Banking and finance dispute resolution
For the latest news and comment on banking and finance disputes.
For the latest news and comment on banking and finance disputes.
For all the latest news and comment in clinical negligence healthcare law
This collection looks at the latest news and comment on commercial contracting healthcare law. With the health and social care sector under…
For all the latest news and comment in employment and pensions healthcare law
For all the latest legal and regulatory news and comment in health technology
This collection contains DAC B eachcroft's latest report, The Route to Integrated Healthcare , which provides the first practical examples of how…
This collection looks at the latest strategic, commercial, regulatory and negligence legal and advisory news and comment in health and social care. …
For all the latest news and comment on employment and pensions law.
DAC Beachcroft Dublin specialises in insurance, professional indemnity, defendant personal injury, health, commercial litigation and employment work.…
For all the latest new and comment in tax law.
The GC Collective collection offers insight and comment for General Counsels (GCs) and in-house legal teams.
For the latest news and comment on Corporate, M&A and Equity Capital Markets.
Analysis, commentary and checklists on the legal and governance implications of Brexit on businesses operating in, and trading with, the UK
The Accountant's Liability Collection brings you topical news and insight of interest to accountants, actuaries, trustees and other financial…
Events and online training for the health and social care sector.
DAC Beachcroft's LatAm Quarterly Newsletter discusses topical news and issues in Latin America
In response to client suggestions and requests, DAC Beachcroft's insurance sector flagship publication.
For all the latest legal and regulatory news and comment in health and social care integration
For all the latest news and comment in corporate regulatory healthcare law
Find advice, commentary and thought leadership on all aspects of Director's & Officer's Insurance; from contract formation through to complex…
This collection looks at the latest news, comment and development on the law affecting mental health services. The law affecting mental health…
Our market-leading Information Law team regularly publish articles and updates addressing the ever-evolving Information Law landscape.
This collection looks at our Safety, Health and Environment Team and the products and services they can provide. In the climate of increased…
The Insurance Act 2015 comes into force in August 2016 and will represent a significant change to insurance contract law in this country. This…
Legislative changes are bringing major changes to the Insurance landscape. This collection houses DAC Beachcroft's alerts on the pertinent issues.
For all the latest news and comment in clinical regulatory healthcare law
Organisations face ever-increasing expectations from Government, regulators, customers or service users, and other stakeholders, so scrutiny and…
For all the latest legal and regulatory news and comment in healthcare estates and facilities management
This collection addresses the full spectrum of cyber security and data risk management – the zeitgeist of our age.
We have acted for clients in the majority of significant product liability cases that have been decided in the UK over the last 35 years. Our product…
Considering the future landscapes of our cities
The European General Data Protection Regulation (GDPR) came into force on 25 May 2016. A rewrite of European data protection law, the GDPR imposes…
Considering the future of housing
For the latest news and comment on public procurement law.
Welcome to the Construction Risks collection. This space is used to report upon issues of interest to those who seek to allocate, manage and reduce…
Technology, brands and intellectual capital are key assets for any successful business. Our intellectual property (IP) team are experts at helping…
Considering the future of retail
The Insurance Market Conditions and Trends report is DAC Beachcroft's insurance sector flagship publication. Now in its tenth year, the report…
The Solicitors' Risk Collection addresses issues and developments affecting legal practitioners, and the professional indemnity insurers of legal…
Published On: 25 May 2016
The leak of confidential data from the Panamanian law firm, Mossack Fonseca, in April has highlighted the potential reputational risks that businesses face if they arrange their affairs in off-shore jurisdictions and the general data security risks that all businesses face today.
In the largest ever recorded data leak, an anonymous source forwarded over 11.5 million lawyer-client documents dating from as far back as the 1970s to a German newspaper. The documents were then forwarded to the International Consortium of Investigative Journalists (ICIJ) and thereafter distributed to media centres across the world.
On 3 April 2016, the leak of the so-called "Panama Papers" was first reported in the press alongside the identities of prominent public officials, national leaders, company directors and shareholders, and high net-worth individuals that have used opaque off-shore structures and shell companies to hide their wealth from tax authorities. On May 9, the ICIJ published its "Panama Papers" database, a fully searchable, on-line database containing the identities and financial records of 320,000 off-shore entities, being a small portion of the total given to the journalists by the anonymous source.
Claims relating to the Panama Papers leak have the potential to be very significant and are likely to involve criminal, regulatory and civil actions.
The leak has prompted worldwide regulatory investigations, and banks and financial institutions are already being directly implicated in these investigations.
Whilst Mossack Fonseca is maintaining that it has done nothing illegal (because tax avoidance is not illegal), its possible involvement in the use of off-shore companies to circumvent international trade sanctions in Iran, Syria and North Korea and other illicit activities including money laundering and bribe payments are now being investigated by the US Department of Justice.
In the UK, the Financial Conduct Authority (FCA) has asked 64 financial services firms and banks to disclose details of any accounts handled by Mossack Fonseca and explain what they are doing internally to assess their exposure. The FCA has not yet reached any conclusions from its preliminary analysis but given the allegations of breaches of sanctions, money-laundering offences and other crimes published in the media, the FCA has said that it will be considering whether the banks' anti-money-laundering controls should have raised "red flags".
Mossack Fonseca operated from dozens of offices across the world. Banks, investment houses, accountants, law firms, tax advisers and other professional advisers that played a role in off-shore transactions involving Mossack Fonseca should be prepared to assist with these regulatory investigations, possibly by attending interviews and producing documents for regulatory scrutiny. The costs of these investigations may sound in claims for the recovery of "defence costs" under D&O, professional indemnity, E&O and cyber policies.
Data security experts have noted that Mossack Fonseca was not encrypting its emails and it was using a computer programme with known vulnerabilities and out of date plug-ins. If it is established that the data leak was caused by the firm's failure to implement adequate security measures, then claims by former clients of Mossack Fonseca for breach of confidence, loss of privacy and reputational damage are likely.
The UK tax authority, HMRC, has confirmed it is clamping down on tax avoidance schemes and will impose tougher penalties on off-shore evaders. It is conceivable that clients or former clients of Mossack Fonseca will bring claims if the tax authorities find that the tax structures set up by Mossack Fonseca were illegal or amounted to tax evasion. Allegations of negligent tax advice/planning may not be confined to Mossack Fonseca but may also be directed against any professional involved in setting up the tax structure.
Under English law, the success of such claims would depend on whether former clients could show that, if advised differently, they could and would have invested in a different structure which would not have resulted in additional tax liabilities. Each case will turn on its own facts, but professional advisers and their insurers should consider their possible exposure in respect of such claims.
Claims may potentially extend beyond professional advisers. Company directors who pursued secret, aggressive tax strategies with Mossack Fonseca's assistance may see their company's reputation tarnished by negative media attention and (possibly) an irrecoverable fall in share price. Whilst the use of off-shore tax structures is not "illegal" per se, their use is perceived by many as "unethical" and "immoral", and it could be argued that by using such structures, the directors were not promoting the best interests of the company. We may see action groups pursue derivative claims in the future under the Companies Act 2006, if appropriately funded. These claims may potentially fall for consideration under any applicable D&O policy.
The FCA acting Chief Executive, Tracey McDermott, has reported "a significant amount of business in Panama would be expected to be perfectly legal" and it is, of course, possible that the regulatory investigations will conclude there was no illicit activity and no prosecutions will follow. Irrespective of the legalities of off-shore transactions, however, the negative media attention may cause many to evaluate their association with these structures and they may wish to give careful consideration to the following points going forward:
The Panama data leak raises a very important issue for businesses and particularly professional advisers that hold confidential data. Electronic data is vulnerable to attack by third party hackers who may delete, corrupt or distribute confidential information.
Given that lawyers, accountants and other professional advisers hold highly confidential documents electronically, many will now be concerned about data theft from their own systems and the risk of claims by clients in the event of a similar data hack. Many will question what they can do to minimise their exposure to a similar attack in the future.
Those storing confidential papers in particular should assess their data security measures within their organisation and consider how data is stored and accessed, and by whom. The following precautions may help minimise the risk of a data attack:
The Panama data leak is a wake up for many. It has highlighted the reputational risks of being associated with off-shore structures and highlighted the vulnerabilities of storing confidential data electronically. Professional advisers, in particular, should reflect on the reputational damage they may cause to themselves and to their clients where sensitive information is leaked publicly and ensure their digital security is sufficient to minimise the risk of a security breach in the future.