As a courtesy to our friends and clients, we are pleased to provide you with this analysis, discussing the extraterritorial reach of U.S. laws, rules and regulations upon UAE banks, as well as an analysis of the duties and obligations required of UAE banks to comply with U.S. anti-money laundering laws.
In drafting this Client Update, we have examined and relied upon the laws of the United States of America, including but not limited to:
The Bank Secrecy Act, 31 USC 5311 et. seq. (“BSA”);
The Money Laundering Control Act of 1986 (“Money Laundering Act”),
The Currency and Foreign Transactions Reporting Act of 1970 (“CFTRA”),
The Federal Deposit Insurance Act (“FDI Act”),
The Securities Exchange Act of 1934 (“Exchange Act”),
The International Emergency Economic Powers Act (“IEEPA”),
The New York State Long-Arm Statute, N.Y. C.P.L.R. § 302(a)(1), as well as various executive orders issued by the Presidents of the United States and the designations of the Office of Foreign Assets Control (“OFAC”) of the U.S. Department of the Treasury (“DoT”).
We have also relied upon certain laws of the United Arab Emirates, specifically Federal Decree Law No. 20 of 2018, on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations (the “UAE AML Law”).
In the U.S., when a bank identifies a transaction which raises suspicion, the bank is required to file a suspicious activity report (“SAR”) with the Financial Crimes Enforcement Network (“FinCEN”). A SAR generally contains basic information about the client, the transaction, as well as a short narrative written by those at the bank in charge of identifying financial crimes. There are no hard rules as to what constitutes a “suspicious transaction” therefore different banks have developed their own criteria upon which they rely. FinCEN analyzes all SARs submitted, identifies those which are deemed noteworthy, and forwards them to the relevant law enforcement authorities, including the Federal Bureau of Investigation (“FBI”) or the local police department in the corresponding region for further investigation.
The short answer is “Yes”
The New York State long-arm statute, N.Y. C.P.L.R. §302(a)(1), provides, in relevant part, that “a court may exercise personal jurisdiction over any non-domiciliary . . . who in person or through an agent . . . transacts any business within the state” as long as the “cause of action arise[s] from” that transaction. Thus, a court must decide the following issues: (1) whether a defendant “transacts any business” in New York and, if so, (2) whether the plaintiff’s cause of action “arises from” such a business transaction.
In a precedent setting Opinion, The New York Court of Appeals (the highest Court in the State of New York) held that a foreign bank submitted to “personal jurisdiction” as a consequence of its intentional and repeated use of New York correspondent bank accounts in connection with a money laundering scheme. Rashid v. Pictet & Cie, Ct. App. N.Y. (November 22, 2016). Under Rashid, the Court held that in order to maintain a claim against the defendant bank in New York, plaintiff was required to demonstrate that there existed “long-arm” jurisdiction under both New York State and Federal law. In the Rashid case, the Court reasoned that: “the quantity and quality of a foreign bank’s contacts with the correspondent bank must demonstrate more than banking by happenstance.” The court found that the correspondent account was crucial to a course of repeated banking activity and was not merely “adventitious.” Therefore, the correspondent banking activity was sufficient to establish a purposeful course of dealing constituting the transaction of business within the State of New York pursuant to CPLR 302(a)(1).
Moreover, a purposeful course of dealing must also involve a cause of action where there was an “articulable nexus or substantial relationship between the business transaction and the claim asserted.” The court noted that the claim need only be “in some way arguably connected to the transaction.” In the Rashid case, the money laundering could not have proceeded without the use of the correspondent bank account through which the laundered funds passed and the bribes and kickbacks were paid. Thus, the cause of action arose from contacts with New York.
Next, the exercise of personal jurisdiction under the New York “long-arm” statute must comport with federal due process requirements. The “minimum contacts” test under federal law rests on whether a defendant’s conduct and connection with New York are such that it should reasonably anticipate “being hailed into a court here”. The Court held that in this case defendant’s maintenance and repeated use of a New York correspondent bank account “to achieve the wrong complained of in this suit satisfies the minimum contacts component of the due process inquiry.” Also, the maintenance of the suit in New York would not “offend traditional notions of fair play and substantial justice” because the “burden of litigation in New York is reduced by ‘modern communication and transportation,'” the complaint implicates the fraudulent use of New York’s banking system of great importance to the State, and New York courts provide plaintiff a greater possibility of relief.
Additionally, in the 2012, seminal case Licci v. Lebanese Canadian Bank, SAL (N.Y. Nov. 20, 2012), the New York Court of Appeals ruled that maintenance of a correspondent bank account at a financial institution in New York satisfies the “transacting business” requirement of the state’s long-arm jurisdiction statute, NY CPLR 302(a)(1). The Licci Court further held that international funds transfers processed through a New York correspondent bank constitute a sufficient nexus in order to satisfy the second element of CPLR 302(a)(1), i.e., that plaintiff’s cause of action arises from a NY-based transaction.
In summary, a routine practice such as clearing U.S. dollar transactions for non-U.S. customers is sufficient to establish jurisdiction over a non-US bank, even over a foreign bank which does not have branches in the U.S.
Furthermore, the U.S. Federal District Courts have the authority to exercise jurisdiction over non-U.S. financial institutions if that financial institution maintains a bank account at a bank in the United States.
“(2) Jurisdiction over foreign persons.—For purposes of adjudicating an action filed or enforcing a penalty ordered under this section, the district courts shall have jurisdiction over any foreign person, including any financial institution authorized under the laws of a foreign country, against whom the action is brought, if service of process upon the foreign person is made under the Federal Rules of Civil Procedure or the laws of the country in which the foreign person is found, and—
(A) the foreign person commits an offense under subsection (a) involving a financial transaction that occurs in whole or in part in the United States;
(B) the foreign person converts, to his or her own use, property in which the United States has an ownership interest by virtue of the entry of an order of forfeiture by a court of the United States, or
(C) the foreign person is a financial institution that maintains a bank account at a financial institution in the United States.” (emphasis added)
In summary, foreign financial institutions which utilize the correspondent banking system in New York, are subject to prosecution in both New York State Courts as well as U.S. Federal Courts, if a claim arise from use of that banking system.
UAE banks with substantial business interests in the U.S., or which maintain funds in U.S. interbank accounts, face considerable civil and criminal law risks if they are deemed by the U.S. authorities to have violated provisions of the AML or OFAC regimes. Section 353 intensified the issue by increasing civil and criminal penalties for violations of any orders made under the BSA. Civil and criminal penalties were also recently increased for violations of regulations prescribed under Section 21 of the Federal Deposit Insurance Act, and Section 123 of Public Law 91-508. Section 123 of Public Law 91-508 specifies regulations that govern recordkeeping for uninsured banks or institutions, or any other institution defined in 12 U.S.C. § 1953(b), while Section 21 of the Federal Deposit Insurance Act specifies regulations that govern recordkeeping for insured depository institutions. Furthermore, Section 363 gave the Secretary of the Treasury the authority to issue money penalties in an amount not less than two times the amount of the transaction.
Penalties can be extreme depending upon the nature of the violation and are increasing in size. Regulators fined banks a total of US$10 billion in penalties during a 15-month period through the end of 2019, and the figure is expected to increase in 2020². The significant increase in fines imposed during the recent 15-month period demonstrates a considerable escalation in aggressive action being taken by U.S. regulators. By comparison, the total dollar value of fines for the previous decade, 2008 – 2018 amounted to approximately US$26 billion.
Foreign banks deemed by the U.S. authorities to have violated provisions of the AML or OFAC rules risk seizure of funds. In summary, U.S. regulations provides the Federal Courts exercising long-arm jurisdiction with express authority to issue injunctions, ordering a receiver to take custody of the assets held by a foreign bank under certain circumstances, such as when a foreign bank is involved in money laundering. Assets subject to this authority may be located either inside or outside of the United States.
Furthermore, the U.S. Regulations employs what is considered by many U.S. legal experts to be a “legal fiction”, in order to give U.S. authorities seizure power over the funds of foreign banks held in U.S. interbank accounts. In summary, if the U.S. government believes that illegal proceeds have been deposited in the foreign account of a foreign bank, it will “assume” that those proceeds to have been deposited in an interbank account held in the United States by such foreign bank. The U.S. government then has the authority to seize the funds from the interbank account. The U.S. government need not establish that the funds are directly traceable, in any way, to funds deposited into the foreign financial institution from whose account they were seized.
U.S. Regulations authorizes the Secretary of the Treasury and the U.S. Attorney General to subpoena records from any UAE bank which maintains a correspondent account with a U.S. bank. The records must relate to the correspondent account, however they may be held outside the United State and may include information about deposits into the foreign bank. Under U.S. regulations, the U.S. bank that maintains the relevant correspondent account must terminate the account if the foreign bank fails to comply with the subpoena.
Under U.S. Regulations, if the Secretary of the Treasury determines that a UAE bank has engaged in illegal activities, such as money laundering, it may require U.S. banks to terminate their relationships with such UAE bank. Failures on the part of the U.S. bank to comply will likely result in formal enforcement actions, including substantial civil monetary penalties. Any U.S. bank which fails to terminate a correspondent account at the instruction of the Secretary of the Treasury, is subject to a daily US$10,000 penalty. Additionally, even harsher may be “no growth” restrictions imposed upon banks deemed to be noncompliant.
Therefore, UAE banks, including those without a business presence in the U.S. which are party to the U.S. Dollar clearing system, face the risk of being penalized by measures such as asset freeze and seizure/forfeiture, subpoena, penalties, and enhanced supervision if they fail to comply with U.S. AML/CFT regulations or unilaterally imposed financial sanctions.
In summary, the U.S. government is extremely aggressive in its extraterritorial reach, and any party which engages in a transaction which “touches” U.S. soil, including movement of funds through a financial institution in the United States, is subject to U.S. prosecution and penalties.
Article 12 CFR §21.11, subsection (a) of the Bank Secrecy Act, entitled “Suspicious Activity Report” states that only U.S. national banks and Federal branches and agencies of foreign banks licensed or chartered by the Office of the Comptroller of the Currency (“OCC”) are required to file SARs. The relevant code section is reproduced below for your convenience.
(a) Purpose and scope. This section ensures that national banks file a Suspicious Activity Report when they detect a known or suspected violation of Federal law or a suspicious transaction related to a money laundering activity or a violation of the Bank Secrecy Act. This section applies to all national banks as well as any Federal branches and agencies of foreign banks licensed or chartered by the OCC.
Although UAE banks without a physical branch in the U.S. are not technically obligated to file SARs with FinCEN, it may still be in the banks best interests to voluntarily comply with reporting requirements to U.S. regulators, for the reasons discussed more fully in Section VI, below.
On October 30, 2018, the UAE issued by Federal Decree, Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations (the “UAE AML Law”). The UAE AML Law introduced a number of concepts recommended by the intergovernmental organization Financial Action Task Force (“FATF”) designed to enhance the UAE’s effectiveness in identifying and preventing attempts at money laundering and terror financing. Specifically:
The UAE AML law strongly complies with international best practices on financial crime prevention, and are generally consistent with U.S. AML laws, rules and regulations, as discussed herein. Notwithstanding the foregoing, however, U.S. laws are far more extensive than U.A.E. laws in this area, therefore UAE banks confront a dilemma when they participate in the U.S. Dollar clearing system for payment and settlement of their cross-border transactions. Specifically, UAE banks are required to comply with regulations and unilateral financial sanctions enforced within the jurisdiction of the U.S., some of which have no direct equivalent in the relevant laws and regulations of the UAE.
Therefore, UAE banks including those without a business presence in the U.S., which are party to the U.S. Dollar clearing system face the risk of being penalized by measures such as asset freeze and seizure/forfeiture, subpoena, penalties, and enhanced supervision if they fail to comply with U.S. AML/CFT regulations or unilaterally imposed financial sanctions. We would therefore strongly recommend a detailed analysis of all applicable U.A.E. laws, rules and regulations, including but not limited to privacy/data protection laws, in order to ensure that voluntary compliance with U.S. laws will not result in violation of U.A.E. laws.
The U.S. government has long employed various strategies and tactics in order to pressure non-U.S. banks to comply with U.S. laws, rules and regulations relating to anti-money laundering, including asset freezes and/or blocks of U.S. Dollar transfers, even transfers occurring outside of its borders. In those situations where the U.S. government cannot directly impose sanctions on foreign financial institutions suspected of money laundering, regulations allow the U.S. government to sanction the intermediaries used by foreign persons and institutions to access U.S. markets.
Additionally, funds connected to transactions involving counterparties identified as “risky” are subject to asset seizure and forfeiture procedures in the U.S. if such transactions are reported to, or detected by, the U.S. authorities (irrespective of whether the funds are denominated in AED and kept out of the U.S. clearing sphere). This is due to the legal fiction employed by U.S. authorities according to which such funds are assumed to have been deposited in a correspondent account held in the U.S.
Therefore, if it is determined by U.S. authorities that a UAE bank engaged in activities which are prohibited by U.S. laws, then U.S. authorities cannot only take action directly against the UAE bank, but can also take action against the correspondent U.S. bank as well. In such a case, the U.S. correspondent bank can then take action directly against the UAE bank in order to recover any fines, penalties and/or sanctions it is required to pay to the U.S. government, and can file such action in a New York court, which has jurisdiction over the matter.
U.S. laws affecting foreign banks largely center around correspondent account transactions and clearing issues. Foreign banks, including those without branches in the U.S., are subject to U.S. government subpoenas and seizures of funds held in interbank accounts as the U.S. government has significantly increased the tools available to U.S. authorities seeking information about terrorist and money laundering activities. For these reasons, we recommend the following measure be taken by all UAE banks:
Article 31 USC 5311 et. seq., of the BSA establishes recordkeeping and reporting requirements for national banks, federal savings associations, as well as federal branches and agencies of foreign banks. Additionally, the BSA was amended to incorporate the provisions which requires every bank to adopt a customer identification program as part of its BSA compliance program.
Although UAE banks without branches in the US are technically not required to submit SARs, or to comply with this provision of the BSA, the U.S. government engages in an aggressive approach to enforcing it laws extraterritorially, using a variety of methods and tools including: “long arm statutes”, “legal fictions” as well as threats of seizure of funds, asset forfeitures, required termination of relationships with U.S. banks, and civil and criminal fines and penalties. For these reasons, we would strongly recommend that UAE bank voluntarily establish, implement and maintain a new, stringent AML program, consistent with both U.S. AML Laws and the U.A.E. AML Law, which at a minimum includes the following: (a) establish internal policies, procedures, and controls designed to guard against money laundering; (b) designate an individual or individuals to coordinate and monitor day-to-day compliance with BSA and AML requirements; (c) implement an ongoing employee training program; (d) establish an independent audit function to test compliance programs; and (e) implement a system of recordkeeping and reporting requirements which are consistent with those obligations imposed upon a foreign bank with branches in the U.S.
In addition, we recommend that UAE banks establish appropriate, specific, and risk-based due diligence policies, procedures and controls reasonably designed to detect and report known or suspected money laundering activity. Furthermore, suspected account should be periodically reviewed to determine that information obtained during due diligence is consistent with the type, purpose, and activity of the account.
To mitigate against risk of legal actions by clients of a UAE bank, we recommend that the banks embark on a policy of introducing contractual safeguards in connection with transactions involving risky counterparties. These safeguards consist mainly of contractual clauses that explain to customers various risks and protective measures taken by the bank, including:
The inclusion of contractual safeguards is also necessary in order to effectively prevent civil law claims and lawsuits in the UAE. In case of an asset freeze and seizure imposed by the U.S. government, a UAE bank could be potentially confronted with liability issues if it is established that the bank, due to gross negligence, failed to inform its customer of the aforementioned risks associated with U.S. Dollar denominated transactions involving U.S. blacklisted counterparties.
Our website address is: https://www.binmeshar.com.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Visitor comments may be checked through an automated spam detection service.