Premonition from the Panama Papers
What can be learned from the latest, and largest, data breach journalists have ever dealt with?
Even for those quantitative analysis geeks who enjoy combing through massive datasets to find a tiny bit of information, the Panama Papers had to look like a daunting data dump. For the uninformed, the Panama Papers are a leak of 11.5 million files from Mossack Fonseca, a Panamanian law firm that is the world's fourth-largest offshore law firm.
If you're looking for a good overview of the story, I urge you to head over to the Guardian, which was one of the partner media organizations that helped the International Consortium of Investigative Journalists (ICIJ) make sense of the documents, which were originally obtained by German newspaper Süddeutsche Zeitung from an anonymous source.
However, to boil it down to the simplest of terms, some of the world's wealthiest and most powerful people have allegedly been avoiding paying taxes by laundering money through shell companies set up by Mossack Fonseca.
While the work done by the journalists breaking the story is extremely impressive, and should be applauded, the actual content of the documents isn't that interesting to me. I don't need to read an investigative report to know that Vladimir Putin has probably done some illegal things. Also, everything I've ever needed to know about money laundering and tax evasion I learned from Sal Goodman in AMC's Breaking Bad, so I'm all set on that front.
No, what I've found most interesting about the Panama Papers is around the breach itself and how the data was analyzed.
Old-School Leak
I have to say, I was impressed when I first heard the leak occurred through a single, internal source, and wasn't due to some group of hackers, like Anonymous, breaking in through a gap in the security infrastructure. It just goes to show you that a firm could have all the firewall protection in the world, but one determined employee can still pose the greatest threat to information security.
It also reminded me of my colleague Anthony Malakian's April feature on CFTC's Regulation Automated Trading. Anthony's feature focuses in on one particularly controversial aspect of the potential regulation: Firms would be required to keep a source-code repository of their algorithms.
To put it simply, that would mean every firm would have a lockbox that essentially contains the most important proprietary data at the firm. As nearly every comment letter submitted to the CFTC pointed out, if that information were to fall into the wrong hands it would be catastrophic for a firm.
Which brings me back to my point about the Panama Papers. If a breach this size could happen at a firm whose foundation is based around secrecy and security, it's not completely unfathomable that the same would happen to a financial firm's hypothetical source-code repository.
Sorting Through the Data
The other fascinating piece of the Panama Papers, in my eyes, was the way the data was catalogued. Roughly 2.6 terabytes of data was eventually released to the journalists from the source over time. To put that in perspective, the amount of data from the 2010 Cablegate/Wikileaks (1.7 gigabytes), 2013 Offshore Leaks (260 GB), 2014 Luxemburg Leaks (4 GB) and 2015 Swiss Leaks (3.3 GB) all could fit comfortably inside the amount of data released in the Panama Papers.
Naturally, sorting through that amount of data is no easy task, especially when it hasn't been organized in a clean, sensible fashion. It's a problem all too common amongst financial firms.
Süddeutsche Zeitung does a great job giving an overview of the painstakingly long process, which included applying optical character recognition (OCR) to make the data searchable. It's an interesting process that some financial firms also deal with as they try and rid themselves of those last remaining paper-based processes.
This week on the Waters Wavelength podcast ─ Episode 10: Markit-IHS Merger, FIA Boca
If you haven't already, subscribe to the podcast on iTunes here. Also, check out our SoundCloud account here.
Food for Thought
- My feature looking at the use of open-source software in financial services is live. Click here to read it.
- As I mentioned earlier, WatersTechnology US editor Anthony Malakian wrote a fantastic feature on the CFTC's Regulation AT. You can read it here. European staff writer John Brazier also profiled Aberdeen Asset Management chief technology officer Iain Plunkett. Check it out here. Also, Victor Anderson, our editor-in-chief, wrote a great story on Agile software development. You can find it here.
- We are under a month away from the North American Trading Architecture Summit 2016, which is held in New York. For more info on the event, click here.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Regulation
Bond tape hopefuls size up commercial risks as FCA finalizes tender
Consolidated tape bidders say the UK regulator is set to imminently publish crucial final details around technical specifications and data licensing arrangements for the finished infrastructure.
The Waters Cooler: A little crime never hurt nobody
Do you guys remember that 2006 Pitchfork review of Shine On by Jet?
Removal of Chevron spells t-r-o-u-b-l-e for the C-A-T
Citadel Securities and the American Securities Association are suing the SEC to limit the Consolidated Audit Trail, and their case may be aided by the removal of a key piece of the agency’s legislative power earlier this year.
BlackRock, BNY see T+1 success in industry collaboration, old frameworks
Industry testing and lessons from the last settlement change from T+3 to T+2 were some of the components that made the May transition run smoothly.
How ‘Bond gadgets’ make tackling data easier for regulators and traders
The IMD Wrap: Everyone loves the hype around AI, especially financial firms. And now, even regulators are getting in on the act. But first... “The name’s Bond; J-AI-mes Bond”
Can the EU and UK reach T+1 together?
Prompted by the North American migration, both jurisdictions are drawing up guidelines for reaching next-day settlement.
Waters Wavelength Ep. 293: Reference Data Drama
Tony and Reb discuss the Financial Data Transparency Act's proposed rules around identifiers and the industry reaction.
Clearing houses fear being classified as DORA third parties
As the 2025 deadline looms, CCP and exchange members are seeking risk information that’s usually deemed confidential.