Did the FBI have access to the Panama Papers?

Did the FBI have access to the Panama Papers?

‘Give the information to the feds, not to the plebs’. This, crudely, has been one of the main arguments deployed against publishing the beneficial ownership of companies and other legal entities. Law enforcement agents chasing money launderers or tax evaders using anonymous shell companies need this information, and can already get it through tax information exchange agreements (TIEAs) or mutual legal assistance (MLA) requests, this argument goes. The general public doesn’t need to know, and indeed encouraging public vigilantism can discourage states to comply with legitimate law enforcement requests.

UK legislators made several versions of this argument to oppose amendments to the 2017 Criminal Finances Bill which would have mandated direct legislation to establish public beneficial ownership registers in the British Overseas Territories (OTs). And when earlier this year the UK Parliament finally passed such a measure – which is still being fought by several OT administrations – their lobbyists and advocates similarly argued that the OT’s provision of information to law enforcement puts them beyond reproach, or need of reform:

[Premier Smith] said the BVI Foreign Office is now engaging UK parliamentarians about the territory’s anti-money laundering and tax transparency strategies such as the Beneficial Ownership Secure Search System, otherwise known as BOSS.

“[BOSS] puts BVI at the cutting edge of facilitating effective law enforcement against those who might seek to use our business companies for nefarious purposes,” the Premier said.

He said BOSS ensures “beneficial ownership information is directly and immediately available to BVI competent authorities”.

I have some sympathy with the basic sentiment behind this argument, if not with its motivations. It is indeed for law enforcement agencies to enforce laws. But even if detecting law-breaking were the only useful use of beneficial ownership information (it’s not) it’s far from clear that TIEA and MLA channels do indeed consistently deliver the BO information that law enforcers want. It sometimes seems that proponents of this argument assume that detectives and investigators simply get on the phone to the Cayman Islands company registry and get emailed the details of a company’s ownership twenty minutes later, like running a car licence plate. My own limited experience of requesting ownership information about companies registered in British Overseas Territories through diplomatic channels (not quite the same thing as a law enforcement request, but with some political weight) when I worked as a UN Security Council sanctions investigator was that, at least back in 2011, answers were not consistently forthcoming. It’s possible that criminal law enforcement agencies have different experiences, though several criminal investigators have told me about similar frustrations.


  • There are serious administrative obstacles: even with a raft of new electronic data systems for company ownership information, many OTs have deliberately ensured that searches in these systems require a battery of checks and approvals; can only be carried out by a small number of authorised local officials; and that the critical documentation underlying the information is not kept centrally but by a dispersed network of registered company agents, often in a different jurisdiction altogether. Here, for example, is the procedure for the UK to obtain beneficial ownership information and documentation from the BVI via their new “BOSS” beneficial ownership register. This is what the BVI premier has called “the cutting edge of facilitating effective law enforcement against those who might seek to use our business companies for nefarious purposes”:

BVI info exchange

  • There’s judicial resistance: as in the Cayman Islands, where in February 2011 Australian Tax Office investigators, unpicking a set of complex tax evasion schemes set up by a Sydney accountant, requested information about the ownership of two Cayman companies at the heart of the schemes. The investigators suspected that the Sydney accountant controlled these companies behind a sham shareholder. The Cayman Tax Information Authority duly provided the ownership information: an expansive Cayman-Australia TIEA agreed in 2010 commits each country to provide on request all “information that is foreseeably relevant to the administration and enforcement” of each country’s domestic tax laws. The accountant’s lawyers, however, fought this compliance all the way to the Cayman Grand Court, which ruled that despite the existence of the TIEA, the Cayman Tax Authority had overstepped its authority, ordering the Australian Tax Office to return the beneficial ownership information and destroy any copies it had. (The Australian Tax Office, of course, flatly refused. The Australian High Court, in part on the basis of this information, subsequently found that the accountant’s investment schemes were fake and set up for the purposes of tax evasion, issuing A$300m in tax assessments to the schemes’ users; and the accountant was subsequently charged separately with conspiring to pervert the course of justice).
  • And in many cases, even where law enforcement cooperation is prompt and in good faith, the information simply isn’t present at all in the files of the registrars, lawyers or company agents who are supposed to keep it. (The UK’s own *public* beneficial ownership registry, of course, is far from immune from this problem – though at least with a public register such non-compliance is itself readily detectable).

It’s unsurprising, therefore, that law enforcement often tends to be quite enthusiastic about public beneficial ownership registers. The head of the Global Financial Action Task Force said in May 2016: “If governments, law enforcement agencies, regulators and businesses can get this right then there is real value in initiatives like public registries [of beneficial ownership].” [EDIT 30/07: though as Maya Forstater points out, he also rightly criticises unverified or incomplete information in registries, public or not]

Equally striking is the alacrity with which tax authorities and law enforcement agencies have sought to exploit leaked and hacked information about company or asset ownership. Several European authorities famously purchased lists of Swiss bank account ownership information back in the 2000s. Germany and Denmark have since purchased tranches of the Panama Papers documents which are, in part, effectively a trove of company beneficial ownership data.

There are, of course, questions here about due process, privacy rights, safeguards to law enforcement overreach. But these practices clearly asuggest that law enforcement agencies think it’s worth paying millions of Euros for this kind of leaked, stolen or hacked data. It seems hard to believe they would consider it a worthwhile investment if, as former Cayman Islands’ lobbyist Lord Blencathra confidently claims, jurisdictions like the Cayman Islands and the BVI have in fact “been providing that information without any objection whatever for the last 10 years and has now implemented a system to give that information to legitimate authorities within 24 hours, seven days a week”.

Which brings us to the Panama Papers themselves. I’ve recently been researching a set of North Korean sanctions evasion cases. One involves a North Korean bank, Korea Kwangson Banking Corporation (KKBC).  Both the U.S. and the UN have sanctioned KKBC, requiring all states to freeze its assets, and prohibiting dollar banking with the company, on the basis of allegations that KKBC was a conduit for financial transactions made by two other North Korean companies involved in procurement and sales of ballistic missile technology, as well as prohibited arms sales from North Korea to Myanmar and elsewhere. In August 2016 the U.S. Department of Justice submitted a criminal complaint in a New Jersey court against a separate Chinese trading company, Dandong Hongxiang Industrial Development Co Ltd (DHID), followed the next month by a civil forfeiture claim for financial assets held in bank accounts for DHID and five associated shell companies. complaints and claims allege that DHID established a network of front companies to facilitate commodity trading for KKBC. All in all, the FBI identified 22 front companies it claims the majority shareholder of DHID set up for dollar transactions on behalf of the sanctioned KKBC. Two were registered in the UK, four in the BVI and one in Anguilla.

The UK companies were relatively transparent, with shares held directly by Xiaohong Ma, the owner of DHID. The nominal ownership of the companies in other jurisdictions were more distant from DHID’s owners, according to the criminal complaint, with shares and directorships held by relatives of Xiaohong, or by more junior staff of DHID. Significantly, the U.S. claims that the company service provider who set up the BVI and Anguillan companies for DHID’s representative appears to have been aware that the companies were to be connected to North Korea and might fall foul of U.S. sanctions: the forfeiture claim refers to a 2011 email from this company service provider to the Chinese individual applying to set up the companies, stating that due to international sanctions banks will not open bank accounts for companies with North Korean shareholders or CEOs, and urging the Chinese applicant to “plan well” before setting up the companies. (It is these same company service providers, of course, that the Cayman Islands’ and BVI’s new beneficial ownership ‘search platforms’ will rely upon for maintaining accurate BO information for law enforcement).

So how did the FBI discover the ownership of the shell companies? The connection between the sanctioned KKBC and DHID appears to have come from KKBC bank statements supplied either by defectors or by DHID staff. The information about the ownership of the front companies in Anguilla and BVI, by contrast, appears to have come from emails and documents exchanged between DHID and the company service provider who set up the front companies: a “Panama-based law firm”. The registered addresses of the Anguillan, BVI and Seychelles companies confirm that this Panama-based law firm was Mossack Fonseca, and thus identify the ‘Panama Papers’ leak as the likely source of at least some of the information to U.S. investigators – though the case hasn’t formed part of journalists’ ‘Panama Papers’ coverage. Sure enough, all 22 of the front companies named in the complaint appear in the online database of Panama Papers companies that the ICIJ has produced. This might also explain the timing of the U.S. forfeiture order: some seven years after DHID began its allegedly illicit transactions, but just a year after the Panama Papers leak.

It also raises the question of how the FBI got hold of these underlying documents and emails, which the International Consortium of Investigative Journalists (ICIJ) who obtained the Panama Papers has never published.

In April 2016, when the ICIJ and its affiliates published the first Panama Papers news stories, U.S. law enforcement sources told journalists that their agencies were “chomping at the bit” to access the underlying documents, but were waiting for guidance about how the documents were obtained, and thus whether they could be used in court. In a May 2016 public statement the anonymous source of the documents, ‘John Doe’, said that they “would be willing to cooperate with law enforcement to the extent that I am able”, though insisted that “[u]ntil governments codify legal protections for whistleblowers into law, enforcement agencies will simply have to depend on their own resources or on-going global media coverage for documents”. Denmark and Germany subsequently announced that they had bought smaller tranches of the data from anonymous sources, but the U.S. (unsurprisingly) made no such announcement.

The ICIJ, for its part, told me they hadn’t provided Panama Papers documents to any law enforcement or government agency. Either the FBI went directly to the ICIJ’s leaker and didn’t announce it, therefore, or they had some other way to access Mossack Fonseca’s files. Either way, it’s fairly clear they didn’t think the “front door” of law enforcement cooperation from the British Overseas Territories was sufficient.


Postscript: The company reports and annual accounts filed at the UK’s company registry, Companies House, are usually glum electronic documents filled simply with tables of figures. By contrast it’s a weird pleasure to read the Companies House files of North Korean companies with UK branches. Like this one: a North Korean insurance company whose assets the UK froze last year after U.S. and EU claims that it provided illicit foreign exchange for the regime. Buck up, British firms – where are your inspirational quotes? Pigeons, Fly higher up in the sky!

KFIC accounts

Top Image: Kim Il Sung Square, DPRK, by (stephan), CC BY-SA 2.0

Leave a Comment

Your email address will not be published.