On September 22, 2014, following a two-month trial, a federal jury in the Eastern District of New York ruled in favor of a group of 297 individual plaintiffs in a civil suit accusing Arab Bank PLC, headquartered in Amman, Jordan, of supporting terrorism. Linde v. Arab Bank PLC, No. 1:04-CV-2799 (E.D.N.Y. filed July 2, 2004).
SUMMARY OF THE LEGAL ACTION
In summary, the plaintiffs alleged that Arab Bank was liable under the U.S. Anti-Terrorism Act, 18 U.S.C. § 2331, et seq. (the “ATA”), for the deaths and/or severe injuries resulting from acts in international terrorism that occurred between 2001 and 2004, because the bank had processed and facilitated payments for Hamas and other terrorist or terrorist-related organizations, their members, the families of 1suicide bombers, or Hamas front organizations.
Over the course of the two month trial, the plaintiffs presented evidence they said showed that Arab Bank knowingly provided material support to Hamas by maintaining accounts for people and entities controlled by Hamas (in part via an account that accepted checks explicitly made out to beneficiary "Hamas"), and that the Bank facilitated millions of dollars in direct transfers to the families of suicide bombers and other terrorist operatives through the Saudi Committee for the Support of the Intifada al Quds and the Al-Shahid Foundation. Notably, the plaintiffs argued that the Bank should be held liable because it should have known or was willfully blind that certain charities were affiliated with Hamas, in part, because of various newspaper reports and publically available websites that published the activities of the charities linking them to the support of terrorism.
Arab Bank defended its actions at trial, maintaining that it did not knowingly aid Hamas or any other terrorist organization. The Bank highlighted the fact that the electronic funds transfers at issue (for example, those routed through New York) were screened against the Office of Foreign Assets Control (“OFAC”) list of “specially designated nationals” or “SDN List,” and that the bank ceased processing funds 2 transfers for parties once they were added to the SDN List. A separate trial will be held to determine damages.
IMPLICATIONS FOR FINANCIAL INSTITUTIONS: THREE POSSIBLE TAKE-AWAYS
What this means for financial institutions, particularly foreign banks that increasingly face the potential reach of U.S. laws and plaintiffs, remains to be seen. But there are three take-aways worthy of immediate consideration.
First, if the verdict is sustained on appeal, it may embolden other plaintiffs who allege similar injuries from acts of international terrorism to seek similar redress in U.S. courts. If so, banks within the jurisdictional 3 reach of this law might want to evaluate their potential exposure to such lawsuits.
Second, while banks are accustomed to evaluating their compliance risks with respect to enforcement by their financial regulators, this decision potentially opens the door to expanded theories of civil liability for “failures” in customer identification programs (“CIP”), transaction monitoring and ongoing know-your- customer (“KYC”) obligations. That is, the plaintiffs in this case appear to have successfully argued that news reports and websites that specifically named Arab Bank as a facilitator of these payments as well as the names of the suicide bombers or “martyrs” involved, demonstrated that the Bank knew or should have known that the account-holders were owned or controlled by a foreign terrorist organization or otherwise involved in terrorist activities. The case could also be read to establish the point that, in respect to terrorist financing-based liability, the mere fact that a person or entity is not on the SDN list does not 4 provide a safe haven from civil liability.
Finally, while many financial institutions take account of multiple data sources in their Financial Intelligence Units (“FIUs”) as a matter of customer on-boarding and ongoing KYC monitoring, a determination of civil liability predicated in part on a failure to take account fully of public and/or online proprietary databases appears new. This theory emphasizes the point that ongoing KYC is broader than an analysis of CIP documentation and transactional data – the two aspects tied to the customer’s interaction with the financial institution itself -- and may require additional KYC input from publicly available on-line and even human resources as a risk mitigation strategy. Moreover, where the bank suspects that a customer is engaging in suspicious activity, or identifies information from publicly available and credible websites indicating a link to terrorist activity, filing a SAR, for example, may not insulate the financial institution from liability. Further investigation and action, including notification to law enforcement and account closure, may be required.