A senior HSBC executive has privately admitted that the bank is “cast-iron certain” to have another major regulatory breach in the future, and is struggling on multiple fronts to clean up its worldwide operations.

Global head of sanctions Lee Hale – whose recorded comments appear to contrast with public statements from HSBC’s chief executive that the bank has fundamentally transformed itself after recent scandals – said gaps remained in the bank’s compliance with sanctions policies and the screening of certain financial transactions.

Stuart Gulliver, HSBC’s chief executive since 2011, and Rona Fairhead, chair of HSBC North America as well as the BBC Trust, have repeatedly assured the UK parliament that the bank today is markedly different from when its Swiss branch facilitated large-scale tax evasion, or when its Mexican branch was found by US authorities to be complicit in multimillion-dollar money-laundering for drug cartels.

HSBC files show how Swiss bank helped clients dodge taxes and hide millions Read more

“In terms of actually tightening HSBC, making it a simpler business, making it a business that actually follows the highest standards of money-laundering controls, knowing our customers and tax transparency, substantial root-and-branch reforms have taken place,” Gulliver told the Commons public accounts committee in February.

But an audio recording, heard by the Guardian, of a confidential meeting held in the last three months reveals that Lee Hale set out a much more complex picture of the bank’s progress in bringing its procedures into line with what authorities expect.

In a statement, HSBC said it did not recognise the comments in the recording, which it said had been taken out of context. The bank said it was unable to provide specific examples of inaccuracies by the time of publication.

Hale was meeting with independent lawyers monitoring HSBC as part of a controversial 2012 deal with the US Department of Justice, in which the bank avoided prosecution over sanctions-busting and money-laundering in its Mexican branch in exchange for paying a $1.9bn fine and receiving additional regulatory scrutiny for a period of five years. The deferred prosecution agreement was signed by the then US attorney for the eastern district of New York, Loretta Lynch, who is now Barack Obama’s nominee for US attorney general.

During the meeting, which lasted several hours, Hale set out the bank’s achievements in updating its compliance procedures and strengthening its reporting and its financial controls in a number of different areas of its global operations.

He told the monitors that the bank’s size made large-scale breaches a virtual inevitability, and said he was not yet “comfortable” with compliance in some significant areas of its operations.

During a long exchange about HSBC’s new policy on sanctions and internal breaches of company rules, Hale told the regulator that “given the size and scale of HSBC”, in his view “it is a cast-iron certain[ty] this will happen, at some point in the future we’re going to have some big breach, some regulatory breach”.

He added: “I hope it doesn’t happen, but it is likely.”

Under pressure from regulators and investors alike, Gulliver has repeatedly insisted HSBC is not too big to manage. The pressure was heightened by the revelations of wrongdoing at its Swiss private bank, published by the International Consortium of Investigative Journalists, the Guardian, Le Monde and others.

Facebook Twitter Pinterest Stuart Gulliver appearing before a parliamentary committee in February. Photograph: Reuters

Gulliver says he has greatly tightened internal management at the bank, dropping its previous federation structure, in which each country’s operations had significant autonomy.

However, Hale suggested in his conversation with the monitor that HSBC’s sprawling 70-country operation was still a significant complicating factor in the work of the bank’s 7,000-strong compliance team.

“I think you have to appreciate it’s difficult for us as a firm, we obviously operate in over 70 countries and we visited a number of countries in 2014 where we haven’t executed the programme,” he said.

Asked whether he anticipated broad breaches in the bank’s governance, Hale said there were “a couple of categories” where his team were considering whether policy was sufficient, as his staff still had concerns that the bank was not doing enough. He noted that to state definitively at that stage that there were broad breaches would be a “big statement to make”.

Pushed for more detail by the monitors, Hale identified the screening of charitable donations as an area of concern for his team. “That would be one example where I’m not entirely comfortable we’ve done enough,” he admitted. He did not go on to detail any others.

The British executive also highlighted the “painful process” of improving reporting standards across the banking group to ensure compliance with sanctions policies – one of the principal causes of HSBC’s record-breaking US fine.

He said his team had a backlog of more than 90 dispensations requests – formal requests to perform an action that would otherwise be against HSBC policies – which he had refused to sign off because they were not in his view of a sufficiently high standard.

Explaining the past difficulty of overhauling sanctions standards at the bank, Hale said HSBC staff were not used to providing the required level of detail for compliance to sign off dispensations. He said: “I think it’s really the first time where we’ve looked to do this with the right level of rigour … the quality of the initial submissions was not great.”

The monitor is required each year to file a lengthy report to the Department of Justice, which in turn files a much shorter summary update to a court in New York. As the agreement was signed in December 2012, the head of the DoJ’s criminal division said HSBC had the “sword of Damocles” over its head should it not follow through on its commitments.

The latest progress report, filed on Wednesday, said HSBC had made progress and was “better protected from and positioned to detect financial crime”, praising the efforts of senior executives and compliance staff.

However, the report also raised several concerns about HSBC’s progress, including in relation to its corporate culture, saying: “Some of HSBC Group’s historical cultural deficiencies continue to pervade its operations today.” Senior staff in the US-based global banking and markets division were criticised specifically.

Such criticism of HSBC culture is likely to come as a disappointment to the bank’s North America chair, Fairhead, who previously chaired the bank’s audit committee during several of the bank’s high-profile ethical lapses, and who also serves as the chair of the BBC Trust and a non-executive at PepsiCo.

Fairhead had told the public accounts committee that her approach to audit had relied substantially on “the culture of HSBC, which was widely regarded as being of high integrity”, which then turned out to be inadequate. Fairhead said she had subsequently helped drive through reforms.

The recorded monitor discussions also touched on problems in the bank’s US compliance team. Hale said: “The internal audit team have done a US review and it’s not great in terms of what they’ve found.” The findings, according to Hale, prompted the bank to terminate the employment of one of the bank’s senior compliance executives in New York, a former sanctions official at the US Treasury.

In 2012, a US Senate report noted that a high turnover of compliance staff at the bank’s US subsidiary had made reforms difficult to implement.

HSBC said in a statement that it did not recognise the Guardian’s information, and that it was in compliance with its deferred prosecution agreement (DPA).

“We do not recognise the comments as presented to us by the Guardian, which contain inaccuracies and have been taken out of context,” it said. “The US justice department has recognised that HSBC has made material progress towards meeting the most stringent compliance standards imposed to date upon a global financial institution. We continue to meet all of our obligations under the DPA.”