Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X
Issue XI
Issue XII
Issue XIII
Issue XIV
Issue XV
Issue XVI
Issue XVII
Issue XVIII
Issue XIX
Issue XX
Issue XXI
Issue XXII
Issue XXIII
Issue XXIV
Issue XXV
Issue XXVI
Issue XXVII

click here to

Subscribe to our newsletter



To Unsubscribe click here

The Governance, Risk Management and Compliance and IT Security (GRC) issues from The Panama Papers



Governance components of Transparency and Accountability.
Financial institutions of offshore tax havens have in the past, either hidden behind the sovereignty of their local laws, which allowed them to guarantee the anonymity of their investors. However, the Digitisation of Documents and their exchange via the internet has created a definite weak link in their banking secrecy. In future, the digital papers and the internet will be the most active enemies of muddy financial transactions.

Risk Management issues of the Panama Papers
Almost all sectors will be affected by the leaks, particularly those companies that traditionally have paid bribes to win may and large public contracts and related corrupt activities thru money from offshore tax shelters.

The financial sector will mainly face the risk of exposure due to the knowledge of the financial transaction and for being in a position to recommend or assist companies with offshore investments. The banks like all commercial enterprises are at the forefront of corruption, AML or monitoring flows of capital if the right due diligence on 'Know your Customer' is not conducted.

The Panama Papers underscore the fundamental injustices and inequalities created by the offshore system, when taxes are evaded, state assets are robbed, and the need for public registries in which information about who ultimately controls a company is accessible to all. However, it is ultimately the law enforcement and oversight authorities that must hunt the real people behind anonymous companies used in money laundering and other wrongdoing.

Compliance lessons from the Panama Papers
The Panama Papers highlights the importance of performing proper due diligence on the people and entities with which a company does its business. Every jurisdiction has issued guidelines on corruption prevention emphasises the importance of adequate due diligence.

The documents demonstrate the importance of identifying the ultimate beneficiary of those on the receiving end of due diligence. It is not enough to limit the diligence to the first level of shareholders but determines the shareholders and stakeholders of all parts and subsidiaries. All individuals must be subjected to the appropriate level of due diligence.

IT Security Lessons from the Panama Papers.
Mossack Fonseca & Co., the Panamanian law firm and corporate service provider have 40 global offices and 600 lawyers worldwide. The enormous cache of the leaked documents reveals some IT- Security flaws. The primary reason is that the front-end computer systems of Mossack Fonseca were outdated and riddled with security flaws and has apparently shown an "astonishing" disregard for IT-security and IT discipline. Mossack Fonseca & Co. is the first and only ISO 9001:2008 certified legal services company in Panama.

ISO certification is, therefore, no guarantee. Companies are recommended from the data leaks and pay particular attention to the data, and IT challenges in handling personal data when EU's General Data Protection Regulation (GDPR) goes live in 2018. The GDPR security and data protection policies need entirely new roles and responsibilities to address the data and safety information system within the organisation and to proactively monitor their networks and identify any potential security threat in real-time. The dramatic changes on how personal data will be collected, stored, accessed, disclosed and utilised to avoid the same leaks as with so many other companies, causing irreparable reputation damage.

Perhaps Panama is the tip of the offshore iceberg. There are several other jurisdictions posing similar problems. OECD has conducted well over 200 Phase 1 and two peer reviews in the past seven years called the Global Forum. It has identified some member countries and jurisdictions whose legal and regulatory framework for the exchange of information is not up to international standards. They include Guatemala, Kazakhstan, Lebanon, Liberia, Micronesia, Nauru, Trinidad and Tobago and Vanuatu. It is clear that there are many other jurisdictions where a lack of information on beneficial ownership of corporate and other entities can facilitate illicit cash flows.

The full dataset is also available for download.
https://panamapapers.icij.org/blog/20160509-offshore-database-release.html