I’ve been doing some remote training recently for a new MLRO, which has been great fun: we’ve covered all the essential and then plenty of those fun, tangential topics that concern MLROs – including beneficial ownership and (our topic for today) the ICIJ’s Offshore Leaks Database. Many people think that this database contains simply the information from the Panama Papers, but as the database’s own website explains: “The first instalment of the database was released on 14 June 2013 as part of ICIJ’s Offshore Leaks investigation. More records were added on 23 January 2014 (from ICIJ’s China Leaks investigation), on 9 May 2016 (from ICIJ’s Panama Papers investigation) and on 21 September 2016 (from ICIJ’s Bahamas Leaks investigation). Between November 2017 and February 2018 ICIJ released data from the Paradise investigation, including records from the offshore law firm Appleby and seven corporate registries: Aruba, Cook Islands, Bahamas, Barbados, Malta, Nevis and Samoa. The Offshore Leaks database contains information on more than 785,000 offshore entities and covers nearly 80 years up to 2016.” So the Panama Papers are only a part of the story, although it was a headline-grabbing boost to the database – and certainly the event that caught my eye when it happened.
For the MLRO, there are certain things to know about the database. First, as the database website itself says, front and centre, “there are legitimate uses for offshore companies and trusts – we do not intend to suggest or imply that any persons, companies or other entities included in the ICIJ Offshore Leaks Database have broken the law or otherwise acted improperly”. In other words, just because someone features in the database, it does not mean that they are criminal: it means simply that they have used the services of one of the firms whose data forms the database. They may well have done that in order to arrange their affairs as tax efficiently as possible – but that’s not criminal. Second, there may well be duplications, contradictions and errors in the data – it is a database assembled from several sources, and not a verified registry. Third, there are better and worse ways to search the database. You can just noodle around, scurrying down rabbit-holes and chasing juicy leads – which is fun for a while. Or you can approach it more efficiently, using the suggestions provided by the ICIJ itself – on searching by location, on exploring networks and entity metadata, and on investigating companies.
But perhaps the most important thing an MLRO needs to do is to be prepared. If you search the database for a client, there are several possible outcomes:
- They aren’t there – phew!
- They are there, but what is revealed about them is what you knew anyway – phew!
- They are there, and what is revealed about them is news to you but immaterial to your relationship with them – half-phew, as perhaps your CDD is lacking or the client was not completely open with you
- They are there, what is revealed about them is news to you, and it does affect your relationship with them (it increases their risk rating, or gives away that they lied to you) – uh-oh!
So you need to be prepared for any of these outcomes and to know what you are going to do as a result – and, to demonstrate your top-notch CDD, you need to keep careful records of your reasons for searching (or not searching), the results of any searches, and your reaction to those results. That’ll teach you to want more information.