‘Paradise Papers’ hit headlines

Leaked records from offshore law firm Appleby involving the dealings of U.S. Commerce Secretary Wilbur Ross, Queen Elizabeth II, advisers to U.S. President Donald Trump, political donors and other law firm clients have sparked a flurry of media reports around the world.

The documents, held by the International Consortium of Investigative Journalists, consist of 13.4 million files from offshore law firm Appleby, trust company Asiaciti, and from company registries in 19 “secrecy” jurisdictions, including the Cayman Islands.

A year and a half after it released the Panama Papers, the ICIJ said it is coordinating a global investigation into the documents dubbed the Paradise Papers involving 380 journalists in 67 countries.

Appleby says the files were not the result of a leak but stolen when the firm was hacked last year.

The data were first obtained by German newspaper Süddeutsche Zeitung and shared with other media around the world. The records contain nearly 7 million records from Bermuda-founded Appleby and its affiliates and cover the period from 1950 to 2016. The files include emails, loan agreements and bank statements of at least 25,000 entities connected to people in 180 countries, the ICIJ said.

Most clients and entities named in the Appleby data are from the U.S., the U.K., Bermuda, Cayman, Hong Kong, China and Canada.

In a statement on Sunday, Nov. 5, Appleby vigorously denied wrongdoing.

“The journalists do not allege, nor could they, that Appleby has done anything unlawful. There is no wrongdoing. It is a patchwork quilt of unrelated allegations with a clear political agenda and movement against offshore,” the law firm said.

‘Illegal computer hack’

The firm reiterated that it was not the subject of a leak but the victim of computer crime.

“This was an illegal computer hack. Our systems were accessed by an intruder who deployed the tactics of a professional hacker and covered his/her tracks to the extent that a forensic investigation by a leading international Cyber & Threats team concluded that there was no definitive evidence that any data had left our systems.

“This was not the work of anybody who works at Appleby,” the statement said.

Appleby said it had “thoroughly and vigorously investigated the allegations and we are satisfied that there is no evidence of any wrongdoing.”

More Paradise Papers news stories based on the leaked data are scheduled to be released each day of this week. The ICIJ said it will deal with strategies used by multinational corporations to shift profits to low-tax jurisdictions and detail how wealthy clients register private jets and yachts offshore and use trusts for tax planning.

The group announced it would release the structured data connected to the Paradise Papers in the coming weeks on its Offshore Leaks database.

Appleby took aim at the media for reporting confidential client information.

“We take client confidentiality extremely seriously and we are disappointed that the media has chosen to use information which has emanated from material obtained illegally,” the law firm said.

“This has very little to do with accurate and fair reporting, and everything to do with the pursuit of a political agenda. These journalists will not permit fairness and accuracy to get in the way of their political objectives.”

Cayman’s Minister of Financial Services Tara Rivers also said the reporting on the Paradise Papers has not provided any evidence of wrongdoing.

Speaking in the Legislative Assembly Monday, she said Cayman has a strong history of adhering to international regulatory standards. “We will continue to strengthen our regulatory framework and maintain our strong relationships with international authorities, including through our multiple mechanisms for exchanges of information on tax and beneficial ownership information.”

Cayman’s compliance record that is assessed by international organizations proves that Cayman is not a place to hide wealth, she added.

“It’s also important for the public to know that the Cayman Islands financial services business includes many types of investors, and not exclusively the rich,” she said.

“Our jurisdiction offers the international business community a framework from which to conduct legitimate business; and investments made using Cayman vehicles benefit many countries around the world, including developed and developing economies, to create jobs and generate domestic incomes. For example, investments, such as pension funds, that use Cayman vehicles benefit the broader populations of these countries.”

‘Different from Panama Papers’

Meanwhile, tax experts expressed doubts whether the Paradise Papers files are comparable to the Panama Papers revelations in 2016.

Pascal Saint-Amans, head of Tax at the Organisation for Economic Co-operation and Development told the Financial Times, “They are quite different from the Panama Papers.”

He said the schemes in question were mostly, if not totally, legal. “Some are not even questionable from a legitimacy point of view.”

Support local journalism. Subscribe to the all-access pass for the Cayman Compass.

Subscribe now


  1. Around the world newspapers are using illegally obtained documents to attack companies and individuals who dared to legally keep more of the money they legally earned.

    But the message is clear. Service providers need to work harder to protect their clients privacy.

    No excuses. The hacker didn’t penetrate Appleby by magic or voodoo but because of lax security.

    A password was too weak and cracked.
    A phishing email was opened by an employee and perhaps a key logger was deployed.
    Social engineering was used to con someone into allowing access or handing over their password.

    Better education of computer security is essential if clients are going to trust you. SERIOUSLY!

    A little example of how even a 2 factor authentication security system can be broken:
    Let’s say someone wanted to take over your Gmail account. The best way to do this and read all your private emails is with the Password reset for lost passwords. But you’re smart. You have set up 2 factor authentication so they will send you a text to your cell phone that you have to input.
    Foolproof no? How about if the hacker knows your cell phone number and just before triggering Gmail to send you that code they text you claiming to be Gmail, say you have a security issue and they will be sending you a code. Please reply with that code. If you are fooled then when Gmail sends you the code you will send it right back to the hacker.