Unless your compliance function is conveniently located under a rock, you have no doubt heard many details about the global scandal known as the Panama Papers.
More than 370 journalists in 80 countries took part in a year-long effort to parse through a massive trove of leaked files from the Panama-headquartered law firm Mossack Fonseca, a firm that for more than four decades was at the center of facilitating shell companies, offshore tax shelters, and secret trusts for wealthy and politically connected individuals around the world. From celebrities to heads of state, the repercussions have been swift and sweeping.
What’s next? As governments around the world craft opportunity from crisis with various new rules and regulations, compliance officers at financial institutions may find themselves at an inflection point.
Fresh from a trip to Panama before speaking at the recent Compliance Week 2016 conference, Daniel Alonso, managing director and general counsel for Exiger, a global risk and compliance consultancy, learned at least one thing from the locals: Don’t call them the Panama Papers, just call them “The Papers.” Alternately, it was suggested that, because so many of the uncovered dealings involved the British Virgin Islands, that “The BVI Papers,” might be another suitable alternative.
“This is a big problem and a huge public relations hit for Panama,” he says. “It also shows how many legitimate uses there might be for having an offshore shell corporation, but the illegitimate uses are just so risky they outweigh legitimate uses. We need to make sure we have appropriate rules and regulations around the world, including the United States, to make sure that the anonymity of these companies doesn’t allow money launderers and terrorism financiers, not to mention corrupt pubic officials, to facilitate what they are doing.”
In Alonso’s view, people may not have yet “fully thought through the value that the Panama Papers gives them in their day-to-day compliance work.”
“Obviously, there has been a lot of discussion about the broader meanings and the broader significance, but people ought to be thinking very pragmatically about the vast amounts of data that are now available, on a global basis, on matters that were previously kept extraordinarily close to the vest,” he says. “I think people have to be thinking about how to make the most creative use of the information now available to maximize compliance capabilities and identify potential risks in areas of financial crimes.”
While there are, of course, legitimate reasons to incorporate as a shell company, those rationales may not hold up to scrutiny, says Matthew Herrington, a partner with law firm Steptoe & Johnson. “I think the tide is against this form of ownership.”
“This is a big problem and a huge public relations hit for Panama. It also shows how many legitimate uses there might be for having an offshore shell corporation, but the illegitimate uses are just so risky they outweigh legitimate uses.”
Daniel Alonso, Managing Director, General Counsel, Exiger
Turning his focus to the ease by which companies can secretly incorporate in some U.S. states, he warned: “The Delaware papers are surely to follow.”
The biggest response by U.S. officials, thus far, is a renewed focus by the Treasury Department on issues related to shell companies and beneficial ownership. In May, it announced actions intended “to strengthen financial transparency and combat the misuse of companies to engage in illicit activities.” Among those steps: the announcement of a customer due diligence final rule; proposed beneficial ownership legislation; and proposed regulations related to foreign-owned, single-member limited liability companies.
The customer due diligence final rule adds a new requirement that financial institutions—including banks, brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities—collect and verify the personal information of the real people (beneficial owners) who own, control, and profit from companies when those companies open accounts. The rule also amends existing Bank Secrecy Act regulations to clarify and strengthen obligations of these entities.
Specifically, the rule contains three core requirements: identifying and verifying the identity of the beneficial owners of companies opening accounts; understanding the nature and purpose of customer relationships to develop customer risk profiles; and conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. Financial institutions will need to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity.
Claiborne Porter, chief of the Department of Justice’s Bank Integrity Unit, declined to comment on the specifics of new rules. In his experience in trying cases where companies used front companies to launder massive amounts of money, however, “if there had been some sort of registration requirement to open those companies, it would have been a lot easier for the government to have followed that money and figure out who the original owners were.”
TREASURY DEPARTMENT GUIDANCE
The following is from a summary of a May 6 announcement by the Treasury Department regarding “actions to strengthen financial transparency and combat the misuse of companies to engage in illicit activities.”
CDD final rule
The CDD Final Rule adds a new requirement that financial institutions – including banks, brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities – collect and verify the personal information of the real people (also known as beneficial owners) who own, control, and profit from companies when those companies open accounts. The Final Rule also amends existing Bank Secrecy Act (BSA) regulations to clarify and strengthen obligations of these entities.
The CDD Final Rule harmonizes BSA regulations and makes explicit several components of customer due diligence that have long been expected under existing regulations, as well as incorporating a new requirement for covered financial institutions to collect beneficial ownership information. Specifically, the rule contains three core requirements: (1) identifying and verifying the identity of the beneficial owners of companies opening accounts; (2) understanding the nature and purpose of customer relationships to develop customer risk profiles; and (3) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. With respect to the new requirement to obtain beneficial ownership information, financial institutions will have to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity. Based upon comments received in response to the proposed rule that was published in August 2014, the final rule extends the proposed implementation period from one year to two years, expands the list of exemptions, and makes use of a standardized beneficial ownership form optional as long as a financial institution collects the required information.
Foreign-owned single-member proposed Regulations
Proposed regulationswould require foreign-owned “disregarded entities,” including foreign-owned single-member limited liability companies (LLCs), to obtain an employer identification number (EIN) with the IRS. These requirements allow the IRS to determine whether there is any federal tax liability and if so, how much, and to share information with other tax authorities as appropriate. However, there is a narrow class of foreign-owned U.S. entities, typically single member LLCs, that have no obligation to report information to the IRS or to get a tax identification number. These "disregarded entities” can be used to shield the foreign owners of non-U.S. assets or non-U.S. bank accounts. Once these regulations are finalized, they will allow the IRS to determine whether there is any tax liability, and if so, how much, and to share information with other tax authorities. This will strengthen the IRS’s ability to prevent the use of these entities for tax avoidance purposes, and will build on the success of other efforts to curb the use of foreign entities and accounts to evade U.S. tax.
Source: Treasury Department
“We might have been able to get ahead of the crime, rather than waiting to come in at the end,” he said.
Post-Panama papers, “what changes is a fundamental review of what banks have to do in their own self-interest,” Alonso said. “Where there is a steady sea change is in the perception of the risks associated with shell companies. More and more financial institutions see through the disclosures in Panama Papers to the risks that are associated with taking on customer relationships where they don’t know much about the true beneficial owner. They may now have an incentive to fully understand the true nature of the relationships behind the customer. What the FinCEN rule does, fundamentally, is put everybody on the same map in the financial community by saying, ‘You need to get on top of it.’ ”
“One of the things you are likely to see in the coming months is a lot of scurrying around, trying to figure out how to operationalize these critical provisions in the new rule,” he added. “It really does represent, even for those institutions that are accustomed to traditional standards of customer due diligence and anti-money laundering compliance, a dramatic departure from and, maybe even an expansion of, corporate expectations of what you need to do to not just to be fully compliant with the law, but fully positioned to rate risk and understand your customers.”
Herrington sees opportunity in the trove of leaked data. “The calls I get are, ‘Holy cow, this is a whole new set of names. Are these in my automatic screening? There’s a huge nuts-and-bolts compliance issue posed by the list of names.”
The ultimate lesson from the Panama Papers Is fairly simple, says Jonathan Rusch, senior vice president and head of anti-bribery and corruption governance for Wells Fargo. “If you have a lot of correspondent banking relationships, even if you don’t have tremendous retail banking outside of the U.S. or North America, you want to know who your customers are,” he said. “You have to say, ‘Ok, it’s a really big list of names, but this also represents a significant value-add. Depending on how you can access information technology, you should value the opportunity to get a cross-section of information you would never have gotten your hands on before and use it to make sure you really know your customers. An analysis of the Panama Papers, even on a superficial level, gives you more information about who certain key customers are that you couldn’t have known before; or maybe they were just fine when you onboarded them as customers initially, but now you have new, additional pieces of information. It doesn’t mean you aromatically throw them out the door, but you may need to start doing some de-risking.”
Continue the conversation at Compliance Week Europe: 7-8 November at the Crowne Plaza Brussels. Join us as we look at changes in global anti-corruption regulations, slave labour risks in your supply chain, and how to detect fraud, to name just a few topics. Learn more