Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook
The Paypers, paypers, Insight in payments, News, Reports, Events
 advertisement
Case study

Addressing the shell company problem

Wednesday 12 June 2019 | 08:22 AM CET

Christian Chmiel, Web Shield: Acquirers and PSPs must not only comply with legislation and card scheme requirements, but also effectively manage risk and reputation

The Panama Papers confirmed what we always knew to be true: Offshore arrangements exist to allow people to do things they can’t do onshore. Whilst entirely legal, offshore structures, shell companies and virtual addresses can be used to conceal the identities of their ultimate beneficial owners.

There are legitimate reasons for the use of such structures for citizens in countries where corruption and the threat of persecution are high. However, opaque ownership structures can also be used for illegal purposes, including fraud, tax evasion, sanctions busting and money laundering.

The 2015 Panama Papers leak revealed that a law firm, Mossack Fonseca, acting on instructions from intermediaries, incorporated shell companies in offshore jurisdictions, and acted as a registered agent for more than 200,000 entities.

This enabled end-clients to hold property and bank accounts anonymously, which included politically exposed persons (PEPs), sanctioned individuals, businesspeople, organised crime syndicates and celebrities.

What’s the connection with card acquiring?

The requirement to do customer due diligence (CDD) applies to all types of business relationships, including merchant acquiring. Furthermore, mis-assessing risk in the first place means that subsequent monitoring could also be faulty, leading to increased exposure.

Under the 4th European Anti-Money Laundering Directive, firms cannot automatically apply simplified due diligence measures, even if this would have been enough in the past. They must first ascertain that the relationship presents a lower risk. High-risk customers, such as PEPs, require enhanced due diligence as standard.

Companies must identify the beneficial owners of legal entities and structures, namely those with an interest of 25% or more in private companies, in accordance with 4AMLD stipulations. They must also conduct CDD if there are doubts about the veracity or adequacy of previously obtained customer identification data.

Identification and verification of individuals are important. Yet the challenge for merchant underwriters is that sanctioned individuals or those with criminal intent are unlikely to conduct business in their own name. They hide behind various nominee directors, shell or shelf companies. Or sometimes they just hide in plain sight.

Hiding in plain sight

In 2016, the UK government was the first to establish a public register of the true owners of companies, known as the register of persons with significant control (PSC). However, the information contained on the register is self-reported and not checked.

Research by Global Witness on the UK register last year found five PSCs controlling over 6,000 companies, plus 4,000 beneficial owners under the age of two, including one that had yet to be born.

There may be rules against deliberately falsifying information on corporate registers. Yet if enforcement in many jurisdictions is weak or non-existent, it creates loopholes that unscrupulous operators exploit. This is where the verification of addresses becomes crucial.

How big is the problem for merchant acquirers?

Web Shield studied the addresses of almost 50,000 merchants requesting card acceptance across 170 countries. Conducted during the first half of 2018, the research showed that on average 6.34% of addresses provided were virtual.

Although ranked ninth by number of addresses, Cyprus had the highest proportion of virtual addressesat nearly a quarter (24%). Malta, Hong Kong and the Czech Republic also overtraded in their proportion of virtual addresses by total addresses checked (16-19%). The UK stood out for having the highest actual number of virtual addresses, with nearly 1,500 in the sample, making three-in-every-20 UK addresses checked virtual ones.

Establishing where prospective merchants are based is integral to CDD and complying with card association regulation that explicitly requires physical, not virtual addresses from merchants.

Where does the merchant do business and pay taxes? Where are the directors located? Where is the business registered, and is it the same place as where the merchant has an address for correspondence? Does the address even exist? Acquirers should use tools like Web Shield’s AddressReveal to screen their client’s addresses and answer these questions.

In summary

Sanctioned individuals or those with criminal intent are unlikely to conduct business in their own name. They are more likely to use corporate vehicles, which illustrates the importance of getting behind the address. Acquirers and PSPs must be aware of what they are taking on – not only to comply with legislation and card scheme requirements, but to effectively manage risk and reputation.

About Christian Chmiel

Christian A. Chmiel, CEO and founder, Web Shield is responsible for the development and implementation of investigation techniques to identify fraudulent or brand-damaging online merchants. He is also a lecturer at the Web Shield Academy and has published several books about fraud, investigations and accounting.

 

About Web Shield

Web Shield has been equipping the payments industry with tools to protect businesses from merchants involved in illegal or non-compliant activities since 2010. Our highly precise solutions enable acquirers, PSPs and other financial organisations to evaluate new merchants and monitor existing ones, thereby saving both time and money. Due diligence around addresses, corporate structures and the individuals behind them was central to the Panama Papers scandal and to the challenge facing merchant underwriters today. Attendees at Web Shield’s RiskConnect 2019 can hear directly from the two Pulitzer Prize-winning journalists, Bastian Obermayer and Frederik Obermaier, who broke the story.

 advertisement
 advertisement
 advertisement
 advertisement