Protection and Disclosure of Corporate and Private Data of Offshore Investors/Companies

Let us ask ourselves: would we trust lawyers, accountants, doctors, or other service providers, if we do not get their guarantees of our privacy protection and data non-disclosure? Obviously, we would not. Likewise, they will be quickly abandoned by customers if they share clients’ private data without their consent. Codes of ethics and data confidentiality policies have become mandatory for nearly all individual and corporate entities. This is particularly relevant to brokers, financial institutions, lending institutions, insurers, and other businesses and professionals dealing with private and corporate assets. Corporations seeking reliable protection of their assets from possible aggressive competitors, fraudsters, and raiders consider confidentiality provisions as a must-have element of well-written contracts.

Classic offshore jurisdictions have always considered the stringent protection of data privacy among their priorities. They have always taken a tough line on information disclosure to third parties (with the exception of the rare situations of legally grounded stipulations by authorities or court rulings). 

Even now that the creation of public repositories of information about ultimate business owners are urged by the nearly global trends of deoffshorization and such organizations as FATF (Financial Action Task Force on Money Laundering), many offshore jurisdictions ensure a high level of data security and stipulate that disclosure of the names of directors, shareholders, the UBO(s) of companies is subject to criminal charges and liability. This appeals to many company owners and investors who choose to invest or deposit their capital abroad. When a company is incorporated in a state where registration in the public business register is an absolute must, the appointment of professional company directors or corporate nominees (if such appointments are legally allowed in the jurisdiction) provides for the owners’ confidentiality.

Let’s take a closer look at the liability stipulated by offshore countries for the disclosure of corporate and private data.   

What agreements specify the protection and disclosure of corporate and private data?

Laws and regulations on information security vary across countries and states.  Yet in each and all cases, the legal remedies for willful violation of confidentiality/non-disclosure obligations present the most sophisticated legal issue. The most common legal tools at the moment are:

• damage settlement and reimbursement (including the losses which likelihood and value was envisaged in the agreement);
• an injunction banning further publication or further abuse of confidential information;
• case-specific fulfillment of outstanding obligations (including confidentiality obligations);
• an account of any profits made as a result of the violation. 

In some countries, such as Canada, all of the above remedies are available.  

Besides, in addition to the conventional provisions of confidentiality agreements, in many countries, the breach of trust is qualified as a separate offense subject to particular remedies.

In offshore jurisdictions, the confidentiality of information is traditionally protected by law, and for its disclosure, any wrongdoer can be punished by huge fines and imprisonment. However, an exhaustive answer about possible liability for breach of confidentiality in offshore countries can be provided only with a reference to the details of the particular violation committed and the specifics of the legal agreement. 

The damages clause sets the price for breach of the confidentiality agreement depending on the nature of the breach. For example, if the agreement covers the security of trade secrets, their disclosure means that a competitor may use them (for example, a technology) to produce a competing product. In such a case, the lawsuit may be based on the affected party’s actual losses incurred due to a decrease in sales, as well as on the sales turnover obtained by the offender through the breach.

International laws on banking secrecy, disclosure of corporate and private data

Banks are the most serious and largest repositories of information about their customers. Virtually all jurisdictions support banking secrecy meaning that a financial institution cannot disclose customers’ information to other individuals or organizations. If privacy provisions are breached or any unauthorized leakage of information occurs, the license should be revoked, and some more serious consequences follow. 

However, legislatures always strive to find a balance of interests in their banking policies. For example, some jurisdictions tend to encourage savings both in national and foreign banks. Others strive to maintain the reputation and trust in their own banking system. 

In any case, banking secrecy is expected to meet quite natural and legitimate needs:

• individuals’ desire to maintain confidentiality of economic operations, feel protected against rampant inflation, keep their assets safe and defended from greedy relatives, heirs, raiders;
• corporations’ aspirations to shield themselves from any competitors, retain the secrecy of their strategies, plans, goals, inventions, and financial condition.     

Therefore, bank licensing systems usually require compliance with high standards, fair management principles, and adherence to information confidentiality laws. 

Let’s look at this message in more detail. 

Disclosure of information vs banking secrecy 

This issue has relevance only to matters involving criminal use of illegal income, terrorist financing, and other abuses. Confidentiality of information may not be given a priority in the following situations:

• preventive measures taken to counter and bar serious crimes and circumvention of economic laws;
• activities aimed at enhancing the transparency of the securities market (to combat insider trading, false markets, etc.);
• inspections of the corporate governance of financial institutions;
• supervision of banking activities by regulatory and supervisory national authorities;
• detection of evidence of an offense committed by a corporate or private person (before and after the judicial decision);
• investigation of insolvency caused by fraudulent actions, recovery of assets, etc. 

Moreover, as the number of international treaties signed by jurisdictions is growing, many governments agree to exchange and share information. For example, the CRS international system for automatic exchange of tax information involves the submission of data on residents of another jurisdiction to its tax authorities. However, such information cannot be transferred to third parties. It is available only to the relevant national authorities.  

Classification of jurisdictions by protection and disclosure of corporate and private data 

Jurisdictions can be roughly classified by the strictness of their laws on information confidentiality and liability for data disclosure. In this respect, offshore zones are considered the most reliable. The main duty of data secrecy is envisaged by precedent law, codes, and special laws. Any licensed service provider is required to observe the anonymity of the data source. The slightest violations are subject to strict punitive measures. 

Let us have a look at some examples of the provisions maintained by the most popular offshore jurisdictions. 

BVI

The legal guarantees of data protection in the BVI are based on the Computer Misuse and Cybercrime Act 2014, which treats data disclosure or leakage as a criminal offense. The Act stipulates tough criminal penalties of up to 3 years in prison and fines up to USD 100,000. In some cases qualified as ‘grossly offensive’ or ‘menacing’ and ‘causing annoyance or inconvenience’, fines can step up to USD 500,000 and jail terms up to 14 years. 

The Business Companies Act of 2004 protects corporate data of companies registered in the BVI. It also requires that company records (that are mandatory) cannot be made not public and cannot be presented to the public.  A draft data privacy law was published in Q1, 2020. It is unclear when the bill will be passed into law, though.

Cayman Islands

In the Cayman Islands jurisdiction, the main law ensuring the anonymity of personal and corporate data is the Confidential Relationships (Preservation) Law (2009 Revision). Additionally, there are rules to ensure banking secrecy and confidentiality of information relevant to trusts. 

Information can be provided only to authorized public bodies conducting a legal investigation of a serious crime. Otherwise, the disclosure is subject to criminal penalties. Under the Cayman Islands Confidential Relations Act, licensed service providers are subject to a serious fine and license revocation, or to criminal penalties, for unauthorized disclosure of information. 

Saint Kitts and Nevis

The Electronic Crimes Act of 2009, adopted by Saint Kitts and Nevis authorities, involves imprisonment as a penalty for deliberate, inadvertent disclosure of confidential information, leaks of data, and other adverse acts leading to the disclosure of personal and corporate data. Privacy is the concept currently governed by the Constitution of Saint Kitts and Nevis. The jurisdiction developed its Data Protection Act, 2018 (not yet in force) mirroring a similar legal act of the Organization of Eastern Caribbean States promoting the protection of personal data processed by public and private bodies.  

Nevis is a popular destination for registration of trusts protecting owners’ assets. Disclosure of confidential information may be penalized by up to 5 years’ imprisonment and penalties of USD 50,000. USD.  

This jurisdiction qualifies the following categories of data  as ‘confidential information’:

• property/ownership;
• professional activities;
• commercial transactions;
• information about bank accounts, etc. 

In other words, only information about routine operations can be disclosed, but only on special formal requests. Nevis banks and trusts are also strictly adhering to confidentiality clauses. 

Belize

Belizean IBCs are considered the most protected offshore companies:  their data privacy is well-protected by the sound judicial system at large and the strictest privacy-related laws in particular. For a long time, the submission of financial statements and reports to public authorities was not mandatory, beneficial owners were not registered, thereby the protection of personal and corporate data was particularly reliable. In 2019, the authorities of Belize introduced the concept of substance but still allowed international companies to retain freedom from such obligations, the tax-exempt status, and the opportunity to rely on the privacy provisions of the Belize legislation. 

However, it is very important to design a customized structure of one’s business. The guarantees of banking secrecy, confidentiality clauses in agreements, and penalties stipulated for data disclosure can make sense and provide the expected protection only if one is fully committed to the legitimate right and ultimate desire to keep one’s capital from encroachment of scammers and intruders. 

If you need expert assistance in building a reliable barrier around your capital/property, please contact us for a private consultation in any convenient way. We respect the confidentiality of information provided by customers. We guarantee the exclusive security of the data you share with our expert during the free one-on-one web-based consultation.