Over the weekend Central American law firm Mossack Fonseca has found itself at the centre of the world's largest data leak. This comes on the back of several high profile data security breaches that have released into the public domain names of companies and individuals involved in structuring their affairs through what are described to be “secret” offshore tax havens.
The unprecedented leak of more than 11 million documents spanning a period from the 1970s to 2016 came from an anonymous source and was shared with the International Consortium of Investigative Journalists (ICIJ) which in turn organised an investigation by news organisations around the world. To put the scale of the leak into context “Wikileaks” in 2010 involved 1.7 gigabytes of sensitive information being stolen and publicly distributed – Mossack Fonseca involves 2.6 terabytes i.e. 1,500 times larger.
The documents (including emails, banking details and client records) date back 40 years and have attracted media attention due to the fact that they appear to include 12 current/former world leaders and 128 more politicians and public officials from around the world.
Whilst the use of offshore structures/entities in tax advantageous jurisdictions is not illegal, the opaque nature of these structures means that meaningful oversight by the enforcement authorities and their underlying purposes may not be possible. The concern is that at least some will have been used for tax avoidance, money laundering and/or to circumvent international sanctions.
That said, in parallel to what are becoming increasingly frequent data leaks, governments around the world are now also looking to toughen up their disclosure requirements and provide full transparency when it comes to who owns/controls what in the world of international finance.
New Persons of Significant Control (PSC) Register
The UK is attempting to lead the way in trying to provide a transparent platform/market in which to carry out business. From 6 April 2016 companies must keep a register of individuals who are deemed to have "significant control". An overview of the compliance requirements and issues arising from the PSC register can be found here. The PSC register represents implementation in the UK of one aspect of the Fourth AML Directive.
Assessment and consultation on the Fourth AML Directive remains ongoing across Europe with the deadline for implementation into national law being 26 June 2017.
The objective of the Fourth AML Directive is to target the prevention, detection and investigation of money laundering and terrorist financing. In particular, it aims to enhance the existing risk-based approach to anti-money laundering and counter-terrorist financing and increases the focus on the effectiveness of those systems. The Fourth AML Directive specifically addresses:
- Customer due diligence, including provisions on “simplified” due diligence and “enhanced” due diligence – i.e. what information you should know and what enquiries should be made before you can start business with a counterparty.
- Beneficial ownership information relating to corporates and trusts, including the introduction of central registers such as that shortly to be implemented in the UK.
- Reporting obligations, including suspicious transaction reports.
- Data protection and record keeping.
- Policies, procedures and supervision, including provisions on training.
For a detailed insight into the Directive from KWM’s Luxembourg office, see here.
The leaked data is a never-before-seen insight into the offshore world allowing not just journalists but enforcement authorities the ability to see how assets are held and transactions structured within the global financial tax system. It is almost certain that both civil and criminal investigations will follow and the expectations as regards EU Member States tackling money laundering and terrorist financing in the years to come have just been increased significantly.