Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • 2nd Circuit: Banking a known terrorist organization does not, by itself, establish Antiterrorism Act liability

    Courts

    On April 7, the U.S. Court of Appeals for the Second Circuit affirmed summary judgments (see here and here) dismissing amended complaints filed in two actions seeking to hold a U.K. bank and a French bank, respectively, liable under the Antiterrorism Act of 1990 (ATA) for allegedly “providing banking services to a charitable organization with alleged ties to Hamas, a designated Foreign Terrorist Organization (FTO) alleged to have committed a series of terrorist attacks in Israel in 2001-2004.” The complaints alleged that the U.K. bank and the French bank knowingly provided banking services, including sending millions of dollars in wire transfers, to organizations previously designated by the U.S. as Specially Designated Global Terrorists. The district court referred to the 2nd Circuit’s decision in Linde v. Arab Bank PLC, in which the appellate court held that “a bank’s provision of material support to a known terrorist organization is not, by itself, sufficient to establish the bank’s liability under the ATA,” and that “in order to satisfy the ATA’s requirements for civil liability as a principal,” the bank’s act must “also involve violence or endanger human life.” Moreover, the Linde opinion held, among other things, that a bank’s act must be intended to intimidate or coerce the civilian population or influence or affect a government, and that the bank “ must have been ‘generally aware of [its] role as part of an overall illegal or tortious activity at the time’” the assistance was provided.

    The plaintiffs argued in a consolidated appeal that the district court misapplied the Linde holding and erred in concluding that the evidence presented was “insufficient to permit an inference that the bank was generally aware that it was playing a role in terrorism.” The banks countered that if the appellate court reversed the judgments, the claims should be thrown out for lack of personal jurisdiction. On appeal, the 2nd Circuit agreed with the district court’s dismissal of claims “on the ground that plaintiffs failed to adduce sufficient evidence that the bank itself committed an act of international terrorism within the meaning of §§ 2333(a) and 2331(1)” of the ATA. The opinion noted, among other things, that the plaintiffs’ experts said the charities to which the banks transferred funds as instructed by one of the organizations actually performed charitable work and that there was no indication that they funded terrorist attacks. As such, the banks’ conditional cross-appeal was dismissed as moot.

    Courts Financial Crimes Of Interest to Non-US Persons Appellate Second Circuit Antiterrorism Act U.K. France Foreign Terrorist Organization OFAC

  • U.K. ICO and social media company settle privacy investigation

    Privacy, Cyber Risk & Data Security

    On October 30, the U.K. Information Commissioner’s Office (ICO) announced an agreement reached between the ICO and a social media company that resolves an investigation into the company’s alleged misuse of personal data. The company has agreed to withdraw its appeal of the £500,000 penalty issued last year under section 55A of the Data Protection Act 1998 (DPA) and settle the case without an admission of guilt. The investigation stems from a data incident affecting upwards of 87 million users worldwide that included the processing of personal data about U.K. users in the context of a U.K. establishment. According to the ICO, the company violated principles of the DPA by (i) unfairly processing personal data; and (ii) failing “to take appropriate technical and organi[z]ational measures against unauthori[z]ed or unlawful processing of personal data.” The ICO published a statement by the company’s associate general counsel in which he noted that the company has “made major changes” to its platform that significantly restricts the information accessible to app developers, and that “[p]rotecting people’s information and privacy is a top priority for [the company].”

     

    Privacy/Cyber Risk & Data Security Information Commissioner's Office U.K. Of Interest to Non-US Persons Settlement

  • Basel Committee on Banking Supervision publishes final guidance examining the implications of fintech on the banking industry

    Fintech

    On February 19, the Basel Committee on Banking Supervision (BCBS), the primary global standard setter for the prudential regulation of banks, released its final report, “Sound Practices: Implications of fintech developments for banks and bank supervisors.” The report—issued after BCBS’ consideration of comments received in response to its August 2017 consultative document of the same name (see previous InfoBytes coverage on the August consultative document here)—provides BCBS’ current assessment of how fintech may shape the banking industry in the near term. The report summarizes BCBS’ analysis of historical research, data compiled from surveys of BCBS members’ frameworks and practices, and other industry feedback, and provides several key considerations for banks and bank supervisors in this space.

    The report identifies a common theme across various scenarios: the emergence of fintech may make it increasingly difficult for banks to maintain their existing operating models due to changes in technology and customer expectations. The BCBS stressed that as a result of the “rapidly changing” nature of banks’ risks and activities due to fintech developments, the rules governing these risks may need to evolve. Accordingly, the BCBS recognized that “it should first contribute to a common understanding of risks and opportunities associated with fintech in the banking sector by describing observed practices before engaging in the determination of the need for any defined requirements or technical recommendations.” It further acknowledged that “fintech-related issues cut across various sectors with jurisdiction-specific institutional and supervisory arrangements that remain outside the scope of its bank-specific mandate.”

    Additionally, the current report identifies five forward-looking scenarios describing the potential impact of fintech on banks:

    • “The better bank: modernisation and digitisation of incumbent players”;
    • “The new bank: replacement of incumbents by challenger banks”;
    • “The distributed bank: fragmentation of financial services among specialised fintech firms and incumbent banks”;
    • “The relegated bank: incumbent banks become commoditised service providers and customer relationships are owned by new intermediaries”; and
    • “The disintermediated bank: banks have become irrelevant as customers interact directly with individual financial service providers.”

    With this issuance, revised to reflect the feedback BCBS received on its August consultative paper, BCBS has provided several “sound practices” for banks and bank supervisors to consider, along with its final ten key implications of fintech, as well as ten key considerations. Some notable considerations include:

    • Banks should have appropriate, effective governance structures and risk management processes to address key risks that may arise due to fintech developments, which may include staff development processes to ensure bank personnel are appropriately trained to manage fintech risks, as well as the development of risk management processes compliant with portions of the BCBS’s Principles for sound management of operational risk that relate to fintech developments.
    • Banks should implement effective IT and other risk management processes to address the risks and implications of using new enabling technologies. Bank supervisors should also “enhance safety and soundness by ensuring that banks adopt such risk management processes and control environments.”
    • Bank supervisors should understand the implications of the growing use of third parties, via outsourcing and/or partnerships, and maintain appropriate due diligence processes, which should “set out the responsibilities of each party, agreed service levels and audit rights” when contracting with third-party service providers.
    • Bank supervisors should communicate and coordinate with public authorities responsible for the oversight of fintech-related regulatory functions that are outside the purview of prudential supervision, including safeguarding data privacy, cybersecurity, consumer protection, and complying with anti-money laundering requirements. The recommendation removes the phrase “whether or not the service is provided by a bank or fintech firms,” which was contained in the August consultative document.
    • Bank supervisors should coordinate global cooperation between banking supervisors when fintech firms expand cross-border operations to enhance global safety and soundness by engaging in appropriate supervisory coordination and information-sharing. Recently, on February 19, the U.S. Commodity and Futures Trading Commission and the United Kingdom’s Financial Conduct Authority signed an agreement outlining a commitment to collaborate and support each regulator’s efforts to encourage responsible fintech innovation; monitor development and trends; and obtain more effective and efficient regulation and oversight of the market. (See previous InfoBytes coverage here.)
    • The report stresses the importance of collaboration between bank regulators, specifically in jurisdictions where non-bank unregulated firms are providing services previously conducted by banks. The BCBS further notes that bank supervisors should review existing supervisory frameworks to consider whether potential new innovative business models can evolve in a manner that has appropriate banking oversight but does not unduly hamper innovation.

    Fintech Basel Committee U.K. CFTC

Upcoming Events