Mention Panama Papers to anyone who works in the financial sector, you'll probably get a number of interesting responses. Well, it also depends on when and who you ask the question to.
It has been just over a year since the infamous Panama Papers rocked the global financial and professional sectors with 11.5 millions leaked documents amounting to 2.6 Terabytes of data. These included text files, emails, images etc. of more than 200,000 offshore entities. Questions around tax evasion, money laundering and other criminal activities by politicians, rich and famous people hogged headlines then. Talk about information overload.
This time last year, banks, FIs and regulators around the world reacted by scrambling all over the place trying to identify if any of their customers, partners, associates etc. is named in the ICIJ database. It is almost like searching for a needle in the haystack, to say the least.
I guess the bigger objective then was to quickly comb through the database and hopefully, none of their clients was on the list. If so, case closed.
When they eventually got a hit, some regulators had enquired if such hit in itself was an issue and some authorities even clarified that it was perfectly legitimate to have offshore entities as part of financial transaction structuring, efficient tax planning and so on. It was then up to the banks and financial institutions to consider, on a risk-based approach, if indeed a hit was an issue. If so, perhaps there was a need to consider STR.
I suspect the scrambling went on for a couple of months.
Now, a year has passed. There hasn't been (yet) any further leak to the original 200,000 offshore entities from any sources and I believe ICIJ investigation continues. So as with all information, the passage of time has rendered the ICIJ database somewhat outdated or even irrelevant in its current form.
If I am a criminal "worth my salt" and had used one of the 200,000 entities to do bad things, and knowing that my profile was leaked, I would have gotten out of it in a heart beat. Plainly, I would incorporate new entities, use different lawyers, consider various other friendly jurisdictions and so on. In another words, the party continues.
What is left is a database of records dated 12 months ago.
There may be some cases where the directors and shareholders of the 200,000 entities remain intact because they are legitimate ones. The unintended consequence of "punishing" the legit ones by subjecting them to increased scrutiny because some banks, FIs and even DNFBPs may have embedded screening against Panama Papers into their BAU processes seems quite plausible. In my opinion, this appears rather silly and counter-intuitive especially when the bad guys are already out of it.
Remember the usual movie scene when the police always arrive just after the criminals have fled? That's exactly my point here!
When regulators and industry as a whole react to knee-jerk events like Panama Papers, the usual response is to go tactical and address the immediate concern (whatever that concern was then).
Usually, there is little consideration to the longer term longevity and effects of such measures. Panama Papers is a perfect example. Whilst it is right for everyone to at least check their client base against the list then (in 2016, that is) given it is publicly available, the question is whether it is still relevant to check against the same list now? I suspect prudence prevails and the usual "excuse" of taking a risk based approach is an easy way out.
On the regulated side, it becomes an incremental problem to add to the long list of AML/KYC tasks. Do we continue to screen against Panama Papers now or not? If we do, it adds further strains to resources and budget as well as whether the action actually serves any real and meaningful purpose at all. Not to even mention false positives etc. If we don't screen, we run the risk of being questioned by the regulators and auditors why didn't we do it.
Damned if you do, damned if you don't. A rather unenviable position to be stuck between a rock and a hard place, that is.