Fanny Evans, Senior Associate, Morgan & Morgan
In 2013, Virginia Ginni Rometty – CEO of IBM, said “I would like you to think of big data as the next natural resource that can be to our era what steam, electricity and oil were for the Industrial Age.”
Probably, you have read or heard: Data is the new oil! Data is the new bacon! Data is the new currency! These analogies have become very popular because data is now considered one of the most important commodities.
This is the result of the emergence of many successful Social Networks that, although they are not payment platforms, have turned the data into a source of value.
The need for a data-protection compliance program in business is becoming increasingly important after several high-profile leaks of companies’ data. Some of the biggest data breaches over the last two years include T-Mobile, Marriot, British Airways, Quora, Google, Orbitz and just recently, Capital One bank in the United States. A successful data breach may occur in less than one minute. Yet, businesses may take more than weeks to realize a breach has occurred.
When giving the first steps into complex waters like data protection, it is very common that companies get lost in the avalanche of legal requirements or in developing that product or service that might result attractive to its clients. However, for a business, changing the focus to issues that they may consider more interesting should never be an option because the results of data breaches include many types of damages: fromreputational to financial. Sometimes it can even affect an entire country as happened with, in my opinion, the wrongfully or unjustifiably called “Panama Papers”.
In the European Union, data protection is a fundamental right, and the General Data Protection Regulation (GDPR) which came into force on May 25th, 2018, is the new framework for protecting that right. Other countries are looking to the GDPR as they develop or implement their own laws to protect data.
Even if companies have an “it will not happen to me” approach to data breaches, in many countries, legislation is forcing them to rethink their reasoning. Here is where compliance plays an important role to help to plan a data-protection compliance program.
Here are five steps that can help as guidance when drafting or reviewing your data-protection compliance program:
- Understand your risks and legal and ethical obligations
One of the most important elements when building a data-protection compliance program is considering your risks and what is most important and mandatory to the business, instead of jumping into the requirements of a legislation without fully understanding your needs because not all risks or obligations are managed in the same manner or to the same extent. This program needs to set out the appropriate guidance in key areas.
Having said the above, the first step should always be to understand the business necessity to comply. This involves a careful analysis of what your obligations are, what the risk of breaching those obligations might be and what risks your company is willing to take.
- Document and review your policies
Your data-protection compliance program should be properly documented. Once the obligations and risks are understood, it is vital to document them. It is not just enough to know you are data privacy compliant. Your data-protection compliance program should be clearly verifiable and readily accessible through accurate reports and documentation for internal or external examinations.
The compliance officer shall perform a formal review on a regular basis to ensure that the data-protection compliance program is progressing as planned and that it is adjusted to meet any changes in legislation or the business.
- Allocate ownership
The responsibilities and tasks related to confidentiality and data-protection may overlap with other business policies, such as information technology security, recordkeeping, risks and audit, human resources, management of confidential information and others as it requires various skills to succeed. Therefore, the most advanced and elaborated data-protection compliance program will fail if there is no clear ownership of the tasks. Each business will structure the ownership differently, but it is vital that who is the owner of each task of the program is clearly understood and that the owners have the necessary resources, including training, so that they are competent to fulfil their role in a manner that is consistent with the business’ compliance culture.
- Provide training and the necessary resources
Always train your staff. If you have an informed team it will reduce your risk. Raise staff awareness.
Not only does training staff reduce the risk of breaches, it also demonstrates compliance before internal and external inquiries. For example, if an organization was to experience a data breach and they had documented their staff training on data protection, this would be used as evidence to prove that they had taken the appropriate steps to prevent a data breach and were taking the legislation seriously, if any.
Training should aim to ensure that all members of the team have an understanding of the data that they will have access to and the risks entailed. Training should be provided on a regular basis, and it ought to be performed again whenever there are significant changes to positions, structures, risks or obligations, or when actual issues arise. Also, the business shall incorporate data protection training into its process for onboarding new employees.
Businesses shall embed data-protection compliance program into it culture so that protecting information becomes second nature. This aspect, training and continuing education, should always include senior management.
- Review the Financial Action Task Force (FATF) Guidance on the Risk-Based Approach
A risk-based approach to compliance involves identifying the areas of high risk within the business’s compliance universe and building and prioritizing its compliance programs around these risks.
In order to assist both public authorities and the private sector in applying a risk-based approach, the FATF has adopted a series of guidance in co-operation with relevant sectors. Businesses shall review the guidance applicable to its industry to make sure that the appropriate mitigation measures in accordance with the level of risk are taken.
Data is one of the most important assets a business has. For that reason alone, data protection compliance program should be a top priority for any business.
Nestor J. Broce, lawyer of Morgan & Morgan was sworn as president of the Rotary Club Panama South for the period 2018-2019.
The Rotary Club Panama South is a civic group founded in 1971 by business and professional men and women engaged in implementing humanitarian services programs in the community. They channel their individual, personal and financial resources to help the community through programs coordinated by the Rotary Club Panama South, Rotary International and Fundacion Rotary of Panama.
About Nestor J. Broce
Nestor J. Broce is a Senior Associate in Morgan & Morgan and General Manager of MMG Trust, headquarters of the fiduciary operations of the Morgan & Morgan Group in Panama.
Mr. Broce has a solid professional background. He mainly specializes in trusts, estate planning, project management trusts, guarantee trusts, among other fiduciary services. His portfolio of clients include banks and trust companies, family businesses and companies, which requires sophisticated, custom-made fiduciary solutions for the organization and administration of private matters or specific business transactions.
Fifteen Morgan & Morgan attorneys from several practice groups of the firm have been recognized for their exceptional work, in the second edition of the Who´s Who Legal Central America 2017. The guide is a comprehensive listing the leading practitioners and law firms across 13 areas of business law in the region.
With over 80 attorneys and 20 practice areas, Morgan & Morgan is s a full service Panamanian law firm, regularly assisting local and foreign corporations from different industries, as well as recognized financial and government institutions, in important investments in Panama and the region.
“These distinctions are very important for us because they show that our clients and peers recognize our broad expertise in many areas of law, and the commitment of our team when advising clients in their legal needs while doing business in Panama”, said Romulo Roux, Partner and Head of the Legal Services Unit of the firm.
Morgan & Morgan experts recognized:
Carlos Ernesto Gonzalez Ramirez, Partner
Maria Eugenia Brenes, Associate
Ana Carolina Castillo, Associate
Carlos Ernesto Gonzalez Ramirez, Partner
Eduardo Ferrer, Partner
Francisco Arias, Partner
Inocencio Galindo, Partner
Jose Carrizo, Partner
Simon Tejeira Q., Partner
Francisco Arias, Partner
Inocencio Galindo, Partner
Ramon Varela, Partner
Enrique Jimenez, Partner
Inocencio Galindo, Partner
Luis Manzanares, Partner
Enrique De Alba, Partner
Francisco Linares, Partner
Jazmina Rovi, Partner
Juan David Morgan Jr., Partner
Chambers and Partners recognized Morgan & Morgan as a leading firm-Band 1 in the Private Wealth Law section of the first edition of The Chambers High Net Worth Guide 2016, a publication specifically aimed at the international private wealth market and a key reference point of the world´s leading firms in terms of service excellence and reputation.
“A full-service firm with offices in Latin America, Europe, Asia and the Caribbean, Morgan & Morgan has a substantial estate planning and private wealth practice. The team advises individual and institutional clients on the creation and administration of such vehicles as trusts and private interest foundations, as well as their use for wealth transfer. Clients seeking the firm’s wealth structuring expertise may also benefit from other subsidiaries of the Morgan & Morgan Group, including fiduciary company MMG Trust (Panama) SA.”, highlighted the editorial.
Furthermore, our partner Roberto Lewis received a special distinction as a “notable practitioner” with much experience working with international clients as well as specializing in issues of wealth preservation and distribution.
This recognition sets a remarkably high precedent, and marks an internationally-recognised achievement of excellence in promoting professional ethics as well as the soundness business practices both locally and internationally.
On November 28, 2012, Law 85 of 2012 was published in the Official Gazette of the Republic of Panama, by which certain articles of the Code of Commerce of the Republic of Panama are amended and added, establishing the “Split” as a form of company reorganization.
It the act whereby a company may split or divide all or part of its assets to transfer them onto one or several companies already constituted or one or several companies to be constituted known as beneficiaries.
Article 505-A added to Chapter IX-A of Title VII of Book I of the Code of Commerce establishes the following:
Article 505-A. A business company of any class or nature may split off by division of all or part of its patrimony and transfer thereof to one or more companies already constituted or for the creation of new companies, named beneficiaries, who have the same members or shareholders of the split company or having the latter as its member or shareholder.
The effect of a split shall be the segregation and transfer of assets from the split company to a company or companies already constituted or to be constituted and the issuance of participation quotas or shares by the latter, to members or shareholders of the split company.
Approval of Split
Article 505-B establishes that the Split shall be approved by the members or shareholders of the split company and the minute approving the same or a certification issued by whoever acted as secretary shall be made into a public deed and recorded at the Public Registry to be valid before third parties.
Members or shareholders of the split company may decide within such minute the following:
- The total or partial transfer of individual or group assets.
- The limited liability system of the split company and the beneficiary company or companies.
- The transfer or not of liabilities from the split company.
- The transfer of participation quotas or shares to the beneficiary companies.
- The number of participation quotas or shares corresponding to each member or shareholder of the split company in proportion to its participation in it.
- The approval of the articles of incorporation of the company or the new companies to be constituted.
Notice to third parties to enforce their rights
Paragraph 2 of article 505-B provides that notice to third parties to enforce any rights they may have shall be made through a certification issued by the Public Registry, which shall be published for three days in a national newspaper.
Rights and obligations
Article 505-D establishes that beneficiary companies shall acquire the rights, privileges, and obligations in the patrimonial portion transferred to them, in the same terms and conditions. Beneficiary companies shall be liable for taxes, advance payments, withholdings, penalties and interests and further fiscal obligations as of the split and thereafter.
In addition, the beneficiary company shall be jointly and severally liable before creditors of the split company but only for the net assets that may have received in accordance with the terms of the split.
The transfer of assets due to the split of a business company shall not be considered as alienation for tax purposes, provided that said transfer is for the same amount the said assets have in the accounting records of the split company.
Beneficiary companies receiving such assets as a result of the split shall be jointly and severally liable with the split company for taxes, advance payments, withholdings, penalties and interests, and further fiscal obligations of the latter enforceable upon the split, as well as for those arising thereafter.
Creditor’s right to challenge the split
Any creditor of a split company may challenge the same within thirty days following the last publication referred to in article 505-B.
Notice to the General Directorate of Revenue
The company object of the split shall notify its intention to split to the General Directorate of Revenue within thirty days prior to the split date. As it is just a notification, the split does not become conditioned, subject or subordinated to approval from the tax authorities.
A casi 96 de años de la entrada en vigencia de nuestro Código de Comercio, dos novísimas instituciones son incorporadas a su texto mediante Ley 85 de 2012. La primera es la escisión de sociedades comerciales como forma de reorganización empresarial, y la otra, es la reactivación de sociedades cuya disolución haya sido voluntaria.
Por “escisión” debemos entender: división o segregación; y en ese sentido la ley de reciente data permite a una sociedad comercial dividir su patrimonio total o parcialmente a n de traspasarlo a una o más sociedades ya constituidas, o a la creación de nuevas sociedades. En este proceso, la sociedad que divide su patrimonio se denomina “sociedad escindida”; las ya constituidas y que acogen el patrimonio: “sociedades receptoras o absorbentes”, y las nuevas que resultan de la integración de dicho patrimonio: “sociedades bene ciarias”.
- Toda sociedad comercial para poder iniciar el proceso de escisión, debe comunicar su intención a la ANIP dentro de los 30 días anteriores a la fecha en que se estime deba perfeccionarse la misma.
- La escisión produce dos efectos: 1) la segregación y traspaso de activos; y, 2) la emisión de acciones por arte de las sociedades bene ciadas a favor de los accionistas de la sociedad escindida. En ningún momento ha de entenderse que la escisión como tal, produce la desaparición de la sociedad escindida del mundo jurídico, ni implica la pérdida de la condición de accionistas a quienes figuren como tal en el pacto social.
- El acta o certi cación que resulte de la aprobación de la escisión debe constar en escritura pública para ser inscrita en el Registro Público como medio de publicidad del acto, y ser publicada por tres días en un diario de circulación nacional, para conocimiento de los interesados.
- Según los términos del acta, las sociedades bene ciadas, desde el momento en que se inscribe la escisión en el Registro Público, asumen y adquieren todos los derechos y obligaciones con respecto a la parte patrimonial que se les fue traspasado en su provecho. Estas, además, responderán solidariamente con los activos netos que les correspondió, si tal traspaso de activos perjudica a los acreedores de la sociedad escindida; en cuyo caso podrán objetar la escisión, dentro de los 30 días siguientes al último día de la publicación de la misma en un diario (la ley no dice que la publicación debe ser en días seguidos). No obstante, y para efectos fiscales, el traspaso no se considerará como una enajenación, siempre que el mismo sea por igual valor al que tienen dichos activos según los registros de la sociedad escindida.
- La reactivación de las sociedades comerciales procederá en cualquiera de los 2 supuestos a saber: 1. en cualquier momento antes de nalizar su proceso de liquidación, siempre y cuando la reactivación sea aprobada en asamblea general ad hoc, por la mayoría de sus accionistas; 2.en el caso de que, concluida la liquidación, aparecieran activos de la sociedad que no fueron liquidados; siempre y cuando concurran las condiciones relativas a la asamblea general del primer supuesto. Cabe añadir que, para que la reactivación surta efectos frente a terceros, al igual que la escisión, debe constar en acta y ser inscrita en el Registro Público.
- La reactivación produce los siguientes efectos: 1) la terminación de la liquidación; y, 2) La continuación a plenitud de su capacidad jurídica en las mismas condiciones que tenía antes de decretarse su disolución.
- Debe indicarse que el Artículo 6 de la ley en mención modi ca el Artículo 534 del Código de Comercio, disponiendo que los liquidadores de una sociedad de cualquier clase o naturaleza podrán ser removidos y reemplazados en cualquier momento por decisión de los accionistas en asamblea general ad hoc. Y si estos fueron nombrados por un juez, esté mismo será quien decrete la remoción a petición de algún socio por motivos fundados. Para nuestro país, como uno de los principales proveedores de trámites de constitución expedita de sociedades (S.A., y R.L.), esta ley representa un avance en la legislación mercantil de cara a una era de mayor crecimiento económico.
Morgan & Morgan Group is pleased to announce the incorporation of Ms. Oneyda Flores to the Belize office team.
Ms. Oneyda Karina Flores was admitted to practice as an Attorney-at-Law in Belize on 18th November, 2011 before the Hon. Chief Justice Kenneth A. Benjamin. The application was presented by Mr. Said Musa, S.C.
On 8th October, 2011 Ms. Flores graduated from the Norman Manley Law School of Jamaica and received her Legal Education Certificate. She is also the recipient of the Belize Bar Association Prize for being the Most Outstanding Belizean Student over Two Years as well as the Kelsick Wilkin & Ferdinand Prize for being the Best Overall Overseas Student over Two Years.
Previous to this Ms. Flores graduated from the University of the West Indies with a Bachelor of Laws in 2009 and the University of Belize with a Bachelor of Science (Business Admin., 1st Class Hon.) in 2005.
Ms. Flores is from Belize City and is fully bilingual in English and Spanish. She will serve as in-house Junior Legal Counsel to Morgan & Morgan Trust Corporation (Belize) Ltd., a leading provider of international financial services with headquarters in Panama and offices throughout the world.
El Grupo Morgan & Morgan se complace en anunciar la incorporación de la Lic. Oneyda Flores al equipo de la oficina de Belice.
La Licda. Oneyda Karina Flores recibió su idoneidad como Abogada en Belice el 18 de noviembre de 2011 ante el Honorable Magistrado en Jefe Kenneth A. Benjamin. La solicitud fue presentada por el Lic. Said Musa, S.C.
La Licda. Flores se graduó el 8 de octubre de 2011 de la Escuela de Derecho Norman Manley en Jamaica, y recibió su Certificación de Educación en Derecho. Es la ganadora igualmente del premio de la Asociación de Abogados de Belice como la Estudiante Beliceña Más Destacada por Dos Años así como el premio Kelsick Wilkin & Ferdinand por ser la Estudiante en el Extranjero Más Destacada por Dos Años.
Previamente, la Licda. Flores recibió su Licenciatura en Leyes de la Universtity of the West Indies en el 2009 y de la Universidad de Belice una Licenciatura en Administración de Empresas (con Honores) en el 2005.
La Licda. Flores es originaria de la ciudad de Belice, totalmente bilingüe en inglés y español. Actuará como Asesora Legal Junior interna de Morgan & Morgan Trust Corporation (Belize) Ltd., proveedor líder de servicios financieros internacionales con su oficina principal en Panamá y oficinas alrededor del mundo.