The Pandora Papers exposed the world to a problem anti-money laundering (AML) experts have known about for some time: thousands upon thousands of new shell companies, offshore tax havens, and secret trusts created every day to hide funds of the wealthy and powerful.
The investigation revealed the creation of these entities is the work of a small army of enablers—an offshore system that includes multinational banks, law firms, and accounting firms headquartered in the United States and Europe—who conjure up a Byzantine ownership network with the sole purpose of obscuring who is the true owner.
Also detailed in the report is the role some U.S. states—most prominently South Dakota, but also Delaware, Florida, Nevada, and Texas—play in allowing non-U.S. citizens to create shell companies and trusts that allow wealthy owners to stash money in real estate and other holdings without revealing who is the beneficial owner.
FinCEN is due to present its final rule on the UBO registry to Congress by Jan. 1, 2022. Contained in that rule will be an enactment date, the agency said.
In the meantime, there are multiple issues highlighted in the Pandora Papers that compliance practitioners should take notice of, according to Lauren Kohr, senior director, AML of Americas for ACAMS.
Financial institutions should “step back and evaluate the overall effectiveness of their risk-based AML program and determine whether the high-level risk indicators identified within the leaks would be detected; monitored; and, as applicable, reported within their existing AML compliance program,” she said.
Areas to examine in your organization’s AML policies and procedures in the aftermath of the Pandora Papers include:
- Scanning customer base for any of the names (individuals, businesses, and trust companies) within the data leaked. Evaluate customer due diligence and beneficial ownership and investigate the activity to determine if a regulatory filing (e.g., a suspicious activity report) is warranted. Be sure to document any efforts tied to addressing the risks posed in the leaks and elevate to board or senior management if appropriate.
- Understanding the threats and vulnerabilities that lie within your institution from a customer, product, service, and geography risk perspective. Ensure your anti-financial crime program adequately addresses the risks. Are your current program controls sufficient, and do they account for increased risks posed by known gatekeepers highlighted in the Pandora Papers?
- Refamiliarizing yourself with your customer base through the domestic geographic lens and identifying how many businesses have open accounts in reported tax haven states (e.g., South Dakota). What corresponding activity (domestic or international) do the customers conduct? Should your institution consider raising its risk rate on trusts registered in those states or geographies?
“The overall story should not be shocking to anyone,” said Daniel Wager, vice president of global financial crime compliance at LexisNexis Risk Solutions and a former special agent with the U.S. Department of Homeland Security and the U.S. Customs Service. The Pandora Papers “found the U.S. has been a tremendous haven for people seeking corporate secrecy and continues to be.”
Even before the Pandora Papers were published, Congress took action against this shadow financial system with two bills, the Anti-Money Laundering Act (AMLA) and Corporate Transparency Act (CTA), included in the National Defense Authorization Act for Fiscal Year 2021. The law tasked the Financial Crimes Enforcement Network (FinCEN) within the U.S. Treasury with creating ultimate beneficial ownership (UBO) reporting requirements for corporations and limited liability companies and maintaining a UBO registry.
FinCEN will require those entities to report certain information about their beneficial owners, defined as “the individual natural persons who ultimately own or control the companies.” In April, the agency launched rulemaking on the registry and sought the public’s input on whether its definition of beneficial ownership is clear, yet comprehensive, enough to generate useful information to law enforcement.
Funding of the AML initiatives mandated by Congress is already an issue.
The enactment of the legislation “did not come with accompanying funding, and FinCEN has been diverting existing resources to meet the rigorous deadlines set forth in the legislation,” the Treasury said in its fiscal year 2022 budget request to Congress. FinCEN requested an allocation of $60 million to hire 80 new employees to implement all of the AML regulations included in the defense spending bill, of which the UBO registry is a major part. The FY2022 budget is still being considered by Congress, and it remains unclear whether FinCEN’s funding requests will be granted.
Beyond funding, the UBO registry as established has other flaws, said Lauren Kohr, senior director, AML of Americas for the Association of Certified Anti-Money Laundering Specialists (ACAMS). One of the most common methods used by the wealthy to hide their money—trusts—are exempt from reporting, and that is a big problem, she said.
“I predict, based on the number of exemptions that exist within the CTA and FinCEN’s existing customer due diligence rule, that gatekeepers and professional money launderers will capitalize on the loopholes and easily remain in the shadow financial industry,” said Kohr, who before working at ACAMS was chief risk officer at Old Dominion National Bank. “The next step would be for our government and regulatory partners to truly assess the effectiveness of their regulatory framework, legislation, and deficiencies,” she said, and “focus on what would make the framework more robust and effectively combat the issues raised within the Pandora Papers leaks and earlier leaks.”
Kohr added the “professional enablers of this type of activity, such as attorneys and accountants, should be refactored into the conversation” if and when Congress acts to strengthen its AML regulations. She also recommended Congress remove exemptions to the UBO registry for trusts and other entities.
Financial institutions will not be able to search FinCEN’s registry without permission from their customer, Wager pointed out. If a bank’s customer is using the account for nefarious purposes, the customer is unlikely to grant permission. If a bank is conducting due diligence on a counterparty, he asked, “How could they get permission?” The UBO registry could improve flaws highlighted in the Pandora Papers, but major issues remain, he said.
The registry will also falter if it is merely a static repository of data, said Bill Hauserman, head of financial crime due diligence for Americas at Moody’s Analytics.
“Once they have the data, it will have to be analyzed and compared to other structured and unstructured data sets,” he said. For example, all financial institutions collect their own data on their customers, which includes information that will eventually be supplied to FinCEN and the UBO registry. The data collected should be compared against data in the registry, and inconsistencies should be flagged and investigated. With financial institutions only able to access the registry with permission from a customer, this comparison process becomes difficult.
“I think they (FinCEN) need to think of this as triangulation, rather than just submission,” Hauserman said. “There are lots of existing data sets that could be useful in discovering anomalies, to check that people aren’t gaming the system.”
On the other hand, “banks don’t want to go to the effort of verifying information and possibly not getting it right,” said Keith Ausbrook, senior managing director in the Risk and Compliance group of Guidepost Solutions. Ausbrook is former executive secretary of the White House’s Homeland Security Council and top lawyer on the House Government Reform and Oversight Committee.
FinCEN will have to be transparent about how it intends to verify information against public and other databases, he said, as well as its expectations for information sharing with financial institutions.