1. Beneficial ownership data and preferential procurement

    Header image: Photo by Ricardo Rocha on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    While the main purpose of collecting beneficial ownership information is as part of an anti-corruption agenda, ownership information can also be used in public procurement as part of preferential procurement programmes. These are meant to increase the distribution of government contracts among different groups in a country. 

    South Africa is an example of a country with a system of preferential procurement through the Broad-Based Black Economic Empowerment (B-BBEE) programme. This programme gives preference to companies that (amongst other criteria) have more Black people and/or women in ownership and management.

    This works through a certification process where auditors convert evidence of ownership and management into a certification for the company, which is then used in the procurement process. While conceptually similar to beneficial ownership in many ways, this methodology differs from the requirement of disclosure of ownership that tends to be used in beneficial ownership. 

    Public disclosure of ownership could be made a component of preferential procurement or similar schemes, but this would also require understanding of ownership at lower thresholds than is currently common. Understanding the demographics of ownership requires a full picture of shareholders, and that may include adding up many with small shares. The Beneficial Ownership Data Standard (BODS), does allow for anonymous persons where a reason is given, and so information could be captured and released for demographic analysis while not disclosing the identities of owners below a threshold.

    BODS does not currently cover demographic information for individuals or certification for companies. Doing so could increase its applicability to broader procurement objectives such as B-BBEE. There is discussion on OpenOwnership’s BODS repository of what the inclusion of additional personal data fields would involve. In general BODS approaches field inclusion using the principle of data minimisation, where the data collected should be the smallest amount of personal information required to fulfil a valid purpose. There is an intentional decision to exclude gender information from the global standard/data store, with the argument that personal information included in the overall standard should be demonstrably useful for the purposes of disambiguation. This is seen as the main purpose of ownership information on a global scale, rather than demographic analysis. 

    Rather than inclusion in the global standard, localised extensions are seen as more appropriate for demographic information, as what is of interest will vary from place to place. While a gender field could be relatively universal, understandings of ethnicity are often culturally specific and a universal standard would be inappropriate. For instance, Australia’s Indigenous Procurement Policy (IPP) recommends the use of an Indigenous business register that in turn uses a ‘Proof of Aboriginality’ process that is more involved than self-certification. 

    The data standard would benefit from some abstract thinking about how country-specific demographic needs should best be reflected within BODS-formatted data. The specific questions are:

    • What should the general pattern be for extending BODS data with demographics? Remembering that demographics may be for individuals or organisations. 
    • Should self-certified data be logged differently from certified data? How should certification be acknowledged (often ‘certifying agency’ is available, but sometimes the certification certificate may have an ID number). 
    • Should there be a flag on demographic information that is stored in BODS, but shouldn’t be released publicly? Or does this logic belong outside the standard? If so, is there a generalised need for a ‘privacy schema’ and tool that can be applied to BODS to remove/anonymise particular fields?

    Demographic certification is a system of ownership collection and verification, and a general understanding of the ways in which BODS should and shouldn’t be a part of that would be useful for the future of the standard.

    See all posts in this series.

  2. Unequal impacts of open registers of ownership

    Header image: Photo by Erol Ahmed on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    A key privacy concern with beneficial ownership, and especially open registers of beneficial ownership, is that it is making private information publicly accessible. As an Engine Room/OpenOwnership report on the subject says:

    Justifying open registers therefore depends on answering two important questions: first, why is a central register necessary, as opposed to company reporting obligations, or trusts and corporate service providers (‘TCSP’) regulation? Second, why must the central register be publicly accessible, rather than closed or limited-access?

    Common across the countries we looked at as part of this research was concern from government stakeholders and the private sector about open registers, even while there is enthusiasm for them from civil society.

    The case for open registers is, broadly, that it allows many eyes to look at the data. This creates greater oversight and scope for investigations from civil society – NGOs, journalists and members of the public, as well as feedback mechanisms to improve the quality of the data. There are multiplier effects when multiple open registers are merged that allow the same beneficiaries to be followed across borders. Making these datasets easier to access also makes it easier for official bodies to pursue investigations by increasing discoverability and removing obstacles to use.

    A key benefit of forming companies is it provides limited liability – which protects the assets of shareholders from the legal liabilities or debts of the company beyond the size of their ownership of the company. The argument justifying releasing the personal information of owners is that this is a privacy trade-off made by individuals in exchange for the substantial benefits of limited liability.

    The resulting information is a safeguard against the use of legal entities in a way that is against the public interest because it allows investigation and discovery of abuses.

    Where this becomes more complicated is that the costs of that loss of privacy are not the same for everyone. Where privacy loss leads to greater risk, this may either result in harm to individuals or the fear of that harm may mean people avoid forming companies or tendering for government contracts.  As such, the collection and distribution of data needs to acknowledge different costs of disclosing information, and allow exceptions. From the Engine Room/OpenOwnership report:

    Governments and companies should not collect and disclose data beyond the minimum that is necessary to achieve their aim, or data that poses a significant risk of harm. The risk associated with different types of information will depend on the context of both the individual and the country where they reside. This highlights the need for carefully designed exceptions regimes tailored to risks in that context.

    A key potential risk of address information being public is stalking, and this is a risk that falls more on women than men. The UK has an open register of directors and persons of significant control (PSC), and the discussion around it reflects possible risks of open registers more broadly. The comments under a Companies House blog post about GDPR features people saying they were surprised that personal information such as signatures, month and year of birth and addresses are publicly available. One commenter explicitly said the experience of being stalked made her terrified about her address information being made available. While disclosure requirements often distinguish between company registration and home addresses, micro-businesses may be more likely to be registered from home, and so have an increased privacy cost to the owner.

    In the UK, there has been an exception regime that allows information to be concealed from the public register, if personal characteristics of a person when associated with a company put a person “or any person living with them, at serious risk of violence or intimidation”.  This was amended in 2018 to remove the need for evidence for certain kinds of changes and to allow people to remove home addresses (for a cost) from register documents without the need for exceptions or evidence. Current directors have to substitute another correspondence address; former directors can have the information reduced to the first half of the postcode. This was explicitly fast-tracked without consultation as a “number of cases have been raised […] where the people involved are at risk of violence or intimidation yet cannot have their address information protected.”

    A related problem involves changes of name. A requirement that directors list former names is a common sense requirement which prevents people with bad reputations avoiding scrutiny. But for transgender directors this is a public record of their transition that may either expose them to harm, or discourage company formation in the first place. This issue is one of the reasons for the exclusion of gender from the BODS standard, as a structure where old information is superseded but not removed raises this exact issue. We also heard of a similar problem when gender is encoded into ID numbers, and these ID numbers are used in public.

    While there are situations where the risk is foreseeable and evidenced (a domestic violence victim starting a company at a new home, but needing to conceal their address), in other cases the damage may already be done when the risk becomes apparent. Even if information is successfully removed from the original source, where data has been released and incorporated into other products, retrospective redaction is more difficult.

    This problem is analogous to one faced by political candidates in the UK, where a report about intimidation and harassment of candidates and politicians led to the removal of a requirement to have home addresses printed on the ballot paper. Increased acknowledgements of the risks posed to individuals as a more diverse set of people enter into registerable roles can require re-examination of previous standards. This is especially important if it is happening alongside the opening up of information that was previously legally (but not easily) accessible.

    While privacy risks of open registers have to be accounted for in their design, closed registries might still be a privacy/security risk. One concern raised by an interviewee was that even closed registers can leak or bribery could occur for access. If a cache of data is too sensitive to publicly release, and there isn’t the capacity to properly secure it, the information may be too sensitive to gather at all. The capacity to secure and manage access to personal information is an essential component of any register.

    These problems demonstrate the importance of finding methods of delivering the public benefits of having collected private identifying information, while minimising the amount of personal information that is released. We have explored possible design patterns to help accomplish this where unique identifiers are available.

     

    See all posts in this series.

  3. Visualising conflicts of interests

    Header image: Photo by David Cook on flickr under a CC BY-NC 2.0 licence

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    As part of our research into beneficial ownership in procurement, we found several potential uses of better ownership data in the procurement process:

    • The identification of bidding cartels through revealing common beneficial ownership of tenderers to procurement processes.
    • The identification of high risk or fraudulent suppliers through non-existent or suspicious beneficial owners, such as professional intermediaries, or the presence of sanctioned individuals and companies in the ownership chains.
    • There is also an appetite from both government and civil society to use beneficial ownership in the identification of conflicts of interest in conjunction with information on procurement officers and politically exposed people.

    To explore this area we built a prototype, ‘Bluetail’, to explore options for a visual interface for use by procurement officers. This demonstrates the ways in which beneficial ownership data could be used to address some of the key procurement use cases we had found as part of our research.

    Diagram showing how contract data, ownership and pep data are combined to a single datastore and interface

    Our demo sites and and source materials are available in public:

    This prototype is a demonstration of processing data in three relevant standards: BODS, OCDS, and Popolo.

    Bluetail integrates this data by identifier matching. We reviewed options for the alternative approach of attribute-based matching, and identified relevant open source tools with which to achieve this. However, the goal would be to avoid this kind of matching wherever possible as it is a time and resource intensive process, with many possible inaccuracies and difficulties in scaling. That being the case, we also explored different methods for releasing ID information that can improve the effectiveness of this process.

    More information on the process and running locally can be found in the repository readme file.

    See all posts in this series.

  4. Getting public benefit from private IDs

    Header image: Photo by Meagan Carsience on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    Once collected, a key issue in analysis of company ownership data is correctly identifying when the same individual is connected with multiple companies. While name matching is viable in small datasets, it increases the amount of work required to remove false positives in larger datasets.

    For instance, while the UK’s Persons of Significant Control (PSC) register has a unique ID for each instance of a person having ownership, reconciling where an individual exists in multiple ownerships requires additional data processing, and possible inaccuracy. An approach developed for this dataset might not travel well to others, where address data may be less consistent (or lack an equivalent of, for example, a postcode). This problem extends beyond ownership data, and is a general issue in reconciling different datasets about people.

    The exact challenges of name reconciliations vary by the naming conventions in a country. Just as there can be no universal standard on storing name information, shortcuts to reduce ‘noise’ in a name (removing common typos, or sound-alikes) differ by language. For instance, the process to generate a CURP (ID) number in Mexico (which, by default, incorporates an individual’s first name) has explicit exceptions for very common first names, requesting use of the individual’s second name instead. Approaches within a country can also be varied: Indonesia has a wide range of ethnic and language groups, and so several different sets of common naming conventions.

    Given this problem, it is useful to be able to make use of other unique identifiers for an individual (a national ID or tax number). However, these are often seen as personal data that can not be released as part of open data. We have produced a short paper outlining the possible ways these private identifiers can be released.

    Different approaches are practical in different contexts, but at a minimum it should always be viable (and should be encouraged) to collect private identification information, and release an ID fragment to aid reconciliation. This is a short code derived from an ID, but that is not in itself unique. This can be used to more accurately group similar names into unique people. Private information can be used to add information about uniqueness to the process, without revealing the private information publicly.

    Read the paper

    See all posts in this series.

  5. Beneficial ownership tools and analysis

    Header image: Photo by Susan Holt Simpson on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    As part of this project we reviewed the open source tools that are available for working with beneficial ownership data. There is a tooling ecosystem around the Beneficial Ownership Data Standard (BODS), but it is not yet as well-developed as that around the equivalent OCDS standard for contracting information.

    There are some open source tools and analyses developed by civil society that aim to support users in understanding the relationships between companies and individuals, and related tools in the commercial sector for supporting anti-money laundering processes.

    Across all tools, Python is a reasonably well established language choice (with some civil society tools developed in Ruby) and network or graph visualisation components such as neo4j are common. We will discuss this further in the section on beneficial ownership analysis.

    OpenOwnership Register

    OpenOwnership is an organisation with the goal of making beneficial ownership data more widely available through technical development, partnerships and research. They are the key developers of the BODS data standard and host a global open registry of beneficial ownership data.

    The goal of the OpenOwnership Register is to create an “open global beneficial ownership register” that is useful across different jurisdictions and industries. This is an open source digital service which can:

    • Incorporate data from existing open registers published by countries
    • Allow cross-jurisdiction searches through a single interface/dataset
    • Becomes more useful the more open registers are published

    This works in tandem with the promotion of BODS format. Releases made in BODS are easier to incorporate into the register, and being able to make use of and contribute to a central register is an incentive to publish in a compatible format.

    The register currently contains data from every open, countrywide beneficial ownership register (UK’s Persons of Significant Control Register, Slovakia’s Public Sector Partners Register, Ukraine’s Consolidated State Registry, and the Danish Central Business Register) and the data from the EITI’s 2013-15 pilots.

    While there is additional deduplication applied to the source data (merging people with identical names, addresses and dates of birth, and companies with matching identifiers), the limitations of the source data still apply and the size of the register means that many similar entities are unreconciled.

    BODS collection and processing tools

    OpenOwnership have produced guidance on collecting BODS-compliant data using paper forms. They have also commissioned the Open Data Services (ODSC) to convert Excel format data collection spreadsheets used in the Extractive Industry Transparency Initiative (EITI) so that the data they collect will be compatible with the BODS 0.2.

    The BODS data review tool is available as an online service – as with the OCDS data review tool, it is based on the CoVE platform (Convert, Validate and Explore). Both tools check that your data complies with the relevant schema, allow you to inspect key contents of your data to check data quality, and give you access to the data in different formats (spreadsheet and JSON) to support further review. The tool is built by Open Data Services, and hosted by OpenOwnership.

    CoVE itself uses a generic flatten tool to transform standards-compliant data in JSON into spreadsheets and vice versa. This is a key piece of utility software, as it means that people working with ownership disclosure data can work in a familiar spreadsheet program. Once flattened, sheets of a spreadsheet are used to represent each of the main elements of the standard (people, entities, and control statements), as well as associated data like addresses, annotations and identifiers. This data can then be transformed into the JSON data interchange format, which has a large tooling ecosystem around it.

    The BODS mapping template enables field-level mapping between source data systems and version 0.1 of the Beneficial Ownership Data Standard. It supports the processes of:

    • identifying source systems that hold beneficial ownership information
    • itemising the fields that those systems define
    • itemising the codes and codelists associated with those fields
    • mapping the source system fields, codes and codelists to the beneficial ownership data standard

    This kind of mapping support – from simple, widely used formats and interfaces into machine readable forms, and from existing systems into data standards for interchange or publication –  are key enablers of adoption of data standards and a rich tool ecosystem.

    Beneficial ownership analysis tools

    In addition to the tools developed specifically around BODS, there is a set of open source  tools developed by civil society that analyse information on the ownership of companies, sometimes in conjunction with information about public contracting. Malaysian civic tech organisation Sinar Project have developed the Telus prototype, combining information from Malaysia about procurement, beneficial ownership, and politically exposed people. They are also working on Politikus in Kenya, which will combine those types of data with information about infrastructure projects.

    Two different civil society tools originate in Mexico: Sinapsis, produced by journalism organisation Animal Político and TowerBuilder, created by transparency and accountability NGO PODER. The goal of Sinapsis is the examination of ‘coincidences’ in a set of companies or organisations, where addresses, people, ID numbers, notaries or phone numbers may connect seemingly disconnected companies. TowerBuilder is a reusable toolkit for generating websites with data visualisations that mix open contracting and beneficial ownership data.

    These tools are generalisations of approaches originally used in one-off investigations into reusable services that can be fed new datasets. Sinapsis originated in Animal Político’s  ‘estafa maestra’ investigation, and TowerBuilder in PODER’s Torre de Control project. In the UK, the two analyses performed by Global Witness of the Persons of Significant Control register (The Companies We Keep in 2018, and Getting the UK’s House in Order in 2019) have been made available as Jupyter Notebooks – an open-source web application that allows you to create and share documents that contain live code, equations, visualisations and narrative text. This represents a space between truly one-off analyses and frameworks or services designed for reuse. The analyses are fully documented via the notebooks and are sharable and repeatable with the same data, but not generalised to other data sources.

    The OpenTender portal run in Indonesia by Indonesian Corruption Watch and the international Aleph dashboard produced by the Organised Crime and Corruption Reporting Project (OCCRP) also touch on beneficial ownership information.

    Whilst this data is not explicitly used in OpenTender.net, some of their red flag risk analyses are trying to reveal the same connections that beneficial ownership data can reveal. For example, companies being registered at the same address is suggestive that their beneficial owners may be the same, and that cartels may be in operation.

    Aleph is a document storage and search platform designed to facilitate cross-border investigation of white-collar crime. It includes some beneficial ownership datasets, and parts of the toolchain can also be used to address issues in tools more focused on beneficial ownership, such as name matching, so may be a source of useful open source components.

    A significant amount of the effort in producing these tools and analyses has been in pre-processing data to turn it into standard forms that can be easily combined and analysed. Reliably matching companies and individuals across different data sources is a recurring and significant technical problem.

    The use of BODS is not yet widespread: as civic tech early adopters, the Sinar Project uses it across their tools, but it is not used in Sinapsis, Aleph or TowerBuilder, although the latter does use OCDS. Where BODS is not in use, CSV files with various different schemas store beneficial ownership information.

    See all posts in this series.

  6. Screening for conflicts of interests in ownership data

    Header image: Photo by Rob Curran on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    A key corruption risk in public procurement is that officials or politicians successfully direct contracts to companies that they control or benefit from.

    Understanding who the beneficial owners of these companies are is one half of preventing this; the other is knowing more about the people who shouldn’t benefit, such as politically exposed persons (PEPs) or those involved in the procurement process.

    The United Nations Convention against Corruption (UNCAC) defines politically exposed people as “individuals who are, or have been, entrusted with prominent public functions and their family members and close associates”. This is a flexible definition, varying by country as to which roles should be included and how far their associations should be seen as connected. That said, typically the term will be understood as  limited to senior roles, while procurement processes might actually suffer from conflicts of interest from less senior procurement officials (PO) who are more directly involved.

    Solving this problem is hard. Data sources exist to help with the issue but are not complete in themselves. A good general principle is designing a process that makes it more likely that conflicts of interest will be detected, using tools and datasets to increase scrutiny, without relying on it as an all encompassing solution.

    The problem

    In an ideal world, analysts would simply match a list of beneficial owners against a list of politically exposed persons. Any overlap would say if a PEP is benefiting from a government contract. Unfortunately, each step in this process is far from simple.

    Previous blog posts have detailed the problems in creating a list of beneficial ownership, and politically exposed persons represent a similar challenge.  The UNCAC definition is a good definition for investigators, but to create disclosure requirements it needs to be translated into a concrete local understanding of which roles are covered.

    Where there is a clear definition, or even a list of roles that it covers (as may already exist for tracking asset disclosures), this requires a system of tracking and updating changes in those roles. Up to date lists should have a mechanism for adding new PEPs with  reasonable speed after they take office, but also need to act as an archive for information about former office holders for pursuing retrospective investigations.

    The more comprehensive the dataset (for instance, covering multiple countries, or sub-national significant figures), the higher the costs of maintenance and the greater the risk the list will fall out of date. Procurement officials (POs) are unlikely to be tracked by existing approaches to identifying PEPs in a country and will need new approaches. In South Africa, civil servants are prohibited by law from being a  beneficiary of the procurement process, creating a very large list of people to exclude.

    The other side of the problem is that where an up-to-date and comprehensive list of excluded persons exists, you have to be able to match it against your list of owners. This runs into the problem of data matching. Name matching is error prone and while information of office holders is often public (and so a list can be maintained without special privileges), these public lists are less likely to include the unique IDs essential to easy matching of individuals.

    As the Financial Action Task Force (FAFT) put it:

    Inconsistent transliterations and spellings of names affect the ability of financial institutions and DNFBPs to match names in general. Scrubbing customer databases for matches against commercial databases may result in many false positives if such databases contain insufficient or inadequate identifier information. This increases the risk of missing true matches and requires additional resources to separate false positives from true matches.

    However, while the problem is hard, partial and incomplete solutions have value.

    PEP databases and matching tools

    While FATF says that the use of databases is not sufficient to comply with their requirements, they are still a useful tool that can speed up work. Commercial databases exist, often aimed at assisting regulatory compliance in banks,  such as SmartSearch, Accuity and BAE systems Watch List Management system. There is also a variety of open data sources available, with OCCRP gathering a set of datasets on individual sanctions together as a dataset in aleph.  Some of these have approaches to name matching built in. For instance, ComplyAdvantage has a PEP database with a fuzzy matching search that can be accessed through an API.

    There is a wide selection of open source tools available to help with name reconciliation, such as Elasticsearch, OpenRefine, and Dedupe.io (a service built around a free python library). When people have entries in multiple national databases, different transliterations of their names can be recorded. OCCRP has developed a list of ‘synonames’ (soundalike) names that help address this, but reconciling individuals based on name remains a difficult problem.

    These databases will not cover procurement officers, and require additional data creation and maintenance work in a country. However, as these people are state employees, there is the prospect of tying into existing HR or payroll systems to automate generating the list, and also having access to more sensitive personal identifiers such as identity or tax numbers.

    Where the intention is to release the list publicly (such as Mexico’s planned SESNA datasets of public servants involved in procurement, and those who are sanctioned), the identity fragment approach could be used to aid reconciliation with other datasets without releasing this personal information.

    Where unique IDs can be established for both sides of the process, this makes lookups far more efficient. Where they can’t, the process should be designed to be more likely to create false positives than negatives that can then be further investigated. This also raises the importance of how the overall system is designed. While automated screenings can be built into tools for procurers decided between contracts, enhanced scrutiny of contract winners is less time consuming than screening all those who sign up to a supplier portal.

    Representing the data

    While the data standard that has most use in beneficial ownership is the Beneficial Ownership Data Standard (BODS), this is not the most appropriate format for PEP data.

    Currently where this data exists it is in a variety of CSV or JSON based formats. The ideal scenario is that PEP information is published in a common standard, so that multiple data sources can be easily combined in an analysis tool.

    A good candidate for this is the Popolo data standard. This is a standard designed to hold information about elected politicians and legislatures, which makes it useful for holding lists of PEPs. It can store information on when particular people hold particular offices, allowing it to act as a repository of older information for comparisons several years after the fact, as well as having the ability to store multiple names and identifiers that might aid reconciliation.

    mySociety’s(currently paused) EveryPolitician project uses this standard, which makes it useful as a source of global PEP information (it is used in, for instance, Global Witness’s investigation of the UK Persons of Significant Control dataset). The standard was also used by the Sinar Project’s Telus tool in Malaysia as a repository of PEP information.  FATF recommend that countries should compile a list of domestic positions/functions that are considered prominent public functions to aid determinations of whether a particular person holds a PEP-qualifying role. This could also similarly be released in Popolo format, using just the Post structure.

    Alternatively, where the process is less of a lookup between two lists, and more an investigation of individuals who are beneficial owners, BODS has an optional field saying whether and if so, why someone qualifies as a politically exposed person. This could be collected as part of a verification process, with information reviewed for relevance by decision makers.

    See all posts in this series.

  7. Collecting and making use of beneficial ownership data

    Header image: Photo by Markus Winkler on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    There are three steps to working with beneficial ownership data: collection, verification and analysis. These three areas interact – how and when data is collected affects how viable different methods of verification are, and both of these in turn affect what forms of analysis are possible.

    While collection of beneficial ownership data does not have to be part of the procurement process, (for example, if there is already a national register) requirements for bidding or winning public contracts are good pressure points to require disclosure. The following diagram shows a bird’s eye view of how ownership data (green lines) might be collected by different government agencies as part of the corporate lifecycle and the government contracting process (click for more detail).

    Where ownership data fits in the company lifecycle and contracting process

    In an ideal world, beneficial ownership information would be available and accurate at all of these points. But realistically, choices must be made over when and where to introduce beneficial ownership data collection and how to resource verification. Such choices will have an effect on the scale and timeliness of the data collected, however, as we can explore with the following diagram:

    Potential ownership collection points

    For instance, if a goal is to check for bidding cartels in the process of judging the bid, this information can be collected at any point: when companies are formed; when they register as a supplier; or when they make a bid. If companies submit multiple bids, it reduces duplication if information is collected sooner. However, this also increases the potential time between submission and analysis, and so requires an update process to avoid information becoming out of date.

    Collecting at different points also makes a difference to the size of the database. Each successive capture point is collecting a smaller sample of organisations. This affects analysis in two ways: scope and accuracy. The more companies covered in the dataset, the more forms of analysis become possible. If you have only collected information on bid winners, you cannot investigate bidding cartels. If your collection only includes the beneficial ownership of registered suppliers, you cannot identify the ‘sibling’ entities (which are not in the direct ownership chain of a company, but are owned by the same owners)  in a corporate structure that might contain hidden debts.

    While collecting data about more companies does not inherently make data more inaccurate, there is an indirect effect in that collecting more information raises the overall cost of verification.  Collecting information about all companies creates a much larger dataset to verify than just those who win contracts. If verification resources are not increased accordingly, the dataset will have a much larger scope, but be less accurate, and so the resulting analysis may be less useful.

    This inaccuracy may have a higher effect on fraud/anti-corruption analysis than its overall incidence in the dataset. This is because while some errors will be accidental, some will have been deliberately introduced to disguise ownership. Analysis that is only possible with large amounts of data may not even really be possible if the database is not supported by a strong verification system.

    To provide two different models, the UK’s Persons of Significant Control (PSC) register requires declarations as part of a company’s annual statement. With a few exceptions, it includes all companies registered in the UK. This data is submitted by the company without verification, as examining suspicious statements is a resource intensive problem across the entire jurisdiction (see the recent Global Witness report for a description of the verification problems in the UK PSC register).

    The Slovakian Register of public sector partners (RPVS) requires beneficial ownership information be submitted only before a high value contract is awarded and so has a much narrower scope. However, there is a much stronger verification process, with third parties (generally legal offices) submitting the information and the process they used to reach it, with an in-country individual held legally responsible for the accuracy of the data. Methods and useful concepts in the verification process are explored in more detail in an OpenOwnership briefing.

    Depending on the specifics, smaller databases (with verification) may lead to more basic—but more accurate—analysis. The calculation made in Slovakia for instance, is that there is less need for using data as part of the procurement process if the post-award checks are very good, because raising the chances of being caught raises the costs of cheating. On the other hand, this is then missing out on the prospect of identification of cartels. Disclosures may be accurate while the procurement process is still distorted.

    Each expansion in the number of companies included does not expand the process in the same ways. While smaller registers may be cheaper to verify, new forms of analysis may open up with small increases in size. For instance, if the overall number of companies participating in bids is not much larger than those winning bids, the additional compliance costs may be negligible and allow the possibility of cartel analysis.

    See all posts in this series.

  8. What is beneficial ownership?

    Header image: Omar Flores on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    The idea of beneficial ownership is meant to address the problem that the official directors and board of a company may be different from the true owner or controller.

    Without knowing the true owners of a business, you cannot understand who benefits from or controls its activities. In a procurement context, without beneficial ownership information about suppliers, it can be difficult to detect organised corruption or conflicts of interest.  Greater knowledge of ownership and control can give greater insight into supply chains and product quality. In the case of government contracts, collecting and using beneficial ownership data can have a very real impact on ensuring state funding is directed towards legitimate, high quality services and infrastructure for citizens.

    Someone may not even be an ‘owner’ in the sense of having a significant proportion of shares to have ‘control’ over it. They might own no shares but still exercise control through a right to appoint board members. In most cases they would still be considered beneficial owners of the company.

    Where this becomes interesting is when companies are owned not just by ‘natural’ (real) people, but also by other companies. For some companies, this can result in long chains of ownership, with many levels of companies owning other companies. But sooner or later, all ownership chains must terminate in real people, not corporate entities – those people are the beneficial owners.

    Tools for visualising beneficial ownership structures are still quite varied, but most attempt to represent ownership as a network, with companies and people as nodes:

    Diagram showing connections between companies and their eventual beneficial owners

    An alternative approach is to think about only the ultimate owners in a chain. This can be particularly useful when you need to make quick decisions about who owns or benefits from a given company, regardless of how many ‘steps’ they are removed from the company itself:

    Diagram showing the same network, but with ownership information displayed seperately

    Perfect vs practical definitions

    A broad definition of beneficial ownership (such as ‘deriving significant benefit from or having control over a company‘) is useful for an investigator trying to understand whether specific individuals can be said to be beneficial owners of an organisation. It is less useful when an organisation is being asked to declare who their beneficial owners are. This requires concrete disclosure requirements that may approach, but are likely to fall short of a broad definition. For instance, it might be decided that stockholders who have more than 25% of voting rights qualify for disclosure. In the terminology used by the World Bank/STAR Puppet Masters report, this is a “formal” rather than “substantive” approach to understanding the beneficial ownership of companies.

    When talking about beneficial ownership, it is important to keep in mind this distinction between the concept of a beneficial owner and the inherently imperfect ways of identifying them. Better management of procurement risks means knowing more about who benefits from a company receiving a contract. But on the other side, the people hoping to subvert the process will want to maintain secret ownership ties in order to control or benefit from the company.

    Closing the gaps in knowledge with additional beneficial ownership disclosure addresses the current state of evasion, but not how dishonest actors will react to new requirements. Introducing new requirements will address some amount of fraud and corruption, but also creates a strong incentive to find new ways to conceal conflicts of interests. This arms race dynamic means there is no one ‘good’ formal definition of beneficial ownership, but a number of different criteria that need to react to the practices of concealment in evidence in a country at a particular time.

    As such, the best way to think about the long term impact of beneficial ownership on public procurement is not as a silver bullet, but as a tightening net. Future escalations may involve changed definitions, or improving the means by which information is validated. Underlying tools and standards need to be flexible to a range of national contexts, as well as a potential for change over time.

    Beneficial ownership is part of a solution to several different problems

    Several different frameworks promoted by inter-governmental bodies or international transparency/anti-corruption groups push towards more collection of beneficial ownership information.

    The Extractive Industries Transparency Initiative (EITI) required as part of their 2016 standard that all participating countries mandate the disclosure of beneficial owners within extractive industries (oil, coal, gas, mineral extraction), and recommend publication in public registers or through the country EITI report.

    The Financial Action Task Force (FATF) 2012 recommendations include the importance for financial institutions of discovering the beneficial owner as part of customer due diligence when establishing a new business relationship, and apply enhanced diligence if a beneficial owner is also a politically exposed person (PEP). While not calling for an open register, they do recommend that there are timely forms of accessing accurate beneficial ownership available for ‘competent authorities’.

    The Open Government Partnership (OGP) supports the Beneficial Ownership Leadership Group with the aims of strengthening disclosure requirements and verification processes,  supporting a common data standard and allowing public access to enable citizen monitoring. Over 40 countries (including Mexico, South Africa and Indonesia) have incorporated commitments related to beneficial ownership transparency in their OGP plan.

    On the practical side of how international ownership data should be processed and stored, OpenOwnership is an organisation with the goal of making beneficial ownership data more widely available through technical development, partnerships and research. They are the key developers of the BODS data standard and host a global open registry of beneficial ownership data.

    More directly related to public procurement, as part of their COVID-19 response, the International Monetary Fund (IMF) has asked countries requesting emergency assistance to make commitments to publish information on the contracts with and the beneficial owners of companies benefiting from the emergency funds.

    Ownership in public procurement

    The problem beneficial ownership data can address in public procurement is corruption or subversion of the procurement process, but it also has a bearing on procurement efficiencies, risk profiling and enactment of preferential procurement policies.

    Making beneficial ownership data available to procurement officers helps them discriminate between bidders for work in a current procurement process. For instance, a problem described by several interviewees in our research on this area is bidding cartels. This is where multiple bidders (who are in reality controlled by the same owner) coordinate to drive up the price and raise the chances of winning. Knowing more information about the ownership of the companies in this bidding cartel would make it easier to detect.

    Better visibility of who is benefiting from public procurement contracts can be beneficial even when companies are behaving perfectly within rules. Entirely legitimately, a set of apparently independent companies may have won many bids. However, in reality these are part of a broader group with a set of common owners. Beneficial ownership data can make it easier to understand the connections between these companies (either because chains of corporate ownership have been revealed, or the final owners directly revealed). This can allow identification of where procurement contracts are ultimately flowing. Where beneficial ownership data is broadly available for organisations, this also allows identification of other businesses in which owners have an interest. This can be used to risk profile broader corporate structures.

    Explicitly collecting the data required to catch violations of existing rules can also create a chilling effect, by making potential bad actors aware of the scrutiny that may be given to the information, especially if combined with more effective enforcement. A government official (elected or otherwise) with power over the procurement process may have significant involvement in a company bidding for a contract, but this fact would be undeclared and invisible on official paperwork. Greater visibility of the beneficial owners of these companies leaves fewer places to hide, and raises the risk of detection and costs of attempting to subvert the process.

    See all posts in this series.

     

  9. Improving access to information in Europe: everyone’s a lottery winner

    We’re delighted to announce that we’ve received funding from the Swedish Postcode Foundation that will help us extend our work on Freedom of Information in Europe.

    The Foundation uses proceeds from the country’s lottery sales to help fund projects that support democracy and freedom of speech, as one of three areas where they believe they can help bring about long term positive change to the world.

    The connection is particularly apt, as it was in Sweden that the world’s first FOI law was passed in 1766. From that beginning grew a worldwide good: since then, access to information has been recognised as a fundamental right by the European Court of Human Rights, and has been adopted in countries around the globe.

    Matched up

    In May 2019 we received funding from Adessium Foundation for a three-year project to increase access to online FOI tools across Europe. The ultimate aim is to enable journalists, campaigners and citizens in Europe to make greater and more effective use of their right to access information; and in particular to generate public interest stories and campaigns that will hold power to account.

    Now this new match funding will allow us to dig further and build better within the main elements of the project, which are:

    • To help partners to launch new FOI sites in the Netherlands, France (already completed) and another jurisdiction (coming soon).
    • To upgrade existing sites to include the Alaveteli Pro functionality: AskTheEU already has this and five others will gain it shortly. By 2022 there’ll be 13 Alaveteli sites in Europe, 10 of which will have Pro.
    • To improve the Alaveteli Pro software with new features that’ll make it a more powerful tool for investigations and campaigns (so far we’ve worked on exporting data from batch requests and enabling users to add links to news stories).
    • To support journalist and campaigning organisations to use Alaveteli tools as part of their investigations (such as Privacy International’s use of FOI in their investigation into surveillance technologies used by police in the UK).
    • To monitor government compliance with FOI, especially in the wake of the coronavirus pandemic.

    Get involved

    Now we can spread the goodness even further, so we’re planning to run some online training/learning activities around using Alaveteli tools as part of an investigation or campaign. If your work would benefit from this, and you live in an EU country with an Alaveteli Pro site, do get in touch.

    We’re also keen to partner with membership-based news or campaign organisations to run more pilot projects using our new Projects feature. If you have a project that could benefit from contributors helping to extract and analyse data from FOI responses, let us know.

    And finally: we’ll soon be starting to gather data about FOI compliance in different EU countries. If this is something that could benefit your work, register your interest and we’ll keep you posted.

    Image: Jonathan Brinkhorst 

  10. Introducing WhatDoTheyKnow Projects

    With the aim of making large scale Freedom of Information investigations easier for community newsrooms and campaigning organisations, we’ve spent the first half of 2020 developing collaboration tools for WhatDoTheyKnow to speed up and bring others into the FOI management process.

    In an initial pilot, 17 contributors saved a journalist 6.5 hours by taking on half of the work of managing responses to requests.

    We’re actively looking to partner with membership-driven news organisations or impactful campaign groups to run further pilot projects to help refine the features. If that’s you, please get in touch.

    FOI can be hard without dedicated tools

    We know FOI can be hard work, especially when you make large batch requests that return a huge amount of data.

    While our Pro tools make life easier, much of the work simply involves triaging whether you got a response or just an automated acknowledgement, and whether the authority actually released the information you requested.

    After that, you then need to sift through various different formats of data, different understandings of the questions, and follow up with clarifications.

    All this comes before you can start analysing the data to build up a narrative for a story.

    A compelling membership proposition

    News organisations are increasingly looking for sustainability by offering memberships – where you pay a monthly fee to support the organisation – instead of relying on advertising revenue to support themselves.

    Memberships are still a relatively unproven and unexplored area, and organisations are still in the process of discovery over what makes someone want to pay for their news output. Is it just being able to read the stories, or do people want more involvement?

    There’s evidence to suggest that members do want to get more involved.

    Crowdsourcing some of the work of the FOI process from the membership presents an opportunity to help take some of the load off journalists, while also bringing members into the reporting process so that they value the final output more.

    Many hands make light work

    With this new functionality, once you’ve made your requests – either individually or as part of a batch – they can be added to a Project. Contributors can then be invited to the project where they are briefed on what the project is about and the tasks they can help with.

    Screenshot of Project Homepage

    Helping to classifying responses

    When you’re making FOI requests, each response to each request needs to be read to establish whether the authority has provided the information asked for – a process that is difficult to automate, given the huge variety of language that can be deployed by authorities. With large batch requests this can be a time-consuming process.

    Projects creates a pool of responses that need classifying that contributors can work through to take some of the onus off the project owner.

    2up of Project Classify page

    Contributors read the original FOI request and latest response, and then classify its current status appropriately. This doesn’t take much specialist understanding of FOI, so it’s a really easy way to get lots of people to help out.

    Helping to extract data

    In larger FOI investigations requesters are usually looking to build up a dataset so that they can compare responses from different authorities.

    This usually involves lots of spreadsheets, copy & paste, and hours of hard work.

    Projects provides dedicated tools to help build this dataset by creating a pool of requests that contributors can extract data points from using structured forms.

    Allowing contributors to help build up a dataset that will be used for real-life reporting and research helps them feel more directly involved and connected to the organisation, hopefully adding value to the membership proposition.

    Screenshot of Project Extract page

    Project owners are then able to download the crowdsourced dataset to investigate, using their analysis tools of choice.

    Screenshot of downloaded Dataset

    What we learned from our pilot

    In our pilot project contributors took on 50% of the classification tasks, accounting for 57% of the 14.8 hours overall spent classifying, saving the journalist around 6.5 hours of the administrative work required before she could start reviewing the data releases. This is a clear indication that crowdsourcing key parts of the FOI investigation process can save a significant amount of time.

    The journalist we worked with was enthusiastic about using the Projects interface again in the future, even if she wouldn’t be inviting external contributors. She expressed that it would be ideal to collaborate with interns to help sift through classifications and responses.

    With an 82% conversion rate from joining to taking action and nearly 40% of contributors returning for more than one session there’s clearly an appetite from contributors to get involved and help out. The contributors we interviewed understood that by helping with menial tasks, they were allowing the journalist more time to focus on work which required specialist expertise.

    A potential for global benefit

    Through the Nesta Future News Fund we worked with openDemocracy to design and develop WhatDoTheyKnow Projects to support this collaboration, and ran a pilot collaborative project made up from a batch of over 800 FOI requests.

    Projects is of course built into Alaveteli – the platform that powers WhatDoTheyKnow and many other FOI sites around the world, so it’s not just going to be of use in the UK, but for every jurisdiction where an Alaveteli site is utilising the Pro add-on.

    Image: Duy Pham