As strange as it may seem, a confluence of developments in the banking industry means the Panama Papers revelations looks likely make it a lot more difficult for offshore money, as tax evasions and tax secrecy are often politely called, to stay hidden. This would serve as a marked contrast to the last international-headlines-gripping leaks, the Snowden revelations. Even though Snowden gave a big window into the reach of the surveillance state, not all that much has changed, save the Chinese making more active efforts to avoid cloud computing and US technology vendors, and the Europeans bashing US concerns over violations of their privacy laws.
By contrast, the massive Mossack Fonseca records haul feeds into trends in banking that mean that a lot of these funds are going to find it hard remain secret. We’ll summarize them below.
Tax base expansion initiatives. The US and European Union have been working on a program to expand the base of income that is subject to tax. Budget-starved European member states have been moving the plan forward ahead of schedule. This is one of the few positive developments to come of of governments failing to understand the implications of having a fiat currency (you can and typically need to run deficits, since the private sector sets unduly high return targets and chronically underinvests; the constraint on deficit spending is creating too much inflation).
Increasingly tough “know your customer” rules. The US going aggressively after foreign banks that have falsified records as a part of money-laundering has led to increased compliance. Even Standard Chartered, which thought the US had no business telling it not to do business with Iran, was brought to heel and its CEO forced to resign for his continued intransigence.
Now the US can throw its weight around only as far as dollar-based transactions are concerned, since those ultimately clear through US facilities. But the UK has also adopted stringent “know your customer” rules. It now takes weeks to open a new account that is not a personal account, say for your rugby club.
As John Dizard in the Financial Times reports:
There is a new urgency in the tone of the lawyers and advisers for offshore asset holders. The essential message is that you are the Shah of Iran, this is 1979, and you and your money will find yourselves hopscotching from one unwelcoming landing place to another…
If you or your clients think this is about tax cheats or the merely middle rich, they should think again…
As this column and others have noted, by next year Switzerland, along with Luxembourg, the Channel Islands and other European offshore investment management centres, will start exchanging tax information with their counterparts.
There are a very large number of beneficiaries, ie globalised rich people, who have until the end of this year to get their money safely onshore. The one Western country that does not have a deadline for complying with the Common Reporting Standard is the US.
Almost everyone who has non-criminally sourced capital would like to have at least some of it accessible within the dollar-based clearing system. But the clerical and legal checklists to set up accounts for legitimate money have become so long that it will take months to accomplish this even for those willing to pay the transaction costs.
And before you think the US banks are therefore the answer….US banks are shunning money from the rich these days.. Dizard again:
The largest US banks do not really want to take more deposits, or even do the cursory know-your-customer due diligence work to open new special purpose accounts for old customers. Americans I know with legitimately acquired nine- or ten-figure investment portfolios now have to scrounge around to open accounts in midsize US banks.
Those rich Americans do not have the logistical or legal problems that Panama Papers-related flight capital will have in “onshoring” their money.
Moreover, US legislators are calling for the US tax havens like Delaware corporations and Wyoming limited liability companies, to report on who their ultimate beneficiaries are. Given the tone of his Guardian op-ed, Carl Levin sound like he is warming up for hearings:
Global revulsion against shell company abuses, offshore tax havens, and the lawyers that promote them has generated new public pressure to tackle these problems. Here are three steps to consider.
Outlaw corporations with hidden owners
….G20 world leaders have made a start with a joint commitment to increase corporate transparency. The United Kingdom is leading the way, mandating public disclosure of the true owners – the “beneficial owners” – of UK companies. The European Union has followed…
The United States is far behind. We now require more information to get a library card than to form a US corporation. ….The biggest impediment is opposition from the secretaries of state of our 50 states, who financially benefit from forming new corporations and don’t want to ask questions that might jeopardize their revenue. Our states need to wake up to the damage they are doing and stop forming corporations with hidden owners.
Get tough on offshore tax abuse
Tax authorities should use existing tax information exchange agreements, including the US-Panama agreement, to go after tax cheats and determine whether Mossack Fonseca facilitated illegal conduct.
Offshore tax abuse goes beyond individuals. Some multinational corporations use tax havens to arrange secret tax deals or declare earnings offshore. The international community is finally demanding that large multinationals file reports disclosing the profits they make and the taxes they pay on a country-by-country basis. The United States has proposed regulations requiring those reports; the next step is to finalize them. A bigger issue: making those reports public.
Get tough on lawyers promoting misconduct
….Lawyers should be subject to the “know your client” requirements of anti-money laundering laws. In addition, banks should scrutinize suspicious accounts of law firms and require them to certify that they will not use those accounts to help clients circumvent the bank’s own anti-money laundering controls.
Note that Levin doesn’t seem to have a good answer about what to do about states that find it attractive to act as secrecy jurisdictions, but in the past, the Feds have used cutting off various Federal funds as a stick to force cooperation, Moreover, if Congress were to pass laws with “know your client” requirements with criminal sanctions and tough fines, that in and of itself would choke off a lot of domestic activity.
Information technology risk. Mossack Fonseca exposed in a very dramatic way that secrecy isn’t just a function of the design of legal arrangements and the choice of jurisdiction and bank, but also of the integrity of the registered agent’s IT security. There’s no way to do due diligence on that. Those with offshore accounts must already be nervous that they could be exposed by a similar hack. Dizard’s fallback remedy for the rich who want to keep their money hidden, “…you and your money will find yourselves hopscotching from one unwelcoming landing place to another,” might work for the relatively small and fleet of foot to stay ahead of the taxman and the bank transparency moves, but it won’t reduce IT risk.
Dizard’s article, despite being informative, weirdly rails against crackdown on large-scale international capital transactions” as populist and ill-informed, due to limiting the mobility of international capital. Someone needs to clue him on the research by Ken Rogoff and Carmen Reihart, who are hardly of the pinko persuasion, who found that high levels of international capital movements are powerfully correlated with more severe and frequent financial crises. Dizard also tries to depict reducing capital movements as being Smoot-Hawley revisited. First, the notion that Smoot-Hawley caused the Depression had been well debunked. Second and more important, international capital flows these days are at such high levels (over 60 times trade flows) that the Bank of International Settlement has said that large international transactions are not about facilitating trade, and that excessive financial “elasticity” was the cause of the crisis.
He also depicts banks as winding up being beneficiaries, which contradicts his message that they regard onshored money as more hassle (which means cost) that its worth:
This will, within the next two years or so, lead to a one-time transfer from the global rich to the staff and owners of US financial institutions. But that will be followed by a long drought for new business, as the global wealth that did not move quickly enough gets slotted into endless holding patterns in the mid-Atlantic or mid-Pacific.
It’s hard to see what good it will do someone to have money moving around the few finessable locations and banks that remain. Pray tell, how does it spent? Money you can’t readily touch, or get into a jurisdiction where you’d like to spend it, does not seem terribly useful.
And the big point that Dizard misses is that onshoring these funds will make the future investment income on them subject to tax. Hidden untaxed wealth has contributed to rising inequality; Gabriel Zucman of UC Berkeley has estimated that 6% to 8% of global wealth is offshore, and most of that not reported to tax authorities. So the more the rich are discomfited by their overly-clever machinations, the better.
Well, if you live in a state where you can name an LLC for your nominee trust, it doesn’t get any better. File the off shore LLC in Nevada where they don’t ask any questions, and use it for your real estate vehicle to launder your monies. Any question to why high end real estate is on fire? The opaqueness in some states is intentional, as it took me about 10 minutes of random searching of properties (over $2 million) to find the off shore LLC owner, with people and entities that did not exists in the SoS filings. The activity index for RE sales over $750K is almost equal to the index under $400K and below combined. If you add the $500K and above sales, it crushes the entire index below $500K.
Owning an entity does not open a bank account…a party almost always has to be vetted for a new enterprise…wired in funds for the benefit of an entity helps break the corporate veil…govt officials rambling to the public that this corporate charade is just “impossible” to deal with or stop are just laughing at the public (or need to hand back their law license to the bar)…money can Always be traced…a real estate closing will have closing instructions and in those instructions will be to whom to send back the funds and to what name if the transaction is not concluded….since title companies are state regulated enterprises….and there are basically only four major title insurance umbrella companies….this myth that a state title insurance investigator could not walk in and obtain the beneficiary of the source of funds is one big second city improv skit
All they have to do is have real estate fall under FinCen Suspicious Activity Reporting (SAR) requirements, but the NAR is simply too powerful and well funded with a more than accepting sold out CONgress,
Not defensing nar but state title insurance investigators have the absolute right to walk in unannounced and spot audit files…a new corp will not have all these closing funds in hand and for a proper corp veil to stand and hold, the funds had to be in a bank account in the name of corp…might I suggest that the funds do not arrive from a source matching the corporate name…thus revealing the actual party in interest….
After this amazing seminar from Yves MERS is making much more sense… and as always Utah stands squarely behind the banks by ruling in appeals court that you can make a ham sandwich your agent.
Another piece of the problem is the difficulty of “piercing the corporate veil” in so many legal domains (almost said “states and nations,” but those are mostly convenient fictions themselves). There’s been a long tail of effort by the Few and the Corrupt and the Criminal to make it very difficult, ever increasingly difficult, to hang liability for what little remains of proscriptions and penalties for vicious and renter-driven personal (from “behind the veil”) actions that offend what are supposed to be police-powers (health, safety, welfare, nuisance and environmental destruction, etc.), hang it where it belongs, with penalties that actually matter to the sociopath, if behaviors are going to change — around the necks of the individual rotten humans that plot and plan and operate all the stuff that is killing ordinary people and the planet. Corporate “beneficial owners” get to hide behind the screen of opacity and deflection that comes from the perversion of the notion that “business” needs require immunity of individuals from the consequences of “corporate” behavior. “Piercing the veil” requires meeting an extreme burden of proof that the corporation is a fraudulent shell, or merely an alter ego of the individual officer/owner. And if course the Wealthy and their advisers and facilitators and wholly owned political actors are still in the game, with huge resources even if currently under some increasing and likely temporary constraints, and they will be doing their damndest to preserve existing moats and walls and veils and find new ways to pervert the legitimacy-granting functions of law-making to protect their pleasure palaces and “specialness.”
Eat the Rich, reads the old bumper sticker from Hippier days… With a plate of fava beans, and a nice sauce of Retribution and a side of Restitution…
I have seen one case in particular, where the CEO made one set of sworn statements to the SEC in the 10k, and said the exact opposite in Federal court in the same month. Neither legal team picked up on this or mentioned it, and neither did the judge. It was incredibly aggravating to watch. In this case he rode the company into the ground while pumping and dumping like mad, and got away with it. The lawsuit was simply another vehicle to pump the stock, it didn’t matter if it even had any merit — which it didn’t. Years later, the company imploded ithe only a few employees left, the execs walked away with millions, etc. and they made a lot of enemies along the way.
Hopefully greater regulation and international cooperation will surface the tax evaders and capture their previously unpaid taxes. But it will also drive many of them deeper into organized crime-style hiding schemes. For example, using squeaky-clean nominees acting as beards: here’s how it works in many communities – one guy “owns” many rental properties for which there are long-term tenants, and the rent equals exactly the carrying cost of the property. The tenants happen to be businessmen and their families who run pretty close to the wind and whose assets are thereby continually at risk – effectively, they protect their houses from creditors by holding them in a trustworthy nominee name – the “legal owner” is a hidden agent for the actual owners. Totally undetectable. But enforcement of this type of contract is extra-legal – organized crime-style – and communal.
This type of setup is also a classic money-laundering vehicle – involving property flips between ostensibly unrelated parties but in reality coordinated. Hence distorted real estate markets as noted by Northeaster above. First $500,000 of profit on a principle residence sale is non taxable. I’d suggest the IRS focus on auditing house sales for which the principle residence exemption has been claimed, especially when people make close to the limit several times over (say) a ten-year period.
$250,000 exemption for each individual on title every 2 years.
Way back when dinosaurs roamed the Earth, and I was taking Income Tax in law school, I couldn’t shake the feeling that the whole point of the class was to assist people (corporations are people, my friend) to scam the government. While no one likes to pay taxes, these taxes provide services that people do, in fact like. It’s all I can do to resist slapping folks who complain about the condition of the roads, and then in the next breath, whine about their tax burden.
Anyway, cheating the government out of one’s fair share of the tax burden means 2 things:
1.) The remaining burden falls more heavily on those who DO pay; and
2.) Unpunished cheating encourages more people (and corporations) to cheat. “If they’re not paying, why should I pay?”
After that class, I couldn’t run fast enough away from tax law as it seemed to attract classmates I rather loathed. I couldn’t agree more that tax lawyers who encourage cheating should face disbarment and fines. Apologies to my tax law brethren who try to do the right thing. I know some fine CPAs and tax guys. It just wasn’t my calling.
I began my career as a CPA in the early ’70s in the SF Bay area and virtually all of the lawyers I came in contact with had the same thoughts about taxes as you did. One of my accounting professors used to go on about how it was incredible that an attorney could pass the bar and practice law without ever having taken one tax course. Particularly when you consider that there is very little that a lawyer does that does not in some way involve taxes. So for us CPAs this was just an opening for us to specialize in an area where lawyers had little or no interest. In those days I recall that when you actually needed a tax attorney he was usually – I won’t say loathsome – but kind of an odd sort. Recently I spoke to my ex-partner who took over our practice and the subject of tax attorneys came up. He reported to me that in the Bay Area tax attorneys are now billing $900 to $1,000 per hour. I guess you can call this supply side economics at work. As the number of mega zillionaires grows in the SF/Silicon Valley area, demand has apparently been created for a new category of super lawyer. The Free Market really can do some wonderful things when manipulated properly.
You have to have your brain turned inside out to understand tax well enough to be a tax lawyer. Most regular lawyers have some antipathy for tax lawyers (I’ve sensed this and confirmed it). The logic of tax is extremely arcane, non-intuitive, and pedantic. Plus it does not have commercial value added.
I couldn’t agree with you more!
Too bad the bar associations protect the scheming, lying cheats. Most bar associations have been infiltrated and are run by the bank lawyer scum.
this is thing…..nearly every establishment related profession seems, in my mind at least, to be corrupted by fraud and graft……be it Pharma, Financials, Medical, MIC, Education, Agriculture, Law & Judicature, Transportation & Energy, National social policy, Foreign & National & Security policy……..
….hence… all phony & all illegitimate !!!
I’m an American citizen living overseas. For me an “offshore account” is not an option, it’s a fact of life. Creating fair laws to control tax evasion are therefore of interest to me.
One example of the opposite of fair law is FATCA. This is quite a terrifying bit of poorly conceived legislation; intended to go after blatant tax evaders and sanction evaders, but instead creating penalties that can be life ruining for a middle class expat that makes an honest mistake in their reporting. The penalties on banks (and by extension foreign countries) that did not want to subject themselves to US law are also overly aggressive. So aggressive that many financial institutions refused to deal with any Americans, even for things as simple as a savings account. “Knowing your customer” became discrimination based on citizenship.
I’m just hoping that any changes to enforcement or regulation that come about from the PPs take this into account.
Regarding Standard Chartered, I’m not quite sure it’s absolutely clear cut that they were in the wrong:
They may have settled just to make the problem go away, and to maintain access to the US financial system. The US has a habit of imposing it’s laws on the rest of the world, or ignoring international law it doesn’t like. In my opinion, the sanctions on Iran were in many ways outright bullying, very much like with those on Cuba.
Buh? Standard Chartered defied the advice of its US outside counsel and falsified wire transfer documents in a systematic manner after having been previously sanctioned for handling the transfer of funds to Iran for its oil sales, and to Sudan and other prohibited jurisdictions. You clearly have not read Benjamin Lawsky’s order against the bank. Standard Chartered had a branch in New York to do dollar operations, and all dollar transactions ultimately clear (have to clear) through that branch. These were clear-cut violations of NY banking rules and Lawsky could have yanked Standard Chartered’s NY banking license, which would have been a cataclysmic event for the bank. And after Federal regulators initially acting offended that Lawsky had end run and embarrassed them, they stepped up and issued big fines against Standard Chartered of their own.
You also omit that Standard Chartered got yet another round of fines for failing to comply with the changes required! That led to the ouster of CEO Peter Sands, who had been defiant all along. From the New York Times in 2014, Caught Backsliding, Standard Chartered Is Fined $300 Million:
Please stop defending crooked bank behavior. Plus this is agnotology, which is against our house rules.
Hi Yves, thank you for your reply. After some further reading, and re-reading, I fully acknowledge that I am guilty of agnotology in regard to the consent orders against SC. It’s clear they didn’t follow through on what they pledged to do in regard to NY state law, and changed information in Iranian U-turn transactions only to make their lives easier. The consent orders however implied that business with Iran was absolutely not permitted – this is however not totally clear, as OFAC sent a letter on this point to NY in this regard. OFAC did end up agreeing with NY, and busted them for the way the transactions were changed, not for executing U-turns, along with some other more blatant sanctions evasions. I’m still not a fan of the sanctions on Iran and sanctions in general. They’re too often used purely as punishment for behavior the US doesn’t like instead of encouraging cooperation and open diplomacy.
Additionally, the case of Standard Chartered was primarily related to OFAC compliance violations, not to tax evasion and avoidance, as seems to be the case with Mossack Fonseca. While the issues are certainly related on a “know your customer” level, I would say there is a difference. One is primarily related to foreign policy enforcement, the other is related to domestic taxation. I think it’s good to keep them separated. However, given the culture that SC leadership encouraged I wouldn’t be surprised if they’re guilty of enabling tax evasion as well.
My main interest in commenting was trying to point out how US policy in regard to international financial transactions can sometimes be draconian and unfair, leading to even more undesired outcomes for all involved.
Thanks for this. The problem with the Panama Papers for those of us outside economics and finance is that we don’t understand the mechanisms and regulations that ease all of this movement of money. Even though I have stocks in my IRA, it isn’t as if the companies report their financial messes in the proxy statements. Au contraire, it’s all the glory of Jeffrey Immelt all the time.
“Finessable”: I kind-a like it. Your coinage?
You may want to check McClatchy’s website as they have some explanatory videos and terrific reporting.
I got started on all the tax haven skullduggery by reading Yves, so it’s wonderful to see this getting a far wider, fully documented exposition.
Also, Nicholas Shaxson’s Treasure Islands: Tax Havens and the Men Who Stole the World is one of the best books that I’ve ever read. His blog is here: http://treasureislands.org
Earlier this week, a friend said, “Is it a good day?” I said, “It’s an AWESOME day! All the sleaze is finally coming out into the sunlight.”
Yes, Treasure Islands is a terrific book. Highly readable but still covers many of the important technical issues.
Maybe traditional tax havens could become a thing of the past, but could hiding money become truly impossible? This is too West-centric, in lots of developing countries these mass surveillance laws are either nonexistent or practically unenforced. Here’s a tutorial on how to have your own secret account in Poland, my homeland where bank secrecy is nonexistent:
1. Start an offshore company with not available ownership data (there will always be one remote island that still allows this).
2. Find a lawyer in Poland who speaks English.
3. Ask him or her to incorporate a Polish LLC (called sp.z.o.o.) with your offshore company as a sole shareholder and the lawyer as a director (only one is required).
4. Ask the lawyer to open a bank account for your newly created sp.z.o.o. with him/her as only signatory.
5. The bank is theoretically required to collect beneficial ownership information, but there’s this nice little provision that in case this is too hard a “controlling person” is good enough. Guess what, a director qualifies as a controlling person.
6. Wire your money to the account. Banker’s draft is also an option, but it may require some explaining to both your lawyer and bank teller that yes, this piece of paper is actually money.
7. Your name does not appear in any available documentation. When inquired, the lawyer will hide behind attorney-client privilege. In case of any overzealous law enforcement agent, just ask your lawyer to give them some fuck-off money.
The only downside are taxes – 19% on any investment income. This scheme would probably work the same way in most post-Soviet states, Africa and Asia. I’ve already read a piece by Richard here on NC where an offshore law firm offered Polish bank accounts, and I’ve seen offshore providers on the internet peddling accounts in places like Armenia or Georgia. I start to suspect this whole mass surveillance thing is just a grand conspiracy by lizard people to move “hot money” from tax havens into developing countries.
The flaw in your logic is #4.
You seem to have utterly missed the point in the post that banks around the world, most of all dollar-suing banks (and people want at least some of their money in dollars) will NOT open new accounts for customers they do not “know” as in cannot verify who the ultimate owner are and whether the money is clean. In the US, big banks won’t take money (tens of millions!) from domestic customers with perfectly legit businesses.
I agree hiding money it won’t go away, but it is going to become more difficult and costly.
I haven’t missed the point, I just wanted to point out that “around the world” is a gross exaggeration – it is certainly true in the US, old EU, well-known tax havens and developed world in general, but it seems it simply doesn’t work that way in developing countries. Here in Poland, “know your customer” requirements are treated as just another set of bureaucratic forms to fill, and for a good reason – only instances where banks (and other FIs) are prosecuted for money laundering-related offenses happen when they directly cooperate with criminals. So why turn down free money, even if you have reason to suspect it was illegally earned? I can only guess that there are many more developing countries where it works the same way.
Dollar transactions may be different, I admit to having scant knowledge here. However, wouldn’t the next logical step for owners of “hot money”, especially US-related, be to migrate into other stable currencies?
Anyway, I don’t try to pointlessly bicker here and obviously your knowledge far surpasses mine, I just wanted to provide a different perspective.
‘It now takes weeks to open a new account that is not a personal account, say for your rugby club.’
… which is why workarounds, both old school (gold) and new (anonymous digital currencies), will be found to sidestep the politicization of government currencies, which now come bundled with odious surveillance that makes their use increasingly unattractive.
These are both property, not money, and not at all workable for anyone who needs them for transactions. Both are volatile and bitcoin with its blockchain makes its entire history of past holders accessible. That’s not a desirable feature for someone hiding from the taxman.
the constraint on deficit spending is creating too much inflation).
That is correct for fiat currency issuers. This is not any secret if you’ve been reading about how monetary operations work.
Good grief. What’s the world coming to? Are we now expected to visit our offshore paradise and suitcase money home? The gentlemen in Customs will be checking every flight from the Caymans.
“The one Western country that does not have a deadline for complying with the Common Reporting Standard is the US.“ – Ahh ha – is this part of the solution to falling inwards investment?
Regarding the IT aspects, the Panaman papers could reveal more productive than the Snowden leaks or the Apple vs FBI fight. All of a sudden, the rich and powerful come to realize than leaving back doors is not conducive of their confidentiality. This could produce interesting developments.
I think the key here is that the Panama papers was an unintentional leak, as opposed to a deliberate state action (e.g. court order). That means it happened all of a sudden, before the rich ‘n powerful could find or create new loopholes to escape to. This means lots of people were caught unawares, and the rest are scrambling against the clock as the leaks continue.
OTOH, state actions, like the U.S. and Switzerland finally negotiating access to Swiss bank account info, tend to take years and are widely publicized, which means there is plenty of time to move your money, and use your power to lobby for new loopholes before the old ones are closed.
That means we’ll get a one-time reveal of a bunch of tax evaders, but in the long-term, IMHO, I expect new tax havens will arise, new loopholes will be created, and in a few years, we’ll be back to where we were. After all, the economics of tax havens remains irresistible for small countries with otherwise minimal economies, and while Treasury may be increasingly desperate for revenue, politicians haven’t suddenly found a revulsion for their high dollar donors.
I’m noticing a couple things about this episode. The most important is how the neoliberal regime, as in foreign policy, has a playbook response to any perceived threat and adheres to it pretty rigidly. Which may be a clue as to how it could be brought down, but that’s another whole discussion.
First thing is that I saw how the Panama Papers coverage focused on relatives of Syria’s President. Flunkies of Wall Street like Poroshenko get mention, but there was a lazer like focus on the Assad family connections and connections to Russian oligarchs who support Putin. A lot of discussion on BBC about how the episode is a lesson in the importance of tightening sanctions against international ‘bad actors’.
Second thing I see is what we’re all talking about here, which is stricter US controls over banking transfers. It’s a joke and another distraction. Does anyone think that this will affect anything higher on the power food chain than small to medium business enterprises who will have to fill out a lot more paperwork and endure a lot more hassle moving their money legitimately? I can’t imagine it will affect the drug laundering of TBTF banks or tax ‘avoidance’ of major elite figures.
Sure, useful tools like Poroshenko can be easily jettisoned and thrown to the wolves (“See? The law affects persons high and low!”) . And David Cameron seems to have outlived his usefulness. (“You know the penalty for failure in this organization, Number Six…”)
Finally, I see how this turns into another tool for the US to assert universal jurisdiction over the entire world’s banking and financial systems. Wall Street appears to be asserting dominance over the rancid City of London as well. As the system becomes more moribund, the corruption becomes total. One more collapse and we’ll probably see the truth of Mao’s maxim that power grows from the barrel of a gun. In order to guard their wealth from an angry and restive population, our elites will call on their various private security companies to protect them, backed up by the ultimate power of the interlocking intelligence and commando apparat.
Yves, that’s not true. One good penetration tester could perform appropriate due diligence on any potential or current business partner from the perspective of such IT risk. In my estimation, Mossack Fonseca was grossly negligent. They could have kept their systems current, budgeted appropriately, and at least plugged the gaping holes. Their IT department was likely severely understaffed and complacent.
A penetration tester cannot predict with 100% accuracy whether or not any party will be targeted, but can most certainly offer a well-formulated risk assessment of any given organization based on their publicly available IT profile. One thing I have learned over the years is that poor oversight and sloppy practices in one realm of IT bleed over all across an organization. Expect these types of incidents to proliferate.
No professional will allow anyone to do that. And in most jurisdictions, you are subject to being arrested for trying to hack someone’s systems.
Plus since (per the above), penetration testing is a shady business, how do you as a layperson know that your “penetration tester” is any good, or just someone bullshitting you for money?