Expert Opinion
3 min read

What the Pandora Papers have Taught Financial Services Firms about Cybersecurity

Posted by Picture of Paul Holland Paul Holland

On the 3rd of October, the world was hit with the reveal of the Pandora papers, the largest collection of leaked financial services (FS) data to date. Following on from the Panama and Paradise papers, released in 2016 and 2017 respectively, what makes the Pandora papers so important, and what do FS firms need to be aware of going forward?

What are the Pandora papers?

The Pandora papers consist of just under 12 million files, composed of documents, images, emails and spreadsheets that detail the hidden wealth of common household names found in various offshore accounts.

The files were originally leaked to the International Consortium of Investigative Journalists (ICIJ), who involved the help of more than 600 international journalists to analyse and authenticate the data.

Individuals named in the papers include:

Considering the scale of the Pandora papers compared to previous data leaks, they include information on twice the number of offshore asset owners than the Panama papers, with data sourced from 14 companies, including wealth management advisors and law firms.

What does this mean for financial services?

FS is one of the most data-rich industries, with vast amounts of personally identifiable information stored within systems and sent in communications. This makes it a target for data breaches, especially ones as revealing of individual activity as the Pandora papers.

Although many of the individuals named within the papers were not carrying out illegal activities, offshore tax havens remain attractive prospects for those looking to avoid paying their dues. As many of the sources involved were also financial services based, a spotlight is being shone on businesses within the industry. The public have begun calling for further caution by FS firms, particularly within anti-money laundering (AML) and cybersecurity practices.

In terms of AML, compliance officers are advised to ‘step back and evaluate the effectiveness’ of their processes, considering whether systems would work against the various risks outlined in the Pandora papers. Additionally, the importance of due diligence and know your customer (KYC) has never been more paramount. Firms need to fully identify their clients, ensuring they understand exactly where their money comes from, fulfilling the responsibility of spotting any discrepancies. This means that their risk exposure will remain at a minimum and their reputation is not endangered.

When considering cybersecurity within financial services, company priorities have already begun to shift as a result of the pandemic. The Pandora papers have only heightened this, raising awareness around the importance of digital security. With highly confidential information surrounding offshore dealings being bought to the public eye, firms are starting to realise that their security processes may not be enough to protect them from a potential data leak, especially one as large and significant as this.

How can financial services companies increase data protection?

Although the majority of consumers were not directly affected by the Pandora papers fallout, it is vital for FS firms to understand the importance of protecting their client’s data and identity.

This is where the Financial Conduct Authority (FCA) comes in. The FCA holds consumer protection at the centre of their strategy, ensuring FS firms place customer protection above all else. Their guidelines recommend the following measures to ensure effective cyber security practice:

  • Protect sensitive data with encryption
  • Understand and review who has access to certain information
  • Back up systems and data on a regular basis for disaster recovery
  • Educate staff on common cyber risks
  • Keep all systems and software up-to-date
  • Use strong passwords for all hardware
  • Gain recognised accreditation

The Pandora papers are a warning for financial services companies worldwide to step up their business practices when it comes to client data. With media-spread data leaks risking hard-earned reputations, and the public holding companies and clients accountable for any wrongdoing, the time has come for FS firms to ensure that their cybersecurity meets the a higher standard, safeguarding both them and their clients.

Return to listing