For boards and senior decision-makers operating in complex or high-risk environments, the Lafarge case offers a clear and uncomfortable message, governance failures do not remain commercial problems for long. This article examines the principal liability lessons through a Saudi legal and regulatory lens.
In recent years, Lafarge, one of the world’s largest cement manufacturers, became the subject of significant criminal proceedings in multiple jurisdictions following the operation of a cement facility in northern Syria during the Syrian conflict. The company completed construction of a plant in Jalabiya in 2010, at a reported cost of approximately USD 680 million. When the conflict intensified in 2011, and armed groups gained control of surrounding territories, most multinational companies withdrew from the region. Lafarge did not.
Investigations later established that the company had authorized payments of approximately EUR 5.6 million to armed factions, including ISIS and Jabhat al-Nusra, through intermediaries. These payments were framed internally as necessary to maintain operational continuity. They were later characterized by prosecutors as material financial support to designated terrorist organizations
The legal consequences were substantial. In the United States, Lafarge entered a guilty plea and agreed to pay approximately USD 778 million in criminal penalties and forfeiture. In France, the company and several former senior executives faced criminal prosecution. The former Chief Executive Officer was sentenced to six years’ imprisonment; other senior figures received custodial sentences ranging from approximately 18 months to seven years. Critically, courts focused not only on the payments themselves, but on the internal decision-making structures that allowed operations to continue as risk escalated.
For boards and senior executives operating in or through complex markets, the Lafarge case is not a foreign cautionary tale. Its lessons are directly applicable under Saudi law.
MANAGEMENT LIABILITY UNDER SAUDI COMPANIES LAW
Under the Saudi Companies Law, directors and managers may be held personally liable for damages arising from violations of law, breaches of company bylaws, misuse of authority, or negligent management. This liability is not limited to deliberate misconduct. Failure to exercise reasonable care, properly assess emerging risks, or implement appropriate safeguards may itself give rise to personal exposure.
The key governance question that courts in the Lafarge proceedings kept returning to was not whether risk existed. It was whether leadership responded appropriately when warning signs began to emerge. That framing maps directly onto the standards applicable to directors and managers under Saudi law.
Joint Liability and the Record of Dissent
Where multiple directors participate in decisions that result in violations of law or mismanagement, Saudi law recognizes that liability may attach jointly to all members who approved or failed to object to those decisions. This principle applies with particular force where risk escalates gradually. In such circumstances, responsibility rarely rests with a single individual. It arises from a series of collective decisions that allow an organization to continue operating under increasingly uncertain conditions. One of the most critical protections available to a director under Saudi law is the formal recording of dissent. A director who disagrees with a proposed course of action must ensure that the objection is clearly documented in the board minutes. Failure to do so risks liability being attributed collectively, regardless of any private reservations expressed outside formal proceedings.
The Lafarge judgments reflect precisely this dynamic. Courts did not focus solely on the individuals who authorized individual payments. They examined the broader leadership structures that allowed continued engagement in a high-risk environment without sufficient escalation, challenge, or intervention.
Liability After Leaving Office
One of the most underestimated exposures under Saudi corporate law is the continuation of liability after an individual leaves office. Under Articles 29 and 30 of the Saudi Companies Law, directors and managers remain accountable for decisions made during their tenure, even after their resignation or replacement. Liability claims may generally be brought within 5 years from the end of the financial year in which the wrongful act occurred, or from the date of termination of the appointment, whichever is later. In cases involving fraud or forgery, limitation periods may extend further.
Resignation does not extinguish responsibility for past conduct. Decisions made during periods of elevated operational risk, particularly those involving reliance on third-party intermediaries or regulatory exposure, may remain legally reviewable long after roles and responsibilities have changed.
TERRORISM FINANCING EXPOSURE UNDER SAUDI LAW
The Lafarge case raises a dimension of risk that goes beyond the governance and corporate liability framework. It sits squarely within the scope of terrorism financing law, and the Saudi legal framework in this area is both broad and robust.
Under Saudi anti-terrorism legislation, terrorism financing is not limited to deliberate or knowing support for unlawful groups. It encompasses a wide range of conduct involving the provision of funds, assets, or other economic resources, whether directly or indirectly, to designated or prohibited entities. Transactions that appear operational in nature, payments for transportation, security, local logistics, or supply chain continuity, may later be interpreted as unlawful financing if the recipient is linked to prohibited entities or if appropriate due diligence was not conducted.
Direct and Indirect Financing Risk
Saudi anti-terrorism legislation adopts a broad definition of terrorism financing that includes provision through intermediaries, contractors, or agents. Indirect financing is not treated as a lesser category of exposure. Where funds ultimately benefit prohibited actors, responsibility may extend to the original decision-makers who authorized the transactions, regardless of the layers of commercial relationship through which those funds passed.
This creates a heightened compliance obligation for companies operating in complex or high-risk environments. The question is not simply who received payment, but how funds were ultimately used, and whether the organization conducted meaningful due diligence before authorizing the transaction and continued to monitor its counterparty relationships thereafter.
Corporate Criminal Liability
Saudi law expressly recognizes corporate criminal liability in terrorism financing matters. Under Article 49 of the Law on Combating Terrorism Crimes and Financing (Royal Decree No. M/21 dated 12/02/1439H), a legal entity may be held liable where a terrorism financing offence is committed by its owners, directors, managers, representatives, or agents in its name or for its benefit.
Sanctions available against corporate entities include financial penalties, suspension of activities, closure of relevant premises, liquidation of the entity, appointment of a judicial custodian, and publication of the judgment. Corporate structure does not provide a shield. Where leadership decisions permit unlawful financial flows or where oversight of third-party relationships is inadequate, the organization itself is exposed.
GOVERNANCE AS A LEGAL OBLIGATION, NOT A BEST PRACTICE
One of the most important lessons from the Lafarge proceedings is that legal exposure rarely begins with a single unlawful act. It develops gradually through governance failures that allow risk to accumulate without decisive intervention. In Lafarge’s case, the escalation from commercial pressure to criminal liability unfolded over an extended period during which warning signs were present, discussions occurred, and decisions to continue operating were repeatedly taken.
Saudi corporate governance expectations have developed considerably in recent years. Boards and senior management are expected not only to review performance metrics but to identify emerging legal risks and respond with appropriate caution. The standard is proactive oversight, not reactive response.
Board minutes, internal memoranda, and escalation records frequently determine how leadership decisions are interpreted under legal scrutiny. In the absence of documented deliberation, decision-making may appear careless even where genuine concerns were discussed informally. The governance record matters, both as a protective mechanism for directors who exercised appropriate judgment and as evidence in proceedings where they did not.
PRACTICAL TAKEAWAYS FOR BOARDS AND SENIOR MANAGEMENT
The Lafarge case demonstrates that exposure does not necessarily arise from deliberate support for unlawful actors. It arises from operational decisions taken under commercial pressure that gradually evolve into legally significant risk. Companies operating in complex or cross-border environments should consider the following governance priorities:
- Establish formal risk escalation thresholds, supported by legal review, that require reassessment when operational, regulatory, or geopolitical conditions change materially.
- Strengthen compliance oversight of contractors, intermediaries, and third-party relationships through periodic legal due diligence and risk-based monitoring, including monitoring of how funds are ultimately deployed.
- Document board deliberations and dissent. Legal advisors should be engaged in reviewing decisions with regulatory or reputational implications, not consulted only after operational decisions have been made.
- Reassess ongoing operations when risk indicators evolve, particularly where external developments may affect regulatory compliance or expose the company to sanctions or prohibited dealings.
- Integrate legal and compliance functions into strategic decision-making from the outset, rather than treating them as a sign-off mechanism at the end of the process.
- Operate on the assumption that major operational decisions may be reviewed retrospectively. Legal advice and risk analysis should be documented as a matter of course, not assembled after the fact.
These measures do not eliminate risk entirely. However, organizations that engage legal advisors proactively, rather than reactively, are significantly better positioned to withstand regulatory scrutiny, manage emerging exposure, and respond effectively if enforcement action arises.