As I mentioned recently, HSBC has been having a rough old time with AML “issues”. (“Issues” is one of those softly-softly words that we now use, alongside “vulnerable” and “downsizing”.) And I missed it earlier this year, but at the beginning of August beleaguered HSBC chief exec Stuart Gulliver reported that – almost uniquely amongst its departments, where downsizing is a real issue, and may well be vulnerable too – this year his bank is spending US$800 million on its compliance and risk programme, which is $200 million more than it spent last year. It now has 24,300 staff specialising in risk and compliance – almost 10% of its workforce.
Of course, much of this is direct fall-out from 2012, when HSBC was fined $1.9 billion for AML failings and signed a five-year Deferred Prosecution Agreement with the US authorities. With about a hundred monitors installed within HSBC to check that it really is getting it right this time, and with regulators around the world sniffing at the bank’s doors, the increase in compliance manpower is entirely understandable.
But it has made me wonder what would be the correct proportion of staff to have working in compliance – in effect, making sure that everyone else is doing their job properly. I love compliance people, as you know, and I think that their focus on detail and precision married with their indifference to any bonus structure that may be on offer to sales staff makes them an invaluable balance to the profit motive. But how many of them should there be? One in twenty? One in ten, as at HSBC? One in five? Or perhaps what matters most of all is not how many of them there are, but how seriously they are taken. Even the most dedicated MLRO, after years of being called the Business Prevention Officer, is bound to lose heart.