We wish to reiterate that our firm was not the subject of a leak but of a serious criminal act. This was an illegal computer hack. Our systems were accessed by an intruder who deployed the tactics of a professional hacker and covered his/her tracks to the extent that a forensic investigation by a leading international Cyber & Threats team concluded that there was no definitive evidence that any data had left our systems. This was not the work of anybody who works at Appleby. Panorama stated they have nearly seven million of our documents. They also claimed to have sourced information from “publicly available documents”. The BBC website states that “the Paradise Papers contains 13.4 million documents”. It is plain that the source of documents is not confined to Appleby.
We have had lengthy correspondence with the International Consortium of Independent Journalists (ICIJ). Their claim that we “did not reply to their detailed questions” is false. We responded to their questions and we requested that they show us the documents they have in their possession which belong to us. Extracts of our response to the ICIJ, which they acknowledged on 26 October, are set out below. We take client confidentiality extremely seriously and we are disappointed that the media has chosen to use information which has emanated from material obtained illegally. This has very little to do with accurate and fair reporting, and everything to do with the pursuit of a political agenda. These journalists will not permit fairness and accuracy to get in the way of their political objectives.
We also wish to clarify that Appleby is a global organisation comprising ten offices which have equal prominence within the global business. We do not have a headquarters. It is not correct to state that Appleby has its headquarters in Bermuda.
Appleby has thoroughly and vigorously investigated the allegations and we are satisfied that there is no evidence of any wrongdoing. We are a law firm which advises clients on legitimate and lawful ways to conduct their business. We operate in jurisdictions which are regulated to the highest international standards. We do not tolerate illegal behaviour and we reiterate our commitment to responsible business conduct. We are committed to the highest standards of client service and confidentiality. It is what we stand for, this commitment remains unequivocal.
If you are a client of Appleby and you wish to discuss any aspect of this statement, please call +44 (0)1624 647 915, or email email@example.com”
Extracts from our response to the ICIJ Letter, dated 6 October 2017
1. Client Specific Questions
As a law firm we are under strict legal and regulatory obligations of confidentiality to our clients which we take extremely seriously. We are therefore unable to comment on any client specific activity.
2. Compliance Related Questions
Across all the jurisdictions in which we operate, we face an ever-increasing level of compliance obligations including in respect of anti-money laundering (“AML”) and anti-terrorist funding (“AFT”) measures. These compliance obligations are extremely complex and strict.
Our overriding objective is to have the procedures and policies to ensure that we have 100% compliance with these obligations. This is a major undertaking. Appleby invests a significant amount annually in compliance professionals and processes, not only to put in place the requisite procedures and policies but also to review constantly our current practices to see where there can be improvement. The fact that weaknesses were found, candidly reported, addressed and improved upon reflects the importance we attach to this area and our heavy investment in compliance professionals.
We would also note that your quotes taken from internal compliance-related training programmes have been taken completely out of context. For example, the quote “Some of the crap we accept is amazing totally amazing” has clearly been framed so it sounds like it is referring generally to the take-on of clients. That is not true. It was in fact referring simply to the quality of the copy of passport photos or utility bills that were in some cases unreadable. That we apply attention to this detail of the compliance process again reflects the importance we attach to it.
Another example of how your questions suggest a misleading understanding of the facts is the one which refers to 600+ clients “not being compliant”. In fact, our system at that time had two measurement definitions: “Compliant” or “Not Compliant”. The vast majority of the 600+ clients referred to would simply have some technical matter regarding the compliance process outstanding which could range from lack of evidence that the entity is ‘exempt’, through to a single document that was not properly certified or had expired. Such outstanding matters could in no way call into question the propriety of acting for the client. Until the client is 100% compliant the status would not change from Not Compliant to Compliant.
Another example is the question: “We have a current case where we are sitting on about 400K that is definitely tainted and it is not easy to deal with” – “To what situation does this refer?” This was a hypothetical example to demonstrate the seriousness of the implications of SARs. The phrase was used to highlight an example. The presenter actually phrased the statement as “Say for example we have a current case where we are sitting on about $400k that is definitely tainted….” The point being that once we accept client assets, should they be tainted in any way then it puts the firm in a very difficult position. The presenter went on to state that if we suspected assets to be the proceeds of crime then we are duty bound to make a suspicious activity report and that if we moved the assets we could breach the law ourselves.
A further example is the question “We are exposed….This is not the best we can do”. Again, a line in the speaker’s notes has been taken out of context. This presentation did not stand alone. This presentation related to the general criticisms aimed at the finance industry and offshore world. Against this background, the presenter went on to make the point that, as a prominent business in this sector, every professional within our business is exposed to individuals who may want to use our services to facilitate activities that we would not knowingly want to be involved in. The presentation was all about setting compliance benchmarks and improving standards.