When danger signals flash
ANUMBER of high-profile companies and individuals have been mentioned in the e-mails that form part of the Gupta leaks. While the full effect of the leaks has yet to be determined, it is possible to provide general comments and observations about their potential effect on those mentioned, based on global and local anti-money-laundering, and antibribery and corruption legislation.
Generally, global anti-money-laundering laws require certain companies to conduct know your customer checks on prospective and current clients. Similarly, anti-bribery and corruption laws require companies to conduct due diligence on third parties.
The underlying principle is simple: companies should take appropriate steps to ensure they do not do business with terrorists, criminals and unethical business partners.
The know your customer and due diligence processes are generally required to be proportionate to the risk posed by the third party.
This raises the question: how can a company determine the risk?
Various systems, guidelines and legal rules have developed in both the anti-money-laundering, and anti-bribery and corruption fields to help companies determine risk.
At the most basic level, companies are expected to use the information available to them to make a judgment call about how extensive the know your customer and due diligence process should be.
The information may include that provided directly by the third party, as well as publicly available information.
Compliance practitioners generally have access to global regulatory databases that collate a wide range of publicly available information about companies and individuals. This information includes: ý Whether the company or individual is listed on any global sanctions list, regulatory enforcement list or law enforcement list (including sanctions lists);
ý Whether the company or individual is considered to be politically exposed; and
ý Whether there have been media reports implicating the company or individual in misconduct.
When asked to conduct know your customer or due diligence for our clients, we generally start by considering the results of searches on these databases.
The Panama Papers are a good example of the types of hits that may arise during such a search. If the results indicate the target company or individual is mentioned in the Panama Papers, it is incumbent on us to find out why and what effect this may have on the potential risk of doing business with the target.
For example, if the Panama Papers contain extensive prima facie evidence that a high-profile British individual has engaged in extensive tax evasion using multiple offshore jurisdictions to host investments, an investment firm considering doing business with the individual would need to gain comfort that any funds it receives are not the proceeds of unlawful tax evasion.
If the individual cannot clearly prove this, we would probably advise the firm to avoid doing business with the individual.
An analogy can be drawn between the Panama Papers and the Gupta leaks.
Being mentioned in the e-mails that form part of the Gupta leaks may, depending on the circumstances, have a similar effect as being mentioned in the Panama Papers.
The negative media articles flowing from the Gupta leaks are likely to be added to the databases used by compliance practitioners like ourselves. Even the leaks may be added in due course. These are global databases used by banks, businesses, lawyers, accountants and others.
The implications of this can be serious for those mentioned in the leaks and the plethora of negative media articles.
The following hypothetical example illustrates the potential practical implications:
Company A is mentioned in several e-mails in the Gupta leaks.
Based on the analysis of a journalist, the company is alleged to have engaged in “fronting” (pretending to comply with black economic empowerment legislation but really engaging in window- dressing).
The company is alleged to have used its political connectedness to win a tender.
Subsequent to the negative media coverage, Company A approaches Bank Y to open a deposit account.
Bank Y initiates its usual know your customer process, through which it identifies the negative articles.
Given the first-level negative information, the bank needs to enhance the level of know your customer, including getting further information about the allegations and gaining comfort that the funds to be deposited are not the proceeds of any unlawful conduct.
The bank would ask Company A for an extensive range of further information.
If Company A refuses to provide the information, or provides insufficient comfort, the bank is likely to refuse the application.
While the applicable laws do not require companies to play judge and jury in respect of the implicated parties, serious allegations by potentially credible sources cannot be ignored or remain unanswered.
This example highlights the importance of prudent reputational management for companies and individuals implicated in the Gupta leaks, and similar negative media.
Implicated parties should respond to serious allegations appropriately.
It is particularly important for companies that purport to be ethical to respond in a way that evidences this commitment.
Readers may question the real influence that a small number of negative media reports can have on a company.
Lessons can be drawn from the recent enforcement action against a multinational company by the UK’s Serious Fraud Office.
The investigation started when internet postings raised questions about the conduct of the company in China and Indonesia.
This triggered a wider investigation that took five years; involved seven countries, 229 internal interviews and more than 30 million documents; cost about £136-million (R2.2-billion); and resulted in fines of $800-million (R10.3-billion) being paid to regulators. In South Africa, the recently passed Financial Intelligence Centre Amendment (Fica) Act will further entrench the importance of reputational management.
These changes signal a distinct move towards a risk-based approach when conducting know your customer research.
Part of this will entail banks and other institutions spending more time scrutinising high-risk customers.
Companies should take appropriate steps to ensure they do not do business with terrorists, criminals and unethical business partners