Scroll Top

Legal cudgels help the rich dodge scrutiny

Alarm among cor­po­rate inves­ti­ga­tors high­lights the dan­ger posed by sweep­ing pri­va­cy rules

Imagine you are a dodgy tycoon called Boris Ripzemov. You crave respectabil­i­ty and a safe home for your enor­mous for­tune. But the banks that once wooed you are ask­ing tire­some ques­tions about how you made your mon­ey. The truth is incon­ve­nient: it involves your ties to cor­rupt regimes and to organ­ised crime. The source of the prob­lem is the cor­po­rate inves­ti­ga­tion out­fits that banks hire to do the leg­work. The answer is to intim­i­date them.

The spring­board for this is the EU’s General Data Protection Regulation (GDPR), which still applies in Britain post-Brexit. Its aims are noble. The uses to which it is put, less so. It gives sweep­ing rights: any­one, any­where in the world, can demand to know what infor­ma­tion is held on them.

A fish­ing expe­di­tion under GDPR costs almost noth­ing: Mr Ripzemov’s lawyers fire off iden­ti­cal requests to lots of sleuthing out­fits, ask­ing if they have infor­ma­tion on him. Then they launch a sal­vo of com­plaints. What data do they hold and why? They must desist, delete it, retract any con­clu­sions drawn and promise nev­er to men­tion Mr Ripzemov again. The finan­cial dam­age or emo­tion­al dis­tress caused may also mer­it damages.

This onslaught is daunt­ing. The reports are nec­es­sar­i­ly con­fi­den­tial. They might include a can­did assess­ment of Mr Ripzemov’s busi­ness mod­el by an ex-employ­ee, for exam­ple, or eye­wit­ness evi­dence of him hob­nob­bing with gang­sters. Even with names redact­ed, Mr Ripzemov can eas­i­ly guess the sources’ iden­ti­ty. In the cor­rupt coun­tries con­cerned, says a sleuth, “it’s easy for peo­ple to dis­ap­pear or some­thing to hap­pen to them”.

But fight­ing off the attacks is tricky too. The law and the facts may be on the side of the inves­ti­ga­tors, but Nick Watson of Keystone Law, who defends against such cas­es, speaks of the “dis­par­i­ty of fire­pow­er”. For the likes of Mr Ripzemov, a mil­lion-pound legal bill, and the prospect of a big­ger one, is noth­ing. At least when it comes to libel law, media organ­i­sa­tions ben­e­fit from some free-speech pro­tec­tions, and may have spe­cial­ist libel insur­ance (which picked up four-fifths of the £500,000 bill in a case I fought some years ago). Corporate inves­ti­ga­tion firms — most­ly run by ex-jour­nal­ists, accoun­tants and for­mer spooks — lack these defences. For most of them, the risk of tan­gling with a bil­lion­aire is crippling.

Many note the fate of a British com­pa­ny, S‑RM Intelligence and Risk Consulting, which was asked by Morgan Stanley, an American bank, to inves­ti­gate a Singaporean prop­er­ty mag­nate, Arvind Tiku. He has been dogged by con­tro­ver­sy sur­round­ing his alleged asso­ci­a­tion with a Kazakh princeling, Timur Kulibayev, who is the son-in-law of the country’s for­mer pres­i­dent, Nursultan Nazarbayev.

After expe­ri­enc­ing per­sis­tent dif­fi­cul­ties in doing busi­ness with big west­ern finan­cial insti­tu­tions, Tiku says his lawyers issued “15 to 20” requests under GDPR. They iden­ti­fied five com­pa­nies hold­ing data on him — all erro­neous, he says. Four backed down with­out a fight. S‑RM even­tu­al­ly pub­lished a grov­el­ling retrac­tion, cit­ing the fact that Swiss and Kazakh author­i­ties had inves­ti­gat­ed Tiku’s busi­ness deal­ings but brought no charges. It promised to delete the data col­lect­ed, accept­ed the alle­ga­tions were false and informed its clients of this find­ing. There is no sug­ges­tion of wrong­do­ing on Tiku’s part, or that of his lawyers, Carter-Ruck. He did not pur­sue his attempt to bank with Morgan Stanley: “Life moves on,” he says.

But the encounter has cer­tain­ly left S‑RM gun-shy. When I sought com­ment, the company’s com­pli­ance depart­ment vetoed even a back­ground dis­cus­sion of the issue. Nobody in the indus­try want­ed to talk pub­licly about these dif­fi­cul­ties either. Fear of ret­ri­bu­tion by deep-pock­et­ed foes runs deep.

The effects of all this are dire. Our efforts to counter mon­ey laun­der­ing are only as strong as the weak­est links in the chain. These tac­tics make them still weak­er. Sophisticated finan­cial insti­tu­tions may ignore arm-twist­ed retrac­tions. But those that sim­ply need a box ticked will not.

The under­ly­ing prob­lem is that the law impos­es strict duties on finan­cial insti­tu­tions to check out new cus­tomers, while shield­ing the per­son­al data that would pro­vide the answers. Some sug­gest the solu­tion is to reg­u­late the pri­vate intel­li­gence indus­try, offer­ing legal pro­tec­tion in return for high­er stan­dards. In some American states, licensed pri­vate inves­ti­ga­tors enjoy priv­i­leges such as exemp­tion from loi­ter­ing laws. This world cer­tain­ly has its share of sharks and phonies. But as with jour­nal­ism, sleuthing is a trade that resists statu­to­ry definition.

Another option is to shift the respon­si­bil­i­ty for com­pli­ance with data-pri­va­cy rules on to the finan­cial insti­tu­tions. The banks have deep­er pock­ets, and can argue more strong­ly their legal­ly man­dat­ed inves­ti­ga­tions are nec­es­sary and pro­por­tion­ate. The law could state specif­i­cal­ly that any­one con­duct­ing an inves­ti­ga­tion on behalf of a reg­u­lat­ed finan­cial insti­tu­tion is shield­ed from GDPR fish­ing expe­di­tions: the eco­nom­ic crime bill before par­lia­ment could do that neat­ly. The same effect could come from some­one fight­ing a case all the way to the Supreme Court and gain­ing a defin­i­tive rul­ing on the rel­a­tive impor­tance of pro­tect­ing pri­va­cy and check­ing probity.

The best and tough­est solu­tion would be to make lawyers check out their clients prop­er­ly. The pro­vi­sion of legal advice is not cov­ered by the same anti-mon­ey laun­der­ing checks that (sup­pos­ed­ly) apply for trans­ac­tions. If the Ripzemovs of this world can­not get lawyers in the first place, they will find it far hard­er to use the law to cud­gel their crit­ics.

Full orig­i­nal sto­ry: Legal cud­gels help the rich dodge scrutiny