HSBC's Secret Files: The Inside Tale Of What Happened After It Apologized For Being Dirty

From the FinCEN Files investigation: Secret documents show how one of the world’s biggest banks kept doing business with companies that its own employees raised red flags about.


It sure seemed like the wild days were coming to an end.

HSBC, Europe’s largest bank, had just been caught allowing a network of drug kingpins, including the notorious Joaquín “El Chapo” Guzmán, to launder more than $880 million through its accounts. And it had brazenly done business in off-limits countries such as Sudan and Myanmar.

HSBC executives pleaded for another chance, and the US Department of Justice granted it: Admit your guilt, pay $1.9 billion in fines, and submit to an independent monitor.

And so HSBC’s new era began, with the arrival of a sprawling team of outside investigators to make sure the bank was cleaning up its act. It was the most high-profile case against a bank in a decade, and the government declared that the arrangement it had put in place, known as a deferred prosecution agreement, would make HSBC change its ways. If it didn’t, it could face criminal charges.

The FinCEN Files investigation — based, in part, on thousands of secret Treasury Department documents — reveals that HSBC’s promises were hollow, and so was the government’s threat. Even under the most intensive scrutiny, the bank continued to facilitate and profit from transactions it suspected were dirty. At the end of the monitor’s five-year tenure, he said HSBC had made progress, but the bank itself acknowledged to shareholders that he found it was still not “adequately managing financial crime risk.” Yet no criminal charges ensued. In fact, the government announced that HSBC had “complied with their obligations.”

The inside tale of what happened at HSBC, told here for the first time, underscores how toothless deferred prosecution agreements really are.

The records show that the bank continued to do business with companies that its own employees raised red flags about.

Vida Panamá, owned by Panama’s powerful Waked family, used the bank to exchange $292 million in suspicious transactions before the Treasury Department declared it a money laundering organization that washed funds for narco kingpins. An attorney for the family, Yasser Williams, told BuzzFeed News the business was legitimate, and the Wakeds plan to fight Treasury’s designation.

A Turkish financial consultant made 124 suspicious transactions in 2015 and 2016, including a wire transfer to a California electronics company accused by the Justice Department of laundering cash for the Norte del Valle drug cartel. The California company did not respond to a detailed message.

And the bank flouted Treasury Department guidelines by doing business with financial institutions in Transnistria, a breakaway republic in Moldova known as a haven for financial crime.

The confidential files, shared by BuzzFeed News with the more than 100 partner newsrooms of the International Consortium of Investigative Journalists (ICIJ), contain 70 of the suspicious activity reports, or SARs, that HSBC submitted during the five-year period it was under the eye of the monitor. Such documents, sent to the Treasury Department’s Financial Crimes Enforcement Network, or FinCEN, flag transactions that have the hallmarks of criminal activity. They are not by themselves evidence of a crime, but they can support investigations and intelligence gathering.

HSBC’s promises were hollow, and so was the government’s threat.

The FinCEN Files investigation — which also included internal bank records and firsthand accounts of people inside the bank and familiar with the monitor’s examination — found numerous fronts on which the bank fell short.

Outside the US, local regulators tried to brush off the monitor’s staff or warned them not to ask uncomfortable questions. Despite bringing on more than a dozen US and UK government officials — including James Comey, who would go on to serve as FBI director, and Bob Werner, who had overseen the Treasury Department’s efforts to enforce sanctions — HSBC failed to resolve shortcomings the monitor identified in anti–money laundering procedures. Meanwhile, to improve computer security measures, HSBC brought on consultants remembered by a colleague more for their partying than their work ethic.

During the past decade, the government has relied on deferred prosecution agreements as its main strategy to fight high-level corporate crime. "Through those agreements, we can often accomplish as much as, and sometimes even more than, we could from a criminal conviction,” said Leslie Caldwell, the former head of the Justice Department's criminal division, at an anti–money laundering conference in 2015.

But instead of accomplishing real change, the Justice Department’s approach has produced an ineffective cycle of accusations and inaction, apologies and broken promises — and yet more deferred prosecution agreements. Nowhere is that more clear than the case of HSBC.

The monitors installed by the Department of Justice to evaluate banks often have impressive pedigrees in law enforcement. Michael Cherkasky, who led the team overseeing HSBC, is a former prosecutor who brought mob boss John Gotti to trial.

Michael Cherkasky was hired to oversee HSBC.

Jeremy Sparig / Bloomberg via Getty Images

But monitors are not law enforcement officials. They are independent overseers, and they are paid by the banks, not the government. What’s more, the banks have substantial influence over which monitor gets the job: A bank typically proposes three candidates, from which the government chooses one. So, critics say, the monitors are beholden to the very industry they are supposed to scrutinize.

And their powers are weak. Monitors can request bank records and try to interview employees, but they don’t have the power to make anyone cooperate. If the bank doesn’t comply, the monitor can’t bring criminal charges or put the bank out of business by revoking its charter — nor can it assume that law enforcement authorities will do so. And the banks know it.

“It was in the air that everyone felt like it was a joke,” said Christina Rea, a former manager in the bank’s Manhattan office. “The sentiment that was coming from the top down wasn’t ‘Oh, we don’t want to get our charter revoked.’ It was ‘Make it look like we’re doing more.’”

At most, she said, the message was “you had to sit up a little bit straighter.”

Elise Bean, the Senate staffer who led the congressional probe into HSBC, initially supported the record fine against the bank.

“I thought imposing a big fine, appointing a monitor, and giving the bank a chance to change might work," said Bean. "But when the Justice Department, backed by the courts, became very secretive about what the monitor was finding at HSBC, that was the death knell. Secret oversight and secret reports don’t produce meaningful change.”

HSBC, like other banks, is barred from discussing or even acknowledging the existence of SARs. A spokesperson would not answer detailed questions, but said the events in question took place in the past and that the bank had met the obligations of its agreements with the government. “HSBC is a much safer institution than it was in 2012,” said spokesperson Heidi Ashley.

The bank said that it continued working on its anti–money laundering systems after the end of the monitorship, screening nearly 690 million transactions each month. The bank increased its financial crime staff from a few hundred in 2012 to about 5,000 in 2017. (See the bank’s full response here.)

Despite repeated inquiries, Cherkasky, the Justice Department, and the Treasury Department did not answer detailed questions about the news organizations’ findings.

The Department of Justice issued a brief statement saying that it “stands by its work, and remains committed to aggressively investigating and prosecuting financial crime — including money laundering — wherever we find it.”

FinCEN posted a statement on its website, claiming the disclosure of the SARs "can impact the national security of the United States, compromise law enforcement investigations, and threaten the safety and security of the institutions and individuals who file such reports."

The agency said it referred the matter to the Justice Department and the Treasury Department's inspector general.

The Letter and the Law

By the end of 2017, as its oversight was winding down, the monitoring team gathered in its headquarters overlooking Bryant Park in Manhattan and wrote a letter to the Justice Department.

This was the only real power the monitor had: to write reports and hope the authorities would act. Every quarter for five years, the monitor had told the Justice Department what his team had seen — incremental progress but still a long way to go to stop the flow of dirty money through the bank. Now, the team was going to put it all in one blistering document. In page after page, they laid out how HSBC continued to provide financial services to suspicious people or companies, which could allow alleged criminals to fund terror.

The document’s existence has never been reported, but two people familiar with it described it in detail to BuzzFeed News. Calling it a “five-year compilation of errors,” one said it revealed how the bank was slow to act on urgently needed reforms to identify and cut off dirty deals and corrupt customers.

Despite the long list of failings, the Justice Department allowed the bank to walk away without any further penalties.

The sources said they thought the letter might spur the Justice Department into action, either to pursue a criminal prosecution or extend the monitoring. But despite the long list of failings, the Justice Department allowed the bank to walk away without any further penalties.

BuzzFeed News has identified 17 other financial institutions that received the same type of deal — a deferred prosecution for anti–money laundering or sanctions violations — that HSBC did since 2010. At least four of them went on to break the law again and get fined.

As for HSBC, while it was supposedly cleaning up its accounts, the bank moved more than $21 million in transactions for a company that was running a pyramid scheme.

The bank even informed the government of its suspicions about the company. In detail. But the government let the bank carry on.


The Hong Kong Pyramid

Xu speaking onstage wearing a white suit

Wearing a white linen suit and a white shirt open at the neck, Phil Ming Xu spoke to potential investors from a conference room stage. He quoted from Proverbs 29:18: “Where there is no vision, the people perish.”

Xu promised he had the vision. All he needed from the crowd was their faith — and their money.

From coast to coast, Xu and his associates were trumpeting a unique investment opportunity — membership units for cloud space storing video and music — that would not only bring a 100% return in the first 100 days, but also “glorify God.”

People handed over piles of money. But rather than build a cloud computing network, Xu’s associates bought two golf courses for $8 million and a 7,000-square-foot luxury home for $2.4 million, all with cash. He sent $1.3 million to a jeweler to buy a 39.8-carat diamond and mining rights in Sierra Leone.

The FinCEN Files reveal that HSBC itself was aware of allegations that its customer, Xu, was running a Ponzi scheme — and even documented that awareness in SARs that it filed to FinCEN. The government shelved those reports and HSBC continued to profit from these transactions, while thousands of people, predominantly Asian and Latino immigrants, lost their shirts.

In 2013, California sent a subpoena to HSBC about Xu’s company. The bank’s legal department replied that it was “unable to locate any accounts with the information stated on the subpoena.” Yet a mere four weeks later, HSBC filed the first of at least three suspicious activity reports about Xu and his company, WCM777. (The name stood for World Cloud Media and the supposedly divine number of triple seven.)

"The bank should have some kind of morality in place.”

HSBC officials noted the company had been reported to be involved in “Ponzi activity” and said it was transacting in “large round dollar amounts for no known legitimate business or economic purpose.” WCM777 had sent or received 799 wire transfers totaling about $6 million within three months.

In November 2013, Massachusetts regulators announced publicly they intended to shut down WCM777 in their state. In January 2014, California and Colorado did the same.

Despite those announcements, HSBC’s Hong Kong branch continued moving the company’s money. Its US staff filed another suspicious activity report on WCM777 in February, this time tracking $15.4 million.

“They can't just file a SAR,” Thomas Nollner, a former bank regulator for the US Treasury, told BuzzFeed News, explaining that banks that can’t verify the legitimacy of a client’s business should cut it off. "The bank should have some kind of morality in place,” he said.

But even though HSBC was operating under the nose of a monitor, it continued to rake in fees from Xu and his companies. And the US government did not stop the bank from doing business with a person it had ample reason to believe was fleecing its own citizens.

So the scam continued. And soon it would claim a life.


A Culture of Resistance

The monitor’s investigation spanned the globe, from Latin America to South Asia. Teams fanned out to many of HSBC’s more than 60 countries and territories, interviewing employees, reviewing data and documents, and inspecting policy handbooks.

They quickly found that HSBC operated as a collection of fiefdoms. Some branches didn’t share information on suspicious customers with one another. And executives from the sales department groused when investigators in the bank’s American division filed SARs. The bank reported to at least 400 different government and financial regulators, all with different sets of rules and different attitudes toward the monitor.

This presented a formidable structural problem, but there was a much bigger obstacle: The monitor’s power was limited to begin with, and it ended at the US borders. In some countries, the bank and the national government seemed to be working in parallel. The monitor could only make polite requests, which were easily rebuffed.

In Switzerland, where bank secrecy laws have created one of the world’s oldest tax havens, HSBC told Cherkasky’s team it couldn’t “dig around” in customers’ accounts, according to two people familiar with the matter. The team ultimately asked the British regulator to intervene on its behalf.

A key employee told investigators that he was too scared to talk because he had received a death threat before his interview.

In Malta, a small island nation with a large HSBC presence, a key employee told Cherkasky’s investigators that he was too scared to talk because he had received a death threat before his interview.

And in Sri Lanka, the monitor’s team was made to promise the bank it wouldn’t look into the accounts of the many politicians who used its services, according to a source familiar with the matter. Even then, government ministers wouldn’t respond to visa requests. First, the monitor was told the official in charge of their trip was on holiday. Then that person was ill. Eventually, Cherkasky’s team moved on.

In China, one of the members of the monitor’s team was asleep in his Beijing hotel room when he heard a knock at the door. In the hallway stood local law enforcement agents who wouldn’t give their names. They interrogated him about what he intended to do in China. To Cherkasky’s group, it was an intimidation tactic.

The bank first opened its doors in Hong Kong in 1865, as the Hongkong and Shanghai Banking Corporation, to finance trade between Europe and Asia. The region still accounts for two-thirds of HSBC’s profits. The bank is so deeply interwoven with the culture of that former colony that its headquarters are a kind of landmark, where passersby pat the paws of its distinctive lion statues for good luck.

When the monitor’s team arrived there, it met layers of resistance. Two people familiar with the conversation recalled that HSBC’s former general counsel Stuart Levey told Cherkasky that China was one of its “emerging markets,” and that as a result the bank’s operations there weren’t ready for an intensive review. Levey did not comment for this article.

It became clear, the two sources said, that in China and Hong Kong, government ministers and bank employees alike were offended that a group of Americans would expect access to HSBC’s books.

Those sources recalled a circumstance they said happened often: The monitor’s team expected to interview an HSBC employee, only to be notified that the person was unavailable because they had been summoned away at the last moment.

A contractor who was not a part of the monitor’s team, but who was sent to Hong Kong in 2014 to assess HSBC’s anti–money laundering programs, recalled arriving at the bank’s skyscraper overlooking Victoria Harbor. The contractor was made to sit in the lobby for nearly an hour before being allowed upstairs.

Inside the office, staff members wouldn’t turn over the data that was supposed to be under review. They suggested getting out to see the city instead.

“They basically told me to fuck off and go shopping,” the contractor said.

All the while, the bank was waving through billions of dollars’ worth of suspicious financial transactions.

The FinCEN Files show that people in HSBC’s US compliance office — the department charged with making sure the bank follows anti–money laundering laws — filed reports identifying more than $2 billion in transactions through the company’s Hong Kong subsidiary that bore the hallmarks of possible criminal activity. This was happening while HSBC was under the supposedly tough scrutiny of the monitor, but the government took no action.

HSBC's own reports cited the same targets again and again for suspicious behavior. The Hong Kong branch allowed a transaction by a company that “was identified as the subject of 12 money laundering investigations carried out by HSBC Hong Kong which resulted in disclosures to Hong Kong authorities and recommendation for closure of this entity's accounts.” Another Hong Kong customer was the subject of eight such money laundering investigations.

In some cases, SARs allege, compliance officers in HSBC’s US operation raised concerns about customers in Hong Kong, only to be told that even the most basic information — who owned the company in question, where it was located, or what type of business it conducted — couldn’t be shared or was never collected in the first place.

“It was impossible to do the job without this information,” Alexis Grullon, who monitored international suspicious activity at HSBC until August 2014, told ICIJ.

On the very day in 2012 that HSBC’s lawyers met with congressional investigators, employees in Hong Kong began transferring money for a customer called Trade Leader Corporation Limited.

Trade Leader would reportedly emerge in the so-called Russian Laundromat, a notorious scheme to funnel billions of illicit dollars through banks in Eastern Europe. By February 2014, Trade Leader had moved more than half a billion dollars in transactions through HSBC. Altogether, at least $840 million that filtered through HSBC Hong Kong can be connected to shell companies involved in the Russian Laundromat, according to an analysis of SARs by BuzzFeed News and ICIJ. A representative for the company that registered Trade Leader did not answer detailed questions.

When investigators for HSBC’s US operations asked their counterparts in Hong Kong for the name of Trade Leader’s owner, the Americans received a curt response: “None available.”

“They would say: ‘Sure, we’ll get back to you,’” Grullon said. “But they’d never get back.”


“Mad Mondays” and “Whacky Wednesdays”

During the five-year period when the bank was under strict scrutiny, it hired thousands of new compliance workers and brought in teams of consultants. In London, members of one elite crew were paid as much as £1,000 a day to upgrade the sophisticated software that is the bank’s frontline defense against money laundering.

One of those consultants — the same one who was made to wait in the lobby of the Hong Kong office — went on to blow the whistle on the Financial Crime Compliance team, describing a culture of cocaine, booze, and strippers.

BuzzFeed News has obtained emails by the whistleblower to HSBC’s human resources and legal departments that paint a vivid picture inside 8 Canada Square, a skyscraper across from the bank’s London headquarters.

The HSBC partying schedule was so crowded, the emails indicate, that people came up with clever names to keep it straight. There were “Mad Mondays” and “Whacky Wednesdays” throughout 2014 and 2015. Some members became popular fixtures at the strip joint Majingos, where they spent “1000s of pounds a night on a regular basis,” according to the whistleblower’s emails.

A culture of cocaine, booze, and strippers.

One team member was so hungover after a particularly hard night that he crashed out in a bathroom stall at work the next day, the whistleblower told BuzzFeed News. Another fell asleep during a phone call.

In July 2016, HSBC promised the whistleblower — whom BuzzFeed News has interviewed extensively — an exhaustive review by the bank’s Global Internal Investigations Group.

In the meantime, Cherkasky’s reports to the Justice Department again and again cited a major problem festering inside many of HSBC’s branches: the broken computer systems that were intended to catch dirty money, systems like the one the London team was supposed to be fixing.

Human beings alone can’t track the trillions of dollars sloshing through the financial system. Banks rely instead on software that can flag any suspicious transactions, in much the same way that credit card companies flag irregular purchases. These programs are the central pillar of any anti–money laundering program.

But HSBC struggled to fix its vital computer system. Four people who worked on one of the bank’s main computer programs, called CAMP, told BuzzFeed News that there was no easy way to share information among the company’s different computer systems, and that CAMP was so inconsistent that it would flag a transaction as suspicious in one country but not another.

“The latest Cherkasky report probably should have set hairs [sic] running,” the whistleblower emailed to an HSBC tipline in June 2016, “as it’s obvious to everyone on the ground that there’s no way it will meet” the monitor’s deadlines.

That fall, the emails suggest, things were no better. “HSBC is no more safe or compliant than 2 years ago,” the whistleblower wrote in November. “There has been an appalling amount of time and money spent to achieve so little.”

Major anti–money laundering programs with exotic names such as “Rouge” and “Mantas” were behind schedule, according to another email, and the high-paid team that was known for partying forgot to back up data, so it lost reams of compliance information in a crash. Top workers were frustrated and left the bank, the emails said.

In the year that the whistleblower repeatedly sounded alarms, the monitor also kept flagging how flawed HSBC’s critical software was. Cherkasky’s team updated the government about “areas of weakness” and urged the bank to make “greater and quicker progress.”

The monitor set deadlines to make important fixes across the bank. But nearly four years after he began the job, Cherkasky’s only recourse was to write reports updating the Justice Department about how HSBC “still struggles.”

The whistleblower began copying the UK’s top regulator, the Financial Conduct Authority, on their complaint in November 2016. In June 2017, the now-former employee received a final update on the HSBC internal investigation.

It said that the inquiry was nearly complete and, simply, that “there have been changes made to the FCC function and personnel.”

HSBC would not answer detailed questions about the matter.


“It Was a Joke”

“You wouldn’t want something to happen to Buffalo, would you?”

This was the joke — which sounded a lot like a threat — that compliance officials at the bank’s New York City office would make when American law enforcement or regulators talked about punishing the bank for its behavior, according to two people who heard it. With thousands of employees in that Rust Belt city, the bank could upend the economy there if it picked up stakes. “It would be a nuclear bomb,” one bank official told BuzzFeed News.

The bank wielded that worst-case outcome as a weapon, the two sources said, to make sure politicians and regulators didn’t come down too hard.

BuzzFeed News and ICIJ spoke with 18 people from different sections of HSBC’s compliance department who expressed deep concerns about the bank’s efforts to root out money laundering. Many said investigations were often rushed, and quotas too high. When questions arose about a suspicious account, they said, HSBC deferred to the sales teams, which hold sway across the industry because they generate revenue.

“On paper, it might look like alerts are being cleared, but it wasn’t being investigated.”

When a project failed to get done — something as simple as adding names to a spreadsheet to capture those who are barred from doing business in the US — HSBC executives tried to paper it over by “rebaselining” it, changing its original goal.

Christina Rea, the former HSBC employee who said her colleagues felt like they were just supposed to “sit up a little bit straighter” for the monitor, oversaw a team that investigated alerts for suspicious transactions. In particular, her team worked on embassy accounts, potential hot spots because of the politically connected clients.

She recalled investigating one transaction in which it wasn’t clear where the money was coming from or where it was going, essential details for understanding whether it was aboveboard. She was told she was taking too long on it, Rea said, but she explained she needed one more day. That night, a superior cleared the alert for her.

“On paper, it might look like alerts are being cleared, but it wasn't being investigated,” she said.

Disillusioned by how little the bank seemed to care about stopping financial crime, she eventually quit the job and left banking altogether.


The Pyramid Crumbles

By March 2014, the WCM777 scam had collapsed. Investors no longer had access to their accounts. After scores of complaints and investigations in two countries and four different states — prompting cease-and-desist orders in three — the US Securities and Exchange Commission shut down the company, froze its assets, and appointed a receiver to stop the bleeding.

But HSBC Hong Kong didn’t stop. Just four days after the SEC filing, the bank let WCM777 withdraw all of the money in its account — more than $7 million.

In an interview with ICIJ, Xu blamed lower-level players in the organization for “overpromising” to WCM777 investors early on. He also faulted investors for not understanding the company’s products. Xu denounced the actions US authorities had taken, saying “the SEC plundered me.”

Angry investors took a sharply different view. On message boards and social media, they lambasted Xu and their church leaders for luring them into a scam.

Julio Ramos, a California lawyer for scores of investors, said HSBC’s Hong Kong branch played a pivotal role in helping the company move its ill-gotten gains.

"HSBC Hong Kong knew that WCM777 was engaging in fraud," he wrote in a class action complaint against the bank. “The Ponzi scheme survived for over a year because defendants HSBC Hong Kong and HSBC USA knowingly delivered, organized, converted and laundered proceeds from an illegal Ponzi scheme.”

The court-appointed receiver who had been tasked with recovering money for victims of the scheme sent a subpoena to HSBC Hong Kong. But the bank said HSBC Hong Kong was outside the jurisdiction of US courts and it did not have to respond. The receiver told the court in February 2015 that “the cost of tracing these funds overseas will be very expensive” because HSBC did not cooperate.

In all, more than 4,100 claims were filed by people who had invested more than $80 million, according to court records. Others said they had turned over funds — frequently in cash — that were never tallied. The SEC called WCM777 a “worldwide pyramid scheme.” But a federal judge dismissed the class action lawsuit against HSBC Hong Kong on August 10 because the US court lacks jurisdiction over Hong Kong businesses.

They drove Pacheco to a deserted canyon road in Northern California, and one of them stoned him to death.

Xu left for China and started a similar company there. But this time, he was targeted by Chinese authorities and sentenced to three years in prison for financial crimes.

Xu continues to deny that his company was a Ponzi scheme. He told ICIJ he’s still “trying to fight back about my case."

HSBC was under the monitor’s scrutiny while the Ponzi scheme played out, and HSBC repeatedly filed SARs detailing its suspicions about Xu’s companies. But the bank continued to profit from WCM777. At no point did the US government stop the bank from doing business with him or his firms, let alone bring a criminal charge against the bank.

Many of Xu’s victims felt the government had failed them, and one exacted her own rough justice.

Angela Martinez Arias had invested $2,000 in WCM777, encouraged by one of Xu’s followers, Reynaldo Pacheco. When she realized she’d been swindled, she asked Pacheco if he could meet her to discuss the money. It was a trap.

She drove Pacheco to a rural location, where three men beat him, taped his mouth shut, and bound his wrists and ankles with his shoelaces.

They drove Pacheco to a deserted canyon road in Northern California, and one of them stoned him to death.

Police found Pacheco’s body nine days later, submerged in a creek bed.


Shut It Down

As Cherkasky’s appointment drew to a close, more than four years after the bank struck an agreement with prosecutors, he warned the Justice Department in multiple quarterly updates that despite some progress, the bank still struggled to detect and block the kind of suspicious transactions it got in trouble for in the first place. In March 2017, the Justice Department informed the federal judge overseeing the case that the bank’s problems were “systemic” and “continue to put the bank at risk of potential financial crime.”

Cherkasky’s team gathered in that office overlooking Bryant Park and put it all down on paper in the letter to the Justice Department.

It didn't work. On December 11, 2017, the Justice Department announced that HSBC had met its obligations and would no longer be under any special scrutiny. The team of outside monitors would be packing up their things and leaving for good.

They might as well have put the letter in the trash.

In an annual disclosure to shareholders in February 2018, the bank revealed information that Cherkasky had put in his final report. Despite “significant progress,” the monitor “noted deficiencies in HSBC’s financial crime compliance controls and areas of HSBC’s programme that require further work, and highlighted potential instances of financial crime and certain areas in which he believes that HSBC is not yet adequately managing financial crime risk.” The bank was reviewing those issues with the Justice Department, the Federal Reserve Board, and the UK's financial regulator.

The monitor’s final report was never released to the public.

Last year, BuzzFeed News filed a Freedom of Information Act lawsuit to get access to that document. It has also filed a FOIA request for the letter that the monitor wrote that day in the Bryant Park office.

Last month, a government attorney said that publicly disclosing the report would interfere with an ongoing criminal prosecution — he did not give any details — and that disclosure “might also provide a roadmap for criminals to exploit vulnerabilities in HSBC’s compliance program and potentially those of other financial institutions.” The bank took the unusual step of intervening in the FOIA lawsuit, writing a five-page letter asking the government not to release the report.

One month after the government announced the end of the deferred prosecution agreement that brought Cherkasky’s team into HSBC, the bank entered into a new one, for a different set of financial crimes: fraud. Two years later, it would receive yet another. ●

Spencer Woodman of ICIJ, and Sophie Comeau, Waylon Cunningham, Sam Feehan, Nancy Guan, Kristy Hutchings, Kylie Storm, Felicia Tapia, Karen Wang, Abby Washer, and Ashley Zhang of the USC Annenberg School for Communication and Journalism contributed reporting.

HSBC got busted for moving dirty money.

It apologized and promised to do better.

Things didn't go as planned.

The Untold Story Of What Really Happened After HSBC, El Chapo's Bank, Promised To Get Clean
From the FinCEN Files investigation: Secret documents show how one of the world's biggest banks kept doing business with companies that its own employees raised red flags about.
BuzzFeed News; Getty Images
Comments
Skip to footer