Out across the street from my office window stands a block of commercial properties. Scanning from right (north) to left (south) they comprise:  BBC Oxford (not shown in the picture), a closed Laura Ashley shop, an open ‘sound and vision’ shop, and a closed bank branch. Things can sometimes look a bit grim down here in the South Midlands.

The bank in question is HSBC and the branch was closed on 21 May 2021. I have a personal account with HSBC which dates from over 55 years ago and have managed a small business account with the bank for more than 20 years.  The acquisition of the property from which the picture was taken was financed by a commercial mortgage from HSBC, fully paid off a few years ago. It can fairly be described as a long, close and mutually beneficial relationship, until now.

Notwithstanding its proximity, I was not an intensive user of the branch, handling most things online, but it was a useful facility for some purposes of a non-routine nature. The staff were invariably helpful.  There was therefore a consequential loss of service from the closure for sure, but it was as nothing compared with what was to follow in the wake of the departure of the humans.

What followed was a denial of access to the business account on or about 13 December 2021, of which formal notification was received by post on 21 December, around a week after the action was taken.  The notification said simply:  “We are now letting you know that access to your business account(s) and all related services have been withdrawn.”  No reasons were given.  It was not exactly customer-friendly, nor was it an orderly way of closing down an account.  

It was, to say the least, a rather draconian measure (not made less severe by the closeness to Xmas, with a major epidemic wave in progress). Denial of access to the means of payment strikes at the heart of a central process of any commercial society, the ability of individuals or businesses to conduct exchange transactions. And this happened to an account with a simple, regular transactional pattern, easy to observe and check (in minutes), with a consistent positive balance measured in tens of thousands of pounds.  For HSBC it had been a very safe and profitable account over a long period, but nevertheless the bank chose to seize control of the assets.

Banks can do this at any moment for business accounts, without any requirement to give reasons (personal accounts have some protection, albeit of a limited nature). It is a power not dissimilar to those that might normally be associated with a police state, a power that can be exercised without checks and balances. 

Government and Parliament might usefully ask themselves whether this is what they intend to be the case. To illustrate with just one example of consequential harms: an immediate effect of the denial of access was to suspend direct debit arrangements with HMRC for VAT and PAYE payments. 

So, what is going on here? And how did we get here ?

When singular events like this happen, an effective, heuristic procedure is to track backwards from the event along a causal chain, repeatedly asking the question Why?  This tends to lead to the identification of ‘root causes’ which, once found, are usually discovered to have far wider effects than just the singular event at the end point of the chain from which the questioning begins.  

The trail of causation in this case leads quickly to HSBC arrangements that go under the label ‘Safeguard’.  The very name resonates with concerns about unbridled power and its abuse: the ‘Committee for Public Safety’ of the revolutionary French Assembly comes to mind, with its notion of the guillotine as an instrument of ‘Public Safety’. 

 Fortunately, necks are not involved today, but wannabe Robespierre’s can bring a guillotine down on business bank accounts and thereby disrupt quotidian transactional activity, without any checks and balances whatsoever.

The development of ‘Safeguard’ most likely has something to do with prosecutions of HSBC for the laxness/laziness of its approach to money launderers, including a fine of £63.9 million announced in the media as recently as 17 December 2021 (which itself was peanuts compared with an earlier $1.9bn fine in the US in 2012 for conduct that involved Mexican drug cartel money) HSBC fined £64m for anti-money laundering failings – BBC News

At a minimum, it would have been a convenient new-virtue signal in negotiations with the Financial Conduct Authority (FCA) about the magnitude of the fine, reportedly reduced from an initial £91 million:  “Look, we are changing our ways of doing things.” 

The problem is that the ‘Safeguard’ programme is actually a continuation of the laxness/laziness, a root cause of which is an incentive structure in which, other things equal, money-laundering is profitable for banks.  Things are almost inevitably awkward when the designated police are beneficiaries of the crimes, a context that provides a rich seam of material for movies and small-screen detective series. 

Arguably worse than that, ‘Safeguard’ has been a form of extortion: “the act of getting something, especially money, by force or threats” (Cambridge English Dictionary).  It isn’t money in the case in question, it is nominally about information: ‘fill in all elements of this online form or we will close the account on 13 December’ was the threat.  

But it isn’t really about information either, because for well-established accounts the information required for HSBC ‘consummate’ (in the spirit of the laws) compliance with Anti Money Laundering Regulations (AMLR) is already in the hands of the bank. 

From the perspective of the little Robespierre’s, my crime was to decline to provide a small number of pieces of redundant information, i.e. to refuse to yield to the extortion.  In the end period, coming toward the 13 December deadline, there were daily messages from the Safeguard people that repeatedly re-emphasised the imminence of the closure threat.  

They were focused solely on getting the form completed, to the point of harassment of HSBC’s business customers. That was an example of a familiar bureaucratic dysfunction: loss of a sense of the wider purposes of a programme or organisation.

There can be no defence for this conduct in the letter of the laws, of the ‘we were only following orders’ type. Nothing in the AMLR requires that a bank seek the information in contention from established customers. It was a discretionary choice by HSBC to demand this information, thereby imposing an excess compliance burden on bank customers. Worse than that, by making the information provision wholly and solely determinative for the closure decision, HSBC consciously chose to ignore or completely discount information that it has on its own records and which is much more salient for assessing money-laundering risks.

Why might it have been moved to discount highly salient information in this way? What is the motivation?  

Fraud detection is a difficult and effortful activity, costly in terms of the resources required to do it effectively. It is therefore much more convenient and less costly to go through a pretend, box-ticking exercise, with the added benefit for managers of shifting part of the compliance burden on to customers as a group.  

The risk is, of course, that keen-eyed regulators might well conclude that, when unwrapped and examined closely, this looks rather like non-compliance with the AMLR, i.e. it is the very same laxness/laziness/effort-avoidance that led to that £63.9 million fine. 

Different banks have taken different views on how to resolve this trade-off (experience with a business bank account with Barclays for an education/research charity which I manage stands in stark contrast with the HSBC experience).  HSBC made its own call and, on the face of it, it is not one that appears to have attached a high weight to the competence and perspicacity of the relevant regulatory authorities.     

Moving back to the specifics of the incident that has triggered these thoughts, a review of the account was requested in a letter to the Chief Operating Executive of the bank (earlier requests to move the issue up the management food chain had been ignored). 

That was a request for a wider, more salient body of information to be considered in making an account closure decision.  In the specific case not much extra effort would have been needed:  ten or fifteen minutes looking at the transactional pattern would likely have sufficed. 

In an email from the ‘Safeguard’ team it was claimed that they had done a review and had found that, guess what, the questionnaire was not complete. Well, there was no dispute about that, but that is not a review: it’s repetition. They were stubbornly reluctant to do the fairly minimal checking required which might, for example and God forbid, have involved talking with a human in another part of the bank.  That’s another familiar pathology of bureaucracy: each unit defends its own territory and is reluctant to engage with other units.  We know it so well. 

Recognising the futility of dealing with the bank any longer, I sought reassurance that, in the event of closure, the balances could be transferred to another account.  The bank surely wouldn’t just steal the money, would it?  Reassurance was given in one of those online chats, but I detected a hint of dissembling in the way that it was phrased in the online conversation. 

In retrospect, I should have tested that out more rigorously at the time.  Would the bank ‘kidnap’ the money for a duration of its own pleasing and for no good reason?  Yes, it would. 

In the event and as indicated earlier, I received notification on 21 December that access to the account was now denied, a notification I posted on Twitter that day to serve warning of HSBC Business Banking’s contemptuous attitude to its customers.  Before that, on 15 December, by email to HSBC Safeguard I had requested that the bank either (a) unblock the account until such time as a proper review of it had been conducted, or, failing that, (b) HSBC itself transfer the funds out of the account to a designated alternative. 

There was no immediate response, so on 17 December I hand-delivered a short, written, signed instruction to the manager of the still open city centre branch of HSBC:  “This account having been locked, for no good reason, I instruct you to immediately transfer the balance in the current account to …“.   

That this has not been done to date comes as no surprise – although blocking the movement of funds destined for a competing bank, without objective justification, is a slam dunk restriction of competition (as I expect both the FCA and the Competition and Markets Authority will note immediately) – but what was interesting about the branch visit was the fleeting encounter with another human face. 

 Handing the letter over to one of the staff, which she said she would direct straight to the business banking people, I mentioned the word ‘Safeguard’.  At that, above a partly masked face, her eyes rolled. The eyes signalled that there are bodies buried here. Later exchanges with former HSBC staff corroborate that inference.

The human face is, of course, a great communicator of information, both intended and unintended, and the evolution of the human brain owes much to its capacity to read both the faces and conduct of others (so as to assess their intentionality and their likely future conduct). The information content of Mickey Mouse, tick-box questionnaires is of a much lower order. It’s not the way to catch crooks, is it? 

Professor George Yarrow is an Emeritus Fellow of Hertford College, Oxford. In a previous life he has inter alia: led a team reporting to the Cabinet Office on how best to obtain information from small businesses on the regulatory burdens they face; given evidence to the Competition Commission investigation into SME Banking; and led a team reporting to the FCA on appropriate guiding principles for the regulatory approach of the Payments System Regulator, a world-first institutional innovation in the supervision of money transmission services.