The impact of Bernard Madoff's $18 billion Ponzi scheme will be felt for a long time to come. With Madoff in prison, his assets seized and sold, lawyers for his victims must now turn to other sources to make their clients whole. Enter the banks.

Madoff handled billions of dollars. Those funds came from many unsuspecting individual and institutional investors, and were funneled through a maze of accounts spanning the globe. Even if government regulators were asleep at the switch, it is difficult to believe that all of the many financial institutions that handled Madoff's money were oblivious to what this fraudster was doing. At least that is how lawyers representing defrauded investors see the situation. To them, the financial institutions that Madoff used as part of his scheme have become a piggy bank from which they will recover their client's losses. And federal law is providing these lawyers with plenty of ammunition.

Since the enactment of the Bank Secrecy Act of 1970, banks have been required to develop sophisticated systems that allow them to quickly determine the identities of their clients and the sources of their funds. Congress meant business when it passed the law, and violations of the act carry criminal penalties ranging from imprisonment to large fines. Originally intended to stop drug traffickers, terrorists and other criminals from using the U.S. banking system to launder money, lawyers for fraud victims now believe that the act's identification requirements can also be used to stop people like Madoff.

In lawsuit after lawsuit, banks are being called to task for ignoring the red flags associated with fraud. Drawing from traditional theories of negligence, for example, plaintiff's lawyers argue that the Bank Secrecy Act set a standard of care. By failing to use the identification and monitoring tools that the act required, lawyers argue that financial institutions have breached their duty to protect investors. The theory is novel, and it is still being tested in the courts as a viable basis for liability claims.

Nevertheless, banks must be careful.

To protect themselves, banks should ensure that their compliance programs are broad enough to detect the actions of the fraudsters making headlines. A compliance program must include, among other things, "know your customer" (KYC) protocols that help financial institutions determine the true identity of customers. KYC procedures allow a bank to verify an account holder's business and the source of funds that feed a particular account, while also permitting it to monitor its customer's accounts for suspicious transactions. Possible red flags may include large, unexplained movements of funds, customers opening a series of related accounts for no apparent purpose, and a business plan that does not support the type of transactions monitored by the bank. If banks detect such red flags, they should act quickly to report the suspicious transaction and close the account.

Of course, while these steps are critical to a bank's eventual defense, they are no guarantee against lawsuits. Courts around the country have recognized defenses based on a lack of knowledge and the absence of a fiduciary duty. But these are not perfect defenses. Defenses based on what the bank knew or intended are often resolved by a jury. As a result, a bank may be forced to engage in lengthy litigation before even reaching a jury. And once a case goes to a jury, a bank will have no control over the outcome.

Banks may also argue that they cannot be liable if the victim was not a customer. Under this defense theory, a bank's liability is limited to parties to whom it owed a fiduciary duty. While appealing, this defense raises its own complications. A bank claiming that it owes no duty to noncustomers cannot simply overlook suspicious activities. If a transaction raises a red flag, the Bank Secrecy Act compels the filing of a "suspicious activity report." The failure to do so could lead to criminal penalties for the bank.

In the current environment, it is best that banks strictly adhere to the requirements of the Bank Secrecy Act. For now, it is clear that banks must scrupulously monitor individual accounts using the various tools at their disposal. Forgetting for a moment the potential for civil liability, the post-Madoff world will see financial institutions under the microscope. After letting Madoff get away with his crimes for so long, the regulators will do their best to avoid making the same mistake twice.

----------

Michael Diaz, Jr. is the founding partner of Diaz Reus & Targ LLP, a former prosecutor and a certified anti-money laundering specialist.

Carlos F. Gonzalez is a partner of Diaz Reus & Targ LLP and a certified anti-money laundering specialist.