Menu
ABA Banking Journal Home
Menu

Two things you didn't know about BSA liability

Banks owe no BSA duty of care to non-customers, nor is there any private right of action for customers nor non-customers

  • |
  • By  Robert S. Pasley
  • |
  • Comments:   comments
Every banker knows of the difficulty in complying with the Bank Secrecy Act (BSA) and its numerous implementing regulations, not to mention the liability of not complying, as reflected by the ever-increasing number of administrative and criminal actions against financial institutions.

One small area of relief, however, lies in the fact that a bank owes no duty of care to a non-customer—absent very unusual circumstances, such as the handling of a fiduciary or trust account—and, in any event, BSA does not create a private right of action for either customers or non-customers.

Banks do not owe a duty of care to non-customers
A basic tenet of first-year law school is that an essential part of proving a negligence case is the existence of a duty of care owed to a particular plaintiff by a defendant. When it comes to non-customers, there is no duty owed by financial institutions. This proposition has been supported by numerous lower federal courts and by at least the Second, Third, and Fifth U.S. Circuit Courts of Appeal.

As set forth in the BSA regulations implementing Sect. 326 of the USA Patriot Act, a customer is defined to include only those people who have an account at the bank. (31 C.F.R. Sect.  103.121(a)(3)(i)  ) Further, the term “account” is defined to specifically exclude a “product or service where a formal banking relationship is not established with a person, such as check-cashing, wire transfer, or sale of check or money order.” (31 C.F.R. Sect.  103.121(a)(1)(ii)(A)) 

So the individual who uses a bank simply to wire money to invest in a Nigerian Advance Fee Scam has only himself to blame. With regard to bank customers defrauding non-customers, as one Circuit Court put it (quoting other cases): “As a general matter, ‘[b]anks do not owe non-customers a duty to protect them from the intentional torts of their customers.’”

Similarly, another Circuit Court held (quoting another case):

“The mere fact that a bank account can be used in the course of perpetrating a fraud does not mean that banks have a duty to persons other than their own customers. To the contrary, the duty is owed exclusively to the customer, not to the persons with whom the customer has dealings.”

No private right of action under BSA
While there is no duty to a non-customer, the courts have also held that there is no private right of action against a bank for a violation of BSA—by neither a non-customer or an actual customer. In other words, a normal citizen does not have the right to sue a bank for a wrong allegedly caused by a BSA violation.

One way to determine whether there is a private right of action under a statute is to look at the legislative intent underlying the statute. There are 12 separate legislative Acts stemming from 1970 to the present, including the USA Patriot Act, that comprise what is known as BSA.

I have reviewed the entire 40 years’ worth of legislative history and nowhere in it is there any discussion of or support for the proposition that there is a private right of action under BSA.


The focus of BSA has always been, and continues to be, on law enforcement needs and in protecting the financial system and the country from money launderers and, since 9/11/01, terrorist financing.

As noted by two of the congressional reports for the USA Patriot Act:

“The bill also notes three purposes: (1) to provide the law enforcement community with the necessary legal authority to combat money laundering; (2) to broaden the law enforcement community’s access to transactional information already being collected by the government; and (3) to expedite the issuance by the Secretary of the Treasury of regulations designed to deter money laundering activities at certain types of financial institutions.”

and

“[The Act] provides enhanced investigative tools and improves information sharing for the law enforcement and intelligence communities to combat terrorism and terrorist-related crimes.”

This lack of congressional intent to provide a private right of action has been supported judicially. As one court noted:

“The Bank Secrecy Act provides for civil and criminal penalties, but a defendant’s only liability is to the government, and, in particular, to the Secretary of the Treasury.”

The proposition that there is no private right of action under BSA has been reiterated by at least the Third, Fifth, Sixth, and Seventh Circuit Courts of Appeal, as well as many lower courts. The courts have specifically held that while banks have a duty “to investigate, prevent money laundering, and report suspicious activity,” if banks fail in their duty, they are accountable to the U.S. government, but not to individual plaintiffs.

Red flags don’t negate the premise
Even though many plaintiffs recognize that there is no private right of action under BSA, some attempt to argue that a litany of “red flags” should be enough to overcome that legal proposition. It can’t.

As one court held:

“Plaintiffs’ circumstantial case rests on a concatenation of ‘red flags,’ suspicious circumstances, and other irregularities allegedly known by the Bank, combined with ‘atypical banking practices’ committed by [the] Bank, including violation of the Bank’s anti-money laundering responsibilities and its own internal policies. Plaintiffs’ showing in this regard is legally insufficient.”

This proposition has stood up even when there have been egregious red flags.

For instance, in one case, the bank opened an account in the name of an individual, but as “dba [doing business as] Bear Stearns.”  The bank did not verify the account holder’s authority to open such an account and the victim was tricked into believing he was depositing $1 million with Bear Stearns. The court held that the bank was not liable. In a similar case, the bank was held not liable when the victim was tricked into depositing money into a Paul Tsongas campaign account which was opened without authority.

In yet another case, the bank encountered the following red flags, but yet was held not to be liable for the underlying fraud:

• A corporate account having been opened by the bank under a name that did not exist.
• Large dollar amount transactions occurring in the account.
• The bank never having received a valid taxpayer identification number for the company opening the account.
• The address given to the bank not being valid.
• There being no telephone listing for the company.
• Money being transferred to offshore banking centers in high-risk countries.
• Money being wired to foreign jurisdictions that had no connection with the purpose of account.

Similarly, in an even more egregious case, there were the following red flags and yet the bank again was held harmless:

• An account being opened for a person who was a convicted swindler and who had just completed 21 months in prison and three years of supervised release for fraud.
• Investors’ funds in the account being commingled.
• Funds being wired to Panama and Switzerland.
• There being unusually large wire transfers totaling $100 million or more.
• Personal payments being made to the account holder from the investors’ funds.

To make matters worse in this case, there was an unusually close relationship between the bank and the account holder:

• The bank effectively established an unofficial branch within the account holder’s company’s headquarters.
• The bank had direct access to the account holder’s company’s business records.
• The bank and the account holder’s company shared proprietary information.
• The bank’s representatives allegedly endorsed the account holder and his company.

In spite of all of this, the court held that there was no bank liability.

The only circumstance, under tort law, when the bank could be held liable is when the bank had actual knowledge (not simply through the existence of red flags, but actual knowledge) of the underlying fraud or wrongful conduct and substantially assisted the wrongdoer.

Fortunately, this is quite rare.

While banks must do their utmost to comply with BSA, one small consolation is that they do not owe a duty to non-customers and have no liability to individuals in the event of a violation of BSA. As stated by the courts: “banks do not become guarantors of the integrity of the deals of their customers. . . .”

About the author
Robert S. Pasley is a graduate of Cornell Law School; he spent 30 years with the OCC as an attorney and then as an Assistant Director in the OCC’s Enforcement and Compliance Division. He has also worked for FinCEN and for Bank of America as a senior vice- president. He is currently an attorney and consultant in the area of bank regulatory matters and anti-money laundering. You can reach him at This email address is being protected from spambots. You need JavaScript enabled to view it.. His website is: www.pasleyconsulting.net

Topics: Compliance,

back to top

Sections

About Us

Connect With Us

Resources