WikiLeaks furor raises risk issue for financial firms -Complinet
By Brett Wolf, Complinet
Some financial institutions are scrambling to put distance between themselves and the whistleblower web site WikiLeaks, but is this necessary? Financial services firms face no clear legal obligation to cut off WikiLeaks and its founder Julian Assange, but intense publicity and the pressure brought by the US government and lawmakers to cripple the organization are forcing companies to weigh other risks they might face if they continue to do business with WikiLeaks.
Jim Dowling, a former special agent with the Internal Revenue Service’s Criminal Investigation Division who now runs Dowling Advisory Group, in Pasadena, California, told Complinet: “The reputational risk is the big thing. Do you want to be banking or have a financial relationship with this guy? Financial institutions close accounts all the time because they don’t want to be associated with particular customers.” He added that reputational damage could occur in any number of ways, such as being hauled in front of a congressional committee or having a celebrity make nasty comments about you on Twitter or Facebook. The upshot was that adverse news about your relationship with a firm such as WikiLeaks could drive investors, as well as customers, away from your institution, Dowling said.
Visa Europe Ltd and MasterCard Inc on Tuesday decided to halt transactions involving WikiLeaks, publicly stating that WikiLeaks may have transgressed their operating rules. A day earlier, the banking unit of the Swiss post office, PostFinance, also closed Assange’s account, saying it had done so because he had falsely claimed to live in Geneva when the account was opened. The first financial institution to shun WikiLeaks was online payment processor PayPal, however. On Saturday, PayPal announced that it had “permanently restricted” WikiLeaks’ account due to a violation of its “acceptable use” policy. PayPal’s initial public statement noted that the firm’s payment service “cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity.” This rather vague explanation was cleared up by Osama Bedier, VP of platform at PayPal, who told reporters that PayPal’s decision had been based on the fact that the State Department had informed the firm that WikiLeaks’ activities were illegal. He did not identify the nature of the alleged illegality.
Unlike PayPal, both MasterCard and Visa Europe appear to have taken a wait-and-see approach before making any irreversible mandates. Visa Europe said publicly that it was conducting an investigation to determine whether WikiLeaks’ business violated the company’s operating rules. MasterCard said that it was suspending WikiLeaks’ payments until “the situation” was resolved, an ostensible reference to WikiLeaks’ unprecedented legal woes. Neither company has publicly speculated as to how its rules may have been transgressed.
The US Congress has also intervened in the case. Last week, Amazon cut off service to WikiLeaks on the grounds the organization had violated Amazon’s terms of acceptable use. It later emerged, however, that Amazon’s decision came after it had received a telephone call from the staff of the Senate Committee on Homeland Security, at the behest of Senator Joe Lieberman (I-CT). The staff inquired about Amazon’s relationship with WikiLeaks.
All this comes at a time when Assange, an Australian national, has been remanded in custody in London as Swedish authorities work to extradite him over allegations of sexual misconduct. WikiLeaks publishes secret documents from governments and companies, most recently making public US State Department cables between Washington and embassies abroad.
Eric Holder, US Attorney General, this week said that the Obama administration was debating whether to use the Espionage Act and other unspecified statutes to potentially prosecute WikiLeaks and/or Assange. US Army private Bradley Manning has been charged by military authorities with unauthorized downloading of 150,000 State Department cables. Both Assange and WikiLeaks have publicly denied breaking the law and have said that their whistle-blowing efforts support democracy. Assange’s lawyer, Mark Stephens, said that the sex charges against his client were “politically motivated”.
In the midst of the chaos and media frenzy surrounding WikiLeaks, what legal obligations do financial institutions have to close accounts belonging to WikiLeaks and/or Assange, or to file related suspicious activity reports (SARs)? None, according to Greg Baldwin, a former federal prosecutor and partner at the Miami law firm Holland & Knight. Baldwin told Complinet: “I do not see any reason for financial institutions that have done business with WikiLeaks and/or Assange to consider filing SARs or closing related accounts based on recent press reports.” He added that the public accusations might justify a financial institution’s review of accounts held by WikiLeaks and/or Assange to determine whether there was “any independent reason to suspect that either one engaged in suspicious financial transactions that indicate some criminal activity, but to file a SAR simply because WikiLeaks is publicly accused of maybe having violated some unspecified law, or because Assange is accused of rape in Sweden? In my opinion, absolutely not,” Baldwin said.
Dowling agreed that financial institutions lacked hard evidence that WikiLeaks had committed a crime. He added that the fact the attorney general had said there was an open investigation into WikiLeaks’ activities should prompt financial institutions to consider whether they wanted to do business with WikiLeaks or Assange and suggested that this “open case” at the Department of Justice might be sufficient cause for financial institutions to file a SAR and close related accounts. Dowling, whose resume includes a stint as an AML advisor to the White House’s Office of National Drug Control Policy, also said he found it difficult to believe that the US government was pressuring financial institutions to close WikiLeaks’ accounts. “I don’t know of anyone in government who would say ‘You better close that down’. I can see someone saying ‘Why are you banking them?’ or making inquiries, but I’ve never heard of anyone in government telling someone ‘You better close this account’,” Dowling said.
While legal and/or reputational risk may be leading financial institutions to consider closing WikiLeaks’ accounts, another risk must be taken into account: customer retaliation, which in some ways is unique when it comes to WikiLeaks. Complinet sources have suggested that WikiLeaks has few, if any, viable legal options that would allow it to fight back. WikiLeaks does, however, have supporters among a number of computer hackers around the world, and those individuals are using so-called “denial of service” attacks to punish the financial institutions which severed ties to the organization and Assange. Dowling described this activity as “cyber terrorism” and asked rhetorically: “Can hackers dictate whose accounts you close and whose you do not?” Given that the hackers brought down the Visa and MasterCard web sites on Wednesday, this is a question many financial institutions may ponder.
It is unclear whether any of the financial institutions linked to WikiLeaks filed SARs or otherwise cooperated in legal processes when closing accounts belonging to WikiLeaks and/or Assange. All the financial institutions did, however, publicly cite policy infringements or simple false statements when justifying their actions; this would seem to indicate that some financial institutions want to distance themselves from a man who has made himself a high-profile target of governments around the world.
On the other hand, as Dowling put it: “It’s your business, you can bank (with) who you want to bank.”
Brett Wolf (Brett.Wolf@thomsonreuters.com) is a correspondent for Complinet. Complinet, part of ThomsonReuters, is a leading provider of connected risk and compliance information and on-line solutions to the global financial services community. Established in 1997, Complinet serves over 100,000 industry professionals in 80+ countries. Its connected approach provides one single place to get all the relevant regulatory news, analysis, rules and developments from the region to support firms in highly regulated industries.