Skip to main content
Why the Panama Papers Leak Was Good for KYC

For many banks, KYC — Know Your Customer — means asking them how they intend to use a product, where the funds are coming from for their new account, etc. At the same time, the bank will check the customer against sanction lists, PEP (politically exposed persons) lists, and so forth.

It’s not enough.

Some hard evidence that it’s not enough came in 2016, when the so-called Panama Papers leak revealed that thousands of people worldwide owned a shell company in one of the countries covered. This was, needless to say, not something those individuals had disclosed to their banks.

Should banks care? Absolutely. Under the KYC requirements that are part of current regulations, such as the 4th EU Money Laundering Directive and the fifth pillar of the BSA, the bank needs to know the business of their customers. If a customer owns an offshore company, it’s quite possibly so that they can avoid taxes — or, even worse, so they can hide the flow of money, potentially illegal money.

While there are some legitimate reasons for offshore companies, an offshore company by its very nature poses a risk that needs to be investigated. But you can’t investigate something you don’t know about.

Banks that don’t know about their customers’ offshore companies face not only non-compliance, but reputational risk. No one wants to read that their bank is supporting tax avoidance or money laundering by the use of a shell company in an offshore.

How do you check?

Immediately after the leak went public, banks began a hectic operation to find and fix. I know banks that hired teams of expensive external consultants to manually check if any of millions of customers owned a company in Panama.

A manual check has multiple disadvantages:

  • It’s costly and slow.
  • It might not stand up to an audit — who can reproduce what has been checked?
  • Worst of all, it’s a one-time approach. It will need to be repeated regularly, and intensively whenever further leaks are published.

We have a better way. We built an interface between the FICO® TONBELLER® Siron®KYC solution and the ICIJ Offshore Leaks Database. Not only is this database constantly updated, it’s exhaustive:

  • The data covers nearly 40 years.
  • It links to people and companies in more than 200 countries and territories.
  • It reveals more than 370,000 names of people and companies behind secret offshore structures.

Here’s how this works in the KYC process. During onboarding we automatically check if the potential client owns a company in an offshore country. If yes, we would raise a red flag and allow the financial institution to decide if they want to accept the customer. If accepted, the customer would be put in the high-risk segment, with enhanced due diligence. The customer would be monitored against very strict scenarios and thresholds.


If a customer doesn’t own an offshore company when they are onboarded but opens one later, our solution’s continuous customer screening against the ICIJ Offshore Leaks Database will automatically detect it and handle the case, following the risk appetite of the financial institution.

People are sneaky — sometimes a customer will open an offshore company and spell their name slightly differently to avoid the high-risk classification. We have an algorithm to catch that.

The Panama Papers and Bahamas Leaks are only the first step. Regulators will be demanding increased transparency into each customer’s business soon. That’s why we set up a future-proof integration — so that our clients can protect their reputations with an audit-secure, low-friction, scalable process.

The Panama Papers leak has strengthened KYC. We made finding out easy.

related posts