On October 3, the International Consortium of Investigative Journalists (ICIJ) released the Pandora Papers, a comprehensive exposé of financial secrecy. The Papers were a trove of 11.9 million leaked documents that exposed shell accounts of over 100 world leaders, billionaires and celebrities.

While the news is still recent, the backlash to injustice is already starting. In Chile for example, President Sebastián Piñera has been impeached due to his connection to a shell company that profited from a government decision. Over 300 politicians from 90 countries were mentioned and investigations have begun.

For financial institutions dealing with these people or related accounts, the scrutiny will become intense. A previous ICIJ release, the Panama Papers, resulted in $554.5 million in penalties and unpaid taxes. The publicity also contributed to the strengthening of laws and regulations for collecting and examining beneficial ownership information.

While it might take years to sort out the full consequences, AML/KYC compliance departments worldwide will undoubtedly have more questions to consider as they try to keep illicit or tainted funds out of the financial system. In the video above, Garient Evans, Trulioo SVP of Identity Solutions, talks with Darryl Cumming, Senior Product Lead at Agreement Express, about some of the implications of the Pandora Papers. The following is a partial transcript and is edited for clarity and conciseness.

Why should business people, even non-banks, care about the Pandora Papers?

Any business person who’s providing money or payment processing services, or any financial services to somebody who might have been named in the Pandora Papers leak is potentially exposed to all kinds of different fines.

For example, in the United States, we’ve seen one-off fines for up to $90,000 ranging anywhere up to nearly 10 billion dollars, if it’s an ongoing institutionalized pattern. Somebody is providing services to somebody who may be responsible or involved in money laundering or other illicit activities.

Take a look at how regulators are starting to get a little bit tougher in response to some of these leaks and money laundering information coming out. That’s an example of some of the new tougher approaches that we’re starting to see.

Regulators are responding to things like the Pandora Papers. Take the Sixth Anti-Money Laundering Directive (6AMLD) as an example of how they’re getting tougher. The name implies that five other ones preceded it, so this directive has come from the European Union in response to money laundering, terrorist funding, and dealing with individuals on the sanctions list — those are lists for folks involved in criminal activity. This 6AMLD is upping the consequences for doing business with individuals who are sanctioned.

The primary difference is that fines were the way these regulations were enforced in the past, and under very particular circumstances, there could be a criminal prosecution. This 6AMLD has increased the culpability of individuals and institutions that do business with folks who are sanctioned. It includes this idea that even if an institution and its officers unknowingly do business with folks associated with criminal activity or money laundering, they could be criminally prosecuted.

So just because by accident, an institution has done business with somebody who is laundering money, the officers in that institution could go to jail.

The fines are not enough for regulators. They are saying that there needs to be accountability for this. For those of you not in the European Union, the regulators in the E.U. are typically the trailblazers. We can expect these types of consequences to roll out to other countries.

Do 6AMLD and these regulations affect payments?

Yeah, 100% it does. Even if you’re not aware of this and provide services to somebody who’s potentially laundering money, you can be in all kinds of trouble.

Regardless of which jurisdiction you’re in, whether in the U.S., the E.U. or any other region, it’s really important that you’re not acting reactionary to the new legislation coming out. It would be best if you had a solution in place today that’s keeping you ahead of the game and is keeping you out of trouble.

Proactive questions to fight against money launderers

What solutions are there to help prevent working with money launderers and criminals in general?

[Garient] There are great solutions and I think a small institution can build out processes and procedures to be compliant and for that to be manual. But you know the hopes and dreams of any company is to scale, to get big and that’s where third-party solutions come into play.

It’s completely legal in the majority of countries around the world to obscure the ultimate beneficial owner. It’s perfectly legal to make that obscure and, in particular, the Pandora Papers points out a state like South Dakota, that operates just like you might expect the Cayman Islands, where discovery whose associated with one of these companies, including the beneficial owners, is challenging.

There are limitations to do business verification, but Trulioo has spent years building one of the best automated business verification solutions available anywhere. It has global coverage, including the 40 or so countries that require business entities to register their beneficial owners where they make that information available.

Then there’s the rest of the countries, another 150, where it’s complicated to get that information, so we’re working away at that. In conjunction with building solutions, we think the regulators are going to step in, that they’re going to respond to these scandals and they’re going to require beneficial owners to be registered and make that available to solutions like the ones that we provide.

[Darryl] It’s about having the best-in-class vendors to help mitigate your risk and automate as much of this process as possible. Doing things like OFAC Anti-Money Laundering, Anti-Money Laundering politically exposed personnel automating, all of these processes as much as possible is the first step.

You mustn’t be thinking of this as a one-and-done. You must have a solution that can pivot and adapt as quickly as possible and change your risk model in as near real-time as possible.

[Garient] Business verification is a critical part of remaining compliant. Once you know the officers or the beneficial owners associated with these businesses, additional identity verification is often required.

Whether it’s doing a KYC check, looking at that individual’s personal information, or doing a document check, companies need to be rest assured that they’re going to be compliant and not see some of the consequences that we’ve talked about around 6AMLD.

What can we expect next in terms of the Pandora Papers?

[Garient] The Panama Papers that occurred five years ago set a precedent for what we’re seeing now. In terms of some of these offshore accounts, it was a smaller scale data leak, but it led to some legislation and led to some of the regulation that is already in place today.

With the most recent scandal, we think that there will be outrage and legislators and regulators will respond with new consequences. That’s why you need technology that is responsive to those regulations and keep up to speed with; when a scandal occurs and legislation changes the technology is going to have to adapt and change too.

I predict more scandals and more insight into how these funds are being routed around the world and these attempts to clean them and criminal activity.

[Darryl] In terms of the different penalties, we’re starting to see the E.U. get quite extreme. There’s no excuse for saying I didn’t know. As soon as you’re providing services to somebody on one of these lists, you’re in trouble, whether you knew they were there or not.

I also think it’s really just becoming impossible to manually stay ahead of the curve here. I mean, you need automated solutions from best-in-class vendors to be able to ensure that you’re staying ahead of any potential violations, penalties, fines or even jail time.

I do also recommend using things like the electronic transaction association guidelines as a starting point, ensuring you have a robust underwriting and risk policy in place and that you’re constantly reviewing that policy ideally.

If you are automating your underwriting and risk analysis, you need to pivot as quickly as possible. There will always be new leaks and penalties. There will always be new best practices and new services available to ensure that your organization is not going to get caught in the track of providing services to somebody who’s potentially going to get you in trouble.

As a growing company, as you think about scaling, the excitement of a growing business should also be paired with the types of controls that will keep your company out of trouble.

Due diligence on business customers

Understanding who you are doing business with, and the risk they pose, is a fundamental compliance requirement. We thank Darryl for his time and insight into this crucial topic. As cross-border business and digital channels expand, the need for more clarity and information around business verification is only growing more significant.