Luanda Leaks emails show financial institutions still have KYC problems


Published on:

Some organizations, drawn in by irresistible fees, can’t resist working with high-risk clients – but technology might offer a solution.

Isabel dos Santos, chairwoman of Angola’s state-owned oil company Sonangol

When the façade around Isabel dos Santos, the billionaire daughter of the former president of Angola, came crashing down in January, those familiar with her reputation, her father and her business interests weren’t too surprised that much of her ‘self-made’ billions may have been acquired as a result of corruption and nepotism.

The Luanda Leaks project is a treasure trove of more than 700,000 emails, contracts, accounts and other documents relating to the various business dealings of Dos Santos, which was leaked to the International Consortium of Investigative Journalists.

It pieced together the international links between Dos Santos and several international financial firms, lawyers and governments that allegedly allowed her to steal millions of dollars in her position as chairwoman of Angola’s state-owned oil company Sonangol.

Dos Santos denies all wrongdoing.


The failure of a highly regulated services sector to flag any potentially fraudulent activity by Dos Santos and her family – especially when tools to mitigate against such risks exist – is concerning.

Know your customer (KYC) utilities are central repositories that store KYC data and documents, which can be shared between institutions.

This week, software company Fenergo launched e-KYC Connect, an API-based solution that allows financial institutions instant access to KYC data.

The KYC utility landscape is fragmented, with little standardization across different platforms 

Swift’s KYC registry is one of the largest, with more than 5,500 financial institutions and over 60 central banks across 200 countries signed up – and in December, the company opened up registration to corporates.

Previous scandals have encouraged some banks to either sign up to a KYC utility or set up their own. After the Danske Bank money-laundering scandal, which came to light in 2017, Nordic banks set up their own KYC utility to standardize the process and mitigate against similar scandals in future.

Given that such solutions exist, and new ones are coming on line – and the fact that financial institutions and corporates are willing to join KYC utilities – why do we continue to see large financial institutions embroiled in such cases of money laundering, embezzlement and fraud?

Western advisers

Leaked documents allege that Dos Santos and her husband amassed an empire of more than 400 companies and subsidiaries in 41 countries, including at least 94 in Malta, Mauritius and Hong Kong, with support from international financial firms including KPMG, PwC, Boston Consulting Group (BCG) and Accenture.

Between 2010 and 2017, PwC and BCG, earned more than $5.6 million combined for services provided to companies under Dos Santos and her husband Sindika Dokolo.

They are far from alone.

Goldman Sachs is still facing litigation over its work for scandal-wracked Malaysian sovereign wealth fund 1MDB. In April, Standard Chartered was ordered to pay $1.1 billion by US and UK authorities to settle allegations of poor money-laundering controls and sanctions breaches, and in November, Deutsche Bank’s headquarters were raided as part of the investigation related to the Panama Papers.

As it stands, the KYC utility landscape is fragmented, with little standardization across different platforms.

Moreover, the quality of the services can differ drastically. Often, joining a registry comes at a fee, which may dissuade some, especially when they have their own compliance measures in place. In some instances, companies that have signed up to registries may not even use them.

There is currently no faultless solution. And until there is, scandals such as the Luanda Leaks will continue to make headlines.