The Panama Papers are reported to be a leaked set of 11.5 million internal records detailing information about more than 214,000 offshore entities allegedly established with assistance from Panama-based law firm Mossack Fonseca (“MF”). On 9 May 2016, the ICIJ released a searchable database and documents allegedly cover a period starting back in the 1970s and reportedly comprise 2.6 terabytes of data. This release purports to contain data relating to more than 214,000 offshore entities incorporated by MF and to the persons associated with them (as beneficiaries, shareholders or directors).
Panama Papers in numbers
- Reputational risk: banks, financial institutions and other intermediaries run the risk of becoming associated with the matter and may find themselves on the receiving end of allegations of having provided assistance to launder the proceeds of illicit activity, or of having taken part in tax evasion, thus affecting the reputation. A number of banks, financial institutions and other intermediaries have been mentioned in the papers and have made the headlines already.
- Regulatory risks: across Europe, financial watchdogs and regulatory authorities are reported to have launched inquiries regarding various aspects related to the Panama Papers. These include Swiss, German, French, Luxembourg, UK, Swedish, Dutch and Austrian financial watchdogs. It has been reported that some regulators (such as FINMA in Switzerland, BaFin in Germany, CSSF in Luxembourg and the FCA in the UK) have requested banks to report on their exposure to the matter, imposing tight reporting deadlines for affected banks.
Banks, financial institutions and other intermediaries should be able to demonstrate to financial regulators and other relevant stakeholders (such as the board of directors) that they had in place reasonable policies and codes of conduct, but that in light of the disclosures, has undertaken to ascertain the presence of these issues and, if present, remediation, as well as a concomitant tightening of the control environment.
It is recommended that the following preliminary steps should be considered:
- Identification from all public sources available materials relating to the Panama Papers case
- Conducting an analysis to determine the initial scope of potential investigation
- Consultations with legal counsel on issuance of legal preservation hold notices to all relevant jurisdictions, businesses and employees, based on the scope of the investigation and applicable laws
- Consideration of potential issues on data protection and banking secrecy that may require the attention of legal counsel.
Companies need to act now
Business interactions with offshore holding companies are, at least for the time being, at the forefront of the daily business headlines and likely top-of-mind for regulators. As rules and regulations continue to evolve, corporate boards and governance committees will likely shift (or increase) their focus on their respective companies’ exposures to these types of relationships. Companies may wish to act quickly to assess the nature and extent of any corruption, fraud, money laundering, and sanctions-related risks within their operations. To the extent any potential gaps are identified, companies should take action and implement policies, procedures, controls, and other corrective measures to mitigate the risk of non-compliance going forward.
It is difficult to understand the potential impact of the release of the Panama Papers, as analysis is completed on the available database and further disclosures (potentially identifying additional companies involved) are expected over the coming weeks and months.
Join our webinar: In the wake of the Panama Papers: Proactively assessing your risks
Date: July 22 | 2 p.m. ET | 18:00 GMT
Host: Don Fancher, principal, Deloitte Financial Advisory Services LLP
To register, please click here.
On May 9, 2016, one of the biggest data leaks in history occurred. The Panama Papers were leaked to a worldwide audience and contained confidential information about over 210,000 offshore shell companies. Aside from data security-related implications, what new issues does this incident raise for corporate compliance and risk management programs? We'll discuss:
- Assessing the strengths and weaknesses of existing anti-corruption, anti-fraud, AML, and sanctions compliance programs.
- Performing effective customer and vendor third-party due diligence.
- Harnessing the power of analytics to detect improper transactions.
- Conducting comprehensive investigations to discern which activity is truly improper.
Explore new ways to strengthen corporate compliance and risk management programs so they evolve with new threats.