The Tribune

By NEIL HARTNELL

Tribune Business Editor

nhartnell@tribunemedia.net

The Attorney General has urged all Bahamian financial services firms to assess IT security following the Pandora Papers’ disclosures since such leaks can “deal a devastating blow” to the sector.

Ryan Pinder, speaking to the Bahamas Association of Compliance Officers (BACO) on Money Laundering Reporting Officers’ Day, said the Government “immediately” moved to ensure there had been no leaks from this nation’s own beneficial ownership information repository once the revelations were published.

“Immediately upon the release of the Pandora Papers, BDO Consultants, the provider responsible for hosting our Beneficial Ownership Secure Search system (BOSSs), was contacted to give us a report on the system’s security and to identify any breaches if any occurred,” Mr Pinder said.

“We were notified and given a comprehensive report that reflected no breaches occurred. The system’s audit revealed a solid infrastructure protecting the beneficial ownership information uploaded to BOSSs.”

The so-called “Pandora Papers” were based on the leak of confidential information, including client beneficial ownership details, from 14 international financial services providers who are headquartered outside this nation. The Bahamas has to-date received just a few mentions, with the spotlight largely focusing on rivals such as the British Virgin Islands as well as US states.

Still, Mr Pinder warned the Bahamian financial services industry could suffer significant harm, especially reputational damage, if the information collated on BOSSs or an an individual provider’s client details were leaked in similar fashion.

“We can least afford to have any financial service provider’s IT system being breached and information stolen,” the Attorney General said. “We were fortunate that none of your institutions were targeted. We wish to stress here that now is the time to perform those security IT audits and attend to any weakness identified.

“This is one of those decisive measures that need to be taken by all stakeholders to ensure that no breach appears in the gates. Breaches like that of the Pandora Papers can deal a devastating blow to financial centres such as ours. One of our defenses against such reputation risk is strong IT security, and the next needed defense is that of strong, effective compliance programmes.”

The International Consortium of Investigative Journalists (ICIJ), the group behind the Pandora Papers, was previously able to obtain details on all corporate entities domiciled in this nation via the Companies Registry. However, apart from revealing the names of Board directors and shareholders, it obtained little else and most of the information held minimal value.

Elsewhere, Mr Pinder said The Bahamas was soon hoping to “receive some feedback” from the European Union’s (EU) director-general for financial stability on its efforts to be removed from the 27-nation bloc’s anti-money laundering ‘blacklist’.

He added that The Bahamas had been in “fight for our lives mode” over the past five to six years due to the number of ‘grey listings’ or ‘blacklistings’ targeted at the financial services industry. However, this nation has been delisted from both the EU’s non-cooperative countries on tax matters and the Financial Action Task Force’s (FATF) anti-money laundering ‘grey list’.

“We do believe that we have also been able to submit a good case for the country to be de-listed from the EU anti-money laundering blacklist and are currently awaiting further communication from the office of the EU director-general for financial stability regarding same,” Mr Pinder said.

“We are quite aware that all efforts ought to be concentrated on such de-listing due to the negative impact it has had on financial services and the wider economy in transacting business with Europe.”

He acknowledged that implementing the legal and regulatory reforms necessary to escape these lists, “and undergirding them with the appropriate sustaining infrastructure and manpower”, had been challenging due to the enormous costs imposed by Hurricane Dorian and COVID-19.

Calling on Bahamian financial institutions to stop working in “silos”, Mr Pinder added: “Risk and compliance units (if not combined) should work together and focus on ensuring that a comprehensive enterprise-wide risk assessment is carried out.

“If one has been done, and is more than two to three years-old, a refresher should be undertaken to ensure any emerging risks are captured.” He said compliance officers, as the industry’s “gatekeepers”, will have to adapt to the new products and services being offered - especially digital assets - to help keep any unscrupulous actors at bay.

“Certainly ensuring compliance with international best practices does demand decisive measures, but I also want to emphasise survival in this era of what seems to be constant change also requires decisive measures in product development, new offerings and active promotions in order to effectively differentiate ourselves and ensure a growing industry,” Mr Pinder added.

“I don’t want you to forget that as we advance ourselves as an industry and as a country. Innovation is still the tool of success and growth.”