Banks under fire: The rise of private lawsuits under the Anti-Terrorism Act

February 13, 2015

Westlaw Journals Weekly Roundup

On Sept. 22, 2014, in a watershed verdict that could portend new and increased risk for global financial institutions, a Brooklyn jury for the first time held an international bank civilly liable for facilitating the financing of terrorism under the Anti-Terrorism Act, 18 U.S.C. § 2331.  That case, Linde v. Arab Bank PLC, No. 04-cv-0799, verdict returned (E.D.N.Y. Sept. 22, 2014), may represent the beginning of a new era of civil liability for financial institutions serving customers in high-risk jurisdictions across the world, as terrorism continues to be used as a tool of political resistance and control.  U.S. law enforcement has become increasingly aggressive in prosecuting terrorism and related crimes, including money laundering, since the Sept. 11 attacks and has enhanced its oversight of bank anti-money-laundering compliance.  The Linde case is unique, however, in that it is the first case in which private litigants have used the anti-terrorism statute to hold a financial institution liable for the consequences of transactions the bank processed.  This new exposure to private litigation, in addition to existing criminal and regulatory liability, could represent a paradigmatic shift in how banks and other financial entities need to assess business risk and address anti-money-laundering compliance issues.

The Linde verdict was returned less than six months after a precedential criminal plea by BNP Paribas.  The U.S. Department of Justice described the case as the “first time a global bank has agreed to plead guilty to large-scale, systematic violations of U.S. economic sanctions.”  By its plea, BNP agreed to forfeit nearly $9 billion for its willful movement of at least $8.8 billion through the U.S. monetary system on behalf of individuals and entities in Sudan, Iran and Cuba, despite knowing that such persons or entities were explicitly barred such access by the U.S. government.  Preet Bharara, U.S. attorney for the Southern District of New York, specifically linked BNP’s actions to the support of “acts of terrorism and other atrocities.”  Manhattan District Attorney Cyrus Vance noted, “The most important values in the international community — respect for human rights, peaceful coexistence and a world free of terror — significantly depend upon the effectiveness of international sanctions.”

The legal system’s focus on the use of money laundering to fund terrorism and related criminal activities has never been greater.  But the Brooklyn civil jury took bank accountability and exposure to a new level.  Whether the Linde verdict is ratified on appeal, it is clearer than ever that financial institutions need to assess risk and operate their anti-money-laundering compliance programs with the awareness that they could be held responsible for the actions of their customers on the basis of information missed during the compliance process.

Linde v. Arab Bank

The plaintiffs filed a private civil action against Arab Bank under the Anti-Terrorism Act, which provides for a cause of action for treble damages by “[a]ny national of the United States injured in his or her person, property or business by reason of an act of international terrorism.”  The plaintiffs, consisting of nearly 300 victims or their families, were injured by 24 acts of terrorism, principally suicide bombings committed between 2001 and 2004 during the Second Intifada.  The acts alleged were committed by Palestinian terrorist groups, including Hamas, that are designated as foreign terrorist organizations, or FTOs, by the U.S. government.

The ATA, under 18 U.S.C. §§ 2339A and 2339B, prohibits the provision of material support (including financial services) for crimes committed by terrorists, or to FTOs and those that engage in terrorist activities.  The plaintiffs alleged that between 1994 and 2004, the bank (which has headquarters in Amman, Jordan, and is one of the largest banks in the Middle East) facilitated international terrorism by providing financial services to:

  • FTOs, including maintaining a bank account opened by a Hamas spokesperson in the Beirut branch and processing transfers into that account for the benefit of Hamas.
  • A founder and other leaders of Hamas and charities (“zakats” in Arabic) that acted as fronts for Hamas.
  • The Saudi Committee for Support of Intifada Al Quds, which provided a “comprehensive insurance benefit” to martyrs and their families in the amount of $5,316 (the equivalent of 20,000 Saudi riyals) and lesser amounts to Palestinians imprisoned or injured during the intifada.

The plaintiffs alleged that the bank administered this plan by setting up dollar accounts for beneficiaries and processing the payments, many through the bank’s New York branch, for collection at local branches in the West Bank or Gaza Strip.

In 2010 the bank was sanctioned by the District Court for failing to produce documents, including “know your customer” information on Saudi committee beneficiaries and account information for customers whom the bank admitted had been designated as FTOs and other prohibited parties.  The bank argued that it was prohibited from producing certain documents by the foreign-bank-secrecy laws of Jordan, Lebanon and the Palestinian Monetary Authority.  The District Court rejected that argument and found that the documents the bank withheld went to the issue of whether the institution acted knowingly.  The court imposed sanctions that included an instruction allowing the jury to infer that the bank knowingly provided material support to terrorist organizations and processed payments on behalf of the Saudi Committee.  The bank also was precluded from presenting evidence regarding its “state of mind that would find proof or refutation in the withheld documents.”

At trial, the jury was further instructed that it could consider evidence on the bank’s policies and compliance with industry standards in determining whether it acted knowingly, but only as to the one bank account for which the institution produced documents.  The bank appealed the sanctions order, which the 2nd U.S. Circuit Court of Appeals dismissed for lack of jurisdiction.  The bank also sought a writ of mandamus from the 2nd Circuit and petitioned the U.S. Supreme Court for certiorari, both of which were denied.

The case proceeded to trial in August 2014.  During trial, the bank’s compliance procedures necessarily were front and center, as the institution maintained that it followed proper compliance processes in connection with opening the accounts and handling the transfers at issue in the case.  The jury rendered a verdict in favor of the plaintiffs Sept. 22, 2014, with damages to be determined at a later date.  Following the verdict, the bank filed a motion for a new trial.

Compliance belts and suspenders in today’s climate

Global financial institutions with branches or operations in the United States have generally established a fairly robust infrastructure of anti-money-laundering compliance policies to assess the risk profiles of their customers and comply with U.S. law.  Nevertheless, even the most premier automated systems and data analytics cannot replace the importance of experienced compliance personnel to cull through the data, make inquiries and exercise careful judgment to ensure the bank’s monetary operations are not used to facilitate criminal activity.  The Linde case suggests that financial institutions must continue to evaluate their anti-money-laundering compliance programs, identify areas for enhancements and err on the side of encouraging even more qualitative oversight by compliance personnel when assessing customer activity.

Compliance with anti-money-laundering regulations and the Bank Secrecy Act begins with knowing your customer and understanding the nature of the account holder’s financial activities.  Customer identification and monitoring are at the core of any effective anti-money-laundering compliance program.  Financial institutions are required to obtain, maintain and update customer account information to understand the industries and environments in which their customers operate, with whom they are conducting business and the nature of the account holder’s ongoing transactional activity.  This information must be compared against government lists of known or suspected terrorists and other Office of Foreign Assets Control, or OFAC, screening lists.  Although banks typically rely on automated programs from specialized third-party providers for screening and negative news reports, the bank’s compliance personnel are responsible for tailoring their oversight according to the risk profile of the customer, the nature of services provided, the pattern of transactional activity, the geographic location where the activity is conducted and other “red flags” that may come to the attention of any department of the institution.

The key to an effective anti-money-laundering compliance program is the qualitative, ongoing monitoring of account activity using this risk-based approach.  Bank compliance staff is required to synthesize information around customer accounts and transactional activity to identify any unusual or suspicious activity that triggers follow-up inquiries, service restrictions, closure of accounts and/or filing of suspicious-activity reports, or SARS, with U.S. banking regulators when appropriate.  SARs that are proactively filed with the Financial Crimes Enforcement Network are generally precluded from disclosure in third-party litigation and, accordingly, a financial institution’s liability for inadequate anti-money-laundering compliance must be established by private plaintiffs through other evidence.

Consideration of the perceived compliance gaps attributed to the bank in the Linde case may offer insights and guidance with respect to other steps that financial institutions should consider to mitigate their litigation exposure.  Aside from limiting potential civil liability in the wake of Linde, these recommendations also serve to assist financial institutions with managing reputational risk.

Creative spelling counts

In Linde, the bank opened an account for a founder of Hamas — Sheikh Ahmed Yassin, who was designated a “specially designated national” by the OFAC.  At trial, the bank conceded that its failure to detect Yassin in its screening process was a “mistake.”  The spelling of Yassin’s name on the account transfer form, “Ahmad Ismail Yasine,” differed from the spelling on the OFAC list in 1995, which was “Shaykh Ahmad Yasin,” as well as the OFAC list in 2003, which listed him as “Sheik Ahmed Yassin.”  The jury in Linde held the bank responsible for failing to connect its account holder to the other variations of his name on the government screening list.

Linde demonstrates the considerable consequences for banks from this type of error.  When running automated searches through screening software, financial institutions need to account for spelling variations and misspellings of individual and entity names.  Relying only on the English spelling of names or the use of the English alphabet is insufficient.  In particular, translated names often have many variations in spelling.  Accordingly, companies would be well advised to use screening software that can search in the native language and alphabet of the subject entities and individuals and is equipped with sufficient artificial intelligence or fuzzy logic to capture variations in spelling in the English alphabet.

Negative news

In closing arguments, the plaintiffs referred to the bank as “the bank of the stars in the world of terrorism” that provided financial services to Hamas leaders who were well known in the Gaza Strip, the West Bank and beyond.  The plaintiffs cited as an example that the bank opened an account and authorized a transaction on behalf of the leader of the Hamas military wing.  Despite the fact that this individual was not on any government watch list, the plaintiffs suggested that the leader was “very famous” and the bank should have known he was affiliated with Hamas.  The bank argued that it would be unfair to place on financial institutions the insurmountable burden of investigating customers who do not appear on government lists.

Similarly, the plaintiffs contended that the bank should have understood, on the basis of the charity’s website and published newspaper advertisements, that the mission of the Saudi Committee was to provide remuneration to the families of terrorists.  The Saudi Committee’s website indicated it used donations for “every entitled [Palestinian] through the Arab Bank in Palestine” and listed “martyrs” by name with a cause of death noted as “suicide attack.”   Newspaper advertisements in the territories similarly described potential recipients as “martyrs.”

This information connecting the bank’s customers and transactional activity with acts of terrorism was in the public domain but did not make its way into the bank’s compliance system.  Financial institutions are understandably loathe to take on the responsibility to investigate and gather all public information that may be potentially related to its customers’ activities, and they may face liability for failing to do so.  Nevertheless, in light of the Linde decision (and whether or not the verdict survives appeal), financial institutions would be well advised to expand their monitoring of public sources and online data to capture a wider net of information through their automated screening systems when they have customers operating in jurisdictions that are high risk for terrorist financing and money laundering.

Cultural context

An effective compliance program must be designed to understand the cultural and business context in which the financial institution’s customers do business.  In Linde, the plaintiffs presented evidence that the bank received a spreadsheet noting that three beneficiaries of Saudi Committee transfers that the institution processed died in “martyr operations.”  The plaintiffs contended this provided a basis for the bank to know it was funding terrorist attacks by compensating the families of suicide bombers.  Testimony at trial highlighted the varying cultural understandings of the term “martyr,” with a banker in the Palestinian territories suggesting the word represented a deceased person and a London banker acknowledging a very different view: “[i]f [charts stating ‘martyr operations’] had arrived in London, which one never did, in my experience, we would have immediately commissioned probably a multiple suspicious-activity report because this is something which we were most unused to dealing with.”  Unsurprisingly, with its verdict, the U.S. jury appears to have adopted the London banker’s view that “martyr” connotes an association with terrorism in that region.

This testimony reinforces the importance to global financial institutions of having central oversight of regional compliance to consider and account for cultural differences in language and understanding of any potential red flags.  That type of qualitative review can prevent inconsistent judgments as to what constitutes suspicious activity within different operations of the bank, especially when the standards to be applied in litigation in U.S. courts will probably reflect cultural sensitivities that are more aligned with Western perspectives.  In addition to highlighting the need to establish appropriate oversight of regional compliance, the Linde case demonstrated a process breakdown within regional compliance, since both the director of operations for the Palestinian territories and a regional manager tasked with auditing Ramallah operations did not recall reviewing the “martyr” spreadsheets, even though the documentation had been directed to the attention of the latter officer for review.

Anti-money-laundering compliance oversight and risk assessment needs to be adaptable to nature and experience in the jurisdictions where customers reside and do business.  In the aftermath of Linde, financial institutions should consider treating charities in jurisdictions known for terrorist financing as high-risk customers warranting more extensive transactional monitoring.  Bank employees within the business and compliance sectors should receive training about the enhanced due diligence procedures required for customers who fall into this profile.

Conclusion

Whether or not the Linde verdict is revisited on appeal, this precedential outcome has sent a shock wave throughout the banking industry and put global institutions on notice that they may find themselves accountable in U.S. civil courts for any perceived gaps in their compliance processes.  Until the extent of liability under these heightened compliance duties is fully resolved in the courts, financial institutions must continue to increase their anti-money-laundering diligence in high-risk jurisdictions where terrorism remains a persistent challenge.