Note added 24.8.09: please note the Nationwide not say they do have this data - but that they did also report otherwise to the Times. See here.
The Times has reported:
Nationwide building society confirmed last week that it is responding to inquiries from HM Revenue & Customs (HMRC) just a week after the taxman secured an order compelling 308 institutions to turn over details of all offshore accountholders.
In a sign that the Revenue’s move could provoke a row, Nationwide said it may not be able to comply with the order to disclose UK customers with offshore accounts.
It said: “Nationwide has been in active discussion with HMRC on this matter. However, we do not believe our records enable us to identify those customers who live in the UK and have an offshore account. We have already informed HMRC of this, but inquiries are ongoing.”
This is an extraordinary admission. Let’s just for a moment consider what it means. The UK’s largest mutual building society, which operates internationally from the Isle of Man, where it is one of the largest deposit takers, and yet it admits that it has no idea whether it is operating accounts from that location form people who are resident in the UK, or not.
Let me not overstate the significance of this. Without in any way overstating what the Nationwide is saying this means, if correctly reported (and I stress, I am assuming that is the case):
Nationwide may have failed to operate money laundering rules
The nationwide seems to be saying it has not got basic money laundering controls in operation in its Isle of man operation.
Money laundering rules universally require that a financial institution ‚Äòknows their client’.
The Financial Action Task Force is responsible for setting standards on this. Its recommendation 5 says:
Financial institutions should undertake customer due diligence measures, including identifying and verifying the identity of their customers.
It goes on to say:
These requirements should apply to all new customers, though financial institutions should also apply this Recommendation to existing customers on the basis of materiality and risk, and should conduct due diligence on such existing relationships at appropriate times.
In other words, the account being an old one is no excuse. The Isle of Man will have its own version of this rule, but as anyone, anywhere who has tried to open a bank account knows the identification required fundamentally comprises two parts. The first is who you are (for which a passport is often required) and the second part, usually and in my opinion essentially, requires proof of where you are i.e. your address.
It seems the Nationwide has admitted to not having this data.
How do we know they require it though? Because the accounts they operate in the Isle of Man must comply with the requirements of the European Union Savings Tax Directive.
Nationwide may have failed to ensure compliance with the European Union Savings Tax Directive
The European Union Savings Tax Directive requires that a bank in the Isle of Man know where its customers are. If they do not the EUSTD cannot be properly applied. This is because if the customer is in an EU state then the Nationwide must ask the customer a) if the want tax withheld on interest payments on the account or b) if the want data on interest payments sent to their domestic tax authority. If they do not know the customer is in the UK they cannot do this. Prima facie the requirements of the EUSTD cannot be met as a result. This clearly breaches the requirement of law.
Of course the Nationwide will also be failing to ensure appropriate tax is paid in the UK as a result as a consequence. I suspect that puts it in breach of UK law too, although I’ll take a little while to think about which one, I admit.
Failure to keep proper books and records
If as the Nationwide suggests it has not got proper records of where its customers are it must be failing to apply the EUSTD properly and as a result it must be failing to keep proper books and records in its Isle of Man subsidiary because it cannot be properly recording to whom it has liability for any tax owing, if at all. In that case one has to question whether the auditors have qualified the accounts or not. I have seen no hint of this, anywhere.
Consolidated result is it true and fair?
If a material subsidiary is failing to keep proper books and records, as seems possible in this case as a consequence of serious breaches of money laundering and taxation regulation meaning it cannot know to whom it has liability then one has to ask if that is material for the group as a whole. It may not be. But how do we know? Are the UK accounts mis-stated as a result?
These are massive regulatory failures, but matters do not end there. Others are also clearly at fault if the |Nationwide’s reported admission is true:
What is the liability of the auditors?
One of the most basic responsibilities of an auditor is to ensure that their client is operating in accordance with appropriate regulation. If the client is not there is obvious significant financial risk and risk that they are not a going concern. It would be entirely appropriate to expect an auditor to have tested basic money laundering controls on an offshore bank (and they don’t come more basic than this). And yet this issue has not emerged until now, when HM Revenue & Customs have demanded the data. Why not, one wonders? My old friends PricewaterhouseCoopers audit the Nationwide.
Making a mockery of regulation in the Isle of Man
There’s more though. Earlier this year Isle of Man Treasury Minister Alan Bell said:
The Island also has a strong track record of complying with international standards of financial regulation, as assessed by the IMF and others. A series of independent, external reviews over the past decade have enhanced our reputation as a well regulated centre for international finance.
The Nationwide statement, if true, drives a coach and horses through that claim. If one of your major deposit takers admits that it has not complied with the most basic Financial Action Task Force requirements that also means by default that the Island has not honoured its obligations under the EUSTD which then means its reputation deserves to be in tatters.
The fact that the Nationwide admitted this when HM Revenue & Customs comes knocking at its door is also telling. The Isle of Man clearly either does not know about it, in which case its regulation has failed, or did know about it and did nothing, which again leaves its regulation in tatters. The fact that the Nationwide appears to have done nothing until the UK took action also gives clear indication of what it thinks of the obligation it has to comply with Manx (Isle of Man) law: it would seem to treat it with contempt.
Everything the Isle of Man has ever claimed is blown apart.
And what we are witnessing is, in effect, a UK building society – one of the most respected at that – appearing to admit that it was operating a banking system that required that there be controls in place to prevent both money laundering and tax fraud and that tt did not take the required steps to ensure that either happened – despite it knowing, beyond a shadow of a doubt, what those requirements were.
This is no trivial matter. This means it might be, like UBS, turning a blind eye, at the very least, to the opportunities it has created for fraud to take place, and at the same time by default admitting that it has not taken the necessary steps to prevent that fraud – despite the European Union Savings Tax Directive having been in operation since July 2005, which necessarily required the Nationwide in the Isle of Man to know the exact address of all its customers.
Two conclusions for now:
a) Let’s not pretend that UBS was alone
b) Let’s not pretend Switzerland was alone.
UBS and Switzerland are typical of banking and secrecy jurisdictions, they’re neither of them an exception. What this means, I think, is that we have to assume all banks and all secrecy jurisdictions behave in the same way in the absence of evidence to the contrary.
I’ll turn to what I think should happen to the Nationwide and more generally in another blog.