On September 22, 2014, following a two-month trial, a federal jury in the Eastern District of New  York ruled in favor of a group of 297 individual plaintiffs in a civil suit accusing Arab Bank PLC,  headquartered in Amman, Jordan, of supporting terrorism. Linde v. Arab Bank PLC, No. 1:04-CV-2799  (E.D.N.Y. filed July 2, 2004).


In summary, the plaintiffs alleged that Arab Bank was liable under the U.S. Anti-Terrorism Act, 18  U.S.C. § 2331, et seq. (the “ATA”), for the deaths and/or severe injuries resulting from acts in  international terrorism that occurred between 2001 and 2004, because the bank had processed and  facilitated payments for Hamas and other terrorist or terrorist-related organizations, their  members, the families of 1suicide bombers, or Hamas front organizations.

Over the course of the two month trial, the plaintiffs presented evidence they said showed that  Arab Bank knowingly provided material support to Hamas by maintaining accounts for people and  entities controlled by Hamas (in part via an account that accepted checks explicitly made out to  beneficiary "Hamas"), and that the Bank facilitated millions of dollars in direct transfers to the  families of suicide bombers and other terrorist operatives through the Saudi Committee for the  Support of the Intifada al Quds and the Al-Shahid Foundation. Notably, the plaintiffs argued that  the Bank should be held liable because it should have known or was willfully blind that certain  charities were affiliated with Hamas, in part, because of various newspaper reports and publically  available websites that published the activities of the charities linking them to the support of terrorism.

Arab Bank defended its actions at trial, maintaining that it did not knowingly aid Hamas or any  other terrorist organization. The Bank highlighted the fact that the electronic funds transfers at issue  (for example, those routed through New York) were screened against the Office of Foreign Assets  Control (“OFAC”) list of “specially designated nationals” or “SDN List,” and that the bank ceased  processing funds 2 transfers for parties once they were added to the SDN List. A separate trial will be held to determine damages.


What this means for financial institutions, particularly foreign banks that increasingly face the  potential reach of U.S. laws and plaintiffs, remains to be seen. But there are three take-aways  worthy of immediate consideration.

First, if the verdict is sustained on appeal, it may embolden other plaintiffs who allege similar  injuries from acts of international terrorism to seek similar redress in U.S. courts. If so, banks  within the jurisdictional reach of this law might want to evaluate their potential exposure to such lawsuits.

Second, while banks are accustomed to evaluating their compliance risks with respect to enforcement  by their financial regulators, this decision potentially opens the door to expanded theories of civil  liability for “failures” in customer identification programs (“CIP”), transaction monitoring and  ongoing know-your- customer (“KYC”) obligations. That is, the plaintiffs in this case appear to  have successfully argued that news reports and websites that specifically named Arab Bank as a  facilitator of these payments as well as the names of the suicide bombers or “martyrs” involved,  demonstrated that the Bank knew or should have known that the account-holders were owned or  controlled by a foreign terrorist organization or otherwise involved in terrorist activities. The  case could also be read to establish the point that, in respect to terrorist financing-based  liability, the mere fact that a person or entity is not on the SDN list does not provide a safe haven from civil liability.

Finally, while many financial institutions take account of multiple data sources in their Financial  Intelligence Units (“FIUs”) as a matter of customer on-boarding and ongoing KYC monitoring, a  determination of civil liability predicated in part on a failure to take account fully of public  and/or online proprietary databases appears new. This theory emphasizes the point that ongoing KYC  is broader than an analysis of CIP documentation and transactional data – the two aspects tied to  the customer’s interaction with the financial institution itself -- and may require additional KYC  input from publicly available on-line and even human resources as a risk mitigation strategy.  Moreover, where the bank suspects that a customer is engaging in suspicious activity, or identifies  information from  publicly available and credible websites indicating a link to terrorist activity,  filing a SAR, for example, may not insulate the financial institution from liability. Further  investigation and action, including notification to law enforcement and account closure, may be required.