The Panama papers revealed by the International Consortium of Investigative Journalists (ICIJ), the fourth tax haven leak coordinated by the ICIJ since 2013, raise all kinds of legal issues both for the firm and their clients.
Mossack Fonseca, which specializes in setting up offshore companies, denies any wrongdoing. It is not illegal to use off- shore structures. Nor is tax avoidance is illegal. The UK in part enables these structures as many tax havens, such as the British Virgin Islands and Cayman Islands, are British overseas territories, while Jersey and the Isle of Man are British crown dependencies.
However, a lack of transparency is connected to all sorts of corporate wrongdoing, from bribery and corruption to money laundering and human trafficking.
The UK arm of Mossack Fonseca has released a statement to say that it was at the forefront of undertaking due diligence checks and that reporting obligations were taken seriously. The firm also had established policies and procedures to identify and handle cases where individuals either qualify as PEPs or are related to them.
The Panama papers reveal that despite the due diligence checks undertaken, the firm acted for an Iranian oil company that was subject to both US and UN sanctions. These sanctions have subsequently been lifted, see Legal Update, HM Treasury publishes updated guidance and Financial Sanctions Notice on financial sanctions on Iran following Implementation Day. Corporate bodies conducting business in countries where sanctions legislation is in place should conduct detailed due diligence on any partners, joint venture parties or acquisition targets to establish, as far as possible, that there is no reasonable cause to suspect they are associated with those on the consolidated list. These steps are critical:
- Establishing who the beneficial owner of any asset is.
- Ensuring that directors or companies are not simply “fronts” for those on the sanctions list.
- Ensuring that any changes in the directors, key personnel and corporate structure are monitored carefully.
- Ensuring that the sanctions list is constantly monitored.
Due diligence is also an important component in avoiding committing money laundering and offences under the Bribery Act 2010. Simply because the client is not designated at the time of instruction, does not preclude liability for breach of sanctions should the client become designated at a later date. For more information on financial sanctions see Practice note, Financial sanctions.
The revised Financial Sanctions: Guidance,which was published on 5 April 2016 by the newly formed Office of Financial Sanctions Implementation (OFSI) at the Treasury (Updated Financial Sanctions Guidance published), states that payment for legal services and the provision of legal services on credit do require an OFSI licence. Some legal services such as the provision of company formation services may constitute the provision of “financial services” which are otherwise prohibited under the Terrorist Asset Freezing etc Act 2010. Where sanctions prohibit specific actions (eg restructuring of finance) lawyers must consider whether advice and support for the client is helping them comply with sanctions or is participating in or otherwise facilitating a breach.
When financial sanctions are knowingly breached, or there is reasonable suspicion that a transaction is a sanctions breach, the individual or company could be prosecuted under the money laundering regime. For full details of money laundering offences in England and Wales, see Practice note, Money laundering offences in the UK: overview.
If the sanctions breached relate to a designated terrorist organisation, the Terrorist Asset-Freezing etc Act 2010 (TAFA 2010) can be used to prosecute. For further information, see Practice note, Use and possession, funding arrangements and money laundering.
Breach of financial sanctions is a criminal offence punishable by imprisonment or an unlimited fine.
Tax evasion is a long established criminal offence in the UK, and is subject to ongoing developments as a result of strong public opinion, for example, the Finance Bill 2016 (see Legal update, New tax offences in the Finance Bill 2016).
There are a number of different offences under which tax evasion can be prosecuted, depending on the facts and the seriousness of the offence. An overview of criminal tax offences is provided by Practice note, Criminal prosecutions for tax fraud: overview. HMRC were quick to comment on the possibility of tax investigations and prosecution stating that the specialist offshore unit in the Fraud Investigation Service is currently investigating more than 1,100 cases of offshore evasion around the world, with more than 90 individuals subject to current criminal investigation. HMRC has asked the ICIJ to share the leaked data so that it can be cross referenced with the HMRC database. See Legal update, HMRC publishes robust response to the ICIJ story on offshore tax evasion
Progress was made in respect of promoting ethical business through the adoption of UN Guiding Principles on Business and Human Rights (UNGPs) in 2011, and the consequent National Action Plans that were implemented. See blog post, Are there too many hurdles to making human rights complaints about multi-national companies. Perhaps now the focus will move towards soft regulation in terms of tax issues in conjunction with the government commitment to extending corporate criminal liability extra-jurisdictionally in respect of failure to prevent tax offences.
Meanwhile, Mossack Fonseca has complained that the data leak was external and filed a complaint with state prosecutors. This throws up two separate legal issues:
- The extent to which any individual responsible for the data hack has committed a criminal offence.
- The extent to which Mossack Fonseca could be held liable for failing to protect their client’s data.
Mossack Fonseca does not fall under the jurisdiction of UK regulators. However, should a UK regulated firm find itself it the same position, it would have to consider both cybercrime and data protection issues. For more information, see Practice notes, Cybercrime; overview and Data Protection Act 1998: criminal enforcement.