Offshore Digital Data Storage

It’s been a while since I wrote anything about technology and it’s getting a little tedious to write about compliance topics all the time. So I decided to write a little bit about offshore data storage, which is the concept of storing digital data in a foreign jurisdiction for whatever advantages are relevant in the particular use-case.

What we are looking at here is storage and transmission of sensitive digital data. Don’t confuse this with where to set up your file-sharing website, unlicensed online casino, or replica web shop. The use-cases I have in mind here are related to storing of sensitive data such as client information, financial data, freedom of speech/counter-censorship blogs and forums, journalists and journalistic sources, whistle blowers, and so on and so forth.

Storing Sensitive Data Offshore

There are two components of this headline and they should be examined separately and then jointly.

Sensitive Data

What constitutes sensitive data will depend on your use-case.

If you are subject to some sort of regulation (such as financial data under banking secrecy, financial secrecy, HIPAA or equivalents, or payments data (PCI-DSS compliance) or even just conducting business with or otherwise taking PII (Personally Identifiable Information), you may be legally or otherwise bound to treat data confidentially.

Such laws and regulations may be generic (along the lines of EU Data Protection) or specific as in the case of PCI-DSS. You may be required to fulfill certain levels of security, auditing, and reporting.

Sensitive data can also be sources, informants, and whistleblowers giving sensitive and potentially illegally-obtained data to journalists.

It can even be a blog or a forum that’s engaged in a sensitive topic, such as freedom of speech in China or leaking sensitive information related to government and military activities.

Storing Offshore

If you are bound by laws and regulations what constitutes sensitive data, such laws and regulations may also dictate where and how you are to transit and store the data. It’s not always permitted to store the data outside of the jurisdiction where the activities take place, are licensed, or have their primary place of operation. Or at least, you must store a primary copy of the data there.

Whether you are allowed to transmit the data outside the jurisdiction’s borders or not can depend on a ton of different factors, such as whether the other jurisdiction has equivalent data protection laws. See for example EU/US Safe Harbor, which has been up in the air since October 2015.

Risks

Let’s take a look at some of the risks involved in offshore data storage and transmission.

Technology (Cloud and Virtualization Risks)

This isn’t a technology blog and I’m not qualified to go into great detail about hardware vs virtualization and different forms of virtualization.

The cloud, or as it’s also called, someone else’s computer, is extremely popular in IT services today. And for good reason. It can save time and money and solve technical architecture problems, compliance headaches, and reduce the amount of staff you need to keep on payroll.

However, you lose a lot of control of your environment if you don’t own the hardware. With virtualization, you are running a server inside another server. It is often quite trivial for the hosting provider to enter your virtual server by first accessing the host server. Understand and assess this risk. There is very little you can do to mitigate it, other than trusting your host.

Data Center and Web Hosting Provider

Even if you use your own hardware and even if you encrypt the hard drives and all the traffic that goes in and out of the server, you are still ultimately at mercy of your data center or web hosting provider. A hard drive can be cloned without your knowledge, and if the encryption is defeated (bad password, broken encryption, poor implementation), your data is now on the loose.

This risk is always going to be present and you can take a lot of steps to mitigate it. What makes it worth pointing out here is that if you are not careful with your choice of web hosting provider, you might find yourself entrusting sensitive data to a corrupt or careless party, especially if you for example pick a web hosting provider in a crime-ridden jurisdiction or jurisdiction with a totalitarian regime that doesn’t like what you are doing.

Jurisdictions

Below, I have included jurisdictions that are interesting for their technological infrastructure importance, freedoms of press and speech, and whistleblower protection. Some fail drastically at certain aspects and excel at others, whereas some are pretty good all-round. The jurisdictions I have picked should not be considered the exhaustive list. I just wanted to take a look at some popular jurisdictions and examine them critically.

Equally, the list of aspects I’m detailing below is not exhaustive, nor is every aspect relevant to you. Two very important issues I have conveniently side-stepped here are cryptography laws and net neutrality, which may or may not affect be relevant to your situation. There are a lot more to consider for offshore data storage.

  • Network quality – how good (referring to speed, stability, redundancy, and to a lesser degree cost) is the internet connectivity in the jurisdiction, on a scale of 1 to 10. Normally, we’d break this down into its constituent parts and assign them different importances. This number is probably quite inaccurate in many cases, especially since so many dimensions are being consolidated into one.
  • Press Freedom Index as obtained from https://rsf.org/en/ranking (2016 figures), ranking out of 178 countries/territories. This gives us a rough indication as to how well the jurisdiction respects journalistic integrity.
  • Freedom of Speech (law) – how (if at all) is freedom of speech guaranteed in the jurisdiction. This is either constitutional (or constitutional equivalent) or simply a legal right.
  • Freedom of Speech (strength) – not all constitutions and legal rights are equal, so I’m also very roughly assessing how strong I perceive the freedom of speech to actually be in the jurisdiction. Remember what freedom of speech is, though: the protection from government censorship, not necessarily the freedom to say whatever to whomever without repercussions.
  • Whistleblower Protection (law) – does the jurisdiction have specific laws protecting whistleblowers? This isn’t always directly applicable to the use-case but it can help gauge how the jurisdiction is poised in case of high-profile whistleblowing or frivolous law suits against whistleblowers.
  • Whistleblower Protection (strength) – many jurisdictions that have whistleblower protection laws wrote the laws with a very narrow scope (for example only covering government-employees or only being intent on the health and safety of workers). This is my attempt at a very haphazard approximation of the jurisdiction’s whistleblower protection strengths.

Generally, we’re going to accept that internet traffic is surveyed for counter-intelligence purposes and genuine national security interests. Where things get complicated is when such surveillance is used against citizens that pose no national security threat. Know your enemy, pick your battles, and all that.

Canada

  • Network Quality: 7
  • Press Freedom Index (ranking): 18
  • Freedom of Speech (type): Legal right
  • Freedom of Speech (strength): Strong
  • Whistleblower Protection law: Yes
  • Whistleblower Protection strength: Mediocre

Bandwidth in Canada is expensive and not great for an international use-case if latency is important, since a lot of traffic passes through the US before going to Europe or Asia.

Costa Rica

  • Network Quality: 6
  • Press Freedom Index (ranking): 6
  • Freedom of Speech (type): Legal right
  • Freedom of Speech (strength): Limited
  • Whistleblower Protection law: Yes
  • Whistleblower Protection strength: Strong

Costa Rica has the second best internet connectivity in the region, behind Panama. However, it has a much deeper rooted respect for freedom of speech and civil liberties.

Hong Kong

  • Network Quality: 7
  • Press Freedom Index (ranking): 69
  • Freedom of Speech (type): Constitutional
  • Freedom of Speech (strength): Strong
  • Whistleblower Protection law: No
  • Whistleblower Protection strength: Weak

Freedom of speech is precious in Hong Kong and Hong Kong is a major internet transit point for bandwidth to and from China, while also being well-connected to the rest of the Asia-Pacific region. Costs can be quite prohibitive.

Iceland

  • Network Quality: 6
  • Press Freedom Index (ranking): 19
  • Freedom of Speech (type): Constitutional
  • Freedom of Speech (strength): Strong
  • Whistleblower Protection law: Yes
  • Whistleblower Protection strength: Strong

Iceland has taken steps to becoming a leading jurisdiction in protecting sources and whistleblowers and safe-guarding freedom of speech.

Ireland

  • Network Quality: 9
  • Press Freedom Index (ranking): 9
  • Freedom of Speech (type): Constitutional
  • Freedom of Speech (strength): Limited
  • Whistleblower Protection law: Yes
  • Whistleblower Protection strength: Limited

That 9 rating for network quality is practically exclusive thanks to Amazon. Without Amazon Web Services (AWS or Amazon WS) having established in Ireland, the jurisdiction would probably not be on this list at all.

Ireland is heavily influenced by religion, which affects how it’s freedom of speech is graded. Combined with fairly unimpressive whistleblower protection, Ireland doesn’t offer any significant strengths here.

Germany

  • Network Quality: 10
  • Press Freedom Index (ranking): 16
  • Freedom of Speech (type): Constitutional
  • Freedom of Speech (strength): Limited
  • Whistleblower Protection law: Yes
  • Whistleblower Protection strength: Limited

Germany has simple phenomenal bandwidth and network capacity at quite low cost. Freedom of speech is limited by fairly strong anti-libel laws and a bunch of laws and regulations surrounding the country’s troubled past, which makes it unfit for some use-cases.

Netherlands

  • Network Quality: 10
  • Press Freedom Index (ranking): 2
  • Freedom of Speech (type): Constitutional
  • Freedom of Speech (strength): Strong
  • Whistleblower Protection law: Yes
  • Whistleblower Protection strength: Limited

With the world’s second freest press, strong freedom of speech, and fantastic data centers, the Netherlands can be a prime location.

Norway

  • Network Quality: 8
  • Press Freedom Index (ranking): 3
  • Freedom of Speech (type): Constitutional
  • Freedom of Speech (strength): Strong
  • Whistleblower Protection law: Yes
  • Whistleblower Protection strength: Limited

Bandwidth costs have become increasingly competitive in Norway. Connectivity isn’t quite up to par with Sweden, though.

Panama

  • Network Quality: 7
  • Press Freedom Index (ranking): 91
  • Freedom of Speech (type): Constitutional
  • Freedom of Speech (strength): Limited
  • Whistleblower Protection law: Yes
  • Whistleblower Protection strength: Weak

Panama has easily the best network connections in the region but falls far behind Costa Rica when it comes to freedom of press and freedom of speech. Staying clear of offending Panama, its government officials, wealthy Panamanians, or anything Panama-related in general seems to be the key to avoiding drawing attention.

Singapore

  • Network Quality: 8
  • Press Freedom Index (ranking): 154
  • Freedom of Speech (type): Legal right
  • Freedom of Speech (strength): Weak
  • Whistleblower Protection law: No
  • Whistleblower Protection strength: Weak

It’s easy to forget just how totalitarian Singapore actually is. Although a major internet connection hub in the region (along with Hong Kong), Singapore has an extremely poor track record of dissenting opinions and don’t like troublemakers.

Sweden

  • Network Quality: 9
  • Press Freedom Index (ranking): 8
  • Freedom of Speech (type): Constitutional
  • Freedom of Speech (strength): Strong
  • Whistleblower Protection law: Yes
  • Whistleblower Protection strength: Strong

The Swedes have some of the best internet connections in the world for homes and businesses, a highly IT-literate population, and a very strong taste for freedom of speech and journalistic integrity.

Switzerland

  • Network Quality: 9
  • Press Freedom Index (ranking): 7
  • Freedom of Speech (type): Constitutional
  • Freedom of Speech (strength): Strong
  • Whistleblower Protection law: No
  • Whistleblower Protection strength: Weak

Switzerland does not have a high tolerance for whistleblowers, especially when it comes to financial data. There are various laws here and there that protect whistleblowers in other circumstances but they are generally weak and do not shield the person from law suits.

In terms of bandwidth and internet connectivity, Switzerland is often touted as a bastion of liberty surrounding by nosey, snooping EU countries. The hype around Switzerland is tremendous. There are cases when this is true and cases when it is not.

United Kingdom

  • Network Quality: 10
  • Press Freedom Index (ranking): 38
  • Freedom of Speech (type): Legal right
  • Freedom of Speech (strength): Mediocre
  • Whistleblower Protection law: Yes
  • Whistleblower Protection strength: Strong

Despite being an island, the UK is fantastically well-connected via cables to mainland Europe as well as a number of Transatlantic cables.

Note that hosing in Isle of Man, Jersey, or Guernsey may subject you to different laws, which may render greater privacy than the UK. Press freedom and freedom of speech laws in these territories are often untested, but on paper comparable to the UK. Network quality takes a huge nose dive, though, mostly due to enormous increases in costs.

United States

  • Network Quality: 10
  • Press Freedom Index (ranking): 41
  • Freedom of Speech (type): Constitutional
  • Freedom of Speech (strength): Strong
  • Whistleblower Protection law: Yes
  • Whistleblower Protection strength: Strong

The US, rightfully, takes a reputational beating due to FATCA and a snooping government (NSA, CIA, and so on). However, nowhere else on the planet is freedom of speech better protected. Not only is the law strong and clear, it’s also been tested numerous times and tends to come out winning. Freedom of speech is defined very broadly in the US and doesn’t just cover speech. It also includes other representations of speech.

While Americans have some of the worst home broadband connections of all developed nations, it has absolutely phenomenal internet connections. It’s a large country, though, and the quality varies. Generally speaking, the east coast is well-connected to Europe, the west coast to Asia, and nearly all internet traffic to and from South America pass through Florida.

You need to understand that different states’ laws may or may not matter in your case, and the degree to which web hosts (private companies) tolerate controversial content may vary.

Overall Comparison

Jurisdiction Network Quality Press Freedom Index (ranking) Freedom of Speech (type) Freedom of Speech (strength) Whistleblower Protection law Whistleblower Protection strength
Canada 7 18 Legal right Strong Yes Mediocre
Costa Rica 6 6 Legal right Limited Yes Strong
Hong Kong 7 69 Constitutional Strong No Weak
Iceland 6 19 Constitutional Strong Yes Strong
Ireland 9 9 Constitutional Limited Yes Limited
Germany 10 16 Constitutional Limited Yes Limited
Netherlands 10 2 Constitutional Strong Yes Limited
Norway 8 3 Constitutional Strong Yes Limited
Panama 7 91 Constitutional Limited Yes Weak
Singapore 8 154 Legal right Weak No Weak
Sweden 9 8 Constitutional Strong Yes Strong
Switzerland 9 7 Constitutional Strong No Weak
United Kingdom 10 38 Legal right Mediocre Yes Strong
United States 10 41 Constitutional Strong Yes Strong

Closing Remarks

This is an extremely broad and deep subject and I intentionally only touched on the surface. I mostly just wanted to point out that this is a real topic of discussion, and a worthwhile consideration for an online business.

What you may not realize is that you might already be storing data offshore and not knowing it. Where is your website really hosted? What laws are applicable there?

Whether you are bound by law or regulations to store data in a certain manner (in a certain location) or hold digital data that you (may) wish to store offshore, hopefully you have some more meat on your bones now.

I also want to repeat what I touched on earlier regarding how jurisdiction and technology aren’t the only dimensions you need to consider. You are also ultimately subject to the acceptable use policy (AUP) and terms and conditions of the web hosting provider, which may be more restrictive than the laws.

This can get especially complicated with multi-national web hosting companies, which can be incorporated in one jurisdiction and offer hosting in another. Are you subject to the laws of the jurisdiction where the host is incorporated, where your server is base, or both?

Happy hosting!

24 Comments on "Offshore Digital Data Storage"

  1. Hi:

    I believe any SIM card in any phone is traceable and leaves a record of where one is. This is a privacy trap. Is it true that secure phone systems 1 encrypt phone communication in a secure fashion ? and 2 do not leave a record of where one is traveling (eg http://www.securegroup.com or http://katim.com/katim-phone)?

    I find it hard to believe that a SIM phone would not leave a record of where one is traveling with it bc the signal has to triangulate off of at least three cell phone towers.

    Thought to ask though. Look forward to hearing back.

    Rick James

  2. Hi:

    So, your blog is AMAZING and INFORMATIVE. Thank you for it.

    Was wondering, regarding IT security:
    – Where to get a proper secure Android phone (reasonably priced)? Katim Phone is apparently an option so long as you doesn’t piss the rulers of UAE off I think. Then there is the phone from http://www.securegroup.com which looks good on paper but is Canadian. So Canada probably has a back door and will share everything with the UK or US anytime. Also BlackBerry DTEK 60 or DTEK 70 look good on paper but again Canada probably has a back door in them too.
    – What non 14 eye country VPN would be trustworthy, technologically capable, and reasonably priced?

    Look forward to hearing back.

    Rick James

  3. By the way, if this wouldn’t work, then we will just put three companies together and there won’t be any UBO. Simple as that.

  4. Interesting article.

    Two remarks:
    Switzerland has it’s own snoopers charter: http://www.swissinfo.ch/eng/secret-service/42465282

    What is missing in this matrix is the way certain jurisdictions cooperate in executing MLAT’s. For certain content dual criminality is needed so if the content is legal in the receiving country nothing will happen. This is the current practise.

    Unfortunately the EU (JHA) is currently discussing their E-Evidence strategy. EU LEO’s perceive the big American Platforms, who host their data in ‘jurisdiction unkown’ (could be everywhere or anywhere), as unappreachable/unaccountable under national laws (data is not located in the requesting jurisdiction, or there is no office in that jurisdiction). So EU LEO’s want to be able to demand data from the platforms, even if they have no EU office or do not retain data in the EU. For this they are willing to drop the dual criminality concept, as fi hate speech is not illegal in the EU but is in fi. DE.

    Your matrix will change if this group wins the debate. As a side note, would EU companies be forced to obay US LEO’s requests for data? How does that tie into Privacy Shield?

    • There is a lot missing and I could spend weeks and months making the matrix increasingly complex. One reason I dodged EU data protection is because it’s such a patchwork of laws and directives with unclear implications in real-life until tested, especially for cases containing an international (non-EU) aspect.

      I suppose I could update the article with a more complete list of what specific topics I skipped over, though. I decided to stick to some fairly varied core concepts. The audience of this particular piece is the complete beginner who needs to be pointed in the right direction. Perhaps that could be improved by leaving some more bread crumbs to follow.

  5. Hi Streber! Please kindly help me to better understand the European beneficial ownership register. “I have” a small company that is an online store. A family member of mine is the director and I’m the owner on paper. I’ve been using a nominee shareholder for years so I don’t appear in the registry. The reason behind all this, is that he is bankrupt and can’t legally own the entity. I’m happy to help him but now it seems like my name will be published in a publicly accessible register. I’ve been reading your posts for quite a while now and reading and I think I have a solution to prevent this from happening.
    1) I will form two cheap LLCs in New Mexico, US, without bank accounts and I’ll transfer 99% of my ownership of the EU Trading Co to LLC #2. LLC #1 will own LLC #2.
    2) LLC #1 will create a discretionary trust and settle LLC #2 into the trust, with me and him as the beneficiaries in South Dakota, US because at the moment it seems like the EU can’t mess with the US and South Dakota respects privacy, a lot.
    3) The trust deed will include that as long as a beneficiary is bankrupt, he or she can’t receive any money from the trust. Also the trust deed and the LLC #2’s funding documents will include that the trustee can’t replace the director(s) unless all the owners vote for it.
    4) The directors of LLC #2 will be me and him. He will remain the director of the EU Trading Co as well.

    As far as I know, this way we could avoid the beneficial ownership register. No one owns 25% in the EU Trading Co and no beneficiary has fixed interest in the trust. Furthermore the trust won’t receive any income because my family member won’t distribute any profit to the LLC #2 and even he would, it’s still in the LLC #2 and not in the trust. Can I avoid my name to be published in the register this way? We know the disadvantages. This entity will remain in the trust “forever” but this is his only option to protect his business from his creditors. After X years the creditors won’t be able to legally pursue his assets and by remaining the director of the company, he will be able to pay himself a salary at least. It’s bad from tax point of view but this is his only option.

    So please let me know, how will this register work? May we prevent our names from appearing in the register with such a structure? We’ll seek professional advise but your opinion is highly important and valuable for us.

    We will be waiting for your answer! We love your blog and please keep up the excellent work!

    Patrick

    • These registers usually consider direct and undirect ownership to be the same, so in your case, the EU company belongs to LLC 2 which belongs to LLC 1, which belongs to … you.
      So you indirectly own the EU company, in which case you have to put it on the register. This is how it works in the UK PSC register, but we’ll have to see how it is implemented in other countries.

      • No. “so in your case, the EU company belongs to LLC 2 which belongs to LLC 1, which belongs to … you”. This is not what I said.

        South Dakota Discretionary Trust —>>> LLC #2 —>>> EU Trading Co.

        LLC #1 would be used to transfer LLC #2 into the trust so LLC #1 will be the settlor of the trust. If I would personally transfer the EU Trading Co. and wouldn’t use these two cheap LLCs then I would be the settlor, personally and my name would appear on a couple of documents.

        As far as I know, this way you can avoid the PSC even in the UK since you don’t own the assets in the discretionary trust and there is no guarantee that you will get anything from the trust anytime in the future.

        • So here is the process, step by step:

          1. Form LLC #1
          2. LLC #1 forms LLC #2 (LLC #1 —>>> LLC #2)
          3. I transfer 100% my shares of EU Trading Co. to LLC #2 (LLC #1 —>>> LLC #2 —>>> EU Trading Co.)
          4. LLC #1 will be the settlor of a trust in South Dakota which means that 99% of LLC #2 will be owned by the trust and 1% will remain in LLC #1 (Professional Trust company —>>> 99% of LLC #2 —>>> 100% EU Trading Co.)
          5. Done. I no longer own the entity, nor my family member, yet he can remain the director of LLC #2 and the EU Trading Co. to retain total control over the entities. LLC # is owned by two companies. 99% is owned by the licensed trustee and 1% is owned by LLC #1. Since the LLC #2 documents clearly states that the directors of the entities can only be changed if the owners vote unanimously, it’s an additional protection thus even the trustee can’t replace the directors (my family member).

          • You have to understand that the whole reason the PSC register was made was so that you can’t use trusts and similar systems to bypass it.
            In your case, the settlor of the trust is LLC 1, but who’s the beneficiary? In other words, who do the assets of the trust (in this case, the 99% shares of LLC 2) belong to?
            It has to be someone, and in your case, it’ll be either you, or LLC 1. Who else would you want to be the beneficiary of your trust?

            • A non-revocable discretionary trust is a legal arrangement where the settlor transfers his/her assets to a non-revocable trust so he/she can’t get the assets back. The discretionary part means that the beneficiaries can’t have a legal claim against the trust income or assets because only the trustee has the power to decide when, how much and which beneficiary is going to get something from the trust. Consequently neither the settlor nor the beneficiaries are the UBO because none of them can demand money from the trustee.

              According to the PSC regulation, in this case the officers of the entity would appear as the UBO. If you wonder why there are hundreds of family owned, not publicly traded companies in the UK, which didn’t list an UBO then chances are they’re using a similar structure.

              Foreign, non-EU trusts are not obligated (and legally can’t be!) to register their information in the EU or UK as long as the trust doesn’t have a tax consequence in the UK/EU. Since this trust wouldn’t have any, it would be out of scope.

          • By the way, you should probably move this discussion over in the forum, because this post has nothing to do with this.

          • I also don’t understand why stating that directors can’t be changed unless voted unanimously is any protection to you. If you and your brother vote it, that would be unanimous. Besides for that, why would anyone want to force you to change directors? Creditors would just seize the assets, and leave you as the director.

            • I guess you don’t understand the whole thing. The trustee will be the 99% owner, I would own only 1%. If the trustee would own all of the interest in the LLC then he/she could replace the director. This is why some people recommends you to do it this way.

    • Just a few considerations:
      – Tax implications for you when transferring ownership to NM LLC 2.
      – Compliance implications (bank, PayPal, nosy business partners) for suddenly involving a US company, and one incorporated in an as usual state as New Mexico.
      – Huge compliance implications for suddenly involving a trust in a secretive jurisdiction. What are you selling? Guns? Funny t-shirts?

      I can’t really answer whether you can withhold your name from public registry in this manner.

      Let’s break it down…
      The holder of 99% of the shares of EU Trading Co is NM LLC 2, so then we look at the next layer.
      That’s NM LLC 1, as the sole manager/member of LLC 2.
      OK, who owns LLC 1?
      The managers/members of LLC 1 have set up a trust with a trustee in South Dakota, whereby the Trustee actually owns LLC 2 on behalf of the managers/members of LLC 1.
      The Trustee is probably from one of a handful of well-known trustees in South Dakota.
      Does a Trustee fulfill the description of a PSC/BO? Generally, no.
      Does this Trustee fulfill the description of a PSC/BO? Generally, no.
      Who is PSC/BO? Whoever benefits from the trust.
      Who benefits from the trust? It’s usually the beneficiary but if beneficiary is unknown or impossible, it’s usually the settlor, protector, or other controlling person.
      Who is the settlor of the trust? The members/managers of LLC 1.
      OK, we found our PSC/BOs: the members/menegrs of LLC 1.

      • “What are you selling? Guns? Funny t-shirts?” Various products for women.

        How could the settlor be the BO? We would use a non-revocable discretionary trust. Protector is unnecessary, the trust won’t receive income, ever. I hoped that this way there won’t be a beneficial owner and thus the officers of the company would appear on the registry, which would be my family member since he is the director of the EU Trade Co.

        As far as I know, foreign (non-EU) trusts needs to publish information about their beneficiaries/settlors/protectors here in the EU only, if they have EU sourced income. This trust won’t have income at all.

        So when the settlor transfers the assets into a non-revocable discretionary trust in a non-EU country, then I assumed that there is no BO. The settlor cannot revoke the trust so it can’t be, the beneficiaries can’t have a legal claim since it’s a discretionary trust, there is no protector so it should be unknown.

        If I’m wrong then I guess it means that it’s impossible to have some privacy. We don’t even want any tax advantage or anything shady. Just some privacy, that’s it.

        • “If I’m wrong then I guess it means that it’s impossible to have some privacy.” You’re correct that the PSC register is taking away a lot of the privacy.
          “Foreign, non-EU trusts are not obligated (and legally can’t be!) to register their information in the EU or UK” The PSC obligations apply because the company owned by LLC 2 is in the EU. The fact that there are additional layers between that company and you, and these layers are outside the EU, makes no difference to the fact that the original company is in the EU.

          • With all due respect, I’m not sure if you understand what a trust is.
            “The fact that there are additional layers between that company and you”

            This sentence shows that you don’t fully understand what an irrevocable discretionary trust is. It means that I’m no longer the owner of the assets. I can’t get it back. It’s no longer mine. I can’t benefit from it. I’m no longer in the structure at all. Please read more about trust arrangements.

            By the way, it seems like I was right, check 4.5: http://bit.ly/2p0uDXw

            • So you understand what a trust is. What you need to understand is that the PSC law was made specifically so that trusts are not enough to bypass it. The idea of using a trust to hide your identity is not a new invention, don’t think the people who made the PSC law didn’t know about it.
              In your case, even if (on paper) the assets don’t belong to you, the fact is you still have significant control over the company, for a few reasons:
              – Without you, nobody can change directors (that enough is generally a reason to be on the PSC register)
              – As Streber said, ss far as the government is concerned, The fact that you are the settlor means that the money in the trust will probably end up in your account, even if the trustee doesn’t legally have to.

            • Another thing to understand is that there is always a UBO. And in your case, unless the trustee is the official beneficiary of the trust (which you might not want, and the trustee might not want), the other choice would be you.

          • Well, according to the laws and the trust companies, a discretionary trust is perfectly enough to bypass the PSC in the UK.

            “Without you, nobody can change directors (that enough is generally a reason to be on the PSC register)” It isn’t enough. I’m a minor shareholder with my 1% equity and I can’t change the directors either. I can’t even influence the operations of the entity. I don’t have access to its bank accounts and so on.

            “As Streber said, ss far as the government is concerned, The fact that you are the settlor means that the money in the trust will probably end up in your account, even if the trustee doesn’t legally have to.”

            Streber didn’t say that since he knows that an irrevocable trust means that the settlor can’t get his money/assets back. Even if they would forcefully require you to enter the settlor into the UBO register, who is clearly not the UBO, then you could do things to avoid this. You can use an attorney, another trust, a charitable foundation and many other entities and arrangements to transfer your assets to the trust without appearing on any document.

            “Another thing to understand is that there is always a UBO.”

            Wrong. If the above mentioned structure wouldn’t work then I still have a bullet-proof solution and it doesn’t even require foreign entities/trusts/foundations/attorneys or anything. I can legally and completely avoid to whole PSC/UBO register in any country, possibly forever. Are you curious how? Here comes the attraction.

            Form three local companies. LTD #1, LTD #2 and LTD #3. Let’s say LTD #1 is my Trade Co and the two others are empty companies.

            LTD #1 owns LTD #2
            LTD #2 owns LTD #3
            LTD #3 owns LTD #1

            Done. There is not a single UBO. None. Zero. To make it more interesting and better for privacy purposes, you can form two offshore companies so no one will know who owns your domestic entity. In fact I know someone who did exactly this and it’s working perfectly.

          • By the way, I guess what we you misunderstood is that I don’t mind if my family member would be listed as the UBO based on the fact that he is the director. What I don’t want is my name in the register. Since I’m the owner only, I can solve this issue with a trust or by using the circle-three-company method.

        • Under for example the Common Reporting Standard (among other directives/regulations), a settlor is a CP (Controlling Person). See recital 109 in https://www.oecd.org/tax/exchange-of-tax-information/implementation-handbook-standard-for-automatic-exchange-of-financial-information-in-tax-matters.pdf

          • I genuinely don’t want to avoid taxes in any way and the EU Trading Co doesn’t have foreign accounts at all. The foreign LLCs’ wouldn’t have bank accounts and the trust wouldn’t receive any income thus the whole structure would out of the CRS’s scope; – but even if anything in this structure would fall under the CRS and would get reported, we don’t mind as the EU Trading Co has been paying its taxes according the law.

            The only thing we want is to avoid the UBO register at all costs. It’s really easy in the UK (offshore irrevocable discretionary trust) but I still don’t know whether it’s going to be any different in the EU.

            I think it’s important to note and understand the huge difference between taxes and privacy. The entity doesn’t mind being reported by the CRS since it has been paying the taxes correctly. However publishing the identity of the shareholders is in our eyes an anti-democratic, anti-capitalist requirement which won’t even put an end on the offshore cat-and-mouse tax avoidance game. We clearly know the intentions of the UBO register but it will punish the regular business owner who may didn’t want his/her friends, neighbors and other people to know how many and which companies are owned by him or her.

            In fact we feel like we have been paying our taxes fairly and now we have to pay the price this way because other people didn’t pay their taxes and were using complex structures to hide their income. Now we will have to use complex structures to avoid the register and today we were thinking about closing the company and relocating to a more business friendly jurisdiction. The UBO register might be the new norm in the EU, Singapore, Australia, New Zealand, Brazil and Russia but smarter countries won’t follow them. As you clearly know, there are many strong players in the offshore world which has been requiring company owners to report their UBOs for many years, yet they didn’t make it publicly accessible. Isle of Man is a great example of this. In the medium term I guess Switzerland will be our new home where we’re going to start our next venture and if they lose their mind as well then we’ll move forward to the US.

            We really like your blog and told this to you. By the way it would be nice if you would write an article about this new UBO registry thing because of your insights in the topic.

Leave a comment

Skip to toolbar