The Reality of Secrecy Today

This is a companion article to my recent article on Automatic Exchange of Information (AEOI). It spurred from a discussions over at the forum about Real Jurisdiction secrecy and AEOI (among other threads on the subject).

With banking secrecy being eroded over the last decades and corporate secrecy penetrated by TIEAs, what is the reality of secrecy today?

In this article, I will explore the actual and cultural aspects of secrecy. Let’s start by looking at banking, trusts, and corporations.

Banking Secrecy

As I mentioned in my article about AEOI and the Common Reporting Standard, authorities have come to the conclusion that the shortest path between a tax evader and his or her money is the bank account – not the unwinding of convoluted corporate structures.

What started with the US FATCA requiring banks to disclose accounts held by US persons, this has turned into a global phenomenon. This has had a tremendous impact on banking secrecy.

In that article, I try to explain that banking secrecy is more than just hiding assets from the police. Claiming that banking secrecy is dead is sensationalist and fundamentally wrong.

Banking secrecy is the guarantee that your coworkers, friends, family, or journalists cannot just call up a bank and ask how much money you have there. Financial matters are a private affair.

Some jurisdictions – notably Switzerland, Lebanon, and the Philippines – took the privacy of banking and turned it into confidentiality even from the government. Each jurisdiction is unique and has its own history, and I will return to culture later on.

For decades, these high-secrecy jurisdictions operated mostly undisturbed but as financial crimes such as fraud, embezzlement, bribery, and money laundering, become a higher and higher priority (with 9/11 being a major catalyst), erosion of banking secrecy as a means to hide money from law enforcement and governments has eroded and in most jurisdictions vanished (at least in the presence of a exchange of information agreement).

Now, most of the world’s money laundering very likely takes place in jurisdictions like US, UK, and Germany, but that doesn’t stop those very jurisdictions from harassing other jurisdictions, whose secrecy does pose a problem in fighting global money laundering.

To achieve banking secrecy strong enough to ensure confidentiality from governments, you would today need to find a jurisdiction out of scope for AEOI, TIEA, and other information-sharing mechanisms.

Arguably, a TIEA only would be tolerable since information is not divulged automatically and since so-called fishing expeditions aren’t allowed, information is only disclosed when for example your local tax authority knows that you have a bank account in that jurisdiction.

But what if you surrender ownership of funds into a trust?


Well, the OECD has you covered there, to a degree. There are provisions in the AEOI CRS for disclosure of persons involved in trusts under certain conditions. The OECD is treating trusts like entities, which they technically are not but for reporting purposes can possibly be seen as such.

Here are some relevant excerpts from the Common Reporting Standard.

The term “Controlling Persons” means the natural persons
who exercise control over an Entity. In the case of a trust, such
term means the settlor(s), the trustee(s), the protector(s) (if
any), the beneficiary(ies) or class(es) of beneficiaries, and any
other natural person(s) exercising ultimate effective control
over the trust, and in the case of a legal arrangement other
than a trust, such term means persons in equivalent or similar
positions. The term “Controlling Persons” must be interpreted
in a manner consistent with the Financial Action Task Force

— Section VIII “Defined Terms”, paragraph D-6.


2. The information to be exchanged is, in the case of [Jurisdiction A] with respect to each [Jurisdiction B] Reportable Account, and in the case of
[Jurisdiction B] with respect to each [Jurisdiction A] Reportable Account:
a) the name, address, TIN(s) and date and place of birth (in the case of
an individual) of each Reportable Person that is an Account Holder of
the account and, in the case of any Entity that is an Account Holder
and that, after application of due diligence procedures consistent with
the Common Reporting Standard, is identified as having one or more
Controlling Persons that is a Reportable Person, the name, address,
and TIN(s) of the Entity and the name, address, TIN(s) and date and
place of birth of each Reportable Person;

— Section 2 “Exchange of Information with Respect to Reportable Accounts”, paragraph 2 and 2-a.

The Standard For Automatic Exchange of Financial Information Implementation Handbook states that information about accounts held in trust by a trustee should generally be reported to the trustees’ jurisdictions of residence, which typically is a tax haven unassociated with the settlor and/or beneficiaries.

However, the are circumstances under which information should be reported to the jurisdictions of residence of the settlor(s), protector(s), beneficiary(ies), and so on. These events are mainly linked to payouts or income-generating activities that benefit the beneficiaries.

It’s complex and as with most things related to the CRS and AEOI, time will tell what actually happens.

Aside from CRS and AEOI, trusts are currently practically impenetrable. Trusts that do not involve bank accounts are still very much confidential in jurisdictions that specialize in it.

A trust registered in an AEOI jurisdiction can avoid AEOI by banking in a non-AEOI jurisdiction or by structuring the trust in such a way that the true settlor or beneficiaries are never subject to reportable events. This is something that requires careful set-up and maintenance by a skilled trustee.

Corporate Secrecy

Corporate secrecy is not in scope for AEOI insofar as that share holding, members, board of directors, company financials, and other company data is only disclosed for such entities that hold bank accounts and then only for the reportable controlling persons.

What this essentially means is that your Seychelles IBC is going to remain secret in and of itself but if it banks in an AEOI jurisdiction, information about the company that the bank knows will be shared with the jurisdictions of residence of the controlling persons.

Information about secretive companies can also be obtained through using other exchange of information mechanisms, such as TIEAs.Some of the more reputable jurisdictions (such as BVI and Anguilla) are currently reviewing forming central registries of beneficiaries for companies. This registry would in all likelihood be confidential to the public but would mean that these jurisdictions would move from a system where company ownership is only known to service providers to a system where the government knows the company ownership.

Foundations are in much the same situation as corporations, although ownership is not as clearly defined.

Culture of Secrecy and Privacy

Google Streetview was not a big success in privacy-consciouss Germany or Austria.

Google Street View was not a big success in privacy-conscious Germany or Austria.

Privacy as a social norm is deeply rooted in some cultures in for example central to northern Europe. Switzerland, Germany, Austria, Luxembourg, and – to a lesser but still significant degree – Netherlands, Denmark, Sweden, Norway, Finland, and Iceland value privacy very highly.

Southern Europe does not have quite the same penchant for privacy, although with a three fortunate exceptions: Andorra, San Marino, and Monaco.

This goes well beyond banking secrecy. Data protection in for example Germany and Austria are extremely rigorous. While some of this stems from the aftermath of these countries (and or their neighbours) having had secret polices wire-tapping and tracking citizens, it is a tradition that goes further back in history.

I won’t go into length about anthropological and sociological theories, but a strong culture of keeping to oneself and minding one’s own business can be found throughout Europe. The founders of what today is the USA brought with them similar ideals and it can be seen to this day in American culture. (Although looking at data protection, the US is a lot more easy-going than its European counterparts.)

In the CIS nations (former USSR nations), corruption is in many cases a rampant problem and secrecy from the local governments (and Russia) is unheard of, but these nations do not like being pushed around by other nations and will sometimes do the absolute bare minimum to reach international standards on cooperation (if even that).

But if we go to different cultures, secrecy is no longer as guaranteed as it is elsewhere.

Let’s take the Caribbean, for example. Excluding British overseas territories, most of these island nations typically do not have the strong social norms of secrecy and privacy that dominate in Europe. Still, people deposit money in Belize thinking it’s safer than Switzerland because they read a headline saying that Swiss banking secrecy is dead.

While the Swiss have had privacy in their culture for hundreds of years and outright banking secrecy for close to 100 years and while , most tax havens do not have the same deeply rooted sense of confidentiality.

While I don’t mean to imply that banking secrecy isn’t respected in Belize, Dominica, Seychelles, and so on, in a thorough, all-encompassing risk analysis, this is a factor to be considered.

Service Provider Secrecy

As of writing this, the Mossack & Fonseca leak (the Panama Papers) has just started.

This is an often overlooked link in the chain. What good are a Panamanian private interest foundation, Panamanian company, and Panamanian bank accounts when all the messages your service provider has handled for the last 40 years suddenly becomes public knowledge.

Unfortunately, practically no service providers are using email encryption technologies of any kind, neither message encryption such as PGP/GPG or out-of-bounds solutions such as Voltage. Very often, emails and documents are stored in plain text on unencrypted servers.

IT security has not been a high priority for this industry.

I have worked hands on with some service providers to tighten their ships but even when they decide to do it, it’s a hassle to migrate the old messages to the new environment. And that often doesn’t take care of the biggest risk anyway: emails to and from clients.

Educating clients is costly and most service providers fail to see the benefit of encrypted messaging. Many clients will be annoyed if they can’t just use their normal email client to send messages without having to log in to an additional service or bother with importing certificates.


It’s easy to get a confused or inaccurate view of secrecy today if not taking the time to critically look at all aspects of it.

Banking secrecy as a means to hide money from governments is indeed on its death bed. Some jurisdictions are either holding out or simply too far behind to catch up in a timely manner, but it’s unlikely that things like AEOI will ever be revoked and repealed.

It’s still possible to attain banking secrecy, though; either by utilizing jurisdictions that have not or cannot engage in AEOI or other exchanges of information, or by structuring one’s funds in such a way that they are legally not in scope for reporting to any automatic reporting.

Trusts, companies, and foundations are – in and of themselves – largely still as secretive as before. Financial institutions are the weakest link in a secretive structure.

OECD is pushing for improvements in record keeping and ownership registrations (not necessarily central, but available to governments for inspection on demand).

Know your enemy and plan accordingly.

Leave a comment

Skip to toolbar