The Financial Conduct Authority (FCA) issued the punishment after finding “serious weaknesses” across HSBC’s automated systems used to monitor hundreds of millions of transactions a month to identify possible criminal activity.
It highlighted three key failings which were found over the eight years from March 2010 to March 2018.
This included failures to consider whether the scenarios it used until 2014 to identify money laundering and terrorist financing covered relevant risks, as well as “poor” risk assessment of new scenarios after 2016.
The FCA also reported failures to “appropriately test and update the parameters” of the bank’s systems.
HSBC was also found to be inadequately checking the accuracy and completeness of the data being fed into its monitoring systems.
The bank did not dispute the findings and agreed to settle at the earliest opportunity, resulting in a reduction in the fine from £91 million.
Mark Steward, executive director of enforcement and market oversight at the FCA, said: “HSBC’s transaction monitoring systems were not effective for a prolonged period despite the issue being highlighted on numerous occasions.
“These failings are unacceptable and exposed the bank and community to avoidable risks, especially as the remediation took such a long time.
“HSBC continued their remediation to address these weaknesses after the relevant period.”
An HSBC spokesman said: “We are pleased to resolve this matter, which relates to HSBC’s legacy anti-money laundering systems and controls in the UK.
“As is well known, in 2012 HSBC initiated a large-scale remediation of its financial crime control capabilities.
“More recently, as the FCA recognised, HSBC has made significant investments in new and market-leading technologies that go beyond the traditional approach to transaction monitoring.
“HSBC is deeply committed to combating financial crime and protecting the integrity of the global financial system.”