Using reliable identifiers for corporate vehicles in beneficial ownership data

A reliable identifier is a number or reference code which is unique, stays the same over time and can be used to check the existence of a particular corporate vehicle, such as a company or trust. Having such an identifier available and present in multiple datasets is the best way to be certain that the same entity is being referred to, and to link together a range of information about the entity and its activities.

The availability of reliable identifiers for companies and other corporate vehicles in beneficial ownership (BO) datasets is crucial for connecting them with other information, for example, in company filings, licensing information, procurement disclosures, revenue reports, sanctions and politically exposed persons (PEPs) data.

The 2023 EITI Standard introduces new provisions under Requirements 2.3 and 2.5 for countries to link BO data with disclosures on PEPs, stock exchange filings and licence registers. This technical guidance will help implementers and multi-stakeholder groups understand how reliable identifiers facilitate the connection of such datasets.

Collecting and publishing information about how companies and other corporate vehicles are owned and controlled can serve many purposes. In all cases, clarity about the identity of the corporate vehicles is paramount.

BO information can be meaningful and useful in itself, but most often it will need to be brought together with information from other sources to achieve intended policy outcomes. For example, when determining eligibility for licensing or procurement processes, information from relevant corporate registries will need to be accessed and sanctions lists checked, alongside BO data. Alternatively, in instances when it is necessary to understand the major shareholders in an entity which is part of a large corporate network, the public filings of related entities will need to be examined alongside ownership data. Bringing company information together from various registers that contain basic BO information about companies and other corporate vehicles is also a critical part of verifying submitted details.

Relying simply on the name of an entity in any of these cases could lead to a false impression. It is common for different entities within the same corporate network to have similar names: for example, “BP America Inc” and “BP America Holdings Ltd”. Rebrands, mergers and partnership formations can also complicate the identification of corporate vehicles by name only. The misspelling, abbreviation or imitation of a company name, whether done accidentally or intentionally for fraudulent purposes, can also be misleading. This challenge of determining the true identity of an entity and finding information about it from different sources is well known. It has led to a proliferation of service providers and processing technologies around entity resolution promising to find matches in data and reduce duplication.

This challenge can be tackled at the root by registrars collecting and using unique, persistent and recognisable identifiers for entities in BO and company registers. When reliable identifiers, such as company registration numbers, appear in data sources, users can rely less upon the third-party data processors or technology providers whose role is to clarify the identity of business entities.

An important question for those working on BO registers and those using the data they provide is, therefore, how to judge the reliability of company identifiers.

In its efforts to set international standards for beneficial ownership transparency (BOT) and combat money-laundering, the Financial Action Task Force (FATF), requires the use of “high integrity identifiers” for companies, i.e. identifiers deemed to be reliable:

“Tax identification number (TIN) is a common unique identifier, which may be used by countries. Countries may choose to use other high integrity identifiers with an equivalent level of identification instead of TIN to identify a particular legal person. Non exhaustive examples of a unique identifier could be a VAT identification number, an income tax registration number, a national (company) register number or Legal Entity Identifier (LEI).”

What these identifiers have in common is that they are (or should be) unique, persistent and resolvable. Below, a breakdown of each of these terms is provided

Unique

As discussed above, a company name in a register may not be unique (and may be shortened, misstated or ambiguous). A reliable company identifier is unique to that company, within the given identifier scheme, and the company only has one identifier within that scheme. For example, CNC Engineering Company Limited has the identifier “RC-671630” within Nigeria’s Corporate Affairs Commission (CAC) company register. No other company has that identifier, and the company has no other identifier within that register.

Persistent

Still, registration numbers such as “RC-671630” issued by the CAC may not be reliably used if they are not issued permanently. For example, if companies had to re-register with the CAC every two years and were issued a new registration number each time, then the registration numbers will no longer be unique. CNC Engineering Company would have multiple registration numbers, only one of which was current.

A reliable company identifier should persist over time. “RC-671630” should be the only identifier referencing CNC Engineering Company historically and into the future, even if the company is dissolved. The historical dealings of a company may at some point need to be investigated. The need to check a company’s identity and details does not disappear with a company’s dissolution, acquisition or merger. For this reason, an identifier scheme can only be deemed reliable if company identifiers are retained as references to a single entity; are not deleted; and are not, under any circumstances, reissued to a different entity.

Resolvable

The final property that makes a company identifier reliable is that there is a mechanism for using it to check that the related company exists. If a French company were to report to French authorities that it was in a joint venture with CNC Engineering Company (i.e. “RC-671630”), the identifier is only useful if it can be used to track down and verify information related to CNC Engineering Company. This requires: firstly, that the CAC is disclosed as the issuing authority of the identifier; and, secondly, that the identifier can then be checked against CAC records. Fortunately, the CAC has a public search facility on its website that can be used to check whether a company is indeed registered and active.

The use of a company’s identifier to obtain reliable and useful information about the company is often a process that can be automated by software systems. This relies on company registers or identifier schemes providing an application programming interface (API) to facilitate access to company information by interested parties.

Jurisdictions across the world allow the formation and legal recognition of companies and other corporate vehicles. The administration of these registration processes and the regulation of company activities by state authorities has required unambiguous identification of entities by those authorities. In many jurisdictions, this has led to the issuing of a reference code or number to an entity at the point of legal registration. Within the scope of the issuing authority, this has acted as a reliable identifier: being unique, persistent and (amongst relevant state actors) resolvable. The CAC issuing CNC Engineering Company the reference number “RC-671630” is an instance of this.

Being so closely related to the legal incorporation of a company or other corporate vehicle within a jurisdiction, such identifiers are recognised as authoritative. If an entity declares that it has such an identifier, it is declaring that it is legally recognised by the given jurisdiction. The identifier can therefore prove valuable for uses beyond its initial administrative purpose. That is, as long as the issuing authority (company registrar, tax and revenue ministry or other regulator) can guarantee that the identifiers they issue and maintain are unique, persistent and (for all interested parties) resolvable. In that case, actors outside government can rely on the identifiers for general business and transparency purposes.

Indonesia and Norway are examples of EITI countries where such an approach has been taken when it comes to connecting company registers with licence registers. Norway uses reliable company identifiers from its Brønnøysundregistrene company register alongside identifiers issued by the Norwegian Petroleum Directorate on its public licence register. Indonesia simplified its licensing process in 2018 by adding a single sign-on submission where companies have to register. As part of this new Government Regulation 24, Indonesia unified the company ID numbers through the “Business Identification Number”.

However, it must be clear to those who come across an entity identifier which registration authority has issued it, and how they can check whether it is a valid identifier. The uniqueness of an identifier can only be guaranteed within a given scope. The identifier “RC-671630” may have been issued to CNC Engineering Company, but an identical identifier may have been given to a registered charity in South Africa. In order for “RC-671630” to be useful, it has to be clear that it was issued in Nigeria. Even then, there are multiple issuing authorities in Nigeria, and it may be the case that a single authority will register different kinds of entities and manage multiple identifier schemes (for example, entities formed domestically as well as foreign-registered entities). A company identifier like “RC-671630” is only useful when it is clear as to which identifier scheme it comes from.

As with company names, the names of issuing authorities or identifier schemes can prove challenging to resolve. For this reason, projects such as org-id.guide and the Authoritative Legal Entity Identifier (ALEI) issue prefixes to identify company registers and identifier schemes. So, CNC Engineering Company has a globally unique identifier of “NG.CR:671630” under the ALEI, or “NG-CAC-RC-671630” under org-id.guide.

Once it is clear which register has issued the entity identifier, it will be necessary to check that it is valid within that register. In the digital age, this can be facilitated by register websites providing publicly searchable databases of companies and APIs to automatically check and verify data. Where APIs are developed, they should be well documented and maintained. One way of ensuring that users of identifiers know how to validate them is to provide up-to-date information about identifier schemes to org-id.guide.

By providing this kind of access, company registration authorities can comply with the FATF guidance that: “[basic information on companies] held by the company registry should be made publicly available”.

Disclosing information about beneficial owners may include identifying a partner company, a parent company or other intermediary corporate vehicles. When these are domestic entities, the expected identifier and its format is known, and BO declaration forms and data management systems can be designed accordingly. However, provisions should also be made for data collection and storage of identifiers for foreign entities, for example, in cases where entities with a sufficient link to a jurisdiction must disclose their beneficial ownership. As described above, this must include unambiguous information about the issuing authority of the identifier.

Supporting accurate identification of foreign entities can begin by considering the identifier schemes of the foreign jurisdictions with the most domestic involvement. There may be multiple identifier schemes within a single jurisdiction. For example, limited companies, partnerships and trusts may be registered by different authorities in a given country.

By allowing validation of their domestic identifiers via an API, registration authorities will support other countries’ efforts towards BOT.

Entity identifiers are not only produced by jurisdictional registers. There are well-used international identifier schemes, such as the Legal Entity Identifier (LEI), which produce reliable identifiers for corporate vehicles. There are also government agencies which produce their own identifiers for entities which can be reliably used; for example, a TIN is often a reliable entity identifier.

This leads to an issue which can undermine efforts to join different data sources by using common entity identifiers: the same entity may be represented in different datasets by different identifiers. For example, automatic joining of data on company name and company identifier would not pick up that these two records represent the same entity:

For this reason, when designing forms and data management systems for information disclosed about companies, it is important to require disclosure of all highly reliable identifiers. This way, all identifiers should be published as part of any data-sharing. In the above instance, even if one of the datasets had done so, the records could have been merged:

When collecting company information, as a minimum, an authoritative registration identifier as well as an LEI held by an entity (where it exists) should be disclosed. It may be appropriate to request a TIN as well, for example, if revenue and tax filings are to be brought together with the BO data. For completeness, disclosure of identifiers from proprietary schemes, such as Dun & Bradstreet’s DUNS numbers, may also be required. However, since such identifiers are not authoritative and they are not resolvable to those users of the data who do not have access to these proprietary schemes, they should not be relied upon as a primary identifier.

When sharing and exchanging BO data, Open Ownership’s Beneficial Ownership Data Standard supports the use of multiple identifiers. The information above would be formatted in the following manner:

[…]

"name": "ENQUEST PETROLEUM PRODUCTION MALAYSIA LTD",

  "identifiers": [

               {

               "scheme": "GB-COH",

               "id": "08497369"

               },

               {

               "scheme": "XI-LEI",

               "id": "213800DC5XWV3NHP2962"

               }

  ]

  […]
 

The inclusion of reliable identifiers for corporate vehicles in BO datasets is crucial for referring accurately and consistently to companies and other corporate vehicles. Collecting and publishing these identifiers unlocks the value of BO information by forging links to a variety of domestic and foreign datasets: for example, extractive licence registers, stock exchange filings and revenue information.

Reliable identifiers are unique, persistent and resolvable. Their use should be accompanied by information about the authority which created the identifier to explain its provenance and support validation.

Company registers and similar authorities which create reliable identifiers that gain general currency should provide web search facilities and documented APIs to support the validating of entity identifiers.