In early 2015, an anonymous whistle-blower approached the SÃ¼ddeutsche Zeitung newspaper in Germany (SZ), and having requested and received certain security assurances from SZâs investigative journalists, proceeded to facilitate the largest data leakage in history. The leaked documents related to 214,000 so-called âletterbox companiesâ and contained 11.5 million files, including emails, pdfs, photo files and excerpts from the internal database of the Panamanian law firm and corporate services provider, Mossack Fenseca. Confronted with a task of almost unimaginable enormity, SZ approached the International Consortium of Investigative Journalists (ICIJ), who had helped with the Wikileaks investigation and the Lux Leaks investigation. The ICIJ proceeded to share the investigative research amongst its member newspapers and broadcasters and, in April this year, over a year after the original whistle-blowing took place, information started to be made public and Mossack Fenseca announced to its clients that it had suffered a security breach. The leak has since received worldwide coverage and is commonly referred to as âThe Panama Papersâ.
Much has been written about the Panama Papers in the local and international media. Most of it focuses on celebrity use of offshore structuring and alleged tax evasion by footballers, film stars and businessmen. Now that the dust has settled following the original scandal, this article aims to look at the background to the papers and to see whether there is anything that we can learn from what happened.
Theoretically, Panamanian companies and the nominee directors provided by their corporate service providers, were supposed to provide anonymity to the real beneficial owners of such companies, which the Panama Papers suggest were often held through other offshore jurisdictions. Much has been written about the potential for clients being able to cover up illegally obtained funds and avoiding UN sanctions. However, there are a number of entirely legitimate reasons for an owner trying to hide his/her identity: inheritance and estate planning; securing assets from kidnappers and corporate raiders; and incorporating joint venture structures in a neutral territory. Indeed, it should be noted that Panama has not been blacklisted by the U.S. or the EU as a destination for American or European funds, although the French government did react by reinstating it to a list of tax havens.
In the meantime, Mossack Fenseca and its partners strongly denied claims of wrong-doing, pointing to their large compliance department and stating that their systems had been hacked from outside of Panama, indicating that the leak was not an âinside job.â Mr. Fonseca, one of the firmâs founders, stated that much of the information being cited was false and inaccurate and the firm appeared to push the blame onto its own clients, many of whom are themselves professional services firms, implying that the clients themselves should have carried out anti-money laundering and know-your-customer checks.
So what are the main takeaway points from this episode in remote Panama, which Russiaâs most famous expat, Edward Snowden, described as the âbiggest leak in the history of data journalism?â Firstly, whether the result of a hack or a data leak from an employee, the Panama Papers demonstrate an obvious need for all businesses to keep their IT programming and security up to date and under regular review, whatever it is they are doing. In the modern era, it is extremely easy for large quantities of information to be downloaded and stolen very quickly. Secondly, offshore structuring and tax havens are going to come under ever increasing scrutiny, which means that national governments are also going to have to review their internal tax legislation. This may be no bad thing.