The Panama Papers & Who Owns What

The mushrooming “Panama Papers” scandal is a warning to financial services firms that they cannot be complacent about their obligation to determine beneficial ownership, know their customers and perform due diligence on all of their business associates.

Several governments across the world, including the United States, have initiated investigations of possible financial wrongdoing by the rich and powerful after a leak of four decades of documents (dubbed the “Panama Papers”) belonging to a Panamanian law firm specializing in setting up offshore companies.

The U.S. Department of Justice is determining whether the findings point to evidence of corruption and other violations of U.S. law, and the anti-bribery unit of the Securities and Exchange Commission is reviewing the disclosures for investigative leads.

The revelations are also prompting a number of financial transparency groups to nudge the U.S. Treasury’s anti-money laundering unit to issue a final rule requiring investment advisers to help combat financial crime.

The incidents further make people question whether the U.S. Foreign Account Tax Compliance Act (FATCA) – designed to ferret out individuals who have unreported offshore bank accounts and other assets – has enough teeth to compel other jurisdictions to perform the reporting required.

As the British-based Tax Justice Network (TJN) has noted, the problem has been widespread for many decades, as an array of lawyers, accountants, bankers and broker dealers have played a role in shielding clients from financial regulations.

The Panama Papers

The law firm at the heart of this case, Mossack Fonseca, allegedly worked with dozens of individuals or companies that have been placed under sanctions by the U.S. Treasury Department, including companies based in Iran, Zimbabwe and North Korea. One was reported to have had links to North Korea’s nuclear weapons program.

Mossack Fonseca registers companies as offshore entities and has them operate under its name. This means the identities of the real owners are hard to trace because they are left out of public documents.

The law firm maintains that it has broken no laws and all its operations were legal, adding that it was a victim of a computer hack.

More than 11 million documents were leaked to more than 100 news organizations around the world, as well as the U.S.-based International Consortium of Investigative Journalists (ICIJ). The documents cover a period from 1977 to December 2015 and show how the law firm has helped clients launder money, dodge sanctions and evade taxes for decades.

TJN Director John Christensen said in a statement that Mossack Fonseca operated with “extreme secrecy and discretion” for their clients, “which was attractive to many clients engaged in tax evasion, fraud, hiding conflicts of interest and other white-collar crimes.”

The documents have shown links to offshore tax havens by (among others) British Prime Minister David Cameron’s late father; the daughter and son of Prime Minister Nawaz Sharif of Pakistan; Ukrainian President Petro Poroshenko and Iceland’s Sigmundur Gunnlaugsson, who resigned as prime minister earlier this month.

More than 500 banks, their subsidiaries and branches registered nearly 15,600 shell companies with Mossack Fonseca, according to ICIJ’s analysis of the records. Recently, Credit Suisse and the Swiss branch of UK-based HSBC, two of the world’s largest wealth managers, dismissed suggestions they were actively using offshore structures to help clients cheat on their taxes.

HSBC agreed in 2012 to pay $1.92 billion in U.S. fines, mainly for allowing itself to be used to launder drug money flowing out of Mexico.

Legal and regulatory issues

What regulators and prosecutors are analyzing right now is whether and how the law firm hid the true owners of money, the origins of this money, and then helped the real owners avoid paying taxes on the money. And they will be scrutinizing how banks and other regulated entities might have assisted the law firm in accomplishing these aims.

These entities might not have performed adequate due diligence on their clients and their business partners’ clients, thereby helping create shell companies.  A shell company can be detected with reasonable inspection and querying of who exactly owns the money, and not just who manages it.  Banks and other regulated entities must find out who really owns and controls the money in any business with diligent inspection and verification beyond their business partner’s assertions.

Knowing a thing or two about shell companies, a business performing effective due diligence must also look for the presence of a tax haven. These locations are well-known – normally a small island country (British Virgin Islands, Macao, Bahamas) – that operates with significant banking secrecy and has very low or nonexistent taxes on financial transactions.  Panama operates as a secretive tax haven, falling short of global transparency rules regarding taxes and company ownership details.

Beneficial ownership must be determined through due diligence to make sure the real owner of the money is not someone who has a lot of cash and needs to hide it, like a drug dealer, thief or corrupt politician.  Compliance officers and other executives of financial services firms know all about beneficial ownership due diligence – but sometimes business pressures can weigh against diligence.  The financial services institution and its compliance department must appreciate that the lack of adequate, accurate and timely beneficial ownership information facilitates money laundering and sanctions evasion by disguising:

• the identity of known or suspected criminals,
• the true purpose of an account or property held by a corporate vehicle, and/or
• the source or use of funds or property associated with a corporate entity.

The concept of beneficial ownership extends beyond its legal ownership (since that could be just a red herring) and even its day-to-day control; it encompasses the actual persons who own and take advantage of the capital and assets involved.










The international Financial Action Task Force (FATF) has established standards on transparency so as to deter and prevent the misuse of corporate vehicles. The FATF recommendations require countries to ensure that adequate, accurate and timely information on the true ownership of corporate vehicles is available and can be accessed by competent authorities in a timely fashion.

In lieu of a country commitment to these FATF goals, the financial service’s compliance team must endeavor to learn the true identity of a business’ ownership and assess the money laundering and terrorist finance risks involved. If such risks are anything above “low,” compliance professionals should elevate the concerns to the highest levels of the organization while clearly documenting their concerns and actions to date.  Any inaction taken by the executive leadership of the financial institution that cannot be elevated further (e.g., to the Board of Directors) should be communicated to appropriate law enforcement and regulatory authorities.

As many compliance professionals can attest, uncovering details regarding beneficial ownership can be hard. If lawyers choose to help customers (whether corporate or individuals) deceive banks by using false information concerning the beneficial ownership of the corporation or identity of the individual, it could be exceedingly difficult for the due diligence systems of banks to uncover such deceit.

Regardless, banks and other financial service firms must take a risk-based approach and proactively gather as much intelligence as is available to them. They must exercise prudent skepticism, whether the law firm or other entity providing the information is well-regarded or has attested to doing the due diligence for them.

Such prudent skepticism can be performed and dutifully evidenced by:

• Querying the plausibility of information provided regarding beneficial ownership;
• Promptly resolving conflicts between beneficial ownership information provided and data recorded in public registries and other authorized repositories;
• Using a risk assessment (taking into account the country where the business is located and how it is listed – if no personal names are provided, for example, or those names come up in reference to dissimilar enterprises); and
• Recording all of the steps taken to go beyond a cursory examination of determining beneficial ownership.

Financial services firms must train its staff in effectively completing and documenting the tasks listed above, instructing them to query the rationale for using an offshore vehicle and the due diligence others have claimed to have done before them.  They should use the technology and expertise the company has provided in-house and through consultants to investigate identities, uncover discrepancies, flag suspicious customer details and elevate to supervisors evidence of particularly risky activity, individuals or businesses.

When a compliance professional feels pressured to overlook red flags and circumvent know-your-customer or beneficial ownership procedures – maybe to please certain wealthy and powerful clients – they should use the whistleblower apparatus available in-house or through the appropriate national regulatory agency.

Effective in-house controls should prevent the financial services firm from having any link to tax or sanctions evasion, money laundering and other financial crimes by ringing the alarm and getting skeptical eyebrows raised early.

Such controls – which should be tested often – will help detect third-party facilitators and prevent the financial institution from becoming one.

This article is a product of Thomson Reuters and first appeared on the subscription service for compliance, risk and audit professionals in the financial industry, risk.thomsonreuters.com.