There are a lot of things to consider when choosing an offshore bank. This post will be a deeper dive into some of the many factors that go into evaluating a bank, whether it’s onshore or offshore.
License
This is the most basic requirement, yet one missed by people who keep falling for sham banks.
Banks are licensed by either the central bank of the country or – as is common in offshore jurisdiction with so-called international banks – the FIU (financial intelligence unit), FSC (financial services commission), FSA (financial services authority), or similar. In some lesser developed countries, banks may be licensed by the ministry of finance.
A notable exception to this is the USA, which has highly fragmented banking regulations.
To check if a bank is licensed, visit the website of the central bank and/or the relevant financial authority of the jurisdiction. These days, all countries worth banking in list licensees online. Note that some banks trade under a different name than the legal entity which holds the license, so be sure to check terms and conditions on the bank’s website for the legal name of the company.
If you cannot find the bank in any list of licensees – congratulations, you just found a sham bank.
Financial Statements
This one isn’t always possible, but publicly traded banks at least are usually required to file public annual returns. Many – including some privately held banks – choose to post them on their websites, under Investor Relations or similarly worded headline. Sometimes, financial statements can be found on the central bank or financial authority websites.
Reading financial statements take practice. It gets easier over time. Wikipedia and Investopedia have good explanations of terminology. Unfortunately, terminology isn’t always consistent worldwide or even within the same country. This can become especially problematic when reading financial statements from a bank in a non-English speaking jurisdiction and the translation isn’t perfect.
What to look for depends on what you want to gauge. Some are happy just looking at assets while others focus on liquidity ratios or other ratios to determine how much money the bank and effectively can afford to lose.
I cannot stress enough that the following examples are extremely superficial and only meant as a way to show that it isn’t an impossible task to gauge financial statements. There are many good reasons why people work full-time on financial analysis.
Examples
As an example, let’s take a look at Annual Report 2012 by Credit Libanais.
The first couple of pages aren’t terribly interesting but by page 7 we get to the Group Key Financial Highlights.
Here we can see that the bank’s total assets have grown from 8.23 trillion LBP in 2009 to 11.98 trillion LBP in 2012, up 45.55%. However, in the same period, the bank’s liquidity ratio has dropped from 82.71% in 2009 to 77.46% in 2012. This could mean that the bank’s growth is at least partly fuelled by an increased lending strategy.
Contrary to what is often touted within online communities, loans in and of themselves aren’t bad. Lending is what keeps the banking system alive. Frivolous lending is bad, as for example the Eurozone of 2009—present has shown.
On page 86 we can see where the bank’s money is going. Taxes have increased a lot since 2011. The bank took a dip in net profit of 5.85%. However, looking historically, the bank had a large upswing 2010 and 2011. The 2012 profits are still higher than 2008 and 2009. To understand the underlying reasons, you have to read the text. In this case, the decrease in profit is blamed on contraction of assets and regulatory changes imposed by the central bank.
Next, we’ll take a look at BOV’s 2013 annual report.
On page 8, we see that profit is up 5% from 2012. Page 43 shows that the bank loans to deposit ratio is decreasing, but their liquidity ratio is going up and at almost 55% is well over the 30% requirement.
Again, though, there are more things to be aware of when reading a financial statement. This was just a quick overview of some numbers, which on their own don’t mean anything. All numbers have a context.
Internet Banking Security
A frighteningly large number of banks still only use username and password authentication for logging in and making transactions on their internet banking facilities.
The Americas and Caribbean are especially bad at this. Digipass or some other form of two-factor authentication is much more common in Europe and Asia. Middle Eastern banks are getting better. In continental Africa, I’ve seen an increase in SMS verification lately, which is a pretty good form of two-factor authentication.
As much as possible, I avoid and recommend against banks that only use username and password. It’s not always possible but I consider it a big minus if a bank hasn’t coughed up the money to implement two-factor authentication.
What good is banking secrecy worth when your bank account and all details are only a hacked username and password away? How safe is your money if it can be wired out with just username and password?
The downside to two-factor authentication is the usability friction. Banks in especially well-developed countries are recognizing this and offering various forms of mobile applications that have softer or no authentication through which limited but convenient features are offered. This is still not being done in any significant way for offshore banking, which is often lagging behind onshore banking when it comes to technical innovation.
Card Product Range
Whether I’m opening an account for myself, my own businesses, or a client, cards are almost always an important factor. Virtually the only time cards aren’t important is for private banking and wealth management, since that’s money you’re not supposed to use on the daily.
It is also an indication of how developed the bank is. A bank that can offer Visa Gold, Visa Platinum, and maybe even Visa Infinite is likely a more established bank than a bank that only offers Visa Classic. Cards should also be available as commercial (business/corporate) cards and personal consumer cards.
Major banks tend to offer both Visa and MasterCard. China UnionPay cards are growing in Asia and acceptance of such cards is growing worldwide.
EMV (Chip & PIN)
EMV (short for Europay, MasterCard and Visa, more commonly called Chip & PIN) is a chip embedded on a card. Instead of swiping your card and just relying on the easily-cloned magnetic stripe, to approve a transaction with an EMV enabled card, you have to enter a PIN. The PIN is usually four digits but exceptions exist in for example Switzerland and Iceland where PINs sometimes are six digits long.
EMV is by no means 100% secure, but it is more secure than swiping. Cloning and emptying an EMV enabled card is more difficult and time-consuming which is why offline credit card fraud is decreasing in Europe.
Furthermore, the protection you get is greater with an EMV enabled card in that it is easier to retrieve funds stolen from such a card since it is implied that the thief didn’t just take your card; they took your card and somehow acquired your PIN. I’m well aware that there are security flaws in EMV and that many chips can be fooled into accepting any PIN but that hasn’t yet affected how the card schemes (Visa, MasterCard) dictate the rules.
I see it as a significant advantage if a bank offers EMV enabled cards.
3D Secure
This can be thought of as EMV for online usage. 3D Secure – often Verified by Visa or MasterCard SecureCode – is a two-factor authentication which occurs during a transaction.
The exact implementation varies. Sometimes it’s just a password; sometimes it’s a code sent by SMS or generated by a digipass.
Whether a bank offers 3D Secure or not is not a decision making factor to me in most cases, but I consider it a plus if they do. It shows that the bank takes fraud and customer security seriously – at least to some degree.
KYC Policy
Very often, I receive the question or stumble upon discussions about finding a bank that asks for as little documentation as possible.This to me raises a red flag about the client.
Due diligence is good. It’s good for you and it’s good for the bank.
While some banks definitely make the application process unnecessarily difficult (looking at you, Panama), I prefer a thorough application procedure over what’s going on in most of the Caribbean where a bank account is opened to anyone who can spell their name correctly on an application form and send in the documentation.
Interestingly, many large and/or onshore banks have much simpler application procedures. To open a bank account, it’s often enough to walk in to the bank with your passport. These banks instead perform delayed due diligence, which is something smaller Caribbean banks lack the resources or are too stuck in the old ways to do.
The fact that a bank asks for a lot of documentation should be a good thing. Done correctly, it will weed out criminal elements and other unwanted customers.
Reputability
This goes both for the bank as well as the reputation of the jurisdiction. One way of determining a bank’s reputation is to simply use your favourite search engine and key in the bank’s name. Now, it’s important to keep in mind that angry customers are more vocal than happy customers. I seldom take complaints from individuals seriously, unless it’s unison and in large numbers.
What you should keep an eye out for is the bank being mentioned in any reputable ranking of banks. It can also be interesting to see if the bank has been mentioned in media recently. I think it’s a good thing if a bank is active in charities or arranging sports or cultural events. It shows that they aren’t just a shoe box somewhere or a plaque on a door no one opens. It’s a real and tangible bank, active in its community.
However, it’s not a negative sign if a bank doesn’t appear anywhere in media or reputable websites. Some banks’ corporate profile simply doesn’t include media exposure.
The reputation of the jurisdiction itself is also important. More on that in an earlier blog post titled Assessing the Reputability of Offshore Jurisdictions.
Conclusion
What have we learned today?
We have learned to check that a bank is licensed and to review their financial statements. This tells us the bank exists and if they are financially sound.
We also learned to form an understanding of the bank’s security measures: internet banking and card security.
Lastly, we learned about compliance: to assess the compliance measures in the bank’s KYC policy and to determine the bank’s and the jurisdiction’s reputability.
Chip & PIN and 3-D Secure might prevent unauthorized transactions in the first place.
They do however carry additional liability risks for the cardholder. Both are used to shift liability from the bank to the customer for disputed/unauthorized transactions.
If your card has been stolen (or cloned, for that matter) and unauthorized transactions have been effected with your PIN number, it has been legally assumed (prima facie) that you didn’t exercise proper caution in keeping your PIN number secret. The burden of proofs was shifted from the bank to the cardholder. Thus, you may be saddled with the damage, even beyond liability restrictions set by T&C or even mandated by law.
Similarly for 3-D Secure / Verified by VISA, which I totally detest. Not so much for inconvenience and frustration when I couldn’t remember my code, as from a user experience standpoint. These schemes look and feel like straight out of any “phisher’s” playbook. You’re forwarded to first-sime signup process from a merchant web site (as a pop-up!), user is authenticated by “top secret” personal details as birth date or card billing address. It would be laughable if it weren’t so atrociously bad. Furthermore, it thoroughly undermines the ”internet security best practice” principles which the less internet-savvy should be told. E.g., if anybody “forwards” you to any window/site pretending to be your bank (or someone else you trust), assume it isn’t – and never, ever enter any information on it.
I do, however, agree, that it is usually a positive sign about the bank itself, if it employs these mechanisms – even if it’s not always benefiting to the customer.
Bonus content! For some examples on how to verify that banks are licensed, head over to the forum: https://www.streber.org//forum/viewtopic.php?f=4&p=23#p23.