1. Unequal impacts of open registers of ownership

    Header image: Photo by Erol Ahmed on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    A key privacy concern with beneficial ownership, and especially open registers of beneficial ownership, is that it is making private information publicly accessible. As an Engine Room/OpenOwnership report on the subject says:

    Justifying open registers therefore depends on answering two important questions: first, why is a central register necessary, as opposed to company reporting obligations, or trusts and corporate service providers (‘TCSP’) regulation? Second, why must the central register be publicly accessible, rather than closed or limited-access?

    Common across the countries we looked at as part of this research was concern from government stakeholders and the private sector about open registers, even while there is enthusiasm for them from civil society.

    The case for open registers is, broadly, that it allows many eyes to look at the data. This creates greater oversight and scope for investigations from civil society – NGOs, journalists and members of the public, as well as feedback mechanisms to improve the quality of the data. There are multiplier effects when multiple open registers are merged that allow the same beneficiaries to be followed across borders. Making these datasets easier to access also makes it easier for official bodies to pursue investigations by increasing discoverability and removing obstacles to use.

    A key benefit of forming companies is it provides limited liability – which protects the assets of shareholders from the legal liabilities or debts of the company beyond the size of their ownership of the company. The argument justifying releasing the personal information of owners is that this is a privacy trade-off made by individuals in exchange for the substantial benefits of limited liability.

    The resulting information is a safeguard against the use of legal entities in a way that is against the public interest because it allows investigation and discovery of abuses.

    Where this becomes more complicated is that the costs of that loss of privacy are not the same for everyone. Where privacy loss leads to greater risk, this may either result in harm to individuals or the fear of that harm may mean people avoid forming companies or tendering for government contracts.  As such, the collection and distribution of data needs to acknowledge different costs of disclosing information, and allow exceptions. From the Engine Room/OpenOwnership report:

    Governments and companies should not collect and disclose data beyond the minimum that is necessary to achieve their aim, or data that poses a significant risk of harm. The risk associated with different types of information will depend on the context of both the individual and the country where they reside. This highlights the need for carefully designed exceptions regimes tailored to risks in that context.

    A key potential risk of address information being public is stalking, and this is a risk that falls more on women than men. The UK has an open register of directors and persons of significant control (PSC), and the discussion around it reflects possible risks of open registers more broadly. The comments under a Companies House blog post about GDPR features people saying they were surprised that personal information such as signatures, month and year of birth and addresses are publicly available. One commenter explicitly said the experience of being stalked made her terrified about her address information being made available. While disclosure requirements often distinguish between company registration and home addresses, micro-businesses may be more likely to be registered from home, and so have an increased privacy cost to the owner.

    In the UK, there has been an exception regime that allows information to be concealed from the public register, if personal characteristics of a person when associated with a company put a person “or any person living with them, at serious risk of violence or intimidation”.  This was amended in 2018 to remove the need for evidence for certain kinds of changes and to allow people to remove home addresses (for a cost) from register documents without the need for exceptions or evidence. Current directors have to substitute another correspondence address; former directors can have the information reduced to the first half of the postcode. This was explicitly fast-tracked without consultation as a “number of cases have been raised […] where the people involved are at risk of violence or intimidation yet cannot have their address information protected.”

    A related problem involves changes of name. A requirement that directors list former names is a common sense requirement which prevents people with bad reputations avoiding scrutiny. But for transgender directors this is a public record of their transition that may either expose them to harm, or discourage company formation in the first place. This issue is one of the reasons for the exclusion of gender from the BODS standard, as a structure where old information is superseded but not removed raises this exact issue. We also heard of a similar problem when gender is encoded into ID numbers, and these ID numbers are used in public.

    While there are situations where the risk is foreseeable and evidenced (a domestic violence victim starting a company at a new home, but needing to conceal their address), in other cases the damage may already be done when the risk becomes apparent. Even if information is successfully removed from the original source, where data has been released and incorporated into other products, retrospective redaction is more difficult.

    This problem is analogous to one faced by political candidates in the UK, where a report about intimidation and harassment of candidates and politicians led to the removal of a requirement to have home addresses printed on the ballot paper. Increased acknowledgements of the risks posed to individuals as a more diverse set of people enter into registerable roles can require re-examination of previous standards. This is especially important if it is happening alongside the opening up of information that was previously legally (but not easily) accessible.

    While privacy risks of open registers have to be accounted for in their design, closed registries might still be a privacy/security risk. One concern raised by an interviewee was that even closed registers can leak or bribery could occur for access. If a cache of data is too sensitive to publicly release, and there isn’t the capacity to properly secure it, the information may be too sensitive to gather at all. The capacity to secure and manage access to personal information is an essential component of any register.

    These problems demonstrate the importance of finding methods of delivering the public benefits of having collected private identifying information, while minimising the amount of personal information that is released. We have explored possible design patterns to help accomplish this where unique identifiers are available.


    See all posts in this series.

  2. Visualising conflicts of interests

    Header image: Photo by David Cook on flickr under a CC BY-NC 2.0 licence

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    As part of our research into beneficial ownership in procurement, we found several potential uses of better ownership data in the procurement process:

    • The identification of bidding cartels through revealing common beneficial ownership of tenderers to procurement processes.
    • The identification of high risk or fraudulent suppliers through non-existent or suspicious beneficial owners, such as professional intermediaries, or the presence of sanctioned individuals and companies in the ownership chains.
    • There is also an appetite from both government and civil society to use beneficial ownership in the identification of conflicts of interest in conjunction with information on procurement officers and politically exposed people.

    To explore this area we built a prototype, ‘Bluetail’, to explore options for a visual interface for use by procurement officers. This demonstrates the ways in which beneficial ownership data could be used to address some of the key procurement use cases we had found as part of our research.

    Diagram showing how contract data, ownership and pep data are combined to a single datastore and interface

    Our demo sites and and source materials are available in public:

    This prototype is a demonstration of processing data in three relevant standards: BODS, OCDS, and Popolo.

    Bluetail integrates this data by identifier matching. We reviewed options for the alternative approach of attribute-based matching, and identified relevant open source tools with which to achieve this. However, the goal would be to avoid this kind of matching wherever possible as it is a time and resource intensive process, with many possible inaccuracies and difficulties in scaling. That being the case, we also explored different methods for releasing ID information that can improve the effectiveness of this process.

    More information on the process and running locally can be found in the repository readme file.

    See all posts in this series.

  3. Getting public benefit from private IDs

    Header image: Photo by Meagan Carsience on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    Once collected, a key issue in analysis of company ownership data is correctly identifying when the same individual is connected with multiple companies. While name matching is viable in small datasets, it increases the amount of work required to remove false positives in larger datasets.

    For instance, while the UK’s Persons of Significant Control (PSC) register has a unique ID for each instance of a person having ownership, reconciling where an individual exists in multiple ownerships requires additional data processing, and possible inaccuracy. An approach developed for this dataset might not travel well to others, where address data may be less consistent (or lack an equivalent of, for example, a postcode). This problem extends beyond ownership data, and is a general issue in reconciling different datasets about people.

    The exact challenges of name reconciliations vary by the naming conventions in a country. Just as there can be no universal standard on storing name information, shortcuts to reduce ‘noise’ in a name (removing common typos, or sound-alikes) differ by language. For instance, the process to generate a CURP (ID) number in Mexico (which, by default, incorporates an individual’s first name) has explicit exceptions for very common first names, requesting use of the individual’s second name instead. Approaches within a country can also be varied: Indonesia has a wide range of ethnic and language groups, and so several different sets of common naming conventions.

    Given this problem, it is useful to be able to make use of other unique identifiers for an individual (a national ID or tax number). However, these are often seen as personal data that can not be released as part of open data. We have produced a short paper outlining the possible ways these private identifiers can be released.

    Different approaches are practical in different contexts, but at a minimum it should always be viable (and should be encouraged) to collect private identification information, and release an ID fragment to aid reconciliation. This is a short code derived from an ID, but that is not in itself unique. This can be used to more accurately group similar names into unique people. Private information can be used to add information about uniqueness to the process, without revealing the private information publicly.

    Read the paper

    See all posts in this series.

  4. Beneficial ownership tools and analysis

    Header image: Photo by Susan Holt Simpson on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    As part of this project we reviewed the open source tools that are available for working with beneficial ownership data. There is a tooling ecosystem around the Beneficial Ownership Data Standard (BODS), but it is not yet as well-developed as that around the equivalent OCDS standard for contracting information.

    There are some open source tools and analyses developed by civil society that aim to support users in understanding the relationships between companies and individuals, and related tools in the commercial sector for supporting anti-money laundering processes.

    Across all tools, Python is a reasonably well established language choice (with some civil society tools developed in Ruby) and network or graph visualisation components such as neo4j are common. We will discuss this further in the section on beneficial ownership analysis.

    OpenOwnership Register

    OpenOwnership is an organisation with the goal of making beneficial ownership data more widely available through technical development, partnerships and research. They are the key developers of the BODS data standard and host a global open registry of beneficial ownership data.

    The goal of the OpenOwnership Register is to create an “open global beneficial ownership register” that is useful across different jurisdictions and industries. This is an open source digital service which can:

    • Incorporate data from existing open registers published by countries
    • Allow cross-jurisdiction searches through a single interface/dataset
    • Becomes more useful the more open registers are published

    This works in tandem with the promotion of BODS format. Releases made in BODS are easier to incorporate into the register, and being able to make use of and contribute to a central register is an incentive to publish in a compatible format.

    The register currently contains data from every open, countrywide beneficial ownership register (UK’s Persons of Significant Control Register, Slovakia’s Public Sector Partners Register, Ukraine’s Consolidated State Registry, and the Danish Central Business Register) and the data from the EITI’s 2013-15 pilots.

    While there is additional deduplication applied to the source data (merging people with identical names, addresses and dates of birth, and companies with matching identifiers), the limitations of the source data still apply and the size of the register means that many similar entities are unreconciled.

    BODS collection and processing tools

    OpenOwnership have produced guidance on collecting BODS-compliant data using paper forms. They have also commissioned the Open Data Services (ODSC) to convert Excel format data collection spreadsheets used in the Extractive Industry Transparency Initiative (EITI) so that the data they collect will be compatible with the BODS 0.2.

    The BODS data review tool is available as an online service – as with the OCDS data review tool, it is based on the CoVE platform (Convert, Validate and Explore). Both tools check that your data complies with the relevant schema, allow you to inspect key contents of your data to check data quality, and give you access to the data in different formats (spreadsheet and JSON) to support further review. The tool is built by Open Data Services, and hosted by OpenOwnership.

    CoVE itself uses a generic flatten tool to transform standards-compliant data in JSON into spreadsheets and vice versa. This is a key piece of utility software, as it means that people working with ownership disclosure data can work in a familiar spreadsheet program. Once flattened, sheets of a spreadsheet are used to represent each of the main elements of the standard (people, entities, and control statements), as well as associated data like addresses, annotations and identifiers. This data can then be transformed into the JSON data interchange format, which has a large tooling ecosystem around it.

    The BODS mapping template enables field-level mapping between source data systems and version 0.1 of the Beneficial Ownership Data Standard. It supports the processes of:

    • identifying source systems that hold beneficial ownership information
    • itemising the fields that those systems define
    • itemising the codes and codelists associated with those fields
    • mapping the source system fields, codes and codelists to the beneficial ownership data standard

    This kind of mapping support – from simple, widely used formats and interfaces into machine readable forms, and from existing systems into data standards for interchange or publication –  are key enablers of adoption of data standards and a rich tool ecosystem.

    Beneficial ownership analysis tools

    In addition to the tools developed specifically around BODS, there is a set of open source  tools developed by civil society that analyse information on the ownership of companies, sometimes in conjunction with information about public contracting. Malaysian civic tech organisation Sinar Project have developed the Telus prototype, combining information from Malaysia about procurement, beneficial ownership, and politically exposed people. They are also working on Politikus in Kenya, which will combine those types of data with information about infrastructure projects.

    Two different civil society tools originate in Mexico: Sinapsis, produced by journalism organisation Animal Político and TowerBuilder, created by transparency and accountability NGO PODER. The goal of Sinapsis is the examination of ‘coincidences’ in a set of companies or organisations, where addresses, people, ID numbers, notaries or phone numbers may connect seemingly disconnected companies. TowerBuilder is a reusable toolkit for generating websites with data visualisations that mix open contracting and beneficial ownership data.

    These tools are generalisations of approaches originally used in one-off investigations into reusable services that can be fed new datasets. Sinapsis originated in Animal Político’s  ‘estafa maestra’ investigation, and TowerBuilder in PODER’s Torre de Control project. In the UK, the two analyses performed by Global Witness of the Persons of Significant Control register (The Companies We Keep in 2018, and Getting the UK’s House in Order in 2019) have been made available as Jupyter Notebooks – an open-source web application that allows you to create and share documents that contain live code, equations, visualisations and narrative text. This represents a space between truly one-off analyses and frameworks or services designed for reuse. The analyses are fully documented via the notebooks and are sharable and repeatable with the same data, but not generalised to other data sources.

    The OpenTender portal run in Indonesia by Indonesian Corruption Watch and the international Aleph dashboard produced by the Organised Crime and Corruption Reporting Project (OCCRP) also touch on beneficial ownership information.

    Whilst this data is not explicitly used in OpenTender.net, some of their red flag risk analyses are trying to reveal the same connections that beneficial ownership data can reveal. For example, companies being registered at the same address is suggestive that their beneficial owners may be the same, and that cartels may be in operation.

    Aleph is a document storage and search platform designed to facilitate cross-border investigation of white-collar crime. It includes some beneficial ownership datasets, and parts of the toolchain can also be used to address issues in tools more focused on beneficial ownership, such as name matching, so may be a source of useful open source components.

    A significant amount of the effort in producing these tools and analyses has been in pre-processing data to turn it into standard forms that can be easily combined and analysed. Reliably matching companies and individuals across different data sources is a recurring and significant technical problem.

    The use of BODS is not yet widespread: as civic tech early adopters, the Sinar Project uses it across their tools, but it is not used in Sinapsis, Aleph or TowerBuilder, although the latter does use OCDS. Where BODS is not in use, CSV files with various different schemas store beneficial ownership information.

    See all posts in this series.

  5. Screening for conflicts of interests in ownership data

    Header image: Photo by Rob Curran on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    A key corruption risk in public procurement is that officials or politicians successfully direct contracts to companies that they control or benefit from.

    Understanding who the beneficial owners of these companies are is one half of preventing this; the other is knowing more about the people who shouldn’t benefit, such as politically exposed persons (PEPs) or those involved in the procurement process.

    The United Nations Convention against Corruption (UNCAC) defines politically exposed people as “individuals who are, or have been, entrusted with prominent public functions and their family members and close associates”. This is a flexible definition, varying by country as to which roles should be included and how far their associations should be seen as connected. That said, typically the term will be understood as  limited to senior roles, while procurement processes might actually suffer from conflicts of interest from less senior procurement officials (PO) who are more directly involved.

    Solving this problem is hard. Data sources exist to help with the issue but are not complete in themselves. A good general principle is designing a process that makes it more likely that conflicts of interest will be detected, using tools and datasets to increase scrutiny, without relying on it as an all encompassing solution.

    The problem

    In an ideal world, analysts would simply match a list of beneficial owners against a list of politically exposed persons. Any overlap would say if a PEP is benefiting from a government contract. Unfortunately, each step in this process is far from simple.

    Previous blog posts have detailed the problems in creating a list of beneficial ownership, and politically exposed persons represent a similar challenge.  The UNCAC definition is a good definition for investigators, but to create disclosure requirements it needs to be translated into a concrete local understanding of which roles are covered.

    Where there is a clear definition, or even a list of roles that it covers (as may already exist for tracking asset disclosures), this requires a system of tracking and updating changes in those roles. Up to date lists should have a mechanism for adding new PEPs with  reasonable speed after they take office, but also need to act as an archive for information about former office holders for pursuing retrospective investigations.

    The more comprehensive the dataset (for instance, covering multiple countries, or sub-national significant figures), the higher the costs of maintenance and the greater the risk the list will fall out of date. Procurement officials (POs) are unlikely to be tracked by existing approaches to identifying PEPs in a country and will need new approaches. In South Africa, civil servants are prohibited by law from being a  beneficiary of the procurement process, creating a very large list of people to exclude.

    The other side of the problem is that where an up-to-date and comprehensive list of excluded persons exists, you have to be able to match it against your list of owners. This runs into the problem of data matching. Name matching is error prone and while information of office holders is often public (and so a list can be maintained without special privileges), these public lists are less likely to include the unique IDs essential to easy matching of individuals.

    As the Financial Action Task Force (FAFT) put it:

    Inconsistent transliterations and spellings of names affect the ability of financial institutions and DNFBPs to match names in general. Scrubbing customer databases for matches against commercial databases may result in many false positives if such databases contain insufficient or inadequate identifier information. This increases the risk of missing true matches and requires additional resources to separate false positives from true matches.

    However, while the problem is hard, partial and incomplete solutions have value.

    PEP databases and matching tools

    While FATF says that the use of databases is not sufficient to comply with their requirements, they are still a useful tool that can speed up work. Commercial databases exist, often aimed at assisting regulatory compliance in banks,  such as SmartSearch, Accuity and BAE systems Watch List Management system. There is also a variety of open data sources available, with OCCRP gathering a set of datasets on individual sanctions together as a dataset in aleph.  Some of these have approaches to name matching built in. For instance, ComplyAdvantage has a PEP database with a fuzzy matching search that can be accessed through an API.

    There is a wide selection of open source tools available to help with name reconciliation, such as Elasticsearch, OpenRefine, and Dedupe.io (a service built around a free python library). When people have entries in multiple national databases, different transliterations of their names can be recorded. OCCRP has developed a list of ‘synonames’ (soundalike) names that help address this, but reconciling individuals based on name remains a difficult problem.

    These databases will not cover procurement officers, and require additional data creation and maintenance work in a country. However, as these people are state employees, there is the prospect of tying into existing HR or payroll systems to automate generating the list, and also having access to more sensitive personal identifiers such as identity or tax numbers.

    Where the intention is to release the list publicly (such as Mexico’s planned SESNA datasets of public servants involved in procurement, and those who are sanctioned), the identity fragment approach could be used to aid reconciliation with other datasets without releasing this personal information.

    Where unique IDs can be established for both sides of the process, this makes lookups far more efficient. Where they can’t, the process should be designed to be more likely to create false positives than negatives that can then be further investigated. This also raises the importance of how the overall system is designed. While automated screenings can be built into tools for procurers decided between contracts, enhanced scrutiny of contract winners is less time consuming than screening all those who sign up to a supplier portal.

    Representing the data

    While the data standard that has most use in beneficial ownership is the Beneficial Ownership Data Standard (BODS), this is not the most appropriate format for PEP data.

    Currently where this data exists it is in a variety of CSV or JSON based formats. The ideal scenario is that PEP information is published in a common standard, so that multiple data sources can be easily combined in an analysis tool.

    A good candidate for this is the Popolo data standard. This is a standard designed to hold information about elected politicians and legislatures, which makes it useful for holding lists of PEPs. It can store information on when particular people hold particular offices, allowing it to act as a repository of older information for comparisons several years after the fact, as well as having the ability to store multiple names and identifiers that might aid reconciliation.

    mySociety’s(currently paused) EveryPolitician project uses this standard, which makes it useful as a source of global PEP information (it is used in, for instance, Global Witness’s investigation of the UK Persons of Significant Control dataset). The standard was also used by the Sinar Project’s Telus tool in Malaysia as a repository of PEP information.  FATF recommend that countries should compile a list of domestic positions/functions that are considered prominent public functions to aid determinations of whether a particular person holds a PEP-qualifying role. This could also similarly be released in Popolo format, using just the Post structure.

    Alternatively, where the process is less of a lookup between two lists, and more an investigation of individuals who are beneficial owners, BODS has an optional field saying whether and if so, why someone qualifies as a politically exposed person. This could be collected as part of a verification process, with information reviewed for relevance by decision makers.

    See all posts in this series.

  6. Collecting and making use of beneficial ownership data

    Header image: Photo by Markus Winkler on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    There are three steps to working with beneficial ownership data: collection, verification and analysis. These three areas interact – how and when data is collected affects how viable different methods of verification are, and both of these in turn affect what forms of analysis are possible.

    While collection of beneficial ownership data does not have to be part of the procurement process, (for example, if there is already a national register) requirements for bidding or winning public contracts are good pressure points to require disclosure. The following diagram shows a bird’s eye view of how ownership data (green lines) might be collected by different government agencies as part of the corporate lifecycle and the government contracting process (click for more detail).

    Where ownership data fits in the company lifecycle and contracting process

    In an ideal world, beneficial ownership information would be available and accurate at all of these points. But realistically, choices must be made over when and where to introduce beneficial ownership data collection and how to resource verification. Such choices will have an effect on the scale and timeliness of the data collected, however, as we can explore with the following diagram:

    Potential ownership collection points

    For instance, if a goal is to check for bidding cartels in the process of judging the bid, this information can be collected at any point: when companies are formed; when they register as a supplier; or when they make a bid. If companies submit multiple bids, it reduces duplication if information is collected sooner. However, this also increases the potential time between submission and analysis, and so requires an update process to avoid information becoming out of date.

    Collecting at different points also makes a difference to the size of the database. Each successive capture point is collecting a smaller sample of organisations. This affects analysis in two ways: scope and accuracy. The more companies covered in the dataset, the more forms of analysis become possible. If you have only collected information on bid winners, you cannot investigate bidding cartels. If your collection only includes the beneficial ownership of registered suppliers, you cannot identify the ‘sibling’ entities (which are not in the direct ownership chain of a company, but are owned by the same owners)  in a corporate structure that might contain hidden debts.

    While collecting data about more companies does not inherently make data more inaccurate, there is an indirect effect in that collecting more information raises the overall cost of verification.  Collecting information about all companies creates a much larger dataset to verify than just those who win contracts. If verification resources are not increased accordingly, the dataset will have a much larger scope, but be less accurate, and so the resulting analysis may be less useful.

    This inaccuracy may have a higher effect on fraud/anti-corruption analysis than its overall incidence in the dataset. This is because while some errors will be accidental, some will have been deliberately introduced to disguise ownership. Analysis that is only possible with large amounts of data may not even really be possible if the database is not supported by a strong verification system.

    To provide two different models, the UK’s Persons of Significant Control (PSC) register requires declarations as part of a company’s annual statement. With a few exceptions, it includes all companies registered in the UK. This data is submitted by the company without verification, as examining suspicious statements is a resource intensive problem across the entire jurisdiction (see the recent Global Witness report for a description of the verification problems in the UK PSC register).

    The Slovakian Register of public sector partners (RPVS) requires beneficial ownership information be submitted only before a high value contract is awarded and so has a much narrower scope. However, there is a much stronger verification process, with third parties (generally legal offices) submitting the information and the process they used to reach it, with an in-country individual held legally responsible for the accuracy of the data. Methods and useful concepts in the verification process are explored in more detail in an OpenOwnership briefing.

    Depending on the specifics, smaller databases (with verification) may lead to more basic—but more accurate—analysis. The calculation made in Slovakia for instance, is that there is less need for using data as part of the procurement process if the post-award checks are very good, because raising the chances of being caught raises the costs of cheating. On the other hand, this is then missing out on the prospect of identification of cartels. Disclosures may be accurate while the procurement process is still distorted.

    Each expansion in the number of companies included does not expand the process in the same ways. While smaller registers may be cheaper to verify, new forms of analysis may open up with small increases in size. For instance, if the overall number of companies participating in bids is not much larger than those winning bids, the additional compliance costs may be negligible and allow the possibility of cartel analysis.

    See all posts in this series.

  7. What is beneficial ownership?

    Header image: Omar Flores on Unsplash

    mySociety and SpendNetwork have been working on a project for the UK Government Digital Service (GDS) Global Digital Marketplace Programme and the Prosperity Fund Global Anti-Corruption programme, led by the Foreign & Commonwealth Office (FCO), around beneficial ownership in public procurement. This is one of a series of posts about that work

    The idea of beneficial ownership is meant to address the problem that the official directors and board of a company may be different from the true owner or controller.

    Without knowing the true owners of a business, you cannot understand who benefits from or controls its activities. In a procurement context, without beneficial ownership information about suppliers, it can be difficult to detect organised corruption or conflicts of interest.  Greater knowledge of ownership and control can give greater insight into supply chains and product quality. In the case of government contracts, collecting and using beneficial ownership data can have a very real impact on ensuring state funding is directed towards legitimate, high quality services and infrastructure for citizens.

    Someone may not even be an ‘owner’ in the sense of having a significant proportion of shares to have ‘control’ over it. They might own no shares but still exercise control through a right to appoint board members. In most cases they would still be considered beneficial owners of the company.

    Where this becomes interesting is when companies are owned not just by ‘natural’ (real) people, but also by other companies. For some companies, this can result in long chains of ownership, with many levels of companies owning other companies. But sooner or later, all ownership chains must terminate in real people, not corporate entities – those people are the beneficial owners.

    Tools for visualising beneficial ownership structures are still quite varied, but most attempt to represent ownership as a network, with companies and people as nodes:

    Diagram showing connections between companies and their eventual beneficial owners

    An alternative approach is to think about only the ultimate owners in a chain. This can be particularly useful when you need to make quick decisions about who owns or benefits from a given company, regardless of how many ‘steps’ they are removed from the company itself:

    Diagram showing the same network, but with ownership information displayed seperately

    Perfect vs practical definitions

    A broad definition of beneficial ownership (such as ‘deriving significant benefit from or having control over a company‘) is useful for an investigator trying to understand whether specific individuals can be said to be beneficial owners of an organisation. It is less useful when an organisation is being asked to declare who their beneficial owners are. This requires concrete disclosure requirements that may approach, but are likely to fall short of a broad definition. For instance, it might be decided that stockholders who have more than 25% of voting rights qualify for disclosure. In the terminology used by the World Bank/STAR Puppet Masters report, this is a “formal” rather than “substantive” approach to understanding the beneficial ownership of companies.

    When talking about beneficial ownership, it is important to keep in mind this distinction between the concept of a beneficial owner and the inherently imperfect ways of identifying them. Better management of procurement risks means knowing more about who benefits from a company receiving a contract. But on the other side, the people hoping to subvert the process will want to maintain secret ownership ties in order to control or benefit from the company.

    Closing the gaps in knowledge with additional beneficial ownership disclosure addresses the current state of evasion, but not how dishonest actors will react to new requirements. Introducing new requirements will address some amount of fraud and corruption, but also creates a strong incentive to find new ways to conceal conflicts of interests. This arms race dynamic means there is no one ‘good’ formal definition of beneficial ownership, but a number of different criteria that need to react to the practices of concealment in evidence in a country at a particular time.

    As such, the best way to think about the long term impact of beneficial ownership on public procurement is not as a silver bullet, but as a tightening net. Future escalations may involve changed definitions, or improving the means by which information is validated. Underlying tools and standards need to be flexible to a range of national contexts, as well as a potential for change over time.

    Beneficial ownership is part of a solution to several different problems

    Several different frameworks promoted by inter-governmental bodies or international transparency/anti-corruption groups push towards more collection of beneficial ownership information.

    The Extractive Industries Transparency Initiative (EITI) required as part of their 2016 standard that all participating countries mandate the disclosure of beneficial owners within extractive industries (oil, coal, gas, mineral extraction), and recommend publication in public registers or through the country EITI report.

    The Financial Action Task Force (FATF) 2012 recommendations include the importance for financial institutions of discovering the beneficial owner as part of customer due diligence when establishing a new business relationship, and apply enhanced diligence if a beneficial owner is also a politically exposed person (PEP). While not calling for an open register, they do recommend that there are timely forms of accessing accurate beneficial ownership available for ‘competent authorities’.

    The Open Government Partnership (OGP) supports the Beneficial Ownership Leadership Group with the aims of strengthening disclosure requirements and verification processes,  supporting a common data standard and allowing public access to enable citizen monitoring. Over 40 countries (including Mexico, South Africa and Indonesia) have incorporated commitments related to beneficial ownership transparency in their OGP plan.

    On the practical side of how international ownership data should be processed and stored, OpenOwnership is an organisation with the goal of making beneficial ownership data more widely available through technical development, partnerships and research. They are the key developers of the BODS data standard and host a global open registry of beneficial ownership data.

    More directly related to public procurement, as part of their COVID-19 response, the International Monetary Fund (IMF) has asked countries requesting emergency assistance to make commitments to publish information on the contracts with and the beneficial owners of companies benefiting from the emergency funds.

    Ownership in public procurement

    The problem beneficial ownership data can address in public procurement is corruption or subversion of the procurement process, but it also has a bearing on procurement efficiencies, risk profiling and enactment of preferential procurement policies.

    Making beneficial ownership data available to procurement officers helps them discriminate between bidders for work in a current procurement process. For instance, a problem described by several interviewees in our research on this area is bidding cartels. This is where multiple bidders (who are in reality controlled by the same owner) coordinate to drive up the price and raise the chances of winning. Knowing more information about the ownership of the companies in this bidding cartel would make it easier to detect.

    Better visibility of who is benefiting from public procurement contracts can be beneficial even when companies are behaving perfectly within rules. Entirely legitimately, a set of apparently independent companies may have won many bids. However, in reality these are part of a broader group with a set of common owners. Beneficial ownership data can make it easier to understand the connections between these companies (either because chains of corporate ownership have been revealed, or the final owners directly revealed). This can allow identification of where procurement contracts are ultimately flowing. Where beneficial ownership data is broadly available for organisations, this also allows identification of other businesses in which owners have an interest. This can be used to risk profile broader corporate structures.

    Explicitly collecting the data required to catch violations of existing rules can also create a chilling effect, by making potential bad actors aware of the scrutiny that may be given to the information, especially if combined with more effective enforcement. A government official (elected or otherwise) with power over the procurement process may have significant involvement in a company bidding for a contract, but this fact would be undeclared and invisible on official paperwork. Greater visibility of the beneficial owners of these companies leaves fewer places to hide, and raises the risk of detection and costs of attempting to subvert the process.

    See all posts in this series.


  8. Parliamentary votes during COVID-19

    Covid-19 has meant changes to how parliaments all round the world work, and this means that parliamentary monitoring sites like TheyWorkForYou need to consider how they should change to reflect this.

    We are attempting to represent MPs’ votes fairly in this unusual time during which voting is not necessarily available to, or easy for, every representative. We believe in the current situation most (if not all) have the possibility of casting proxy votes, but need to ensure additional information reflects where this was not the case. We are concerned about the concentration of votes held by party whips through the proxy vote system and believe in terms of simplicity, time taken and the health of MPs and staff, the remote voting system was a better approach for both MPs and their constituents.

    The old normal

    Westminster has one of the oldest parliamentary traditions in the world, and consequently has a large number of antiquated processes and procedures which are not efficient or inclusive by contemporary standards.

    MPs sitting practically on top of their colleagues in the House of Commons was not an unusual sight pre-COVID, as the chamber is not big enough to accommodate all 650 elected representatives at one time. PMQs were defined by heckling from the backbenches, voting required physically walking through a lobby (rather than the electronic voting of the Scottish Parliament) with almost no allowance for proxy or remote voting.

    This was the system of parliamentary governance at the start of 2020, with little reason to expect any changes. The plan to vacate Parliament to allow essential repairs and maintenance to the building would have provided an opportunity to experiment with different designs or practices. Instead the plan was to build a replica of the chamber and division lobbies as they already exist.

    Change is resisted with reference to tradition, but behind that is also the understanding that changing the physical space and practices of Parliament would have an impact on where power is distributed. The result is a slow rate of change, where reform (such as an independent panel to deal with bullying and harassment allegations against MPs) is resisted and hard-won.

    And then COVID struck, and everything changed, very fast.

    A digital revolution — and a roll back

    There have never been such rapid shifts in practice in the House of Commons as during the COVID-19 crisis.

    MPs were sent from Westminster back to their constituencies to work from home, like so many of their constituents. Parliamentary business migrated online. All of a sudden, remote electronic voting was the only way of registering a vote. This was revolutionary. The hard working folks at the Parliamentary Digital Service managed to tweak the existing online MemberHub system to enable this new electronic service, and it seems to have worked extremely well.

    But this huge digital step forward has now been rolled back. In early June, MPs were summoned to return to the parliamentary estate, regardless of their individual health considerations. This meant that many MPs who have underlying conditions and were advised to shield from the virus had the unenviable decision of whether to risk their lives and return to Westminster, or to remain at home and risk not being able to vote or represent their constituents effectively.

    The government was insistent that remote electronic voting would no longer be available as an option, and while there were later concessions in the form of widening the criteria for which MPs could have a proxy vote, there are likely to have been some that missed votes or could not participate during this period because they were unable to be present or arrange for a proxy in time. This is not just an issue for MPs who cannot be in parliament in person, MPs voting in person have to do so in a way that is more time consuming than the normal approach.

    Proxy voting is the wrong approach

    While the proxy voting scheme was initially expanded from parental leave to those who were in a ‘clinically extremely vulnerable’/‘clinically vulnerable’ category, this has now been expanded again. The current situation is that the proxy voting scheme covers MPs on parental leave, or with a medical or public health reason related to the pandemic. There is a table at the bottom of this post showing who could vote during which period.

    There is no requirement to “provide any detail specifying why you are unable to attend Westminster for medical or public health reasons related to the pandemic”, so in practice, all MPs should be able to designate a proxy to cast votes on their behalf. That said, not all have done so, and there is no requirement that an MP must designate a proxy if they cannot attend Westminster.

    This has also had the side-effect of expanding proxy votes to MPs with health problems who would not have been ineligible for them before (we have previously written in favour of proxy votes for MPs with long-term health problems).

    As of the 24th June, there were 169 MPs who had applied for proxy votes – that is just over a quarter of all MPs. three quarters of these have listed a party whip as a proxy. That many MPs have designated their whip as a proxy simplifies the administration of such a large number of proxies, but means that those MPs have less effective freedom to rebel on a case by case issue.

    While many MPs may never have chosen to exercise that freedom, this might create an expectation that the ‘norm’ is to pass the vote to the whip, and raise suspicions about MPs who might reasonably decide not to. The virtual voting system was ironically more traditional in preserving the idea that MPs (not whips) cast votes.

    In the past, we’ve contributed to a parliamentary inquiry supporting a more formalised system of proxy voting, not least because without a formal record, there is no data on how individual MPs have voted. Without data, we can’t publish accurate records that would give our users the context they need to understand the significance of a ‘no-show’ from their MP in a specific vote.

    But this position was working from the assumption that proxy voting would be accounting for at most a few dozen MPs. Accounting for large numbers of MPs raises new issues about how many proxy votes one MP should be able to exercise, and in general whether it is the appropriate solution for this situation. A remote voting system was a better solution to the problem at hand, that better protected not only the health of MPs and staff required to be present on the parliamentary estate, but the existing power relations of MPs and parties.

    Portraying MPs fairly

    Whether votes are through a proxy system, or whether they are not being recorded at all because an MP couldn’t make it into Parliament on health grounds, we want people to be able to fairly assess how and what their representatives are doing. Over the long term, we want to make sure that the special circumstances of these months are reflected.

    Here are our current plans on how voting records should reflect changing voting access:

    • We have added a box on the voting page to inform about the current situation, and that there were recent votes where some MPs were not able to participate. This is the same for all MPs, as proxy voting information is not complete and we cannot reflect which MPs may feel excluded from votes.
    • We have acted on a pre-existing plan to remove some of the comparisons we currently publish on metrics such as how many votes or debates they have participated in. This will remove the issue of MPs who are not physically present performing less well on these metrics.
    • In the long term, we will be exploring how individual votes where voting access was effectively restricted may be marked on the site, as well as exploring if other changes to the service are required.

    mySociety has worked with parliaments all over the world over the last 10 years, and we continue to consult on how procedures, information and systems can be digitised for better transparency, accountability and inclusion of the wider public.

    Given the changes and experiments going on in the wake of the COVID-19 crisis, we’re going to be blogging more about the effect on democratic practices, as we focus in on various aspects of our parliamentary system in the UK and how it might be modernised.



    Who could vote when?

    Period Remote voting Proxy voting In person voting
    11 May – 2 June Everyone Parental leave
    2 June – 4 June Parental leave Physically present
    5 June-9 June Parental leave, ‘clinically extremely vulnerable’, ‘clinically vulnerable’ Physically present
    10th June- Parental leave, medical or ‘public health reason related to the pandemic’ Physically present


    Image: First virtual PMQs and Ministerial statement on Coronavirus 22/04/2020 by UK Parliament

  9. Citizens assemblies are back, in handbook form

    Last year, mySociety worked as part of a consortium to deliver three local citizens’ assemblies in the UK. This was as part of the Innovation in Democracy Programme, which was a joint project between the Department for Digital, Culture, Media & Sport and the Ministry of Housing, Communities & Local Government. The goal was to trial new ways of involving citizens in local decision making. Alongside Involve, the Democratic Society and the RSA we investigated how digital tools and methods could be used as part of deliberative processes. 

    As one of the final parts of this programme, the RSA has published a handbook about what we learned, and case studies of each of the assemblies:

    The RSA have also blogged about the handbook.

    mySociety’s part in this project was primarily to investigate how best to use digital tools to complement an in-person citizens’ assembly. We published this as two sets of guidance:

    The first is a practical exploration into what materials are best to prepare and show on a website for a citizens’ assembly; the second looks at how tools can be used to bring evidence and external contributions into the debate, without diluting the representative nature of how participants were selected.  

    The handbook also describes an approach we helped with at the assembly in Test Valley. Discussions at pre-evidence sessions were recorded in argument maps for reference during the event. 

    This thinking has led into our work on the UK’s climate assembly helping proceedings, evidence and outputs to be transparent and available to everyone who is interested. 

    Since that project, for fairly obvious reasons, many organisations that previously focused on offline deliberation are now looking to pivot rapidly into how to run online deliberation. Involve has a good guide as to the range of tools and approaches that can be useful.

    We are continuing to research and think about how citizens can be more integral to decision making, and what the appropriate role of technology is in making this happen. You can subscribe to our research newsletter to hear more: 

  10. Digital technology and trust

    The House of Lords Select Committee on Democracy and Digital Technologies has released its report: Digital Technology and the Resurrection of Trust

    mySociety submitted written evidence last year, and our Head of Research, Dr Rebecca Rumbul, gave evidence in February 2020.

    The recommendations can be seen online, but we were pleased to see a point taken up from our friends at Democracy Club, that there should be more open data about elections, candidates and polling stations so focus can be on providing that information to citizens rather than sourcing it. 

    This recommendation in particular reflects mySociety thinking:

    Technology can play an important role in engaging people with democratic processes. Parliament and government, at all levels, should not seek to use technology simply to reduce costs, and must ensure that appropriate technology is used to enhance and enrich democratic engagement.

    Through our research and practical work in the last few years, we have been concerned with finding the appropriate place for technology in addressing problems. 

    Digital solutions have enormous potential to scale cheaply (and have powerful uses in democratic transparency), but also have uneven engagement and require different skill sets to manage. Where digital tools allow more efficiency, this should enable resources to be redirected towards improving the overall quality of the exercise. 

    As we argued last year when we were looking at digital tools and democratic participation:

    Where using a tool can bring down other costs, those funds can be redeployed towards outreach and other real world activities to broaden participation. The use of digital tools must be understood as part of the whole system, which involves gauging not just what the tool does, but the effort and time it can free up to address other priorities.

    The problem of citizens and communities being excluded from the political process will rarely be fixed by a digital tool alone, but when correctly aligned with democratic efforts to involve people in decision making,  they can be a powerful part of the solution. 

    Photo credit: Photo by Ciel Cheng on Unsplash