On 22nd September 2014, a federal jury in New York found Arab Bank PLC liable for knowingly supporting terrorism. This is a landmark ruling in the first civil trial to be brought against a bank under the US Anti-Terrorism Act, finding the Jordanian lender guilty of providing financial services to the Palestinian Islamist group Hamas.

Whilst this blog won’t go into the full details of the claims and counter defense (the case is Linde et al. v. Arab Bank, U.S. District Court for the Eastern District of New York, No. 04-2799), according the New York Times, the ruling came despite Arab Bank’s insistence that it used the same money-laundering-prevention processes as every other international financial institution and complied with international banking standards by checking wire transfers against government terrorist blacklists. A point backed up by Ziyad Fariz, Jordan's central bank governor who stated:

“The Central Bank of Jordan remains confident about the strength of Arab Bank's banking operations and compliance procedures and ability to withstand the likely repercussions of this litigation.”

Whilst the verdict on Arab Bank is currently under appeal, what is clear is that, as reported by many media outlets such as Forbes, this result is expected to be of strong concern to the wider financial world as it could set a precedent for similar attempts to hold companies legally liable for the actions of their clients, almost regardless of their compliance statements. For example, according to a report from Reuters immediately following this result a U.S. appeals court revived lawsuits against National Westminster Bank by victims of attacks in Israel attributed to Hamas, who are seeking to hold the Bank liable for handling transactions linked to that Group.

Should this be the start of a legal trend, the pressure on financial institutions to go beyond just regulatory requirements when tackling financial crime and compliance risk, which is already towards the top of many corporate agendas, is clearly about to go up another notch.

In line with this, the need to “enhance corporate governance, including management functions, compliance proceedings and risk management culture” feature strongly in the latest report on Risks and Vulnerabilities in the EU Financial System, issued in the same week.

This report emphasizes the importance and focus on business conduct risks and describes the first policy steps that the various European Supervisory Authorities (ESAs) have initiated to address rising and increasingly materializing concerns relating to operational risks, particularly those linked to conduct risk. According to an extract from the report:

“Conduct risk refers to risks relating to the way in which a firm and its staff conduct themselves, and includes matters such as how consumers are treated, how products are designed and brought to market, remuneration of staff, and how firms deal with conflicts of interest or resolve similarly adverse incentives.

A wide variety of particular conduct risks can originate from misalignments with a number of regulatory requirements governing conduct of institutions in these areas including, among others, the miss-selling of financial products, the manipulation of financial markets, breaches of best execution principles, irresponsible lending and violations of anti-money laundering rules or trade sanctions (my highlighting).”

At both a business and IT level, questions are already being asked about the wider risk and control framework and the firm’s ability to align GRC and financial crime processes and systems in order to improve decision making through improved insight, visibility and assurance over customers, transactions and corporate behavior alike.

As a result of the well publicized incidents and losses reported globally over the past few years linked to conduct risk, the ESA report adds:

“The rising scope and number of detrimental incidents around those (conduct) risks as well as the considerable financial and reputational damages they might cause, indicate a need for many institutions to enhance corporate governance, including management functions, compliance proceedings and management  risk culture.....conduct risks should clearly not be solved by means of additional capital requirements alone…..”

So how are you tackling the ever increasing attention from regulators and supervisors on business conduct, along with the potential future impacts of civil actions linked to client behavior? Is this changing your risk and compliance thinking and approach, particularly when dealing with higher risk business? Let us know, we’d love to hear from you.