Defendant Citibank prevails in an ATM personal liability case in which the plaintiff, Ardity, was robbed in mid-afternoon inside a card access controlled bank foyer where the ATM was located (Ardity v. Citibank). The glass ATM enclosure faced a busy boulevard in Miami, Florida. The two assailants used a stolen American Express card to open the electronically controlled ATM entrance door. During the attack, Ardity was assaulted and injured with a knife.

The complaint alleged that Citibank had reason to anticipate and foresee that a crime of violence would occur at its ATM facility because it allegedly was located in a high crime rate area where persons on the street, sidewalks, or parking lots are subject to criminal activity. Further, the complaint stated that the bank had a duty to provide their customers with a reasonably safe facility for the customers to transact their business at the ATM.

Specifically, the complaint stated that the bank provided the ATM in an environment that was designed to create a "trap" wherein Ardity, while making his transaction, was trapped within a closed door facility with only one avenue of escape, the facility had no "panic alarm" button, and Ardity was trapped inside the facility and his screams for help could not be heard by people who could have come to his assistance. In addition, the ATM was designed whereby Ardity, while using, the ATM, would have his back to the door and, therefore, be susceptible to a surprise attack. Also, access to the room was further permitted by the perpetrators by use of a stolen credit card, which should have been known to the bank and said credit card should have been canceled and should have denied access to the perpetrators who attacked Ardity.

During the jury trial, it was established the bank had a direct-line telephone to its 24-hour operations center, used surveillance/transaction camera at the ATM, provided clear and unrestricted visibility into the ATM enclosure from the street, and that it was not operationally practical with current technology to restrict holders of stolen credit cards and stolen ATM cards from other issuers access to the bank's ATM.

After evaluating all the evidence presented at trial, the jury found that Citibank was not liable for the injuries sustained by Ardity during the attack inside its ATM facility. Discovery investigation and expert witness testimony in this case was provided by RMG consultant Richard Cross.

The July 1998 issue of Bank Security Report summarizes a legal testing of the banking industry's "safe Harbor." In 1992, to counter the banking industry's concern about releasing customer financial data to governmental law enforcement officials without being served with a grand jury subpoena, the Treasury Department included in the Annunzio-Wylie Anti-Money Laundering Act a specific provision that provided a "safe harbor" for financial institutions and their employees. The "safe harbor" provision, which was codified in 31 U.S.C. 5318(g)(3) provides:

• That financial institutions and their directors, officers, employees, and agents that disclose, in good faith, possible violations of law "shall not be liable to any person under any law or regulation of the United States or any constitution, law, regulation of any State or political subdivision thereof, for such disclosure or for any failure to notify the person involved in the transaction or any other person of such disclosure."
• That financial institutions and their directors, officers, employees and agents refrain from communicating that a suspicious activity has been reported to any person involved in the suspicious transaction.

In two current legal cases, involving two separate banks, bank customers from each bank claimed that the banks improperly disclosed customer account information to federal law enforcement authorities. In both cases, the courts' opinions stated that the banks had not made a good faith determination as to whether suspicious activity had occurred, which would warrant the disclosures made by the banks. A government Interagency Advisory to bankers notes that, while these court opinions are troubling, in neither case has there been a final decision. All that has happened to date is a determination by the court that there are claims that merit further review. It is entirely possible that, as the cases proceed, the banks will introduce evidence that brings them within the "safe harbor."

The Interagency Advisory cautions bankers that these cases in no way affect a financial institution's obligation to report known or suspected crimes and suspicious transactions. The regulators remain confident that the "safe harbor" will protect financial institutions, and their employees, who file a suspicious activity report in accordance with applicable agency regulations, because even under the "good faith" standard enunciated in the two cases, the "safe harbor" would apply to financial institutions that report known or suspected criminal violations and suspicious transactions in this manner.