RCD.0001.0037.0003
CONFIDENTIAL
Initial submission to the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry
29.1 .2018 page 1 RCD.0001.0037.0004
CONFIDENTIAL
Part A Introduction
HSBC Bank Australia Limited is pleased to submit this response to the invitation dated 15 December 2017 from the Commissioner, The Hon Kenneth Hayne AC QC.
2 It is made on behalf of HSBC Bank Australia Limited and its subsidiaries 1 (collectively, HBAU) and The Hongkong and Shanghai Banking Corporation Limited, Sydney Branch (HBAP).
3 HBAU is incorporated in Australia and is a regulated authorised deposit-taking institution (ADI) within the meaning of the Banking Act 1959 (Cth). HBAP is incorporated in Hong Kong and is registered in Australia as a foreign ADI within the meaning of that Act.
4 As appropriate to context, we will refer to HBAU and HBAP individually and together as HSBC Australia.
Part B Confidentiality
5 This submission contains commercially sensitive and confidential information that HSBC Australia would not wish to be disclosed. HSBC Australia respectfully requests an opportunity to be heard regarding any intended disclosure by the Commission.
Part C Structure of Submission
6 This submission is structured as follows:
Part D: HSBC Group and its activities in Australia
Part E: Approach to Governance, Risk, Conduct and Culture
Part F: Questions 1 and 3: Potential Misconduct
Part G: Questions 2 and 3: Community Standards and Expectations
Part H: Other matters: Prudential Standards and Reporting Obligations
Part I: Employment
Part J: Contact details
Appendix A: Summaries of conduct
1 HSBC Bank Australia Limited is the parent company of the following wholly owned subsidiaries:
HSBC Custody Nominees (Australia) Limited, an unlisted Australian public company which provides nominee and custodial services; and
ACN 087 652 113 Ply Limited, a dormant non-trading company which will be voluntarily de-registered in 2018.
In addition, HBAU operates the Lion Series 2009-1 Trust, a residential mortgage-backed securitisation programme used for internal balance sheet management purposes.
29.1.2018 page 2 RCD.0001.0037.0005
CONFIDENTIAL
Part D HSBC Group and its activities in Australia
7 The HSBC Group (the Group) has around 3,900 offices in 67 countries and territories. Its headquarters are in London, and the ultimate holding company is HSBC Holdings pie.
8 The Group, and HSBC Australia, operate through four 'global businesses': Retail Banking and Wealth Management, Commercial Banking, Global Banking and Markets and Global Private Banking.
(a) Retail Banking and Wealth Management (the retail business) involves the provision of banking and wealth management services to retail customers, notably: lending and deposit-taking.
(b) The Commercial Banking business offers a range of financial services to corporate clients, typically with complex and multi-country needs. It currently has no focus on small business in Australia.
(c) The Global Banking and Markets business offers tailored financial products and services to government, large corporate and institutional clients.
(d) The Global Private Banking business in Australia has been recently established to provide services to a small number of private clients referred to overseas HSBC offices.
9 HBAU principally operates the retail banking and wealth management businesses, with 35 branches across five states in Australia (17 in New South Wales/Australian Capital Territory, ten in Victoria, three in Queensland, four in Western Australia and one in South Australia). It has a small wealth management business which distributes third party investment, superannuation and insurance products. It also operates some Commercial Banking and Global Banking and Markets business which includes credit and lending, trade finance, custody and cash management services.
10 HBAP is involved in the Global Banking and Markets business and in the Commercial Banking business. It provides money market, interest rate, foreign currency, capital markets, custody services, credit and lending, trade finance and cash management. Its business does not involve retail customers.
Part E Approach to Governance, Risk, Conduct and Culture
11 HSBC Australia adopts the governance, risk and conduct standards and processes of the Group (adjusted where there are higher standards applicable in Australia).
12 The Commissioner's letter is directed, in question 3, to matters of underlying culture, corporate governance and risk management. It also seeks information about the steps taken
29.1.2018 page 3 RCD.0001.0037.0006
CONFIDENTIAL
to prevent, or prevent the recurrence of, the kind of conduct and practices with which the Commission is concerned.
13 A number of preventative steps are taken by HSBC Australia but are not captured by question 3. This is because these steps were not taken in connection with any specific conduct, practice, behaviour or activity of HSBC Australia. However, given their importance, we provide a brief outline here of some of the key measures taken by HSBC Australia to prevent the occurrence or recurrence of the type of conduct of interest to the Commission.
14 A common theme in those measures is the focus on embedding values in the Group's culture and all its operations, which it seeks to achieve through the mechanisms described below.
15 First, the Group has articulated core values to govern the Group's culture and operations. The overarching values are founded on personal accountability, standing firm for what is right and speaking up, honesty and transparency. These values are taken very seriously by the Group and have been the subject of more intense focus since 2012, when serious compliance issues in overseas markets and sanctions from overseas regulators highlighted the importance of culture, conduct and risk management. This increased focus is reflected in a sixfold increase in HSBC Australia's financial crime and regulatory compliance personnel since that time.
16 Second, in addition to its fully mandated Risk and Audit Committees, HSBC Australia has recently established a Culture and Values Committee to, among other things:
help the Board set and oversee the progress of the organisational culture at HSBC Australia;
ensure best practice is shared across the businesses within HSBC Australia;
ensure staff remuneration including incentives are aligned with the Group's culture, values and behavioural standards; and
oversee the investigation into any significant conduct related matters that arise.
17 Third, the Group has also sought to embed its core values in the Group's culture through its recruitment and remuneration practices. HSBC Australia requires prospective employees to pass a 'values assessment' and remunerates employees based on a combination of performance (containing both financial and non-financial objectives) and behaviours (requiring adherence to the Group's values). In 2014, the Group's Values-Aligned Behaviour Guide and ratings were formally included in performance discussions. They now drive those discussions and their application can materially affect variable remuneration including the clawback of bonus payments where a breach of expected behaviours is discovered.
29.1.2018 page 4 RCD.0001.0037.0007
CONFIDENTIAL
18 A related step was the enhancement of the Group's consequence management framework in 2014 and its further enhancement in 2015 (Consequence Management Framework). The framework outlines expected behaviours, ensures the fair treatment of employees involved in conduct breach investigations and provides guidelines on measures including reward adjustments to be taken in respect of employees who:
(a) have committed conduct breaches; or
(b) have not completed regular mandatory training on a range of matters including values, conduct and culture.
19 Lastly, the management of conduct is key to HSBC Australia's business, values, strategy and activities. It is currently governed by the Group's Conduct Risk Management Framework which is more comprehensive and formalised than the previous version.
20 Some examples of embedding the Group's culture in HSBC Australia's business include:
the use of a number of global feedback surveys and tools to measure employee sentiment and behaviour particularly in relation to culture, conduct and values. Snapshot is a quarterly survey of 25% of employees, asking questions such as whether customers receive products that genuinely meet their needs, whether colleagues feel able to speak up and whether people are held accountable for their actions. The purpose of these reports is to guide decision-making by local management teams and help identify areas requiring attention. Results are compared over time and across countries;
the application of incentive frameworks that led to, among other things, the removal of commission-based sales initially in relation to wealth products and then in relation to retail banking products more generally; 2
the introduction of the principle of Fair Value Exchange and a formalised Product Approval Process. Together, these require HSBC Australia to assess new and existing retail products and services to seek to ensure they represent a fair value exchange between principally, customers on the one hand and shareholders on the other, including the products and services' sales suitability, and all key risks associated with them; and
the enhancement of its global and local whistleblowing policies to support compliance with regulation and prevent and detect misconduct.
21 More generally, the risk governance structure of HSBC Australia is as follows:
(a) The Board is closely involved in the issues of risk, conduct and culture, assisted by the committees mentioned above.
2 These incentive frameworks apply to HSBC Australia employees but not to third parties such as brokers.
29.1.2018 page 5 RCD.0001.0037.0008
CONFIDENTIAL
(b) The Chief Risk Officer has executive accountability for the ongoing monitoring, assessment and management of the risk environment and the effectiveness of the risk management framework (this is the only part of the Board's delegated management responsibility that is not reposed in the Chief Executive Officer).
(c) The risk management framework is managed by the Risk Management Meeting (RMM), which comprises members of the Executive Committee. RMM minutes are submitted to the Board Risk Committee for noting on a quarterly basis.
(d) Each business head is responsible for managing risk within his or her business. There are a number of informal risk fora and working groups, including for each line of business which seek to ensure risk awareness, oversight and provide an escalation avenue to the RMM as needed.
22 As required under HSBC Australia's mandatory CPS220 declarations to APRA, EY were engaged in 2017 to conduct an independent review of HSBC Australia's risk management framework. EY issued their final report on 21 November 2017, which concluded that HSBC Australia's risk management framework was overall adequate, appropriate and effective.
Part F Questions 1 and 3: Potential Misconduct
23 HSBC Australia summarises below instances of conduct in the relevant period which it has identified as potentially constituting 'misconduct', as defined in the Commission's terms of reference. Appendix A gives a more detailed account of each instance of conduct and the responses to question 3(a) to (e) in each case.
24 The conduct identified as potentially falling within the concept of 'misconduct' is summarised below broadly in chronological order:
Item 1: Between 1 August 2006 and 30 September 2009, HSBC Australia's correspondent bank in the United States charged customers in Australia a fee for USD telegraphic transfers without that fee being disclosed. When HSBC Australia became aware of this issue, it reported it to ASIC and refunded the fee charged to affected customers. The correspondent bank agreed not to deduct its telegraphic transfer fee from the transferred amount directly. For further information, see Appendix A, Item 1.
Item 2: Between February and May 2008, an HSBC Australia branch staff member received funds from friends and customers directly into his personal HSBC accounts and completed telegraphic transfers to those friends' and customers' accounts of amounts less than the funds received. HSBC Australia's internal investigation concluded that the staff member obtained a financial benefit by retaining the difference. The staff member's employment was terminated. HSBC's records do not disclose whether a customer suffered any loss and if so the nature of any remediation. For further information, see Appendix A, Item 2.
29.1.2018 page 6 RCD.0001.0037.0009
CONFIDENTIAL
Item 3: An HSBC Australia staff member signed a cheque on behalf of a customer, with whom the staff member had a close relationship. The staff member purported to act on the direction of the customer but this was never clarified by the customer. The cheque was made payable to an account operated by the staff member. The money was allegedly used by the staff member to clear personal debts and to fund his own business activities. Following an internal investigation the staff member left. HSBC Australia conducted an expanded audit of the relevant branch to identify other instances where staff signed on behalf of customers. For further information, see Appendix A, Item 3.
Item 4: Between September 2008 and December 2011, customers who repaid part or all of their fixed rate home loans earlier than agreed were charged a break fee that did not accurately reflect the cost to HSBC Australia caused by the early repayment. In some cases customers were undercharged, in other cases customers were overcharged. HSBC Australia was alerted to a potential problem with the break loss calculation methodology by the Financial Ombudsman Service (FOS) and retained independent consultants to review the methodology. The revised methodology was accepted by the FOS. For further information, see Appendix A, Item 4.
Item 5: Between December 2008 and October 2015, a number of international funds transfer instructions received by HSBC Australia were not reported to Australian Transaction Reports and Analysis Centre (AUSTRAC) as required under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AMLICTF Act) and Rules. This issue was identified by HSBC Australia in October 2015 and was rectified. For further information, see Appendix A, Item 5.
Item 6: Between January 2009 and March 2013, financial advice about structured products was provided to clients by representatives of HSBC Australia. The advice may not have been appropriate to those clients' needs. This issue came to light following an ASIC report of a review of sample advice provided by ten financial services licensees, including HSBC Australia. Following the ASIC report, HSBC Australia conducted an internal review of advices provided to clients between January 2009 and March 2013. In June 2015, HSBC Australia notified ASIC of potential breaches of the Corporations Act 2001 (Cth) and provided an enforceable undertaking to ASIC in May 2016. An independent review commissioned by HSBC Australia made recommendations for the amendment of the advice process and risk control framework. Those recommendations were implemented, and detrimental effects on clients are being remediated, under the enforceable undertaking. For further information, see Appendix A, Item 6.
Item 7: Over a number of weeks in late 2009 and early 2010, a staff member at an HSBC Australia branch allegedly made unauthorised use of a customer's replacement bank card, withdrawing a total of $22,880. An internal investigation revealed a number of recurring
29.1.2018 page 7 RCD.0001.0037.0010
CONFIDENTIAL
breaches of HSBC Australia's security procedures at the branch concerned, involving two further staff members. The employment of all three staff members was terminated for security breaches and the customer reimbursed. Other staff at the branch received supplementary training in security procedures. For further information, see Appendix A, Item 7.
Item 8: In October 2009, a staff member spent $6,000 using a customer's credit card. Following an internal HSBC Australia inquiry, HSBC Australia reimbursed the customer's credit card and the staff member left HSBC Australia. For further information, see Appendix A, Item 8.
Item 9: Between June 2011 and June 2017, a staff member at an HSBC Australia branch in Sydney misappropriated $913, 115 from the accounts of eight customers. HSBC Australia discovered the conduct in July 2017 after an affected customer disputed a transaction and, following an internal investigation, HSBC Australia reported it to the NSW Police and ASIC. HSBC Australia continues to support the police investigation. All customers other than three have been reimbursed. HSBC Australia is working to contact two of those customers, both of whom are foreign nationals and one of whom is presumed dead. The third has been contacted numerous times but is yet to provide details to allow return of funds. In the meantime, the money has been placed in holding accounts. The staff member's employment was terminated consistent with the Consequence Management Framework. For further information, see Appendix A, Item 9.
Item 10: Between October 2011 and September 2016, HSBC Australia identified that a Queensland branch's misinterpretation of its reporting obligations led to it failing to submit threshold transaction reports to AUSTRAC. For further information, see Appendix A, Item 10.
Item 11: In late 2011, an HSBC Australia staff member working at a Sydney branch alleged that another staff member in that branch was forging customers' initials and also branch management signatures when opening new accounts for existing customers. This conduct occurred in order to expedite the opening of the accounts and did not result in any loss to the customer. An internal investigation concluded that the allegation was correct. Similar but isolated incidents were discovered in relation to branches in Melbourne. Communications were sent to all branch staff reiterating the correct processes to be followed. Enhanced training on account opening procedures and requirements was also implemented. For further information, see Appendix A, Item 11.
Item 12: In early 2012, HSBC Australia ran a home loan advertising campaign. The headlines included a statement stating that customers could receive:
'Up to 0.95% p.a.* off an HSBC Home Smart Loan'.
29.1.2018 page 8 RCD.0001.0037.0011
CONFIDENTIAL
The advertisements also stated that the minimum loan amount for the offer was $250,000. The qualification disclosed that only loans of $1,500,000 or more were eligible for the full 0.95% discount, with smaller loan amounts starting from $250,000 receiving smaller discounts. ASIC raised a concern that the scaling of discounts was not sufficiently prominent compared to the discount rate in the headline. HSBC Australia amended all relevant advertising material. This and the following two items (Item 13 and Item 14) reflected a greater focus by ASIC on advertising financial products and services from 2012 (see Regulatory Guide 234 issued in November 2012). For further information, see Appendix A, Item 12.
Item 13: Between April and June 2012, HSBC Australia ran a credit card advertising campaign. The headlines included a reference to a 0% balance transfer interest rate. In June 2012, ASIC raised with HSBC Australia its concern that the handling fee of 2% was not sufficiently prominent in the advertisement. HSBC Australia determined not to charge the handling fee to customers who had applied for a credit card and were approved a balance transfer during the campaign. For further information, see Appendix A, Item 13.
Item 14: In May 2012, HSBC Australia sent letters to its existing credit card customers inviting them to opt in to receive invitations to increase their credit card limit. This followed the introduction of a new law requiring such opting-in. As part of an industry-wide review, ASIC raised with HSBC Australia concerns that the invitations may be misleading by reason of, among other things, the use of the words 'freedom and flexibility'. In response, HSBC Australia issued an amended letter to all customers. For further information, see Appendix A, Item 14.
Item 15: Between April and December 2013, a financial planner employed by HSBC Australia misled six clients into investing in what the clients wrongly believed to be products endorsed by HSBC Australia. HSBC Australia was first alerted to some of the conduct following customer enquiries in late January and early February 2014, after the planner had already resigned from HSBC Australia. In March 2014, HSBC Australia notified ASIC of the conduct. In 2015, further conduct was discovered, which was also alerted to ASIC and the police. Following internal investigations, HSBC Australia commenced civil proceedings against the planner and associated companies to recover the clients' funds. The clients' funds were reimbursed. For further information, see Appendix A, Item 15.
Item 16: In September 2014, ASIC conducted an industry-wide review of the terms and conditions booklets distributed by credit card issuers to cardholders. ASIC contacted HSBC Australia regarding the disclosure and accessibility of the terms and conditions of the complimentary travel insurance offered to HSBC Australia's credit card customers. HSBC Australia subsequently made a number of changes to its website to address ASIC's
29.1.2018 page 9 RCD.0001.0037.0012
CONFIDENTIAL
concerns. ASIC also raised these concerns directly with the insurance provider. For further information, see Appendix A, Item 16.
Item 17: In October 2014, concerns were raised internally about conduct of a staff member in relation to a sale of bonds. This prompted a compliance officer to investigate and he found that the relevant conduct (which had taken place that month) raised potential collusion issues under the Competition and Consumer Act 2010 (Cth) and market conduct issues under the Corporations Act. HSBC Australia and another financial institution were jointly mandated in relation to the bond issue and set the price for the primary issue of the bonds. Following the primary sale, each of HSBC Australia and the other lead manager retained a residual principal amount, which would be available for sale on the secondary market. An employee of HSBC Australia then attempted to agree with an employee of the other financial institution the price at which the bonds would be sold on the secondary market. HSBC Australia informed the ACCC and ASIC of the conduct. HSBC Australia terminated the employment of the individual and conducted an internal review, which concluded there were no systemic issues associated with the conduct. Both the ACCC and ASIC notified HSBC Australia that they would take no further action. For further information, see Appendix A, Item 17.
Item 18: In late 2016, as part of an industry-wide review, ASIC requested HSBC Australia to conduct a review to provide assurance that misconduct had not taken place through the unauthorised opening of customer accounts. The review requested by ASIC identified no incidents, other than one previously identified and which involved a customer noticing two additional credit cards on their on line banking profile, for which they had not applied. The customer raised this with HSBC Australia and the issue was handled in accordance with HSBC Australia's fraud investigation process, which determined that the account creation was the result of fraudulent conduct by an employee. That staff member's employment was terminated consistent with the Consequence Management Framework. There was no financial loss to the customer. For further information, see Appendix A, Item 18.
Item 19: In April 2017 a Group-wide review identified that HSBC Australia was charging interest on its USD home loans at the relevant annual rate divided by 360 and not the rate divided by 365 as required under the National Credit Code. HSBC Australia changed its system for calculating the relevant interest and is refunding all 106 affected customers a total amount of approximately $77,000. HSBC Australia is conducting an annual review of the interest it charges on USD home loans. For further information, see Appendix A, Item 19.
Item 20: In late December 2017, a customer raised concerns that an HSBC Australia staff member at a branch in Victoria allegedly misappropriated $20. The customer deposited $320 at the branch but the customer's account was only credited with $300. An internal investigation determined that the staff member misappropriated the $20. The staff member's
29.1.2018 page 10 RCD.0001.0037.0013
CONFIDENTIAL
employment was terminated consistent with the Consequence Management Framework and the customer's money was reimbursed. The investigation is continuing to determine if this is an isolated event. For further information, see Appendix A, Item 20.
Part G Questions 2 and 3: Community Standards and Expectations
Introduction 25 In the view of HSBC Australia, the community's standards and expectations regarding bank conduct are informed principally by retail customers' own dealings with banks, and their knowledge of others' dealings with banks. The focus of this answer is therefore on HSBC Australia's retail business.
26 HSBC Australia's perception of community standards and expectations is gained from a number of sources, being primarily:
(a) feedback from staff by way of responses to its quarterly Snapshot survey3, and from 4 customers in response to monthly 'invitations for feedback' ;
(b) customer complaints received directly or through the FOS including observations from the recently appointed HSBC Australia Customer Advocate; and
(c) monitoring of:
community sentiment as expressed by consumers in traditional and social media;
the work of industry associations such as the Australian Bankers' Association and relevant initiatives of that and other associations such as the Sedgwick 5 Report ;
views of regulators expressed publicly or as part of HSBC Australia's engagement with them during an inquiry or otherwise; and
the Group's experience and learnings from other countries where the Group operates, including views of regulators in those countries.
27 In answering this question, HSBC Australia has applied its perception of current community standards and expectations even though these may be higher today than early in the relevant period. HSBC Australia has not included in this Part those matters dealt with in response to question 1.
3 See paragraph 20.
4 HSBC Australia sends to approximately 8,000 customers each month a request to provide feedback. Approximately 500 responses per month are received and reviewed.
5 Report by Stephen Sedgwick AO entitled 'Retail Banking Remuneration Review' dated 19 April 2017.
29.1.2018 page 11 RCD.0001.0037.0014
CONFIDENTIAL
28 In the view of HSBC Australia, the community believes that banks' conduct sometimes falls below the following community standards and expectations:
Standard 1: banks should act fairly in selling their retail products and services and this includes ensuring that products and services represent fair value;
Standard 2: banks should have processes that ensure the fair and prompt resolution of disputed transactions;
Standard 3: banks should protect individuals' privacy;
Standard 4: banks should lend responsibly; and
Standard 5: operational or technical oversights should be rare and when they occur should be identified and remediated promptly and effectively.
Standard 1: Banks should act fairly in selling retail products. Introduction
29 Customers expect banks to act fairly in selling their retail products and services including ensuring that such products and services are suitable for the customers' needs and represent fair value. The industry has not always taken sufficient steps to meet this standard, particularly early in the relevant period. Three of the greatest concerns to the community are commission-based incentives, the circumstances in which certain fees are charged and the value of certain retail products and services. Customers are also concerned that banks act fairly in their treatment of hardship cases. This is dealt with under Standard 4.
30 As to commission-based incentives: HSBC Australia had commission-based incentive schemes in respect of the sale of certain products and services in its retail business until 2013/14, depending on the product. The issue with commission-based incentives is that this form of remuneration is more likely to lead to selling products that are not suitable to the customers' needs.
31 As to fees: HSBC Australia charges certain fees on wealth management products and in relation to the use of credit cards, loans and various transactional banking products. The fees of most concern to customers are: credit card late payment fees, annual account fees, over-limit fees and overseas transaction charges. The key issues for customers regarding these fees are when and how they are levied.
32 As to fair value: HSBC Australia provides a range of retail products and services. The issue for customers is whether those products and services represent a fair value proposition.
Is the behaviour the subject of an inquiry, investigation or proceeding? (Q3a)
33 Some customers approach the FOS in respect of the above.
29.1.2018 page 12 RCD.0001.0037.0015
CONFIDENTIAL
Is the behaviour attributable to culture, governance or other practices? (Q3b-d) 34 As to commission-based incentives: before 2013, HSBC Australia had commission-based incentives in line with industry practice in Australia.
35 As to fees:
(a) in relation to quantum the approach of HSBC Australia, and one would expect the 6 industry as a whole, is governed by the High Court decision in Paciocco ;
(b) in relation to the circumstances in which fees are levied, this issue gives rise to a significant percentage of the customer complaints received by HSBC Australia. The vast majority of the complaints that relate to fees are in respect of credit cards (annual fees and late payment fees); and
(c) HSBC Australia does not consider that the above reflects a governance issue. However, a number of practices during the relevant period have caused customer dissatisfaction and these are discussed in the section below.
36 As to fair value: HSBC Australia has always sought to offer retail products and services that are competitive and transparent. However from 2013, HSBC Australia introduced a formal process requiring consideration of 'fair value' when developing and assessing its retail products and services.
Steps to remedy and prevent recurrence (Q3e) 37 As to commission-based incentives: HSBC Australia introduced a remuneration policy in 2013 to remove inappropriate sales based incentives in respect of its employees.
(a) Until 2013, HSBC Australia had commission-based incentive schemes for certain employees in its retail business. In January 2013, the Global Retail Wealth Incentive Framework was introduced, followed by the RBWM Incentive Framework in January 2014. These policies reformed remunerative incentive schemes throughout the Group, including at HSBC Australia.
(b) Under these policies reward cannot be automatically tied to performance so that, for example, the following are not acceptable:
(i) rewards directly linked to the achievement of quantitative targets alone;
(ii) plans that push particular products, including awards based on number of units sold; and
(iii) plans that focus only on financial performance.
6 Paciocco v Australia and New Zealand Banking Group Limited [2016] HCA 28.
29.1.2018 page 13 RCD.0001.0037.0016
CONFIDENTIAL
(c) HSBC Australia now only distributes third party wealth management products to retail customers and bases its investment advice on model and portfolio recommendations from external investment consultants.
(d) Reward is now discretionary and performance of HSBC Australia's retail business employees must now be measured against both financial and non-financial targets. Reward is reviewed and approved quarterly by the Country Incentive Committee. This Committee has representation from Human Resources, including the Head of Performance and Reward, and Risk and Regional Sales Managers. The targets that are measured include adherence to the Group's values, customer satisfaction and sales quality, and risk adjusted behaviours.
38 As to fees: (a) In the relevant period, the levy by HSBC Australia of certain fees has led to, and continues to be a source of, customer dissatisfaction.
(b) HSBC Australia has made a number of changes to its processes in relation to how particular fees are levied:
(i) in relation to credit card fees:
(A) in 2014, HSBC Australia introduced a process whereby its frontline staff are empowered to waive fees at first point of contact without the need to escalate; and
(B) HSBC Australia continues to waive such fees after considering the merits of the relevant case, even when contractually it may not be obliged to do so,
(ii) in November 2017, HSBC Australia commenced a review into the way its fees are implemented, explained and reversed; and
(iii) in relation to ATM withdrawal fees, since November 2017, HSBC Australia no longer charges any customers (whether they be domestic or international; HSBC customers or non-HSBC customers) ATM fees on withdrawals in Australia.
39 As to fair value: HSBC Australia introduced its Fair Value Exchange policy (FVE) in 2013. (a) In 2013 the Office of Fair Trading conducted a review of the personal current account market in the United Kingdom. As a result of its report, HSBC Group developed a global FVE principle to apply to its retail banking products, which required that:
customer fairness principles be incorporated into the design of all products;
product propositions and pricing be transparent and easy to understand; and
products be priced so they offer fair value.
29.1.2018 page 14 RCD.0001.0037.0017
CONFIDENTIAL
(b) The retail banking business in HSBC Australia then reviewed each product by reference to the FVE principle which included considerations of product margins and:
products where revenue is disproportionately generated by involuntary fees;
products generating a high level of customer complaints; and
products with features that are priced to customers but not widely used.
(c) That review identified, for example, that only a small percentage of customers claimed on their credit card protection insurance and as a consequence HSBC Australia discontinued the sale of credit card protection insurance.
(d) The FVE principle continues to be applied to the approval process for new products, the approval of significant changes and regular review of existing products.
Standard 2: Fair and prompt resolution of disputed transactions, particularly credit cards
Introduction
40 Customers expect that disputed transactions will be investigated and, if appropriate, reversed promptly. The vast majority of disputed transactions relate to credit and debit card transactions. HSBC Australia acknowledges that its processes for dealing with disputed card transactions in particular, are at times a source of customer dissatisfaction. HSBC Australia has received a number of complaints about the lengthy resolution process and gaps in communication experienced by customers.
Is the behaviour the subject of an inquiry, investigation or proceeding? (Q3a)
41 Some customers approach the FOS if they are dissatisfied with the process or outcome of HSBC Australia's investigation of a disputed card transaction.
Is the behaviour attributable to culture, governance or other practice? (Q3b-d) 42 HSBC Australia acknowledges that the customer dissatisfaction identified, results from weaknesses in its processes and not from cultural or misconduct issues.
Steps to remedy and prevent recurrence (Q3e) 43 In September 2017, HSBC Australia commenced a review of its processes relating to the resolution of disputed transactions. The review focused particularly on disputed credit and debit card transactions. The objective of the review is to make the process of investigating and resolving complaints simpler and faster. The review made a number of recommendations which have already been implemented by HSBC Australia in December 2017 and January 2018, including:
reducing and simplifying the data entry required of case officers who handle customer complaints regarding disputed card transactions;
setting internal processing standards to reduce turnaround times; and
29.1.2018 page 15 RCD .0001.0037.0018
CONFIDENTIAL
streamlining write-off processes so that write-offs can be handled quickly by frontline case officers.
A number of additional system changes will be made to streamline disputes handling and case management.
Standard 3: Privacy principles
Introduction
44 During the relevant period, HSBC Australia has been the subject of complaints alleging a failure to comply with the Privacy Act 1988 (Cth). HSBC Australia has recorded on its breach register approximately 230 instances of privacy breaches occurring during the relevant period. Of those instances, 162 arise from either its retail business or third party collections business and involve the following conduct:
unauthorised disclosure of personal information, such as sending a customer another customer's bank statement or the wrong crediUdebit card or disclosing personal information of one joint account holder to another joint holder of that account;
on occasion, failure to disclose to customers that telephone calls are being recorded;
incorrect linkage of accounts from two different customers, resulting in the disclosure of confidential information between those customers; and
failing to verify fully the identity of customers on telephone calls.
Is the behaviour the subject of an inquiry, investigation or proceeding? (Q3a)
45 Some complaints have been the subject of inquiries made by the Privacy Commissioner or the Office of the Australian Information Commissioner. HSBC Australia co-operates with these privacy regulators to address such complaints.
Is the behaviour attributable to culture, governance or other practice? (Q3b-d) 46 HSBC Australia considers that most of these complaints are due to a lack of training.
Steps to remedy and prevent recurrence (Q3e) 47 HSBC Australia's Privacy Policy is set out on its website7 and forms part of the training for customer-facing staff in particular new staff.
48 Following receipt of a complaint, HSBC Australia conducts an internal inquiry and ensures that the staff member in question receives further training, is reminded of HSBC Australia's Privacy Policy and is given a verbal warning if necessary.
49 HSBC considers that it has the correct procedures and processes in place to minimise the occurrence of privacy complaints and when errors do arise, to identify and address them promptly and effectively.
7 http://www.business.hsbc.eom.au/en-au/au/generic/privacy-and-security
29.1 .2018 page 16 RCD.0001.0037.0019
CONFIDENTIAL
Standard 4: Responsible lending
Introduction
50 The community expects banks to make responsible lending decisions, particularly in relation to mortgage lending and consumer credit contracts. HSBC Australia engages in retail lending. However, it does not currently have a focus on small businesses, such as those involved in the farming sector, which have been a subject of recent community concern.
51 HSBC Australia's conduct in respect of responsible lending has not, in its view, fallen below the community's standards and expectations. There are, however, a small number of occasions when staff did not comply strictly with certain notification or procedural requirements under the Code of Banking Practice and the National Consumer Credit Protection Act 2009 (Cth) (NCCP).
Is the behaviour the subject of an inquiry, investigation or proceeding? (Q3a)
52 During the relevant period, the FOS has reviewed HSBC Australia's compliance with the Code of Banking Practice and the NCCP.
Is the behaviour attributable to culture, governance or other practice? (Q3b-d) 53 HSBC Australia does not consider the technical instances of non-compliance over the relevant period to be attributable to the culture, governance or other practice of HSBC Australia. HSBC Australia has a number of policies and procedures in place to comply with its obligations under the Code of Banking Practice and the NCCP, including:
HSBC Australia's retail lending policies: the policy sets out minimum eligibility requirements including the minimum income of a potential borrower (with a higher threshold for owner occupied interest only loans), acceptable sources of income, inclusion of expenses and how to calculate customer affordability.
HSBC Australia's NCCP compliance procedures: HSBC Australia has procedures designed to ensure that HSBC only enters into a credit contract with a consumer or recommends a credit contract to a consumer in circumstances where the credit contract is suitable for that consumer.
HSBC Australia's APRA APG223 compliance procedures: HSBC Australia has procedures in place to comply with APRA's APG223, setting out prudent practices in the credit assessment of customer and the management of risks arising from lending secured by mortgages over residential properties.
HSBC Australia's hardship policies: HSBC Australia has procedures in place to assist customers who may encounter financial difficulty during the term of their credit facilities. These policies are designed to ensure that customers are supported and treated fairly during the hardship process.
29.1.2018 page 17 RCD.0001.0037.0020
CONFIDENTIAL
Steps to remedy and prevent recurrence (Q3e) 54 When issues of non-compliance with the NCCP or the Code of Banking Practice arise, HSBC Australia seeks to address instances promptly and effectively. Regular training in the policies and procedures outlined above is given to HSBC Australia staff and, on those occasions where staff fail to comply with certain requirements, they are disciplined and receive further specific training.
Standard 5: Minimising and addressing operational or technical oversights
Introduction
55 The community expects that operational or technical oversights should be rare and when they occur they should be identified and remediated promptly and effectively. We deal with the following operational or technical oversights of HSBC Australia:
processing credit card bonus rewards points; premature reporting of overdue payments under the Credit Reporting Code of Conduct; failure to Provide Product Disclosure Statement; failure to link offset accounts; underreporting unclaimed moneys; and technical breaches of client moneys obligations. 56 These oversights are operational or technical in nature and will occur from time to time without being attributable to culture, governance or other practice. In some cases however, they are in part attributable to the need for better training.
Processing credit card bonus rewards points
Is the behaviour the subject of an inquiry, investigation or proceeding? (Q3a)
57 In 2013, an HSBC Australia customer complained to the FOS that their Qantas Frequent Flyer points had not been automatically credited to their account. The FOS identified it as a systemic issue. The issue arose because Qantas updated its 'descriptor code' before HSBC Australia was able to revise and update its 'descriptor code'. HSBC's internal review identified 451 customers affected by the error.
Is the behaviour attributable to culture, governance or other practice? (Q3b-d) 58 Please see paragraph 56 above.
Steps to remedy and prevent recurrence (Q3e) 59 Following an internal investigation, HSBC Australia established a new process with Qantas by which HSBC updates the descriptor code in its system before Qantas implements a change. HSBC has also updated its procedures so that, any time it identifies that a descriptor
29.1.2018 page 18 RCD.0001.0037.0021
CONFIDENTIAL
is not correctly allocating bonus points, it conducts a sweep of its database and posts points correctly for affected customers.
60 This issue was resolved within approximately four weeks and involved a total of 182,043 points being credited to 451 customers. The FOS considered that this, along with the changes made by HSBC to its IT processes and procedures, satisfactorily resolved the issue.
Premature reporting of overdue payments under the Credit Reporting Code of Conduct
Is the behaviour the subject of an inquiry, investigation or proceeding? (Q3a)
61 In August 2013, the FOS identified that HSBC Australia had incorrectly reported customers' overdue payments under the Credit Reporting Code of Conduct (CRCC) before the 60 day period had elapsed following the due date for payment. The FOS classified this as a systemic issue. HSBC conducted an internal review in consultation with the FOS and identified 248 instances where defaults had been prematurely reported. Following this review, HSBC corrected the reporting errors.
62 This issue arose again in 2015 and it was acknowledged by HSBC Australia that the issue had not been properly dealt with. Further analysis was completed by HSBC Australia which determined that the original process to identify the 248 incorrect listings was incomplete due to incorrect use of system codes. Following review using corrected system codes, HSBC Australia identified a further 2,680 default listings as having been listed too early in the period 1 January 2011 to 31 December 2013.
Is the behaviour attributable to culture, governance or other practice? (Q3b-d) 63 Please see paragraph 56 above.
Steps to remedy and prevent recurrence (Q3e) 64 HSBC Australia conducted a review of its relevant procedures and policies. It determined that these procedures were appropriate but that certain staff members had not been following them. As a result, from approximately December 2013, all manual reporting of overdue payments ceased with the implementation of a semi-automated process combined with a manual check prior to any referral of overdue payments to the credit reporting agency. Staff training on the applicable HSBC procedures and processes was also undertaken.
65 In 2015, HSBC Australia informed the FOS and developed a remediation plan for the newly identified listings. FOS agreed that this would be sufficient to close the matter.
Failure to provide Product Disclosure Statement
Is the behaviour the subject of an inquiry, investigation or proceeding? (Q3a)
66 In 2014, HSBC Australia restructured its Wealth Management distribution channel and identified that it had not been meeting its disclosure obligations under the Corporations Act to
29.1.2018 page 19 RCD.0001.0037.0022
CONFIDENTIAL
provide a product disclosure statement (PDS) to its customers for underlying funds when the funds were recommended via a third party platform. No clients had raised complaints, but HSBC Australia's internal review found that approximately 1,900 clients were affected over the 10 year period. The clients had, however, been provided with other applicable disclosure documents at the time of entering into the transaction. HSBC Australia reported the breach to ASIC. The breach notification, along with HSBC Australia's remediation plan, was reviewed by ASIC, which decided to take no further action as it was satisfied with HSBC Australia's response.
Is the behaviour attributable to culture, governance or other practice? (Q3b-d) 67 Please see paragraph 56 above.
Steps to remedy and prevent recurrence (Q3e) 68 Once the issue was identified, an internal investigation was conducted. Following the investigation, HSBC Australia changed its processes to require the provision of a PDS for all underlying funds. The changes included:
(a) providing a copy of the relevant underlying fund PDS as part of the standard disclosure pack;
(b) reinforcing existing training to ensure customers receive balanced advice; and
(c) reviewing and revising existing procedure manuals, the on-boarding guide for new starters and quality assurance checklists.
Failure to link offset accounts
Is the behaviour the subject of an inquiry, investigation or proceeding? (Q3a)
69 In 2015, the Retail Banking and Wealth Management Mortgage Product Team developed a quarterly unlinked mortgage offset process that was delivered to branches to implement. A customer complaint was received in August 2016. Following some further complaints, a review of the process revealed that the logic embedded within the process had been incorrectly excluding some mortgage offset accounts. As a result, certain customers' interest payments were not assessed correctly. Following an internal review, the number of customer accounts identified as eligible for a refund totalled 117 and the amount to be refunded across those accounts totalled $117,573.91.
Is the behaviour attributable to culture, governance or other practice? (Q3b-d)
70 Please see paragraph 56 above.
Steps to remedy and prevent recurrence (Q3e)
71 The team corrected the monthly reporting process. In addition, all front-line branch staff were required to implement and double-check offset account linkage.
29.1.2018 page 20 RCD.0001.0037.0023
CONFIDENTIAL
72 HSBC Australia raised the matter with ASIC in October 2017. ASIC advised HSBC Australia that it would take no further action as HSBC Australia had resolved the matter.
Underreporting unclaimed moneys
Is the behaviour the subject of an inquiry, investigation or proceeding? (Q3a)
73 Under the Banking Act, accounts become subject to an unclaimed moneys review when there has been no activity on them for seven years or more. At various times during the relevant period, HSBC Australia failed to report to ASIC a number of accounts with unclaimed moneys within the prescribed time period under s69 of the Banking Act. HSBC acknowledges that underreporting these accounts may fall below community expectations even though in these examples there was no detrimental financial impact on customers.
74 A number of instances of underreporting were discovered in 2009 and 2016. Some of these instances were identified by HSBC Australia in the course of analysing its internal processes to determine whether any changes were necessary for compliance with amendments in 2015 to the Banking Act. Those amendments changed the time period relevant for classification and review of accounts as 'unclaimed moneys'. HSBC Australia notified ASIC of all unclaimed moneys upon discovery and remitted those funds to ASIC, or otherwise made arrangements to remit the funds in the subsequent reporting period. ASIC has not, to date, advised HSBC Australia of any intention to investigate these instances of underreporting.
Is the behaviour attributable to culture, governance or other practice? (Q3b-d) 75 Please see paragraph 56 above.
Steps to remedy and prevent recurrence (Q3e) 76 HSBC Australia continues to review and improve its unclaimed moneys process. In 2009, an internal review found that underreporting had primarily been due to oversights in the intensely manual nature of the process of managing unclaimed moneys. As a result, HSBC Australia automated its unclaimed moneys process. In 2016, HSBC Australia undertook a further review of its unclaimed moneys process while implementing the changes resulting from the Banking Laws Amendment. In 2017, HSBC Australia commenced a project to remediate gaps in the automated unclaimed moneys process. This project is ongoing.
Technical breaches of client moneys obligations
Is the behaviour the subject of an inquiry, investigation or proceeding? (Q3a)
77 Part 7.8 of the Corporations Act requires an ADI to keep its money separate from 'client moneys'. The mechanics of the requirements are complex. Like all banks, HSBC Australia operates various Nostro accounts to process payments and receipts regardless of their nature. The vast majority of funds deposited into these accounts are not client money. In 2016, HSBC Australia identified a number of situations common in the industry where
29.1.2018 page 21 RCD.0001.0037.0024
CONFIDENTIAL
payments received fall within the scope of the client money provisions and required placement into a client moneys account before being withdrawn for its ultimate purpose:
(a) cash collateral payments received within its Global Markets business from wholesale counterparties under credit support documents to support their over-the-counter derivative transactions;
(b) exceptional cases where payments are received early from Global Markets clients before settlement date of a transaction; and
(c) un-identified moneys arising from incoming payments which are unable to be matched immediately and which are subject to HSBC Australia's standard reconciliation process which could take up to 30 days to complete.
Is the behaviour attributable to culture, governance or other practice? (Q3b-d) 78 Please see paragraph 56 above.
Steps to remedy and prevent recurrence (Q3e) 79 Neither of the categories in paragraphs 77(a) or (b) involves any retail clients. Payments covered in paragraph 77(a) are now subject to an exemption from client money obligations. Payments covered in paragraph 77(b) are to be remediated by way of a process change so that clients do not pay such amounts into HSBC Australia's Nostro account.
80 HSBC Australia notified ASIC of these issues in October 2016. Over the course of 2017, HSBC Australia put new processes in place to address payments in paragraph 77(c). There remains certain payment receipts, namely payments received in certain foreign currencies, where it is not possible for such payments to be placed into a client moneys account within two business days of its receipt (as required by ASIC). HSBC Australia has been working with ASIC on this and an application for a 'no action' position has been made and is currently with ASIC for review.
Part H Other Matters - Prudential Standards and Reporting Obligations
81 HSBC Australia acknowledges the importance of prudential standards reporting. On occasion, HSBC Australia has not complied with these reporting standards. Such non compliance is unlikely to be captured under question 1 given the definition of 'misconduct' in the terms of reference. Nor does it seem to HSBC Australia that these matters are the subject of broad community expectation. However, HSBC Australia assumes that examples of non-compliance with reporting standards is of interest to the Commission and therefore sets them out in this section. It does so notwithstanding the first paragraph on page 4 of the
29.1.2018 page 22 RCD.0001.0037.0025
CONFIDENTIAL
terms of reference. 8 Each instance set out below has been disclosed to APRA in HSBC Australia's mandatory annual CPS220 declarations and most instances have involved working with APRA to remediate the breaches.
APS221 Large exposures
82 APS221 requires AD ls to implement prudent measures and to set prudent limits to monitor and control their large exposures. In general, the prudential limit of an aggregate corporate relationship exposure for HBAU is 25% of its total capital base, and APRA must be consulted where the aggregate relationship limit is to be greater than 10% of HBAU's total capital base.
83 HBAU entered into a lending facility for a customer on 23 October 2015 in breach of the 25% limit. APRA was notified of the breach on the drawdown date of 30 October 2015. On that date, the exposure to that customer was reduced to 15% of the capital base.
84 Internal reviews were conducted which identified nine further breaches of APRA's notification requirements (where the aggregate relationship limit is greater than 10% of HBAU's total capital base). HBAU notified and consulted with APRA in relation to all nine cases.
85 To ensure future compliance with this policy, HBAU established and tested a control framework and set risk appetite limits for its largest corporate relationships.
CPS520 Fit and Proper
86 CPS520 sets minimum requirements for determining the fitness and propriety of individuals who hold positions of responsibility within APRA regulated institutions. In September 2017, APRA requested HSBC Australia conduct an internal review of its compliance with CPS520. The review found that the last annual return for HBAP had been made in April 2016 and HBAP should have made a 'refresh' submission in March 2017. HSBC Australia has remediated this incident and improved its control and testing systems to prevent recurrence.
CPS231 Outsourcing
87 CPS231 requires all outsourcing arrangements involving material business activities entered into by an APRA-regulated institution to be subject to appropriate due diligence, approval and ongoing monitoring.
88 In October 2015, APRA reviewed HSBC Australia's compliance with CPS231 and made recommendations to remediate certain breaches. HSBC Australia established an internal working group that made changes to internal processes and then conducted an audit to check all issues were addressed.
8 That paragraph says: "AND We further declare that you are not required by these Our Letters Patent to inquire, or to continue to inquire, into a particular matter to the extent that the matter relates to macro-prudential policy and regulation".
29.1.2018 page 23 RCD.0001.0037.0026
CONFIDENTIAL
Agent bank application
89 It is a requirement under the Exchange Settlement Account Policy, issued jointly by APRA and the RBA, that APRA's approval be obtained by banks acting as agent banks in respect of the Austraclear system and in respect of high value clearing transactions processing. In 2013, a review of the services provided by HSBC Australia revealed that it had, since 2009, been acting as agent bank for a large international bank client without APRA approval.
90 HSBC Australia worked with the client to compile relevant information to support its application to APRA and submitted that application to APRA, seeking retrospective approval to act as Agent Bank in December 2015 and provided additional information requested by APRA in March 2016. HSBC Australia is awaiting a response from APRA.
Prompt processing of AML/CTF alerts
91 HSBC Australia has experienced backlogs in its AML review and reporting processes. The AML investigation backlog was in part attributable to the implementation in 2016/17 of new processes and updated system parameters, and in part attributable to stricter quality control measures. Those matters resulted in a slower rate of processing than the industry average.
92 To reduce the backlogs, HSBC Australia has increased processing personnel from approximately 60 to 200 (onshore and offshore) over the past two years and is currently fine tuning the system parameters. HSBC Australia is in close dialogue with AUSTRAC in relation to the progress of the remediation.
Mortgage cap
93 At certain times during the relevant period, HBAU's year on year growth in the investor mortgage segment exceeded the APRA prescribed threshold of 10%. When this occurred for example in June 2015, HBAU took action to decelerate growth by reducing its volume of lending to this segment, resulting in year on year investor growth reducing to 5.8% in December 2015.
Part I Employment
94 HSBC Australia has comprehensive policies and procedures in place regarding workplace interactions between directors, officers and employees. These policies form an important part of its response to conduct risk. They address issues such as bullying and harassment, conflicts of interest and internal fraud. HSBC Australia sets out its expectations of conduct clearly and believes that it responds swiftly and appropriately to improper workplace conduct when it takes place. Over the last decade, HSBC Australia has had a number of instances of termination and serious disciplinary action taken against its personnel as a result of such improper conduct. HSBC Australia has assumed that internal workplace misconduct matters
29.1.2018 page 24 RCD.0001.0037.0027
CONFIDENTIAL
are beyond the scope of the Commission's focus. Should the Commissioner wish to receive any further information, HSBC Australia would be pleased to provide it.
Part J Contact details
95 HSBC Australia has sought to provide as comprehensive a response as possible to questions 1-3 in the time available to prepare this submission. Question 4 is not relevant to HSBC Australia. Please direct any further questions to:
Maria Lu, Acting General Counsel HSBC Bank Australia Limited
29.1 .2018 page 25 RCD.0001.0037.0028
CONFIDENTIAL Appendix A Summaries of conduct
Item 1
Non-disclosure of USO telegraphic transfer fees imposed by US correspondent bank
Date: August 2006 - September 2009
Outcome: HSBC Australia rectified the issue effective 1 October 2009 and refunded the fee charged to all affected customers. HSBC Australia informed ASIC of the error and its rectification. No further action was taken by ASIC.
Nature, extent and effect of the conduct
HBSC Australia found its USD correspondent bank was charging a fee of USD20 on USD telegraphic transfers during the period 1 August 2006 - 30 September 2009. By reason of an oversight, this fee had not been disclosed to HSBC Australia's customers in Australia. When HSBC Australia became aware of this it reported the incident to ASIC. A total of 4,355 customers were affected, most of whom were wholesale customers.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
HSBC Australia conducted an internal investigation to identify all customers affected by the error. HSBC Australia also notified ASIC in December 2009. ASIC decided not to take any further action given the steps HSBC Australia had taken to address the error. b) - d) Is the conduct attributable to culture, governance or other practices?
HSBC Australia considers this to be an oversight that is not attributable to the culture, governance or other practices of the entity, industry or sector. e) Steps to remedy and prevent recurrence
HSBC Australia identified and refunded affected customers. In total, $1,557,580.00 was refunded. HSBC Australia agreed with the US correspondent bank that the correspondent bank would no longer deduct its fees from the transferred amount. Instead, it would notify HSBC Australia of any telegraphic transfer fees, which would then be disclosed to Australian customers.
29.1.2018 page 26 RCD.0001.0037.0029
CONFIDENTIAL
Item 2
Alleged misappropriation of client funds at a Sydney branch
Date: February - May 2008
Outcome: The staff member's employment was terminated following an internal investigation.
Nature, extent and effect of the conduct
Between February and May 2008, an HSBC Australia staff member working at a Sydney branch received funds from friends and customers directly into his personal accounts and completed telegraphic transfers to those friends and customers for amounts less than the funds received. HSBC Australia's internal review considered that the staff member obtained a financial benefit by retaining the difference. Eighteen transactions (three cash deposits, nine credit transfers and six debit transfers) were reviewed as part of HSBC Australia's internal investigation. None of these transactions was for an amount over $10,000.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
Internal HSBC Australia investigation. b) - d) Is the conduct attributable to culture, governance or other practices?
HSBC Australia considers this incident to be the result of the unauthorised actions of a single individual. e) Steps to remedy and prevent recurrence
Following the internal investigation the staff member's employment was terminated by HSBC Australia. HSBC Australia's records from 2008 do not disclose whether a customer suffered any loss and if so the nature of any remediation.
29.1.2018 page 27 RCD.0001.0037.0030
CONFIDENTIAL
Item 3
Alleged unauthorised use of customer funds by staff member
Date: May - June 2008
Outcome: HSBC Australia undertook an expanded audit of the relevant branch to identify and prevent such conduct recurring.
Nature, extent and effect of the conduct
An HSBC Australia staff member signed a cheque on behalf of a customer, with whom the staff member had a close relationship. The staff member purported to be acting on the direction of the customer in doing so. The cheque was made payable to a business account operated by the staff member. The money was allegedly used by the staff member to clear some personal debts and also to fund his own business activities. In an interview conducted by HSBC Australia with the customer, the customer declined to clarify whether the staff member acted beyond the authority given to him by the customer. HSBC Australia was concerned that certain of the staff member's business activities were being conducted in breach of HSBC Australia's conflict of interest policy as they involved the provision offinancial services and advice.
Responses to questions 3(a) to 3(e) b) Is the conduct the subject of an inquiry, investigation or proceeding?
Internal HSBC Australia investigation. b) - d) Is the conduct attributable to culture, governance or other practices?
HSBC Australia considers this incident to be the result of the unauthorised actions of a single individual who left HSBC Australia. e) Steps to remedy and prevent recurrence
Following the internal investigation the staff member left, HSBC Australia conducted an expanded audit of the relevant branch to identify other instances where staff signed on behalf of customers. HSBC Australia's records from 2008 do not disclose the outcome of the expanded audit.
29.1.2018 page 28 RCD.0001.0037.0031
CONFIDENTIAL
Item 4
Incorrect break cost calculation method resulting in overcharging in certain cases
Date: September 2008 - December 2011
Outcome: HSBC Australia engaged an expert and worked with the FOS to revise its break cost calculation methodology and, as agreed with the FOS, refunded all affected customers owed a refund of more than $100 as agreed with FOS.
Nature, extent and effect of the conduct
In January 2011, the FOS reviewed and made findings in relation to HSBC Australia's methodology in calculating break costs for early prepayment of fixed rate loans following complaints raised by customers. The total number of customers affected was 363.
HSBC Australia engaged Deloitte as an independent expert with experience in break costs issues in Australia and New Zealand to perform a review of its break cost calculation methodology. HSBC Australia provided the report to the FOS. Deloitte found two errors in HSBC Australia's methodology. The first error resulted in the bank undercharging its customers and the second resulted in the bank overcharging its customers. Deloitte revised a methodology to correct these errors. This revised methodology was accepted by the FOS.
The FOS and HSBC Australia also had discussions in relation to the appropriate reference rates to be used. An agreed methodology was reached in November 2012.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
Yes, HSBC Australia worked with the FOS to revise its calculation methodology. b) - d) Is the conduct attributable to culture, governance or other practices?
The conduct resulted from HSBC's methodology in relation to break costs. On the sample reviewed by Deloitte, HSBC Australia overall undercharged its customers. e) Steps to remedy and prevent recurrence
HSBC Australia refunded all affected customers requiring a refund of more than $100 (as agreed with the FOS) which totalled approximately $450,000. HSBC Australia engaged an expert and worked with the FOS to revise its break cost calculation methodology, which was then applied.
29.1.2018 page 29 RCD.0001.0037.0032
CONFIDENTIAL
Item 5
Compliance with AML/CTF Act - international funds transfer instructions
Date: December 2008 - October 2015
Outcome: AUSTRAC was notified and potential and actual compliance issues were rectified.
Nature, extent and effect of the conduct
HSBC Australia identified that a number of international funds transfer instructions (IFT/s) received by HSBC Australia since December 2008 were not reported to AUSTRAC as required under the AML/CTF Act and Rules. The IFTls related to payments made using either one of two products: the Global Disbursements product; or the World Pay Tempo product. The products allow certain customers to send a bulk international transfer of funds to a number of beneficiaries in a single payment. The World Pay Tempo was replaced by the Global Disbursements product in December 2013. This issue was identified in October 2015.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
The incident was the subject of an inquiry by AUSTRAC. b) - d) Is the conduct attributable to culture, governance or other practices?
HSBC Australia considers that this incident is largely attributable to inadequate staff training. e) Steps to remedy and prevent recurrence
HSBC Australia reported to AUSTRAC:
110,764 IFTls for payments made using the Global Disbursements product in December 2015; and
153,013 IFTls for payments made using the WorldPay Tempo product in February 2016.
HSBC Australia informed AUSTRAC that it had met its reporting obligations by providing these reports. HSBC Australia explained to AUSTRAC that, following an internal investigation, HSBC Australia identified that the cause of the incident was inadequate awareness and consideration of local regulatory reporting requirements by the relevant teams. Regulatory reporting requirements were reiterated to those teams so that the requirements are considered in future design and review processes.
29.1.2018 page 30 RCD.0001.0037.0033
CONFIDENTIAL
Item 6
Advice to clients on retail structured products: ASIC industry review
Date: January 2009 - March 2013
Outcome: In May 2016 HSBC Australia provided an enforceable undertaking to ASIC in which it undertook to review and remediate clients who received potentially deficient advice on retail structured products. Remediation is almost complete.
Nature, extent and effect of the conduct
As part of its review of the provision of structured products to retail investors, ASIC released a report in December 2013 regarding its review of a sample of advices provided by ten Australian financial services (AFS) licensees, including HSBC Australia.
ASIC found potential compliance issues with approximately half of the advices reviewed, raising concerns that the advices may not have been appropriate for the clients' circumstances or needs. As a result, in July and August 2014, ASIC reviewed a further sample of HSBC Australia's retail structured products advice. ASIC identified cases where the scope of advice was restricted to a single HSBC Australia structured product and advisers had obtained insufficient information about clients' relevant personal circumstances, such as their assets, liabilities, income or debts, before providing the advice. HSBC Australia ceased selling retail structured products in 2013.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
ASIC investigated ten AFS licensees and reviewed a sample of client files. In September 2014, ASIC expressed concerns that HSBC Australia may have failed to comply with certain obligations under the Corporations Act and HSBC Australia's AFS licence.
From September 2014, HSBC Australia reviewed its client files involving structured products advice. HSBC Australia lodged a potential breach notification with ASIC in June 2015 reporting potential deficiencies in approximately 464 advices provided to clients.
In May 2016, HSBC Australia provided to ASIC an enforceable undertaking requiring review and remediation of clients who received potentially deficient advice on structured products between January 2009 and March 2013. To date, HSBC Australia has reviewed 505 advices, of which 76 have been found to involve the provision of advice that was not appropriate for the client's needs. HSBC Australia confirmed the breach with ASIC in June 2017.
29.1.2018 page 31 RCD.0001.0037.0034
CONFIDENTIAL b) - d) Is the conduct attributable to culture, governance or other practices?
ASIC had similar concerns in relation to the provision of retail structured product advice by several licensees in the industry. HSBC Australia believes that the conduct the subject of the enforceable undertaking does in part reflect inadequate control practices and training.
To ascertain whether the conduct reflected broader issues within the organisation, HSBC Australia engaged an external consultant in February 2015 to review the adequacy of HSBC Australia's financial advice processes and risk controls framework. The external consultant found no significant weaknesses, but identified areas for improvement in HSBC Australia's financial advice control environment and made recommendations. HSBC Australia developed and implemented a 'Compliance Enhancement Plan' to implement the recommendations. Following a review in February 2016, the external consultant found that HSBC Australia had satisfactorily addressed the recommendations. e) Steps to remedy and prevent recurrence
As set out above, HSBC Australia has taken steps to ensure that affected clients are being remediated in an efficient, honest and fair manner. HSBC Australia:
once made aware of the issue, conducted an immediate review of its files for retail clients who invested in structured products from January 2009 to March 2013;
in May 2016, provided ASIC with an enforceable undertaking requiring HSBC Australia to review and remediate affected clients. HSBC Australia has reviewed 505 advices, of which 76 were found to have involved the provision of advice that was not appropriate for the client's needs. Of those, not all were eligible for compensation as some clients made a financial gain due to the advice. HSBC Australia offered 55 clients compensation and 39 have accepted and been paid; and
is engaging with an independent expert, as part of the enforceable undertaking, who reports monthly to ASIC on the adequacy of HSBC Australia's review and remediation program (distinct from its review of HSBC Australia's Compliance Enhancement Plan, referred to above). To date, the independent expert has not found any major issues with HSBC Australia's review and remediation.
As set out above, in February 2015 HSBC Australia also appointed an external consultant to review the adequacy of its financial advice processes and risk control framework and to provide recommendations. HSBC Australia implemented the recommendations through its 'Compliance Enhancement Plan'.
HSBC Australia ceased selling retail structured products in 2013. To prevent the occurrence of similar issues in respect of other products, HSBC Australia is assessing whether the problems identified in the advice on structured products extend to advice or services in relation to other products, and if so, to ensure effective remediation.
29.1.2018 page 32 RCD.0001.0037.0035
CONFIDENTIAL
Item 7
Alleged fraudulent use of customer ATM card by NSW branch staff member
Date: Late 2009 - early 201 O
Outcome: The employment of three staff members was terminated due to recurring security breaches. Supplementary compliance training was conducted at the branch.
Nature, extent and effect of the conduct
In early 2010, a customer raised concerns with HSBC Australia regarding the unauthorised use of a replacement ATM card held at a NSW branch awaiting collection by the customer. Unauthorised withdrawals on the customer's account totalling $22,880 were made in late 2009 to early 2010.
HSBC Australia's investigation also identified security breaches by staff at that branch, namely:
staff permitting family members and friends to enter 'staff only' areas;
staff signed as witnesses to the destruction of bank documents and records without following HSBC Australia's internal processes and procedures; and
non observance of protocols regarding safe custody of keys and access passes.
Following an internal investigation, HSBC Australia considered that one staff member had instigated the fraudulent transactions. The employment of that staff member and two others was terminated for security breaches. The misappropriated funds were refunded to the customer.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
HSBC Australia conducted an internal investigation. b) - d) Is the conduct attributable to culture, governance or other practices?
It is apparent that there was a practice of non-observance of security protocols given the number of other compliance breaches identified within the branch. This had also been identified in an earlier ad hoc internal review which occurred in July 2009. e) Steps to remedy and prevent recurrence
As noted above, the affected customer received a refund of the misappropriated funds. Following the review:
employment of the alleged perpetrator and two other staff members at the branch was terminated; and other staff members at the branch received additional training on the correct procedures.
29.1.2018 page 33 RCD.0001.0037.0036
CONFIDENTIAL
Item 8
Alleged fraudulent use of customer credit card by staff member working in the Collections and Recoveries team
Date: October 2009
Outcome: The staff member left HSBC Australia following an internal investigation. HSBC Australia reimbursed the customer's credit card.
Nature, extent and effect of the conduct
In October 2009, an HSBC Australia staff member allegedly used a customer's credit card to spend $6,000 on personal expenses. The customer had previously requested the closure of the credit card account. Instead of closing the account, the staff member copied relevant information from the internal banking system, including the verbal account passcode. After modifying relevant customer contact details using HSBC Australia's telephone banking service, the staff member ordered a new credit card in the customer's name and spent $6,000 on personal expenses.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
HSBC Australia internal investigation. b) - d) Is the conduct attributable to culture, governance or other practices?
HSBC Australia considers this incident to be the result of the unauthorised actions of a single individual who left HSBC Australia. e) Steps to remedy and prevent recurrence
HSBC Australia reimbursed the customer's credit card. Following the internal investigation the staff member left HSBC Australia.
29.1.2018 page 34 RCD.0001.0037.0037
CONFIDENTIAL
Item 9
Misappropriation of funds from accounts of eight customers
Date: November 2011 - June 2017
Outcome: HSBC Australia reported the incident to NSW Police and ASIC. HSBC Australia terminated the staff member's employment. HSBC Australia has remediated almost all affected customers and is conducting a thorough review of specific processes.
Nature, extent and effect of the conduct
In July 2017 following a transaction dispute raised by a customer, HSBC Australia's Financial Crime Threat Mitigation division began investigating misappropriation of funds from the accounts of eight customers by a staff member at a Sydney branch from late 2011 to mid-2017. The total amount of loss was $913, 115.
Of the fraudulent transactions, one was a cash withdrawal and the remaining were electronic transfers. The cash withdrawal was made using a forged signature on a cash withdrawal voucher. The electronic transfers were made through, among other things, altering contact details of the relevant customers using forged documents and creating internet banking access by persuading junior staff to support internet banking registration and/or token linkage processes.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
HSBC Australia reported the conduct to NSW Police on 21 July 2017 and is supporting the police in its investigations. It has also reported the incident to ASIC. b) - d) Is the conduct attributable to culture, governance or other practices?
HSBC Australia considers this incident to be the result of the unauthorised actions of a single individual. e) Steps to remedy and prevent recurrence
HSBC Australia promptly contacted all affected customers whose contact details were available (many of the contact details were changed as part of the fraudulent acts of the staff member and some correct details were difficult to recover).
HSBC Australia:
conducted an immediate internal investigation;
29.1.2018 page 35 RCD.0001.0037.0038
CONFIDENTIAL
consistent with the Consequence Management Framework, terminated the employment of the individual in August 2017 upon it becoming clear that the individual was involved in wrongdoing;
promptly notified NSW Police and ASIC; and
has reimbursed all but three customers. HSBC Australia is working to contact two of those customers, both of whom are foreign nationals and one of whom is presumed dead. The third has been contacted numerous times but is yet to provide details to allow return of funds. In the meantime, the money has been placed in holding accounts.
To strengthen its internal processes to guard against similar incidents recurring, HSBC Australia is undertaking a thorough internal review of a number of its processes including in relation to:
over-the-counter cash withdrawals;
customer address and email maintenance;
personal internet banking registration;
closure of term deposits; and
internal fraud monitoring.
29.1.2018 page 36 RCD.0001.0037.0039
CONFIDENTIAL
Item 10
Compliance with AML/CTF Act - threshold transaction reporting
Date: October 2011 - September 2016
Outcome: AUSTRAC was notified and potential and actual compliance issues were rectified.
Nature, extent and effect of the conduct
In September 2016, it was discovered that a Queensland branch had misinterpreted the threshold transaction reporting procedures under the AML/CTF Act. As a result, too few threshold transaction reports were submitted by that branch in the period since October 2011 when new reporting obligations came into force. Under the threshold transaction reporting requirements, physical cash transactions of $10,000 or more must be reported to AUSTRAC within 10 business days of the transaction occurring. HSBC Australia identified this issue in September 2016, at which time 359 transactions were identified as requiring reporting to AUSTRAC.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
The incident was the subject of an inquiry by AUSTRAC. b) - d) Is the conduct attributable to culture, governance or other practices?
HSBC Australia considers that this incident is largely attributable to a deficiency in the training. Specifically, one individual responsible for subsequent training of their branch staff did not fully understand the requirements and therefore trained the branch staff incorrectly in the procedures which in turn led to the non-submission of reports to AUSTRAC. In addition, identification of the incident highlighted potential problems in the assessment of the effectiveness of the training and of the review processes which should identify oversights such as this. e) Steps to remedy and prevent recurrence
AUSTRAC was notified of this failure to report. HSBC Australia reviewed the transaction data and identified 359 transactions as requiring notification to AUSTRAC. This reporting occurred and HSBC Australia submitted its final report to AUSTRAC on this issue on 14 February 2017. AUSTRAC responded on 27 February 2017 confirming that it considered remediation to be complete.
29.1.2018 page 37 RCD.0001.0037.0040
CONFIDENTIAL
Item 11
Forgery by staff member in opening customer accounts
Date: Late 2011
Outcome: Internal investigations conducted, staff disciplined and enhanced training at branch level implemented.
Nature, extent and effect of the conduct
In late 2011, an HSBC Australia staff member alleged that a staff member working at a Sydney branch was forging customers' initials and branch management signatures when opening new accounts for existing customers. An internal investigation found that this conduct did not lead to personal gain but rather occurred to expedite account opening. The investigation also identified compliance breaches by the staff member's manager who allowed this practice to occur.
Similar conduct by an individual staff member at a branch in Melbourne was also identified. The Melbourne staff member resigned following HSBC Australia's internal investigation.
Similar conduct by an individual staff member at another branch in Melbourne was also identified. HSBC Australia conducted an internal investigation and concluded that unlike the incidents above, the customer had requested that the staff member sign on behalf of the customer. That staff member was disciplined by her manager.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
HSBC Australia internal investigation. b) - d) Is the conduct attributable to culture, governance or other practices?
Sydney incident: The conduct was the result of certain staff members, including management, failing to adhere to HSBC Australia's procedures and raised concerns about the culture of that branch. HSBC Australia reprimanded the staff member and manager, and took steps to ensure training on the correct processes was occurring.
Melbourne incidents: HSBC Australia considers each incident to be the result of the unauthorised actions of a single individual.
HSBC Australia also attributes the conduct to the complicated account opening processes and the need to streamline them to minimise staff wishing to circumvent those processes. e) Steps to remedy and prevent recurrence
Following the internal investigation, communications were sent to all HSBC Australia branch staff reiterating the correct processes. Simplified processes and enhanced training on account opening procedures and requirements were implemented.
29.1.2018 page 38 RCD.0001.0037.0041
CONFIDENTIAL
Item 12
ASIC concerns about potentially misleading home loan rate discount advertisements
Date: January-April 2012
Outcome: HSBC Australia took prompt steps to remedy this by amending all relevant advertising material.
Nature, extent and effect of the conduct
In early 2012, HSBC Australia ran a home loan advertising campaign using online, digital, print and outdoor advertising. The headlines included a statement that customers could receive 'Up to 0.95% p.a.* off an HSBC Home Smart Loan'. The advertisements also stated that the minimum loan amount for the offer was $250,000. The fine print disclosed that only loans of over $1,500,000 were eligible for the full 0.95% discount, with smaller loans receiving smaller discounts.
In February 2012, ASIC raised with HSBC Australia concerns that the scaling of discounts was not sufficiently prominent compared to the discount rate in the headline. HSBC Australia promptly amended relevant advertising material.
This and the following two items (Item 13 and Item 14), reflected a greater focus by ASIC on advertising financial products and services from 2012 (see Regulatory Guide 234, November 2012).
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
ASIC raised this issue with HSBC Australia and oversaw HSBC Australia's response. b) - d) Is the conduct attributable to culture, governance or other practice?
A number of issues regarding its advertising arose in 2012, as identified in Items 12, 13 and 14. These issues arose in part due to a weakness in HSBC Australia's internal compliance process. e) Steps to remedy and prevent recurrence
HSBC Australia's Compliance team prepared a 'Marketing Compliance Manual' to guide the marketing team on the preparation of advertising material that would not be misleading. The 'Marketing Compliance Manual' was updated following ASIC's release of Regulatory Guide 234 and is now reviewed on an annual basis, or more frequently as required.
In addition, HSBC Australia's Compliance team prepared a 'Compliance/Marketing Sign-Off Process' which sets out clear timelines for the approval of advertising material by HSBC Australia's Legal and Compliance teams to minimise recurrence.
29.1.2018 page 39 RCD.0001.0037.0042
CONFIDENTIAL
Item 13
ASIC concerns about potentially misleading credit card advertisements
Date: April - June 2012
Outcome: HSBC Australia waived the relevant fee.
Nature, extent and effect of the conduct
From April to June 2012, HSBC Australia ran a credit card advertising campaign. The headlines included a reference to a 0% balance transfer interest rate. In June 2012 ASIC raised with HSBC Australia its concern that the handling fee of 2% was not sufficiently prominent in the advertisement.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
Yes, ASIC raised this issue as noted above, and is aware of subsequent action taken by HSBC Australia. b) - d) Is the conduct attributable to culture, governance or other practices?
Please refer to the comments in Item 12 above. e) Steps to remedy and prevent recurrence
HSBC Australia took prompt steps to remedy this by not charging the fee to customers who had applied for and were approved a balance transfer during the campaign. HSBC Australia also did not charge the handling fee. HSBC Australia reintroduced the fee in February 2017. Its approach to advertising the fee has changed and HSBC Australia now discloses the fee in the body text and headline statements of advertisements.
29.1.2018 page 40 RCD.0001.0037.0043
CONFIDENTIAL
Item 14
ASIC concerns about potentially misleading credit card opt in invitations
Date: April - June 2012
Outcome: HSBC Australia approached all customers with a revised invitation.
Nature, extent and effect of the conduct
As part of reforms to the National Consumer Credit Protection Act 2009 (Cth), from 1 July 2012 only customers who had 'opted in' can be sent invitations to increase their credit card limit. In preparation for this, in May 2012 HSBC Australia sent letters to its existing credit card customers inviting them to opt in.
In May 2012, as part of an industry wide review, ASIC raised with HSBC Australia concerns that the invitations may be misleading because of, among other things, the use of the words 'freedom and flexibility'.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
Yes, ASIC raised this issue as noted above. b) - d) Is the conduct attributable to culture, governance or other practices?
Please refer to the comments in Item 12 above. e) Steps to remedy and prevent recurrence
HSBC Australia took prompt steps to remedy this by disregarding consents obtained in response to the original invitation, amending the form of the invitation letter and reissuing to all affected customers.
29.1.2018 page 41 RCD.0001.0037.0044
CONFIDENTIAL
Item 15
Misconduct of a financial planner in the provision of financial planning services
Date: April - December 2013
Outcome: HSBC Australia informed ASIC of the financial planner's conduct and fully remediated all affected customers. Following investigation by ASIC, the financial planner was permanently banned from working in the financial services industry. HSBC Australia instituted legal proceedings against the financial planner and notified police who successfully prosecuted him for fraud.
Nature, extent and effect of the conduct
Between April and December 2013, a financial planner employed by HSBC Australia misled six clients into investing in companies which were neither associated with HSBC Australia nor endorsed on HSBC Australia's product list:
In respect of four of those clients, the financial planner misrepresented that the companies were endorsed by HSBC Australia.
In respect of two clients, the financial planner misrepresented that they were investing in a particular HSBC Australia-approved annuity investment.
The financial planner had disguised the fact that client money had not been invested into a product endorsed by HSBC Australia, including making no record of the investments in HSBC Australia systems, forging documents and signatures, and making payments to the clients from his personal account to imitate interest payments.
The financial planner had resigned in 2013 before his misconduct was discovered:
In 2014, HSBC Australia was initially alerted to the financial planner's conduct when two clients enquired about their investments in products which had not been approved by HSBC Australia. These concerns were escalated to senior management and a formal investigation commenced which revealed two further clients who had similar dealings with the financial planner.
In August 2015, HSBC Australia was alerted to different misconduct by the financial planner when customers enquired about the annuity fund they believed they had invested in which was due to mature. HSBC Australia conducted a further internal investigation of the financial adviser's conduct.
29.1.2018 page 42 RCD.0001.0037.0045
CONFIDENTIAL
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
The financial planner's conduct was the subject of several investigations and proceedings:
After being alerted to the financial planner's conduct in 2014, HSBC Australia notified ASIC as the incidents raised potential breaches of obligations under section 912A of the Corporations Act.
HSBC Australia commenced legal proceedings against the financial planner and the relevant companies to recover the lost funds and to send a message that such conduct is dealt with very seriously by HSBC Australia.
In 2015, after different misconduct by the financial planner was discovered, HSBC Australia again notified ASIC, resulting in an investigation by ASIC. Ultimately, ASIC decided to permanently ban the financial planner from working in the financial services industry.
HSBC Australia commenced further legal proceedings against the financial planner and the relevant companies.
HSBC Australia also notified the police in respect of the conduct. The financial planner was convicted of fraud and sentenced to imprisonment. b) - d) Is the conduct attributable to culture, governance or other practices?
HSBC Australia considers this incident to be the result of the unauthorised actions of a single individual who deliberately misled and defrauded customers. e) Steps to remedy and prevent recurrence
The nature of HSBC Australia's internal investigation sends a deterrence message within the organisation.
ASIC permanently banned the financial planner from working in the financial services industry.
HSBC Australia notified the affected clients of the financial planner's conduct, reimbursed those clients and commenced civil proceedings against the financial planner and associated companies. HSBC Australia notified the police who secured a conviction.
29.1.2018 page 43 RCD.0001.0037.0046
CONFIDENTIAL
Item 16
Inadequate disclosure and accessibility of complimentary credit card travel insurance terms
Date: September 2014
Outcome: Following an industry wide review, ASIC contacted HSBC Australia regarding the disclosure and accessibility of the terms and conditions of the complimentary travel insurance offered to HSBC Australia's credit card customers. HSBC Australia made changes to its website to address ASIC's concerns. The concerns were also raised and addressed by ASIC directly with the insurance provider.
Nature, extent and effect of the conduct
In September 2014, ASIC contacted HSBC Australia following an industry-wide review of the terms and conditions booklets distributed by credit card issuers to cardholders which describe the complimentary insurance cover available. ASIC's review found that disclosure in HSBC Australia's credit card travel insurance booklet may be unclear, incomplete or ambiguous. ASIC also raised concerns regarding the accessibility of information on HSBC Australia's website.
The complimentary insurance was offered to HSBC Australia customers by Zurich Insurance Australia Limited under a master policy between HSBC Australia and Zurich. As the provider of the insurance, Zurich was responsible for determining the terms and conditions of the policy.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
ASIC requested a response from HSBC Australia on issues identified by ASIC in its review. b) - d) Is the conduct attributable to culture, governance or other practice?
The inadequate disclosure and inaccessibility of terms associated with complimentary credit card travel insurance was an industry-wide issue. ASIC reviewed issues with 17 credit card brands. The review was initiated following complaints made to ASIC from the general public and disputes data published by the FOS. e) Steps to remedy and prevent recurrence
HSBC Australia promptly made a number of changes to its website to improve the accessibility of the terms and conditions of the policy, and to distinguish between standalone and complimentary travel insurance. ASIC was satisfied with the changes made by HSBC Australia. ASIC also addressed a number of issues in relation to the substantive terms and conditions of the policy directly with Zurich. In early 2015, Zurich decided not to offer renewal of insurance to card issuers and HSBC Australia changed its insurance provider to Allianz.
29.1.2018 page 44 RCD.0001.0037.0047
CONFIDENTIAL
Item 17
Collusion between arrangers in respect of a syndication and bond trade
Date: October 2014
Outcome: HSBC Australia informed the ACCC and ASIC, both of which following investigations, decided to take no further action. HSBC Australia terminated the employment of the individual and conducted an internal review which concluded there were no systemic issues associated with the conduct.
Nature, extent and effect of the conduct
In October 2014, HSBC Australia and a financial institution based in Asia were jointly mandated in relation to a small bond issue for a client based in Europe. As joint lead managers, HSBC Australia and the other financial institution, acting pursuant to the joint mandate, set the price for the primary issue of the bonds. Following the primary sale, each of HSBC Australia and the other lead manager retained a residual principal amount, which would be available for sale on the secondary market.
Subsequently, a client of both HSBC Australia and the other lead manager, which had purchased bonds as part of the primary issue, indicated to HSBC Australia that it intended to purchase additional bonds on the secondary market from both HSBC Australia and the other lead manager.
Following this, an HSBC Australia employee engaged in a series of communications with an employee of the other lead manager in relation to the mutual client's request for additional bonds. Those interactions concerned the number of bonds each would offer to sell, the coupon that would be offered and the basis upon which each lead manager would cover any short position of the other following a trade with the customer. A compliance officer on reading these communications escalated the matter for internal investigation.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
As the incident raised potential cartel issues under the Competition and Consumer Act 2010 (Cth) and market conduct issues under the Corporations Act, HSBC Australia promptly informed the ACCC and ASIC.
Following investigations by the ACCC and ASIC in 2015, both regulators confirmed that no further action would be taken as both regulators were satisfied with the steps taken by HSBC Australia to address the misconduct.
29.1.2018 page 45 RCD.0001.0037.0048
CONFIDENTIAL b) - d) Is the conduct attributable to culture, governance or other practices?
HSBC Australia considers this incident to be the result of the unauthorised actions of a single individual whose employment was subsequently terminated. e) Steps to remedy and prevent recurrence
As noted above in response to 3(a), HSBC Australia:
became aware of the misconduct through the actions of a compliance officer;
conducted an investigation upon becoming aware of the incident;
suspended the individual during the investigation;
terminated the employment of the individual following the conclusion of the investigation; and
promptly informed relevant regulators, including the ACCC and ASIC. As noted above, no further action was taken by either regulator following their respective investigations.
To ascertain whether the incident reflected broader systemic practices, HSBC Australia, in consultation with the ACCC and ASIC, undertook a thorough internal review of the conduct and behaviour of employees in the global banking and markets business involved in the syndication and sale of Australian dollar bonds across a two year period. That internal review concluded:
this was a one-off isolated incident;
HSBC Australia's existing processes and procedures were fit for purpose and were otherwise being adhered to; and
there were no further instances of conduct similar to the incident identified above.
Following the internal review, the incident was considered by the Risk Committee and was subsequently discussed at a meeting of the full HSBC Australia Board.
Notwithstanding the conclusions of the internal review, HSBC Australia implemented further internal training. HSBC Australia has also introduced new electronic surveillance measures to seek to identify misconduct quickly and the Regulatory Compliance team conducts reviews of randomly selected transactions to ensure appropriate monitoring.
29.1.2018 page 46 RCD.0001.0037.0049
CONFIDENTIAL
Item 18
Unauthorised account opening
Date: March 2016
Outcome: ASIC requested HSBC Australia to conduct a review to provide assurance that misconduct had not taken place through the unauthorised opening of customer accounts. The review found that HSBC Australia's internal procedures and processes were appropriate and effective. Only one incident of unauthorised account opening had been identified in the three years 2014-2016.
Nature, extent and effect of the conduct
In late 2016, ASIC requested HSBC Australia to conduct a review to provide assurance that misconduct had not taken place in the sale of retail banking products through the opening of customer accounts without consent.
HSBC Australia's review found:
no new incidents which had not been identified earlier;
the overall control framework, including relevant policies and procedures in place to identify and address misconduct in the opening of customer accounts, is effective in mitigating the risk of unauthorised account opening in the sale of basic retail banking products;
the Retail Banking and Wealth Management (RBWM) Incentive Framework, which measures both qualitative and quantitative factors that contribute equally towards an employee's incentive assessment is effective in discouraging misconduct; and
the compliance and risk culture within the RBWM team, including the oversight of senior management (via the RBWM Risk Forum), is effective in identifying and addressing misconduct.
Before the internal review, HSBC Australia identified one incident of unauthorised account opening (which occurred in March 2016) during the relevant period. The customer had noticed two additional credit cards on their on line banking profile, for which they had not applied. The customer raised this with HSBC Australia and the issue was handled in accordance with HSBC Australia's fraud investigation process, which determined that the account creation was the result of fraudulent conduct by an individual employee. There was no financial loss to the customer. The relevant individual's employment was terminated consistent with the Consequence Management Framework.
29.1.2018 page 47 RCD.0001.0037.0050
CONFIDENTIAL
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
ASIC review and HSBC Australia internal investigation. b) - d) Is the conduct attributable to culture, governance or other practices?
HSBC Australia considers the one incident to be the result of the unauthorised actions of a single individual whose employment was terminated. The review found that the culture, practices, procedures and incentive structure within HSBC Australia were appropriate and effective. e) Steps to remedy and prevent recurrence
The one incident of unauthorised account opening that occurred during the three year period was effectively dealt with at the time and the individual's employment was immediately terminated.
29.1.2018 page 48 RCD.0001.0037.0051
CONFIDENTIAL
Item 19
Incorrect calculation of interest on US dollar investment property loans
Date: July 2010 - April 2017
Outcome: HSBC Australia is reimbursing all affected customers.
Nature, extent and effect of the conduct
In July 2010 the National Credit Code took effect. Section 28 of the Code requires lenders to charge interest on relevant credit contracts at the annual rate divided by 365. HSBC Australia continued to charge interest on its USD market linked home loans at the annual rate divided by 360 (which was the market convention for USD loans generally) until an internal Group-wide review identified this issue in April 2017.
HSBC Australia changed its practice and ascertained there are 106 affected customers to whom refunds will be paid, totalling approximately $77,000. HSBC Australia is working to refund all those customers, with an expected completion date for remediation by the end of February 2018.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
Internal Group review. b) - d) Is the conduct attributable to culture, governance or other practices?
This incident required revision of the calculation methodology in relation to interest on US dollar home loans only. It was not caught earlier as there had been no review conducted in relation to this issue. e) Steps to remedy and prevent recurrence
HSBC Australia is refunding all affected customers. HSBC Australia will now be conducting annual testing of the interest it charges on its USD home loans to seek to prevent this issue recurring.
29.1.2018 page 49 RCD.0001.0037.0052
CONFIDENTIAL
Item 20
Staff member misappropriated client funds
Date: December 2017
Outcome: Internal investigation is ongoing. The client's money was refunded. Staff member's employment was terminated.
Nature, extent and effect of the conduct
In December 2017, a customer raised concerns that an HSBC Australia staff member at a branch in Victoria had misappropriated $20. The customer deposited $320 at the branch but the customer's account was only credited $300. An internal HSBC Australia investigation determined that the staff member had misappropriated the remaining $20. The staff member's employment was terminated and the client's money was refunded.
Responses to questions 3(a) to 3(e) a) Is the conduct the subject of an inquiry, investigation or proceeding?
HSBC Australia's investigation is ongoing to determine whether this is an isolated incident. b) - d) Is the conduct attributable to culture, governance or other practices?
HSBC Australia considers the one incident to be the result of the unauthorised actions of a single individual whose employment was terminated. e) Steps to remedy and prevent recurrence
HSBC Australia refunded the customer's money and terminated the staff member's employment. HSBC Australia is conducting an internal investigation.
29.1.2018 page 50