Panama, May 27, 2020.
The Innovation Center at the City of Knowledge held the Webinar “The ABC´s of labor and tax issues during the COVID-19 pandemic”. The conference was presented by Maria Teresa Mendoza, Labor Law expert and Partner at Morgan & Morgan, and Amanda Barraza de Wong, tax specialist and Senior Associate at Morgan & Morgan.
Click here to view: The ABC´s of labor and tax issues during the COVID-19 pandemic (in Spanish)
Panama, May 22, 2020.
The German-Panamanian Chamber of Commerce and Industry, in alliance with the Swiss-Panamanian Chamber of Commerce, the Franco-Panamanian Chamber of Commerce, and the Panamanian-Dutch Chamber of Commerce, held the Webinar “Main Banking Regulation in times of COVID-19” (Rule 4-2013 and Rule 2-2020).
This Webinar was presented by Kharla Aizpurua Olmos, partner at Morgan & Morgan.
Panama, May 13, 2020.
The Chamber of Commerce, Industries and Agriculture of Panama held a Webinar on “Practical procedures of the insolvency regime for the reorganization of companies.” Jose Carrizo and Aristides Anguizola, partners at Morgan & Morgan, participated as speakers during the presentation to more than 200 Chamber members.
Updated on May 5, 2020
Given the state of emergency declared by the Panamanian Government as a result of the COVID 19 pandemic, the stay at home orders issued by the health authorities and the social distancing that is essential to control the outbreak, the technological tools available for companies to operate remotely are vital.
Law 51 of July 22, 2008, regulated the use of electronic documents, electronic signatures, storage services for the electronic documents, the certification of electronic signatures and adopted other measures to develop e-commerce. Law 51 of 2008 was subsequently amended by Law 82 of November 9, 2012 and regulated through Executive Decree No. 684 of October 18, 2013.
Law 51 of 2008 defines “electronic signature” as the “technical method to identify a person and indicate that such person approves the information in data messages or electronic documents.”
Pursuant to Law 51 of 2008, electronic signatures are valid mechanisms in Panama to consent to agreements or sign documents or legal transactions, provided that the following two (2) conditions (established in article 8 of the law) are satisfied: (i) the availability of a method to identify the originator of the data message and indicate that the content is approved, and (ii) that such method is appropriate and reliable for the purpose for which the message was generated and communicated.
It is important to stress that electronic signatures are different from digitalized signatures, the latter being frequently used to share, through electronic means, Portable Document Format (PDF) versions of documents bearing handwritten signatures. In this sense, Law 51 of 2008 defines a digitalized or scanned signature as “an image of the drawing of a handwritten signature, meaning, the result of its scan. This type of signature is not, in any case, a qualified electronic signature.”
Not only does Law 51 of 2008 provide legal validity to an electronic signature – as opposed to a digitalized signature – as long as the two aforementioned conditions are satisfied, but, furthermore, it creates the possibility to elevate the standard of efficacy and legal effect given to the electronic signature ipso jure, by using the so called “qualified electronic signature.”
The aforementioned article 8 of Law 51 of 2008 establishes that the two conditions for the electronic signatures to be legally binding, shall be presumed ipso jure in case of a qualified electronic signature which is supported by a certificate issued by a certifying service provider duly authorized by the Electronic Signature National Authority (in Spanish, “Dirección Nacional de Firmas Electrónica”).
But what exactly is a “qualified electronic signature”?
Law 51 of 2008 defines it as an “electronic signature the validity of which is backed by a qualified electronic certificate that:
- Allows the identification of the signer and detect any subsequent change to the signed content.
- Is bound to the signer in a unique manner and to the data to which it refers.
- Has been created using secured devices for creating an electronic signature, which are exclusively in the control and possession of the signer.
- Has been created through the infrastructure of a certifying service provider registered with the Electronic Signature National Authority.
In order for a qualified electronic signature to be generated, an independent third party known as “Certifying Service Provider” must intervene. This third party will bind a device that generates an algorithm validating the identification of the signer and its consent, to the act to which the electronic signature is added. This independent third party must be registered with the regulator of all matters pertaining to electronic signatures in the Republic of Panama: the Electronic Signature National Authority which, pursuant to Law 82 of November 9, 2012, is part of the Public Registry of Panama.
Currently, a person interested in obtaining a qualified electronic signature in Panama can register such signature with the Electronic Signature National Authority which as regulating authority, has enabled this registry.
The qualified electronic signature, as previously defined, grants the highest level of legal certainty to the fact that the signer is the person indicated in the qualified certificate and that their consent was given through a data message. In this manner, Law 51 of 2008 deems such qualified electronic signature equal to a handwritten signature authenticated before a public notary, which for all purposes, certifies its genuineness. Notwithstanding the foregoing, a qualified electronic signature does not grant such certainty with respect to its date, unless it is stated through timestamping, provided by a registered certifying service provider. Timestamping is an online mechanism that evidences that certain data have been in existence and have not been altered, since a specific moment in time. In order to have certainty of the date in which an electronic document was signed, a timestamping mechanism must be incorporated, in addition to the qualified electronic signature, in order to simultaneously certify the date of its execution and delivery.
For companies that wish to obtain qualified electronic signatures allowing their employees to sign on behalf of the company, it is important to bear in mind article 15 of Law 51 of 2008, which establishes that “the electronic certificates of legal entities are requested for electronic devices used in a company, such as computers, servers, among others, and shall be requested by its management or duly authorized legal representative with sufficient capacity.” The company, however, can set restrictions and limitations as it deems convenient for the use of electronic signatures by each signer. It is also important to mention that Law 51 of 2008 expressly establishes that if a signer uses the electronic signature on behalf of the company in violation of the restrictions or limitations imposed by such company, the latter shall only be bound vis-à-vis third parties if it acknowledges or ratifies such act, or if it benefits from it. With respect to the legal responsibility of an individual that resorts to the use of electronic signature on behalf of the company, if such individual carries out any acts in violation of the limitations or restrictions imposed by the company in the use of the electronic signature and against the interests of the company, the effects of such act will be enforceable against the individual with access or in possession of the device for the creation of electronic signatures, who can, in turn, file legal actions against the third party that in fact misused the electronic signature of the company, if it was a person other than said employee.
Even though this law was enacted in 2008, there has been relatively little practical applications of it, as well as little to no judicial precedents from the Panamanian courts. It is likely that, due to such lack of judicial precedents, companies have been reluctant to implement the electronic signature as a method to sign legal documents, uncertain as to how the Panamanian judiciary will ultimately interpret the provisions of Law 51 of 2008. However, considering the current COVID-19-related circumstances, technological tools such as electronic signatures are without a doubt legally available options for increased efficiency and competitive advantage. Precisely for that reason, we believe that Panamanian authorities should, without delay, acknowledge and embrace the provisions and mechanisms created by Law 51 of 2008, in order to bring an environment of legal certainty with respect to the use of electronic signatures. This will allow market agents to implement the use thereof to help mitigate the effects of the health crisis currently confronting Panama and, in fact, the world.
Pablo Epifanio, senior associate, Morgan & Morgan
Pablo Epifanio, Senior Associate, Morgan & Morgan
The stock market is undoubtedly one of the most important economic forces in the world. Every year, billions of dollars are moved through stock exchange operations, and year after year, in most jurisdictions, the stock market is promoted as a tool for financing or capturing capital for issuers and as an investment for thousands of participants seeking to place their funds in higher yield investments.
Thus, it is not unreasonable to foresee that although the stock market has had such a positive and important purpose, and in which transactions are increasingly sophisticated and complex, may be used for illicit purposes, particularly those related to financial crimes, including laundering of assets, financing of terrorist groups, among others.
This article succinctly analyzes the implications and scope of the compliance measures established in Agreement 6-2015 adopted by the Superintendency of the Securities Market of Panama, based on Law 23 of April 27, 2015, by which measures are being taken to prevent money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction (the “Compliance Act”).
Regulatory Framework for Compliance Measures in Panama
The Compliance Act approved in 2015, regulated by Executive Decree No. 363 of August 13, 2015, which adopts measures that allow entities regulated under it to prevent the use of their platforms and businesses for purposes related to the crimes of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction.
The Compliance Act classifies those regulated entities: regulated non-financial entities, regulated financial entities and professional activities subject to supervision. The Compliance Act within the regulated financial entities includes the majority of the participants in the securities market, establishing that the provisions of the same apply to:
a) Self-regulated organizations;
b) Securities Firms;
c) Investment Managers;
d) Pension Fund Management;
e) Unemployment Fund Management;
f) Investment Companies;
g) Self-Managed Investment Companies;
h) Investment Advisers; and
i) Administrative Service Providers of the Securities Market.
An important fact to note is that the Compliance Act, Executive Decree 363 and Agreement 6-2015 do not include the issuers of securities registered with the Superintendency of the Securities Market within their scope of application. This is likely to be the case, since most of the essential intermediaries to carry out a public offering and issuance of securities are subject to regulations, including custodians, payment agents, brokerage firms and investment advisors, they are, in short, those that have a direct relationship with investors. At the same time, the issuer would unlikely be able to properly and efficiently apply due diligence measures to investors with whom it usually does not have direct contact.
The Compliance Act seeks more than anything to establish the regulatory framework applicable to regulated entities in order to facilitate the adequate identification of customers with a risk-based approach, detect funds of illicit origin, establish guidelines regarding the due diligence that regulated entities must applied to their customers, in terms of the application of the “know your customer” policy and encourage the adoption of risk policies.
For the purposes of accurately understanding the applicable legislation on compliance, it is important to keep in mind the definition of “customer” under the Compliance Act: “natural or legal person, as defined by the legal provisions that apply for each economic or professional activity indicated in the Law, with which the regulated financial entities, regulated non-financial entities and activities carried out by professionals subject to supervision establish, maintain or have maintained, in an usual or occasional manner, a contractual, professional or business relationship for the supply of any product or services inherent to its activity.”
Lastly, the Compliance Act empowers the respective regulatory authorities for the activities carried out by the different regulated entities to oversee the compliance with the Compliance Act and adopt regulations that adjust to the reality of each regulated activity.
- Sectoral Regulation Applicable to the Securities Market
The Superintendency of the Securities Market has adopted Agreement 6-2015 of August 19, 2015 (the “Agreement 6-2015”), through which it issued the provisions applicable to regulated financial entities supervised by the Superintendency of the Securities Market, to the prevention of the crimes of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction.
The regulated financial entities supervised by the Superintendency of Securities Market under Agreement 6-2015 have the obligation to maintain due diligence and care in their operations in order to reasonably prevent such operations from being carried out with funds from activities related to the crimes of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction.
Thus, the regulated entities under the supervision of the Superintendency of the Securities Market must have the mechanisms, policies and methodologies required to manage the risk of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction, taking in consideration factors such as: the risk profile of the activity exercised by the regulated entity, the profile and types of customers of the regulated entitity, the products and services offered by the regulated entity, the distribution or commercialization channels used by the regulated entity, the location of the facilities of the regulated entity, of its customers and final beneficiaries, and the risk of the custodian or correspondent services of the regulated entity.
For the evaluation of the factors described above, regulated entities must apply a “risk-based approach”, which is nothing more than an understanding of the level of risk according to their nature, in order to focus their efforts effectively. Thus, regulated entities subject to supervision must classify their customers by applying a risk-based approach to: (i) high risk customers, (ii) moderate risk customers and (iii) low risk customers; and they should review this classification at least once a year. With this approach in mind, the regulation gives certain entities flexibility to assess the risks in the services they provide, so that they can apply reinforced measures against major risks, basic measures against usual risks and simplified measures against minor risks, managing and / or mitigating risks, as the case may be.
Agreement 6-2015 specifically establishes the minimum information and documentation that should be requested and verified from customers, both for natural and legal persons, as part of the simplified due diligence that regulated entities subject to supervision of the Superintendency of the Securities Market must apply, which include: complete general information, a copy of the customer’s identification, bank and commercial references, support of funds, detail of activities to which he / she is dedicated, among others.
For the purposes of simplified due diligence in the case of legal persons, Agreement 6-2015 seeks to fully identify the final beneficiary of the legal entity and imposes measures and requirements to be obtained from each customer that is a legal entity for that purpose. For the purposes of the final beneficiary, Agreement 6-2015 states that it shall be understood as such, any natural person who individually or by common agreement with other persons, directly or indirectly, is the owner or has the right to exercise the vote with respect to ten percent (10%) or more of the issued and outstanding shares of a legal entity. In addition to the foregoing, the following must also be fully identified: (i) in the case of companies: the administrators, representatives, attorneys-in-fact and signatories of the legal entity; (ii) in the case of private interest foundations: the members of the founding council, founder and protector; and in the case of trusts: the trustee and the trustor.
Agreement 6-2015 establishes that regulated entities under it will have to apply full-range or enhanced due diligence measures for their customers or activities that may represent a high risk, in order to deepen the information of this type of customers. The Superintendency of the Securities Market, as well as other regulators of activities under the Compliance Act, has issued a guide of indicators of suspicious operations and activities in order that the regulated entities can identify high risk customers and timely apply the measures of full-range due diligence.
Among the types of customers that should be subject to full-range or enhanced due diligence, we have, among others:
a) Natural or legal persons or related business persons with natural or legal persons domiciled or incorporated in jurisdictions considered high risk by national or foreign organizations;
b) Individuals or legal entities that appear in national or foreign lists related to the prevention of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction;
c) Politically exposed persons (PEP), close relatives and close collaborators;
d) Legal persons that receive or offer the correspondent service, with special attention to those domiciled in jurisdictions that have not effectively implemented the recommendations regarding the prevention of money laundering, terrorist financing and financing of the proliferation of weapons of mass destruction;
e) Businesses with a high volume of operations in cash or quasi-cash; and
f) Businesses with a high volume of international transfers to and from countries and high-risk countries that have not implemented the recommendations regarding the prevention of money laundering crimes, financing of terrorism and financing the proliferation of weapons of mass destruction.
When applying full-range or enhanced due diligence measures, regulated entities supervised by the Superintendency of the Securities Market shall require the same information and minimum documentation established for simplified due diligence, and in addition shall: (i) obtain the approval of senior management at the beginning of the business relationship; (ii) update the records of information and documentation, at least one (1) time each semester; (iii) continuous intensified monitoring throughout the commercial relationship and / or (iv) apply any other measure determined by the senior management of the regulated entity.
Simplified due diligence is the most basic policy, procedures and measures defined in the Compliance Act that may be applied by regulated entities to their customers, and are only applicable if in accordance with the risk policies of the regulated entities, based on a risk approach, it is determined that the customers to apply it are of low risk.
Executive Decree No. 363, which regulates the Compliance Act, expressly establishes the simplified due diligence measures allowed to regulated entities:
a) Reduce the documentary review process;
b) Reduce the frequency of customer identification updates; and
c) Reduce the monitoring of the business relationship and the scrutiny of operations that do not exceed the minimum amount established by supervisory bodies.
Although it does not appear so, simplified measures significantly reduce the economic and managerial burden of due diligence measures for regulated entities, especially in cases where it is evident that the business relationship is not or can not be used for illicit purposes.
An important point to be highlighted is Article 28 of the Compliance Act that establishes that the regulated entities – whether they are intermediaries or not in the securities market – will apply simplified due diligence measures to their customers that are legal persons and are listed in a stock exchange recognized by the Superintendency of the Securities Market. That is, to the issuers of common shares or participation quotas, which are duly registered in the Superintendency of the Securities Market and listed on a stock exchange, simplified due diligence measures will be applied by law. Therefore, regulated intermediaries may apply their simplified due diligence measures to their issuing customers, provided that the before mentioned comply with the conditions established in Article 28 of the Compliance Act.
The main purpose of the compliance regulation in question is based more than anything on prevention, that is why in cases where a customer of a regulated entity does not facilitate compliance with the relevant measures of due diligence, the regulated entity may not open the account or start the business relationship or make the proposed transaction.
Agreement 6-2015 establishes that any new account or commercial relationship must comply with the evaluation of the financial and transactional profile of the customer, in order to measure the risk of the products or services offered. For these purposes, “financial profile” means “the result of the analysis of a set of socioeconomic and demographic characteristics and variables that are presented by a customer and verified by the regulated entity at the time of opening the account or beginning of the business relationship; and that it must be enriched with updated and historical information, with the purpose of establishing the common practice that the customer will maintain with the regulated entity.”
Basically, the analysis and processing of the financial documentation required in the course of the simplified or enhanced due diligence measures gives rise to the financial profile that the regulated entity must develop for each customer. On the other hand, the “transactional profile” refers to the “contrast between the financial profile and the frequency and capacity of a customer’s actual transaction in one or several periods of time.”
In conclusion, the obligation of each regulated entity supervised by the Superintendency of the Securities Market is to perform an analysis based on criteria in terms of capacity and financial transaction volume of each customer and then make the contrast between said analysis and the reality of each case.
Agreement 6-2015 establishes two important obligations in regards to the employees of the regulated entities supervised by the Superintendency of the Securities Market: the first obligation is to have a “Know Your Employee” policy, which seeks that regulated entities have personnel selection procedures and supervise the behaviour of their employees, especially those who perform positions related to customer management, fund management, control of information and other important controls. It is also important that regulated entities establish a profile of this type of employees, which shall be updated at least once a year.
The second obligation of the regulated entities in regards to their employees is the obligation to carry out continuous and specific trainings at least once a year, to the employees with roles related to the management, communication and handling of customer and supplier relationships, receipt of funds, transaction processing, product design and services, compliance, risk, human resources, technology and internal auditing in a way that allows them to be updated on the different types, cases and regulations of money laundering, terrorism financing and financing of the proliferation of weapons of mass destruction.
One of the most important tools that the Compliance Act and the Agreement 6-2015 gives to the regulated entities supervised by the Superintendency of the Securities Market are the Suspicious Operations Reports (ROS) and the Unusual Operations Reports (ROI) to the Financial Analysis Unit (UAF). Many times we tend to use these terms as synonyms when they are different and have different implications.
“Suspicious operation” is understood as an operation that can not be justified or sustained against the financial or transactional profile of the customer or that which may be related to illicit purposes. On the other hand, “unusual operation” is understood to be one that is not consistent with a financial or transactional profile declared by the customer or that exceeds the parameters set by the regulated entity in the due diligence process performed on the customer, and that consequently must be justified.
Thus, unusual operation means in short an alert for the regulated entity that the operation is not regular, based on the expected behavior of the customer or exceeds the criteria set for the customer in terms of financial capacity or volume of transactions, and the customer must be required to sustain the operation. Suspicious operation, on the other hand, is one that has no way to be justified or that can reasonably be considered to be linked to the crimes of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction.
Executive Decree No. 363 that regulates the Compliance Act establishes that the regulated entities must have measures that allow the timely detection of unusual operations in order to analyze them and rule out or corroborate the unusual operation. Unusual operations that can not be corroborated or verified according to the customer’s profile may be reported by the regulated entity as suspicious transactions.
In addition, operations suspected of being related to the crimes of money laundering, financing of terrorism, financing of the proliferation of weapons of mass destruction shall be reported as suspicious transactions to the Financial Analysis Unit within 15 calendar days from the detection of the event, transaction, operation or control failure.
In addition, the regulated entities have the obligation to report transactions in cash or quasi-cash, for amounts exceeding the sum of Ten Thousand Dollars (US$10,000.00), legal currency of the United States of America, within the first 10 business days of each month. “Quasi-cash” means, for these purposes, cashier’s checks, travel checks, orders issued to bearer, multiple endorsements, blank endorsements, and other negotiable documents.
All reports to the Financial Analysis Unit must be made through the compliance officer, who will be the liaison person with said entity in regards to the regulated entities supervised by the Superintendency of the Securities Market.
Agreement 6-2015 establishes the obligation for regulated entities supervised by the Superintendency of the Securities Market to adopt, through its Board of Directors, a Prevention Manual that must be reviewed at least one (1) time a year and must contain at least:
1) Mechanism, policies and methodologies for administration and policies for mitigating the risk of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction;
2) The classification of customers according to the risk-based approach;
3) The “Know Your Customer” policy;
4) The “Know Your Employee” policy;
5) The periodicity of the reviews and updating of the information and documentation of the customers;
6) Policies relating to correspondent relations;
7) Policies relating to customers or high-risk activities;
8) Policies regarding the confidentiality and protection of information;
9) Contingency plans for information retrieval in cases of disasters;
10) Internal control policies;
11) Norms of self-evaluation of the degree of risk and good practices for the prevention of the crimes of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction;
12) Ethical norms and standards;
13) The liaison person with the Financial Analysis Unit;
14) Management of ROS and other reports to the Financial Analysis Unit;
15) Formation of the Ethics and Compliance Committee and the Audit Committee.
Regarding the Ethics and Compliance Committee, Agreement 6-2015 provides that all regulated entities supervised by the Superintendency of the Securities Market must have one to approve the opening of accounts or the commencement of business relations for customers or activities requiring full-range or enhanced due diligence measures to be carried out, and the follow-up to this type of high risk customers. This committee must be formed by at least three (3) members of the Board of Directors. The Ethics and Compliance Committee must also plan, coordinate and ensure compliance with current regulations on the prevention of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction.
Likewise, Agreement 6-2015 provides that all regulated entities supervised by the Superintendency of the Securities Market must have an Audit Committee that is responsible for the execution, evaluation and effectiveness of the internal control systems of the regulated entity, in order to monitor the internal measures and softwares used in relation to the protection of information, prevention of unlawful acts and compliance with current regulations on the prevention of money laundering crimes, financing of terrorism and financing the proliferation of weapons of mass destruction.
All regulated entities supervised by the Superintendency of the Securities Market must update the information and documentation of their customers at least one (1) time per year for all customers and one (1) time per semester for customers subject to full-range or enhanced due diligence measures. At the same time, they must safeguard the information, documentation and records of the operations carried out, for a minimum period of five (5) years from the termination of the commercial relationship with the customer.
The Compliance Act classifies sanctions in two types: Generic Sanctions and Specific Sanctions. Generic sanctions are those established by said Law for breaches of the provisions of the Compliance Act or its sectoral regulations, including as such Agreement 6-2015, for which there is no specific sanction, which will consist of a fine of US$5,000.00 to US$1,000,000.00. Specific Sanctions are those applicable to specific breaches of the Compliance Act or its sectoral regulations, as regulated by the regulatory authority of the respective activity. The Superintendency of the Securities Market has not regulated the specific sanctions to date, for which generic sanctions (fines) will be applied pursuant to article 60 of the Compliance Act.
The fines imposed for breaches of the Compliance Act may be collected through the coercive jurisdiction of each supervisory body, or through the coercive collection process before the General Revenue Directorate. These fines are without prejudice to any civil or criminal liability that may arise.
Executive Decree No. 363 provides a clear picture in terms of the seriousness of the infractions, since it lists some breaches as infractions with minor severity, medium severity and maximum severity. This allows the regulated entity to identify the level of severity of the sanction for the non-compliances listed.
Finally, Executive Decree No. 363 gives the supervisory bodies of each activity the right to cancel, withdraw, restrict or remove licenses, Certificates of Competence or other authorizations from regulated entities that violate the provisions in force regarding compliance, subject to the verification of the sanctioning processes that correspond.
It is a true and lawful translation into English of the original document written in Spanish. Panama, March 12, 2018. Michelle Williams – Authorized Public Translator – Resolution No. 5775 of November 12, 2014, Republic of Panama.
Fanny Evans, Senior Associate, Morgan & Morgan
In 2013, Virginia Ginni Rometty – CEO of IBM, said “I would like you to think of big data as the next natural resource that can be to our era what steam, electricity and oil were for the Industrial Age.”
Probably, you have read or heard: Data is the new oil! Data is the new bacon! Data is the new currency! These analogies have become very popular because data is now considered one of the most important commodities.
This is the result of the emergence of many successful Social Networks that, although they are not payment platforms, have turned the data into a source of value.
The need for a data-protection compliance program in business is becoming increasingly important after several high-profile leaks of companies’ data. Some of the biggest data breaches over the last two years include T-Mobile, Marriot, British Airways, Quora, Google, Orbitz and just recently, Capital One bank in the United States. A successful data breach may occur in less than one minute. Yet, businesses may take more than weeks to realize a breach has occurred.
When giving the first steps into complex waters like data protection, it is very common that companies get lost in the avalanche of legal requirements or in developing that product or service that might result attractive to its clients. However, for a business, changing the focus to issues that they may consider more interesting should never be an option because the results of data breaches include many types of damages: fromreputational to financial. Sometimes it can even affect an entire country as happened with, in my opinion, the wrongfully or unjustifiably called “Panama Papers”.
In the European Union, data protection is a fundamental right, and the General Data Protection Regulation (GDPR) which came into force on May 25th, 2018, is the new framework for protecting that right. Other countries are looking to the GDPR as they develop or implement their own laws to protect data.
Even if companies have an “it will not happen to me” approach to data breaches, in many countries, legislation is forcing them to rethink their reasoning. Here is where compliance plays an important role to help to plan a data-protection compliance program.
Here are five steps that can help as guidance when drafting or reviewing your data-protection compliance program:
- Understand your risks and legal and ethical obligations
One of the most important elements when building a data-protection compliance program is considering your risks and what is most important and mandatory to the business, instead of jumping into the requirements of a legislation without fully understanding your needs because not all risks or obligations are managed in the same manner or to the same extent. This program needs to set out the appropriate guidance in key areas.
Having said the above, the first step should always be to understand the business necessity to comply. This involves a careful analysis of what your obligations are, what the risk of breaching those obligations might be and what risks your company is willing to take.
- Document and review your policies
Your data-protection compliance program should be properly documented. Once the obligations and risks are understood, it is vital to document them. It is not just enough to know you are data privacy compliant. Your data-protection compliance program should be clearly verifiable and readily accessible through accurate reports and documentation for internal or external examinations.
The compliance officer shall perform a formal review on a regular basis to ensure that the data-protection compliance program is progressing as planned and that it is adjusted to meet any changes in legislation or the business.
- Allocate ownership
The responsibilities and tasks related to confidentiality and data-protection may overlap with other business policies, such as information technology security, recordkeeping, risks and audit, human resources, management of confidential information and others as it requires various skills to succeed. Therefore, the most advanced and elaborated data-protection compliance program will fail if there is no clear ownership of the tasks. Each business will structure the ownership differently, but it is vital that who is the owner of each task of the program is clearly understood and that the owners have the necessary resources, including training, so that they are competent to fulfil their role in a manner that is consistent with the business’ compliance culture.
- Provide training and the necessary resources
Always train your staff. If you have an informed team it will reduce your risk. Raise staff awareness.
Not only does training staff reduce the risk of breaches, it also demonstrates compliance before internal and external inquiries. For example, if an organization was to experience a data breach and they had documented their staff training on data protection, this would be used as evidence to prove that they had taken the appropriate steps to prevent a data breach and were taking the legislation seriously, if any.
Training should aim to ensure that all members of the team have an understanding of the data that they will have access to and the risks entailed. Training should be provided on a regular basis, and it ought to be performed again whenever there are significant changes to positions, structures, risks or obligations, or when actual issues arise. Also, the business shall incorporate data protection training into its process for onboarding new employees.
Businesses shall embed data-protection compliance program into it culture so that protecting information becomes second nature. This aspect, training and continuing education, should always include senior management.
- Review the Financial Action Task Force (FATF) Guidance on the Risk-Based Approach
A risk-based approach to compliance involves identifying the areas of high risk within the business’s compliance universe and building and prioritizing its compliance programs around these risks.
In order to assist both public authorities and the private sector in applying a risk-based approach, the FATF has adopted a series of guidance in co-operation with relevant sectors. Businesses shall review the guidance applicable to its industry to make sure that the appropriate mitigation measures in accordance with the level of risk are taken.
Data is one of the most important assets a business has. For that reason alone, data protection compliance program should be a top priority for any business.
María Eugenia Brenes, associate of the Intellectual Property and Corporate Law Department of Morgan & Morgan
Formalizing a business requires several decisions of a legal nature.
The first thing that should be considered is to determine whether the venture is on a personal basis or through a corporation. This decision is very important and it depends, mainly, on the following factors:
a) Economic Factor. It is more cost-effective to carry out business activities on a personal basis (natural person), since maintaining a company (legal person) involves, among others, the payment of fees to the lawyer acting as a resident agent and the flat annual franchise tax. However, the fiscal obligations per se are the same, that is, the requirements of the General Directorate of Revenues (DGI) must be met in both scenarios by presenting reports, declaring taxes and having a fiscal team, among others.
b) Risk Factor. Choosing to carry out activities through a company involves separating the personal assets, rights and obligations from those of a company; therefore, the assets of natural persons would not be affected in the event that the company has to answer for any obligation and vice versa. The foregoing means that the personal assets would not be affected in the event of any claim by third parties against the company.
In view of the above, although it is more expensive to operate a business via a company, we consider it appropriate to take that path as it allows keeping the personal assets separate from that of a company.
Type of activities to be carried out
The second consideration is to determine if the activities to be carried out are allowed or not, since there are restrictions in Panama for reasons of nationality and suitability. This applies to natural persons as well as to the directors and shareholders of a company. For example, certain activities such as retail sales, or beauty clinics, stylists or cosmetologists are activities that are reserved for Panamanians. There are many other activities that can be exercised by nationals of other countries without any restriction, for example, the wholesale sale of goods and the provision of services in general.
Domicile or business premises
Having determined the commercial activity to undertake, it is necessary to determine the address or location where it will be carried out. This is essential, since, depending on the zoning code, certain areas are not suitable for commercial activities or some type of them. For example, if the zoning of a residential area prohibits the location of food stores or beauty salons; it will not be feasible to carry out these activities on said location. The Ministry of Commerce and Industries recommends to all applicants of a Notice of Operation to have a zoning certificate of the site where the commercial activities will be carried out to demonstrate its viability.
Notice of Operation
The next step is to obtain a Notice of Operation that will constitute the ideal instrument that enables either a natural or legal person to trade in Panama. For this purpose it is necessary to enter the site www.panamaemprende.gob.pa.
When accessing, all the fields of the notice application must be filled in, including, among others, the name that is intended to be used to identify the commercial establishment. It is convenient to choose a name that shows distinction with other businesses to avoid any confusion with other businesses that may give rise to disputes over commercial denominations. The commercial name of an establishment is closely related to the use of the brand with which it is intended to identify products and/or services; thus, it is important to have the advice of a legal professional.
Once the system generates the payment slip for the corresponding rights, it is necessary to pay off the amount with a credit card or directly in Banco Nacional de Panamá. When the payment is made, the system will accept it and allow the printing of the Notice of Operation that will protect the business activities.
For certain businesses it is necessary to request and obtain prior or special permits before opting for the Notice of Operation. Such is the case, among others, of coffee shops, restaurants, bars, banks, financial companies, engineering services and construction in general.
Operating a business entails tax implications, regardless of whether they are carried out in a personal capacity or using a corporation, such as:
- Updating the Single Taxpayer Registry (RUC), and obtaining a Tax Identification Number (NIT);
- Annual payment of the Notice of Operation Tax;
- Getting of fiscal printer, depending on the business;
- Registering in the corresponding Municipality and pay monthly taxes;
- If there have workers, signing up for the CSS (Social Security System), withhold fees, and pay them monthly;
- Present monthly reports of the ITBMS (Sales Tax) to the DGI;
- Present income statements before the DGI and the Municipality of Panama.
It is worth mentioning that natural persons or companies that register with the Micro, Small and Medium Enterprise Authority (AMPYME) have the right to obtain the exemption from payment of income tax during the first two years of operation of the business. In this way, registering with the AMPYME offers advantages that also include, among others, guarantees for loans.
Generally speaking, these are the aspects that must be considered before starting a business in the Republic of Panama.
The professionals of Morgan & Morgan have the qualifications to provide optimal advice for the start of your business, foreseeing compliance with all the legal provisions that govern the matter, as well as to advise on the protection of their intellectual rights within the framework of the business.
With the enactment of Law No. 81 on Protection of Personal Data, the Republic of Panama aims to establish the principles, rights, obligations and procedures that regulate the protection of personal data, also considering their interrelation with private life and other rights and fundamental freedoms of citizens, by natural or legal persons, public or private law, lucrative or not, that process personal data in the terms provided in the Law.
Storage or transfer of personal data:
The storage or transfer of personal data of a confidential, sensitive or restricted nature, outside the territory of Panama, by the company responsible for the storage of data or custody thereof, will be allowed, provided that the company and/or country of residence have standards of protection comparable to those of the Law or if the entity that transfers the data makes sure to adopt all the necessary steps so that it is protected. The following cases are excepted from the aforementioned requirements: (1) when the owner has granted its consent for the transfer; (2)when the transfer is necessary for the execution or enforcement of a contract by the interested party; (3) in cases of bank or money or stock exchange transfers; and (4) in case of information whose transmission is required by law or in compliance with international treaties ratified by Panama.
It establishes the obligation to develop procedures, protocols and processes for the management and transfer of data that includes the appropriate security methods.
Consent of the owner of personal data:
It is established that the processing of personal data can only take place as permitted in this Law, or with the consent of the owner of the data.
Definition of sensitive data:
Sensitive data refers to the private sphere of its owner or whose misuse could give rise to discrimination or entail a serious risk for him/her– for example, of racial origin, religious beliefs, union affiliation, political opinions, data related to the health, life, preference or sexual orientation, genetic data or biometric data, among others aimed at uniquely identifying a natural person.
Sensitive data can not be transferred except: (i) by explicit consent of the owner; (ii) when necessary to safeguard the owner’s life; (iii) when it is necessary for the recognition, exercise or defense of a right in a judicial proceeding; and (iv) when it has a historical, statistical or scientific purpose.
Rights of Access, Rectification, Cancellation, Opposition and Portability:
The rights of owners of personal data to exercise over those responsible for database processing are: (i) Access (to obtain the data and know the purpose and origin for which they were collected), (ii) Rectification (to access and request correction, modification or update), (iii) Cancellation (to request deletion of data), (iv) Opposition (refusal to provide or revoke its consent) and (v) Portability (right to obtain a copy of all personal data in a structure matter in certain circumstances).
The database custodians that transfer personal data stored in a database to third parties must keep a record of them, which must be available to ANTAI, if requested to do so.
Personal Data Protection Council:
The Personal Data Protection Council is created, which has the following functions: to advise ANTAI in relation to the Law, recommend public policies, evaluate cases submitted for consultations and develop internal regulations and it is composed by:
- the Minister of the Ministry of Commerce and Industries;
- the General Administrator of the Authority for the Protection of Consumers and the Defense of Competition (ACODECO);
- the General Director of ANTAI;
- the Ombudsman, or its nominee;
- a representative of the National Council of Private Enterprises (CONEP);
- a representative of the National Bar Association;
- a representative of the Panama Banking Association;
- a representative of Electoral Tribunal; and
- a representative of the Chamber of Commerce, Industry and Agriculture.
The National Government Innovation Authority will have the right to address the council as a technical advisor.
Duty to compensate for pecuniary and/or moral damages caused by the unlawful handling of personal data.
National Authority for Transparency and Access to Information (“ANTAI”):
Right to appeal against ANTAI in case of claims to any database storage operator to resolve differences in the exercise of the aforementioned rights. The competent body for the fulfillment of the obligations of this Law is ANTAI except in the case of estities regulated by special laws, in which case the claimant must first submit its claim to the competent regulatory authority. The ANTAI, through the Directorate established to consider the matter, is granted the powers to impose sanctions. The decision of the Directorate in the ANTAI established to consider these proceedings may be challenged through a reconsideration appeal. A subsequent appeal may be filed with the Director General of ANTAI.
The sanctions may be between US$1,000 and US$10,000, depending on the severity and recurrence and may be a written warning, citation before the ANTAI, fine, closure of the database registration or suspension and disqualification of the storage activity and/or treatment of personal data. There are minor infractions (for example: not sending the information required by ANTAI), serious infractions (for example: processing data without the owner’s consent) and very serious infractions (for example: the collection of personal data in a malicious way).
This law will take effect two (2) years after its promulgation.
One of the biggest challenges that micro, small and medium enterprises face when trying to settle in and achieve success as profitable businesses is to obtain capital and sources of financing. Sometimes, the most common sources of financial resources – such as bank loans, private equity and public offerings of securities – are beyond the reach of these companies and, consequently, many innovative ideas that could result in booming business for the national economy and for the creation of jobs are not developed.
Another crowdfunding format is the equity crowdfunding model whereby investors provide capital and receive shares or another capital instrument that gives them the right to receive a percentage of the income generated by the business they are financing. There is also the debt-based crowdfunding model, in which investors lend funds on a temporary basis, waiting for the repayment of their investment in a certain period. In these cases, investors usually require that they be paid an interest on the borrowed capital, but models have arisen in which the participants have not demanded any consideration except the return of the amounts given in loan.
Our securities legislation requires that those securities that are going to be publicly offered in the Republic of Panama be registered first with the Superintendence of the Securities Market (hereinafter the “SMV”). The process of registering securities before the SMV consumes time and resources that micro, small and medium enterprises usually do not have. The current regulations include offers of securities that are exempt from registration with the SMV but they only allow the offer of unregistered securities to a small number of people or institutional investors and, thus, these registration exemptions do not work for crowdfunding initiatives whose purpose is to collect small sums of money from a large number of people. In order for crowdfunding to be possible without having to comply with the registration formalities, a new exemption from the obligation to register securities would have to be adopted.
The second regulatory challenge faced by crowdfunding in the Republic of Panama is that, under the Securities Act and the agreements adopted by the SMV, the operator of the Internet site that serves as a platform to facilitate the collection of financial resources have the obligation to obtain an investment adviser license, broker-dealer firm license or stock exchange license. The management of requesting and obtaining these licenses, as well as their subsequent operation, also requires investment of a lot of time and resources that, given the objective of a crowdfunding site to serve as a mere intermediary between entrepreneurs and investors, may not have to be incurred for crowdfunding purposes.
Article 128 of the Securities Act establishes the following: “Public offer or sales of securities to be made by an issuer or an affiliate or by an offerer in the Republic of Panama shall be registered in the Superintendence, unless they are exempted from such registration in accordance with the provisions of this Decree Law and its regulations. An offer or sale made to persons domiciled in the Republic of Panama shall be deemed to be an offer made in the Republic of Panama, regardless of whether it is made from the Republic of Panama or from abroad, unless the Superintendence determines otherwise.”
Paragraph 2 of article 129 establishes that “there are exempted from registration with the SMV offers of securities made by an issuer or an affiliated thereof, or by an offerer of said issuer or affiliate to no more than twenty-five persons altogether, or any such number of persons which the Superintendence may determine and which, within a period of one year, do not have as a result the sale of such securities to more than 10 persons, or any other number of persons which the Superintendence may determine.”
Article 3 of Agreement 1-2001 establishes that the following legal persons qualify as “institutional investors”: (i) banks, insurance companies, reinsurance companies, investment companies registered with the SMV, investment trusts managed by companies with trust licenses, retirement and pensions funds regulated by Law 10 of April 16, 1993, and broker-dealer firms; (ii) legal persons domiciled in the Republic of Panama, with regular operations managing investments for at least two years before the date the offer and/or sale is, which own a patrimony consisting of no less than One Million Dollars (US$1,000,000.00), according to the last audited financial statements and whose principal officers, or in their absence, the majority of Directors and Officers must have at least two years of experience in regular investment management; and (iii) Sovereign States and public entities that by their nature are authorized to make investments.
Therefore, in relation to the exemption of the obligation to register securities before the SMV, it is proposed that public offers of securities, whether of fixed or variable income (and the resale of such securities in the secondary market) that comply with characteristics similar to the following be considered exempt from registration: (i) the securities that are offered by the issuer through an Internet crowdfunding platform duly notified to the SMV (hereinafter, a “Crowdfunding Site”); (ii) the amount of capital that the issuer wishes to collect (the “Requested Capital”) shall be expressed on the Crowdfunding Site, as well as the amount of securities to be offered, its price and the proportion of total capital represented by each security; (iii) the issuer shall establish a period of time during which potential investors may express their willingness and commitment to purchase the securities (the “Commitment Period”); (iv) the securities shall be issued and the issuer shall receive the funds only when the target is met, that potential investors have expressed, within the Commitment Period, their commitment to purchase securities for an amount at least equivalent to the Requested Capital (the “Minimum Target”); (v) individuals or legal entities with an annual income of less than US$100,000.00 may invest no more than 10% of their income within a period of twelve (12) months; (vi) individuals or legal entities with an annual income of more than US$100,000.00 may invest no more than 15% of their income up to a maximum amount of US$100,000.00 within a period of twelve (12) months; (vii) any issuer that has placed securities on the basis of an exempt crowdfunding offer, by reason of having complied with all the requirements, may carry out additional crowdfunding offers; (viii) an offer of securities under the proposed exemption, if adopted, would not prohibit the issuer from making other offers, sales or transactions exempt from registration as established in Article 129 of the Securities Act (for example, the offers of securities that an issuer carries out under a crowdfunding exemption are excluded from the computation of the investors referred to in numeral 2 of Article 129 on private placements); and (ix) issuers that offer securities under a crowdfunding exception could, in any case, try to obtain financing through other sources of funding, such as bank loans and venture capital.
Notwithstanding the foregoing and with the interest of protecting the investing public, the issuers that offer securities based on a registration exemption such as the above, or similar, must be subject to compliance with the provisions of articles 246 and 248 of the Securities Act in relation to the prohibition of incurring, during the process of offering and placing the exempt securities, in fraudulent or misleading acts, in the making of false statements about a material fact or omitting to disclose a material fact.
In addition to an exemption from the obligation to register securities with the SMV, in order for crowdfunding to work as an accessible measure of financing, it is also required that operators of Crowdfunding Sites are exempt from obtaining an investment adviser license, broker-dealer firm license or stock exchange license. For the purposes of the foregoing, it is proposed that operators of Crowdfunding Sites that meet the following requirements be considered exempt from obtaining the above licenses: (i) notify the SMV of the operation of a Crowdfunding Site within five (5) business days following the launching of the Crowdfunding Site; (ii) not recommend, qualify or otherwise provide investment advisory services in relation to the securities offered through its platform; (iii) obtain the information required by Law 23 of 2015 and its regulations from potential issuers of securities; and (iv) adopt terms and conditions under which (a) the operator of the Crowdfunding Site is prohibited and, if it is a legal entity, its shareholders, directors, officers and employees, to purchase securities offered through the Crowdfunding Site, (b) the issuers of securities undertake to issue the securities in case the Minimum Target is met within the Commitment Period, and (c) the persons who wish to invest through the Crowdfunding Sites recognize that the expressions of willingness to purchase securities during a Commitment Period constitute promises to purchase the securities and pay their price in case the Minimum Target is met but granting those persons who have expressed interest in acquiring the securities the possibility of not having to purchase the securities if they communicate their wish to opt out in the financing within a set period of time before the Commitment Period expires.
The exemptions proposed in this document to encourage crowdfunding in the Republic of Panama are based on similar standards adopted in other jurisdictions. On April 5, 2012, the former president of the United States of America, Barack Obama, signed the so-called “Jumpstart Our Business Startups Act,” also known as the “JOBS Act,” which was a law promulgated with the intention of motivating the financing of small businesses in that country and resulted in the adoption of exemptions similar to those suggested here in the securities regulatory framework of the United States of America. This year, Argentina enacted Law 27,349, which, in its Title II, creates the figure of “crowdfunding systems”.
In other words, certain jurisdictions are adopting new rules so that crowdfunding is a real and accessible source for raising capital and financing for micro, small and medium enterprises. The Republic of Panama cannot be left behind in this aspect and the time is still favorable for us to take the necessary actions and measures in order to adopt rules that can help promote crowdfunding not only to our local entrepreneurs but also to attract those foreigners innovators that do not have this possibility of financing in their respective jurisdictions. Being short in this attempt may even cause our local talent to turn to other countries that have rules that encourage and facilitate crowdfunding in order to obtain funds to develop their ideas and, most likely, end up implementing them in the territory of those same jurisdictions who had the vision of accommodating this figure to help them launch their businesses in the beginning.
Albalira Montufar, Partner, Immigration Law
Panama has become a popular destination to immigrate in the region, due to its economic growth and socio-political stability, which contrasts with other neighboring countries´ intricate conditions. Within the last decade, multiple infrastructure projects, as well as incentives favorable to establish and operate multinational companies, have resulted in an increase of foreign nationals within the country, creating a multi-ethnic and multi-cultural society.
Nevertheless, Panama’s immigration law enacted in 2008 and article 17 of the Panamanian Labor Code dated 1972, both modified throughout the years, constitute a complex scenario to immigrants and employers willing to comply with the laws and changing policies. Separate processes to obtain (i) residency before the National Immigration Service and; (ii) a work permit before the Ministry of Labor, are one of the main aspects to be considered when immigrating and hiring foreign employees.
How to obtain legal residency in Panama?
In Panama, Law Decree No. 3 of 2008, which creates the National Immigration Service, and Executive Decree No. 320, which establishes the requirements and procedures applicable to obtaining temporary and permanent residency, are the core provisions regarding immigration.
As a general rule, foreigners enter as tourists for a period of 3 to 6 months, allowing them to do tourism, business or investment activities within the country. However, nationals from certain countries including China, India, and many other Asian and African countries, must request an entry visa which, when granted, is stamped at a Panamanian Consulate before traveling, and is valid for 1 month as a general rule. This entry visa applies unless the person has a valid multiple entry visa from the U.S., Canada, U.K. or Australia, and has used it at least once to enter the territory that issued said visa, in which case the person can enter Panama without a prior authorization.
During the above periods, the foreign national that wishes to apply for a residence permit must choose from a wide spectrum of options that were created to promote investment and to establish the rules to fill the need of skilled and non-skilled personnel. For purposes of this article, we will refer to the main available modalities.
Options related to the applicant’s nationality
- Residence Permit for Nationals from Countries with Professional and Economic Ties with the Republic of Panama
Foreign nationals from a list of approximately 50 countries, including the United States of America, France, Canada and Spain, can apply for a permanent residence permit in Panama if they prove to have a professional, economic or investment relationship in the country. This residence permit, also known as a Friendly Nations permit, can be obtained by setting up a Panamanian corporation or by being hired to work as an employee of a company duly established in Panama. The applicant must prove the existence of either an economic or professional activity, as well as economic solvency (the latter by means of filing a bank certificate from a local bank showing a balance of at least 4 average figures).
Once the permanent residency is granted, it is possible to apply for an indefinite term work permit that will allow the person to legally work in Panama. The challenge with this option is that if the foreigner applies for this category for work purposes, he or she must first obtain the permanent residency, and then file the work permit application. Therefore, there is a black out period in which the foreigner is not allowed to work. Anticipated coordination of this category is required to minimize risks.
- Residence Permit for Nationals from Italy
The Treaty of Friendship, Commerce and Navigation between the Republic of Panama and the Italian Republic, provides that the citizens of each of the contracting parties enjoy national treatment in the territory of the other, to carry out economic or professional activities. The main requirement is to prove the Italian nationality, as well as economic solvency (as described above).
Once the permanent residency is granted, if the foreigner intends to work, it is possible to apply for an indefinite term work permit that will allow the person to legally work in Panama. Note that Italian nationals will be exposed to the same black out period mentioned above regarding the Friendly Nation’s option.
Options based on the Company’s Quotas
- Ten or Fifteen Percent Quota
The Panamanian Labor Code sets forth the general rules applicable to hiring foreign personnel. The code provides that 90 percent of employees must be Panamanian citizens, or foreign nationals married to a Panamanian, or foreign nationals that have resided in Panama for 10 or more years. The 10% quota is a result of this rule, and applies to both the headcount and salaries of the workforce. Additionally, the Labor Code provides that companies can hire skilled staff, managerial or technical positions not exceeding a 15% limit of the total salaries and headcount.
Consequently, foreigners hired to work for a company registered in Panama, can obtain residence permits within a 10% limit for positions that are not skilled, managerial or technical, and a 15% limited for skilled, managerial or technical positions. These options grant provisional residency for two years and allows to subsequently apply for permanent residency in the country, provided that the foreigner receives a minimum wage of at least US$850.00 monthly.
In this case, once the provisional residency is filed before the National Immigration Service, it is possible to apply for a temporary work permit valid for 1 year, renewable for equal terms which, once approved, allows the person to legally work in Panama.
The challenge with this option is that the high number of foreigners in Panamanian payrolls makes it difficult to comply with the quotas. Additionally, labor policies determining how other immigration categories and work permits count in payroll have had constant changes impacting the filing and approval of these work permits.
- Multinational Headquarters
The multinational headquarters special regime established by means of Law 41 of 2007, applies to regional or headquarters offices of companies which carry out operations or services from Panama to their main offices or subsidiaries in other countries. These companies must be granted with a Multinational Headquarters’ License or “SEM” License (for its acronym in Spanish). The main advantage of this option, in regard to the hiring of foreign managerial personnel, is that these companies are not subject to the quotas established in the Labor Code, therefore making possible to hire an unlimited number of foreign workforce.
Foreign employees working for a SEM company can apply for a residence permit for Permanent Personnel valid for 5 years, renewable for equal terms. With this residence permit, there is no need to request a work permit before the Ministry of Labor, since Law 41 provides that holders of this residence permit do not require further authorization to legally work in Panama. This category also has the advantage that there is no income tax in the foreign employee’s salary in Panama, when receiving the salary from a foreign source.
Options based on the applicants’ investment
Panama’s immigration law provides the option to obtain permanent residency when investing in the country a minimum of US$300,000.00. There are 3 options to meet this requirement: (i) a deposit in a bank account maintained at least 3 years in a Panamanian bank, on the name of the applicant; (ii) investing in a US$300,000.00 (or more) real estate property located in Panama, free of liens. The real estate property can either be in the personal name of the applicant, in the name of a Panamanian Private Interest Foundation or a corporation (as long as the main applicant is both the Founder and main Beneficiary in the foundation’s case and that the shares are on the applicant’s name in the corporation’s case); and (iii) a combination of real estate property and deposits on a deposit bank account, for an aggregate of US$300,000.00 or more.
In this case, the provisional residency is granted for two years, and allows to later apply for permanent residency in the country.
The National Immigration Service and the Ministry of Labor have been tightening their policies due to the considerable influx of foreigners, in order to verify and control that foreigners stay legally in the country and that companies comply with applicable regulations.
The Government of Panama recently announced certain measures to reduce the stay as tourists for nationals of certain Latin American countries, in order to force a prompt legalization of those that decide to have a residency in the country. In this regard, the government established that nationals from Venezuela, Colombia, and Nicaragua, previously granted with a 6-month period stay as tourists, are now allowed a 3-month period only.
Moreover, Law 59 of September 12th, 2017 increases fines and sanctions to companies that hire foreign employees without a valid work authorization issued by said Ministry. Fines, that are were established in US$50.00 to US$500.00, have increased significantly due to this law, which includes (i) a US$500.00 sanction per foreign employee without a valid work permit, the first time is inspected by the authorities; (ii) a US$1,000.00 fine for each foreign employee without a work permit, the second time is inspected; (iii) a US$10,000.00 fine without considering the number of foreign employees plus the suspension of the company’s commercial license, the third time is inspected; and (iv) the cancellation of the commercial license for the fourth time.
Furthermore, said law provides that fines to companies having 10 or more foreign employees without a valid work permit, will be doubled. The names of the sanctioned companies will be listed in the Ministry of Labor’s website.
Panama’s immigration and work permit laws and policies provide a wide range of options to immigrate and work in the country. The large number of foreigners that have arrived within the last years has resulted in stricter policies and regulations. However, certain options still remain flexible. By understanding and keeping up to date with the modifications in regulations and policies, foreigners and companies can duly coordinate an anticipate applicable options and requirements, therefore reducing labor and immigration risks.