Judge Jed Rakoff of the Southern District of New York issued an opinion last week on a motion to dismiss in a putative class action securities fraud case against Deutsche Bank (“DB”) and several current and former bank executives. The opinion, while technically a “split decision,” allows the bulk of plaintiffs’ claims to proceed to the class certification phase – dismissing claims only with regard to the bank’s current and former CFOs.
The case against DB and its current and former CEO now proceeds to the class certification phase – which, if the Court continues at its current pace, may culminate sooner rather than later. Aside from continuing to keep DB in the headlines for all the least desirable reasons, this case may continue to serve as an ongoing object lesson in the costs – legal, financial, reputational – of talking the talk, but potentially failing to walk the walk, with regards to anti-money laundering (“AML”) and “Know Your Customer” (“KYC”) compliance.
The suit was originally filed in the District of New Jersey in July 2020, and was transferred to SDNY in March 2022, granting an April 2021 motion to transfer or dismiss. The operative Complaint contains securities fraud claims under 15 U.S.C. Section 78j(b) and Rule 10b-5 against DB and its current and immediate former CEOs and CFOs, covering a proposed class period of March 14, 2017 through May 12, 2020. It also contains Section 20(a) (15 U.S.C. Section 78t) control-person claims against the individual defendant executives.
The Complaint alleges that DB made materially misleading statements (referred to in the Opinion and in this post as the “Challenged Statements”) in its annual reports, Form 20-F submissions, and on its website, regarding its AML/KYC policies and procedures, and that it responded to reporting highlighting deficiencies in those practices with public denials which claimed DB’s KYC program was in fact a robust one.
Contrary to the Challenged Statements, the Complaint alleges, DB’s AML/KYC processes were materially ineffective – specifically, because high-ranking U.S. and global DB executives “routinely overruled” AML/KYC staff recommendations to avoid business relationships with high-risk clients and “politically exposed persons” (“PEPs”). These executive interventions allegedly took place particularly with regard to prospective clients brought in by DB’s wealth management group, which catered to global “ultra-rich” individuals and their controlled entities. The Complaint cites eleven confidential witnesses within DB to support allegations of specific instances of executive overruling of risk management staff and opting to ignore clear red flags, including for accounts for various Russian oligarchs and even Jeffrey Epstein (for whom it is alleged that no KYC investigation was ever undertaken.)
The Complaint also describes the findings of various internal audits and reports by U.S. and European regulators, all allegedly identifying systemic AML/KYC deficiencies. The CEOs are specifically alleged to have been aware of the audits’ findings, either directly or through reporting chains, and of the regulatory findings, both through meetings with regulators and by virtue of their positions.
In their motion to dismiss, defendants made two arguments: first, that the Complaint did not identify any actionable misstatement or omission – instead, the Challenged Statements were either a) puffery, or b) immaterial because DB’s AML/KYC shortcomings were already known to the market, and the Complaint had not adequately alleged falsity; second, that it did not adequately allege scienter by any individual defendant. Defendants also pointed to two previous SDNY cases dismissing securities fraud claims against DB for alleged problems with internal controls, arguing that they weighed in favor and that Plaintiffs had filed in DNJ to avoid their precedential impact. (Judge Rakoff, however, pronounced neither case dispositive.) The Court’s analysis mapped to the defendants’ motion – first addressing whether the Challenged Statements contained actionable misrepresentations or omissions, and then whether scienter had been adequately alleged.
The Challenged Statements Were Material Misrepresentations or Omissions
The Court found each of defendants’ arguments with regard to whether the Challenged Statements were material misrepresentations to be wanting. It determined that the statements touting the bank’s AML/KYC processes were not puffery – not only were they detailed rather than general, but they included descriptions of processes which the Complaint alleges were either routinely ignored or did not exist. Nor could the Challenged Statements be considered aspirational – they purported to describe ongoing processes already in place.
The Court found the argument against materiality similarly unavailing. It noted that a persistent failure to apply a viable AML/KYC regime to ultra-rich and PEP clients was material because that demographic group was highly likely to be a source of AML/KYC compliance issues. And the argument that DB’s compliance shortcomings had already been disclosed and “priced in” to its value in the marketplace (referred to in the Opinion as the “truth on the market” defense) was highlighted as generally inappropriate as a basis for a dismissal on the pleadings, as it is an “intensely fact-specific” defense. The Court also noted, though, that the facts may well fail to bear that theory out, saying that DB’s “repeated insistence . . . that it had implemented specific AML & KYC process improvements” in the Challenged Statements could not be cancelled out by other general admissions of weaknesses and a need for improvement.
Finally, the Court addressed whether the Complaint adequately alleged falsity, as defendants argued that it failed to allege that DB did not review or attempt to improve its AML/KYC processes. Although acknowledging that this argument “is not without force,” the Court ultimately concluded that DB’s Challenged Statements about implementation of more comprehensive KYC and “off-boarding” higher-risk clients could be misleading if such efforts were “systematically undermined” by executives seeking to on-board and retain ultra-rich and PEP clients whose accounts raised clear red flags. Even vague disclaimers that the bank had in the past and might in the future fail to implement such policies could not, the Court opined, cure the misinformation conveyed by descriptions of policies and procedures that DB would routinely fail to apply to its highest-risk clients.
Plaintiffs Adequately Alleged Scienter – But Only for the CEOs
In order to establish its allegations of scienter on the part of the individual defendants, the Complaint relied on circumstantial evidence – specifically, that the CEOs and CFOs were in possession of information suggesting that the Challenged Statements were not accurate. The Court found these allegations sufficient with regard to the CEOs, but not the CFOs, and therefore dismissed the claims against the two CFO defendants only.
Specifically, the Complaint identified reports of government investigations and settlements with regulators, both of which provided red flags; such reports and settlements, the Court noted, are “widely recognized to be evidence of scienter.” The CEOs were alleged to have been aware of this information by virtue of both their executive position at the apex of the DB hierarchy, and their role as members of DB’s managing board. The Court found these allegations sufficiently plausible for the pleadings stage.
The Court also found other elements included in the Complaint supported an inference of scienter on the part of the CEOs, including a) the public denial of a Reuters report on a July 2018 internal audit indicating AML/KYC problems, b) allegations of specific knowledge attributed to confidential witnesses, and c) allegations of personal involvement by the CEOs in overruling KYC policies in order to on-board high-risk clients.
However, the Court was unable to discern within the Complaint specific allegations of connections between the CFO defendants and DB’s AML/KYC deficiencies. Nor could it find allegations of the means, other than their seats on the management board, by which those CFO defendants would have been made aware of such deficiencies. The Court held that ascribing scienter to board seats along was insufficient to support a claim against those defendants.
The Court’s analysis of the Section 20(a) control person claims largely piggy-backed on its analysis of the larger Rule 10b-5 claims. A Section 20(a) claim has three prongs: it has to allege 1) that a controlled person/entity committed the primary violation, 2) that the defendant controlled that primary violator, and 3) that the defendant was a culpable participant in the controlled person/entity’s fraud. In this instance, the Complaint satisfied the first prong by stating a claim against DB (the controlled entity). It also satisfied the second prong, as the Court noted that there could be “no meaningful dispute” that a CEO or a CFO of a bank is a “control person.” But, for the same reasons covered in the scienter analysis, the Court determined that there were no allegations adequately ascribing culpability in the alleged securities fraud to the CFO defendants – and thus, the claims against them were likewise dismissed.
The Court’s unwillingness to sustain the claims against the CFOs may in part be, paradoxically, a side effect of the arguable strength of plaintiffs’ allegations against the CEO defendants. Given the number of confidential witnesses who provided specificity to the allegations against the CEOs and DB generally, the Court may well have considered the Complaint’s failure to tie the CFOs to institutional bad behavior beyond highlighting their position on the bank’s organizational chart to be telling.