreign countries are under the supervision of BSA and AML program. The management should make sure the department would report any suspicious activity related to risky persons and countries, recording all related information for future investigation. The management should also conduct an effective monitoring program to monitor every wire transaction that moves through HSBC. The system also should track the detail information of a wire transfer, allowing HSBC to look at its customer’s customer, making sure the transaction is legal and not under the supervision of BSA. HSBC management should have conducted an appropriate risk-based due diligence on potential new business entities, including appropriate BSA and anti-money laundering due diligence by legal, audit, and compliance personnel. As to the personnel, the executives in the management group should be personally and collectively responsible for any materials provided at the meetings relating to compliance program. Also, the senior management bonus should be related to the whether the officers have met compliance values and requirements. By identifying both cultural strengths and areas needing improvement, a cultural assessment in HSBC can guide the creation of a communications plan and culture-building initiatives that are tailored to HSBC’s needs. The promotion of a positive, values-driven company culture from top to bottom is important to prevent any non-compliance activity. The management should establish HSBC culture values that encourages employees to report any suspicious activity which would raise doubt on compliance issues. HSBC should have a system of rewarding the ethical behavior and treat employees fairly regarding AML program. HSBC should encourage its employees to report any suspicious activity related to BSA and feel free to report the activity to his supervisor. HSBC should also reward the whistle blowers to report any unlawful activity and protect his identity. For Compliance Department The Compliance department should cooperate with every department in HSBC to make sure every employee in US and other countries have understood and conducted within the compliance program rules and regulations. The department should consist of various leaders in charge of the riskiest tasks HSBC facing daily: besides a Chief Compliance Officer(CCO), HSBC also needs a AML Director, Deputy Chief Compliance Officer and Deputy Director of its sanctions program. For AML problem, the Compliance Department should also conduct a more comprehensive and in depth Anti-Money Laundering program by reorganizing AML department to strengthen its reporting lines and elevate its status, each report relating to AML should be report timely to the head of Compliance Department and deal with due diligence; increasing both the investment in the AML department and staff number of the department. Investment in the program and personnel does not only help implement the AML program effectively, but also show the importance of the program to the stakeholders and employees; The Legal and Compliance departments should be separated and the director of the AML should report directly and regularly to both CCO and manager of the BSA and AML program. The Compliance Department should be given direct oversight over every compliance officer globally, so that both accountability and escalation now flow directly to and from HSBC Group Compliance. The compliance department should monitor wire transfers from customers located in high risk countries and monitor purchase of banknotes. The compliance department should conduct ongoing employee training program all around the world. In U.S, the employees should be trained regularly about the ongoing legal requirement and new executive orders issued by President. Employees should be trained be familiar with the content and depth of the executive order to conform to the legal requirements. Internal investigation is an essential tool to determine whether a relationship with a specific country or a transaction is in violation of any of the laws or regulations in U.S. HSBC should have a comprehensive internal investigation system to timely investigate any suspicious activity within the bank subsidiaries with foreign countries. The compliance department should also have an independent audit function program. HSBC Audit program should oversee monitoring HSBC’s compliance with legal mandates and applicable regulatory requirements, including BSA and executive orders issued by President.