The biggest data leak in corporate history has underscored the value of big data analysis in detecting fraud, reducing compliance costs & reputational risk.
The full ramifications of the Panama Papers scandal are only beginning to unfold. The UK’s Financial Conduct Authority (FCA) has instructed as many as 20 banks to provide details of accounts handled by Mossack Fonseca. For its part, the US government is closing a major loophole that existed for decades, by requiring banks and financial institutions to know the identities of shareholders and directors of shell companies who are their clients.
The reputational damage for many of the companies and individuals connected to the 214,000 offshore companies named in the Panama Papers leak is potentially significant, in particular, if some of these companies appear in sanction or other “watch” lists. For banks or other organisations that fail to monitor and report violations or breaches of sanction lists or do their due diligence thoroughly, the penalties can be considerable. In one prominent case, a major bank was fined nearly US$9 billion in 2014 for violating U.S. sanctions.
Turning risks into opportunities
What the Panama Papers scandal has exposed is the cloak of secrecy under which some organisations, and individuals, use offshore financial centres to evade tax, conduct money laundering operations, hide assets or avoid sanctions. Corporations established at offshore financial centres come in many forms and structures and their structures can be very complex—multilevel or multinational—making it difficult to establish the ultimate business ownership (UBO) of an entity. This in turn affects the organisation’s ability to perform proper due diligence on its customers.
It should be noted that setting up business in offshore financial centres (OFCs) is not illegal, and in some cases, OFCs can have legitimate uses, such as in merger and acquisitions or financing. However, OFCs are used in some instances to mask illegal activities with elaborate legal structures across multiple jurisdictions, which will be extremely difficult to analyse and unravel without appropriate data-driven analytical solutions.
The Panama Papers case is unprecedented in this respect in terms of the amount of data—2,600GB of data with 11.5m files in total, as reported in various media. While the events are still unfolding, various companies, organisations and authorities in multiple jurisdictions are sifting through this sheer amount of big data to assess the implications. However, the huge amount of data requires an automated approach that enables organisations to analyse, continuously monitor, and remediate issues in order to reduce compliance and reputational risks and costs in the long run.
Risk and operational assurance with continuous monitoring
What the biggest data leak in corporate history has ironically reinforced is the value of data analytics in helping organisations to rationalise and simplify “big data” into bite-size and useful information, for instance, in the form of early warnings, risk indicators, risk scorecards and other fraud detection mechanisms. Data analytics tools provide more efficient ways of monitoring, detecting, and preventing fraud, breaches and non-compliance issues, as well as better ways of connecting the dots between individuals, companies, and fraudulent activities.
Many organisations have found it challenging to navigate in the world “big data”, whereby data are residing in multiple systems across borders. These challenges are compounded when data are available in different formats, structured and unstructured. However, organisations also have more tools at their disposal now, making it easier to monitor activities and transactions on a continuous or more frequent basis.
The concept of continuous monitoring has been around for some time, and yet, many organisations still rely on ad-hoc, and even manual, techniques to analyse data and test controls. However, with the increasingly complex and interconnected risk universe, such techniques are no longer sufficient to meet the demands and expectations of internal stakeholders and regulators. Moreover, the fundamental shortcoming of these ad-hoc or manual approaches are their inability to produce real-time information to stakeholders and to provide sufficient coverage or assurance of material risk areas and processes at any given time.
Many banks and other organisations received significant fines or suffered reputational damage, partly due to their inability to properly monitor risks, transactions and other customer-related activities that were in breach of regulations and sanctions. The Panama Papers case has once again highlighted the risks associated with “big data”. As analysts and regulators are combing through the estimated 11.5 million files in the next few months, more organisations and individuals may inadvertently become the headlines themselves.