Effective access to beneficial ownership information
Overview
Governments implement beneficial ownership transparency (BOT) reforms for a range of reasons, from hindering the misuse of companies and trusts as well as tackling crime, to creating an enabling business environment, and improving public financial management. To ensure these reforms meet their objectives, a range of implementation design decisions need to be made. Among these are decisions about why beneficial ownership (BO) information should be accessible, by whom, and in what way. The combination of these decisions, the rules, laws, and systems that enable access to BO information – the access regime – will have a bearing on the effectiveness of the BOT regime, and should be given due consideration.
Who should have access to BO information and how to balance this with privacy has been the subject of much debate. Ultimately, implementing governments should ensure users relevant to their policy objectives have access to usable information, and that the access regime strikes a balance between access and privacy. Where this balance lies and the right approach are specific to the legal and policy context. This is key to ensuring implementation is effective, responsible, and sustainable. This means the reforms meet user needs; respect rights, minimise risks of abuse, and ensure accountability; and are robust and able to withstand potential legal challenges.
Implementing agencies should consider their contexts by:
- Clarifying the objectives of the reforms
This will define the parameters of an access regime. This can range from being specific, such as antimoney laundering (AML), to the functioning of democracy, with financial transparency as a constitutional value that mandates broad access.
- Considering relevant legal frameworks and international standards
In most contexts, BO information will constitute personal data and may be subject to privacy and data protection legislation. Other frameworks and standards may mandate access for certain user groups.
- Identifying all relevant users and understanding their needs
Considering all relevant users, including foreign users, and engaging them through user research will help the design of systems which are both useful and privacy-sensitive, by embedding necessity and proportionality. A continued and up-to-date understanding of how information needs to be accessed by various actors can also help refine and improve access regimes at later stages.
On this foundation, different layers of access can be designed. Layers co-exist in an access regime, and are defined by:
- Who can access them for what purpose
Layers of access are either publicly accessible or limited to specific users or groups. The latter may involve a process for authenticating permissions where necessary, such as demonstrating a legitimate interest, which should not be unduly burdensome.
- Usability features
These features relate to the scope of information, specific content, and how the information can be delivered and searched.
- Appropriate safeguards
This can include maintaining access and audit logs to prevent and detect misuse, including by government users, and terms of use. All access regimes should include a protection regime which can provide for exemptions in circumstances where someone is exposed to disproportionate risks, and ensure this system is not abused.
While maintaining an access layer for the general public (e.g. through a basic portal) will itself not be sufficient to guarantee impact, as it may not meet sufficient user needs, such a layer may be prudent and desirable as part of a multi-layered system that seeks to maximise impact. [1] The frictions associated with more restricted access layers and the risk of omitting relevant users from an access regime do not apply to public access. Implementing agencies should avoid being overly cautious and defaulting to a de-risking approach when it comes to privacy, resulting in excessively restrictive access regimes. Similarly, complex access systems that differ across jurisdictions may also be a source of friction for data users, and jurisdictions should consider aligning access regimes where possible.
Ultimately, governments should strive for approaches that put the principles of usability and responsibility at their core in order to create systems that are enduring, accountable, and impactful.
Footnotes
[1] To illustrate, most of the case studies and research referenced in this briefing focus on jurisdictions where information is or was publicly available. Therefore, many of the case studies are in Europe, and the examples lack global regional representation. Nevertheless, the lessons drawn from these examples are globally applicable.