Unique Identifiers

Session 1: Infrastructure of Digital Economy

3:00 pm – 3:23 pm GMT

Nikiforos Panourgias (University of Leicester and Next Generation Fintech Project, University of Cork, Ireland) – Unique Identifiers

To watch the video on YouTube, click the ‘YouTube’ button above.

Transcript: –

Nikiforos Panourgias

Hi I’m Nikiforos Panourgias, I’m presenting some work that we did on the design and development of the legal entity identifier. I’ll explain a little bit what that’s all about. And this was part of a horizon 2020 project that was funded by the COFFERS, which stands for Combating Financial Fraud and Enabling Regulators. And it was a very small part of a kind of wider project about financial fraud, tax evasion, and so on. And you’ll see sort of what the connection is, as I go through the presentation. So just very quickly, just to give you an outline, what I’m going to be covering. So first of all, I just wanted to explain the sort of origins of this, this development of this identifier, out of the financial crisis of 2008, then the sort of establishment workings of what is now called the global legal entity identifier system, how sort of data quality became a kind of key issue in the development of this system. And finally, sort of in terms of finding how the participants in this regulatory initiative, particularly the sponsors of this identifier, how they managed to sort of define, measure and enforce the data quality criteria that they came up with, and how important really that was to the whole sort of regulatory initiative there. So first of all, just a sort of a bit of background information. We probably all remember this day 2008 when Lehman Brothers collapsed, you know, these were the kind of pictures that were on the newsreels. The very important thing here was that it identified, it brought to the surface sort of two important sort of blind spots in terms of regulation. The first was about how the regulators had an inability to see how legal entities, particularly the financial markets relate to one another. And this in turn prevented them from, First of all, being able to foresee any concentration of liabilities by subsidiaries, the consolidating entry might be accumulating. This is what did for Lehman Brothers, in effect, then, when that was realised, then it was very difficult to decide what action to take once the situation had arisen in terms of sort of contagion, among other market participants and what, whether they bailed out Lehman’s or didn’t, what the kind of consequences of that would be, because again, they couldn’t see the relationships between Lehman Brothers and other market participants. And finally, a very important point was resolving Lehman Brothers, a failing entity, that takes a huge amount of time. I remember it was sort of many, many years after 2008, that just the sort of UK subsidiary of Lehman Brothers was resolved. And that means people’s collateral trading positions, all those things were kind of frozen. So although people, you know, clients of Lehman Brothers would get eventually, their assets back, you know, those assets might be unavailable for a huge amount of time. And again, the difficulty there was to sort of see the relationships between Lehman Brothers, and, and whether entities that it has, you know, positions with what kind of counterparties or whether they were actually subsidiaries of Lehman brothers that were not visible. So even in the kind of resolution of a failed entity, the inability to see those linkages was very important. And this was sort of coupled with what was seen as an identity crisis. And this is where this idea of identifier becomes kind of quite important. So you can see here an example of a City National Bank in California. What you find is that you’ve had you’ve got another 14 banks with some version of City National Bank in the title, 147 banks with a variant of the name City National. You can see three different identifiers and many other proprietary identifiers are used for various purposes, for SWIFT for SEC, and various other purposes. And that was only in the United States. So you could see that it’s, it’s almost impossible to have a unique identity for any entity within the sort of financial system.

So the need that was exposed was the for a new market-wide and cross-jurisdictional identification standard for the uncontested and unambiguous identification of legal entities engaged in any kind of financial markets transactions across asset classes and across trading venues. And the solution that the G 20 regulators came up with, was to regulate accumulation of risk in financial markets through the monitoring of transactional data. And this is where we come to the point where, you know, the availability of huge quantities of data doesn’t in itself really solve the problem. The key prerequisites, in addition to the transactional data were an accurate and reliable identification of entities engaged in market activities, and the ability to trace their corporate relations. So very quickly, just to give you a kind of quick timeline here, the G 20 regulators initially got together in 2010. They then mandated the Financial Stability Board FSB, to convene an expert group to develop a framework for this global legal entity identifier, various ISO kind of endorsements and approvals were gained, and then eventually some of the sort of institutional structures were put in place, the LEI regulatory oversight committee in 2013, which is really sort of if you imagine it’s almost the board of directors of this kind of infrastructure. And then finally, the kind of executive branch of this was the Global Legal Entity Identifier foundation or GFLEIF, which in a sense, oversees the whole system, that the idea was would oversee the running of the whole system that was being put in place. And this is really what the identifier itself looks like. So, you can see the first four digits represent an identifier for the issuer. So, this is the entity that actually issues the identifier to the entity seeking at identification, some reserved characters, then some characters which are allocated in a way that doesn’t give away any embedded intelligence, and finally, some validation characters, the last couple of characters there, so, the key here that was important was no embedded intelligence in the actual number itself. And all kind of reference data associated to the entity would need to be recorded in separate reference fields and in a separate data set which would be linkable to these identifiers. And the kind of institutional structure around identifier as I said was, at the centre of it is the regulatory oversight committee initially, was the regulators from the G20. But gradually all the kind of jurisdictions that have been caught that have mandated the use of LEI have sort of joined this regulatory oversight committee, then there is the Global Legal Entity Foundation, which kind of monitors quality controls and runs the whole infrastructure. And finally, the LOUs, these are the sort of entities that actually issued the numbers to the applicants who are trying to get these numbers. So, in terms of broad ecosystem, and how it works, what you can see is the LEIs are issued by a local operating unit, LOU for a fee that is determined by that particular LOU. The LOU issue and manage the LEIs on behalf of the entity seeking the LEI and that is done on a kind of cost recovery basis which is audited and set out by the GLEIF and the LOUs for these supply registration renewal and other services and act as the primary interface for the registrants needing LEIs with LEI system. And initially the data that was the reference data that was included would be what was called level one data that is the WHO IS WHO kind of data, legal name, legal form, PLC Ltd or so on previous legal names, address, date of next certification and so on. And at a later date that was initially going to be made 2017 reference data would be expanded to include things like who owns whom, in terms of ultimate and immediate ownership. And finally, the LEIs, must be kept up to date in terms of changes to any of these fields, particularly addresses, phone numbers, and so on. And any corporate actions that result in a change in LEI details. In terms of the issuing process, so LEI applicant would actually sort of use a self-registration type of data entry to request an LEI number, they would then provide as accurately as possible the data for their legal entity, the reference data, that would then be submitted to an LOU. And the LOU would then check the data against the local authoritative source. And once that was kind of cross referenced would issue a compliant LEI to the initial applicants. And then that would be used in terms of reporting or the various mandated transactions that need that, that number to be undertaken. Very important, in terms of the kind of initial kind of attempts to regulate the quality of the data was the challenge function. So this was really a way kind of using a kind of crowdsourcing approach a little bit to the data quality, by actually creating a function where say, I might be a Counterparty, say, in a commodities transaction, on a particular exchange, I don’t know with the Mongolian thing by logging company, I might note that their phone number has changed or the fax is wrong, or they’ve moved address and the old addresses is in there. So I would actually go on to the GLEIF website, I would put in the challenge, I would attach any kind of evidence to support that challenge, that would then go back to the issuer of that particular LEI number, which would then check both with the legal entity that had applied for the identifier for the number plus with an alternative authoritative source from the initial one that was used. And once again, that data was cross referenced, they would either update the LEI record or they would actually throw out the challenge. In terms of the level two data, the initial intention in 2012 was to include the ultimate owner data of the trading entity, but because of the very wide range of patterns of share ownership, ownership, which may not be the same as control, subsidiaries, which may be established as non corporate legal structures without shareholders, entities can also be linked by other relationships, financial relationships, secured unsecured loans, cash, security, deposits, guarantees and so on, it actually became a very thorny issue and it became very difficult for the infrastructure sponsors to kind of resolve this issue. Eventually, in 2015, it was announced that entities would report their ultimate accounting, consolidating parent, and that and the sort of accounting vision of who owns who would mean that basically any entity that owns 51% of another entity would be considered to be a parent of that entity. So eventually, the level two data will include ultimate and immediate ownership and as well as ultimate parents of an entity, and the first partial set of Level Two LEI data with ownership details, was released in May 2017. And eventually, a beta version of that became available, the first quarter of 2019. And in theory, it should allow anyone including regulators to be able to see a picture of a legal entity in terms of you know, the ultimate parents but also the kind of children of that entity that’s in terms of subsidiaries.

So in terms of the uses, most of these were mandated through regulation. In Europe, it was primarily through regulations such as EMEA and AFMD, method two and so on. it is being considered to use instead of the gene identifier for FATCA. In in the US and also for FATFA, and though ECB has also suggested some uses for the automatic exchange of tax information as well. So, what you’ve got is mandated use for market surveillance and, and the market integrity in terms of reporting of transactions, to derivatives regulators reporting transactions to security regulators, central to transactions, the central bank’s transactions to insurance regulators, and transactions to the pension fund regulators. So this really means that any transaction that takes place in these markets needs a number, an LEI number, otherwise you won’t be able to trade. So these numbers need to be in order kind of reporting stages to the regulators for these kind of types of instruments. Other proposed uses have been for balance of payments reporting for anti money laundering regulation, combating the financing of terrorism regulations, sanctions. Also, the BIS has come up with a suggestion for using this and correspondent banking, as I said, the automatic exchange of information for tax reporting, but also things like provisioning statistics or market research, collateral management by central banks and public procurement through programmes such as PayPal, and so on.

So from the point of view of the sponsors, the key benefits, obviously, for their own purposes was, improved risk management at the systemic level, better assessment of micro and macro prudential risk, and the facilitation of orderly resolution along the lines of the example with Lehman Brothers. But they also foresaw benefits for the users in terms of lowering Counterparty and operational risk for them as commercial entities, the reduction of manual entry of transaction data, the facilitating straight through processing and recording of recording and maintenance of transactions, and also to cut the cost and improve the quality of customer onboarding. But as with a lot of things, you know, the way one participant in a particular system says it doesn’t correspond with the way another participant might see it. So in terms of other participants, while the regulators were, you know, very happy to have this infrastructure, the commercial actors for various reasons were less enthusiastic. There were issues about who should be responsible to carry the cost for the validation and maintenance of the data? How much time is allowed to refresh the LEI data? What are the kind of consequences or punishments in case of inaccurate data and intermediary fears, particularly where we were talking about banks where they might have to actually obtain an LEI on behalf of their clients, and then enable their clients to use that in terms of trading. They were fears that it would be a way of providing a licence to trade and that they would be responsible, for someone trading who they couldn’t vouch for.

Anindya Chakrabarti

You have five minutes from now.

Nikiforos Panourgias

Yes, thank you. And then significant adoption costs and change in terms of changing the legacy information systems, particularly the users into dependence between systems and must use LEIs and others that do not. And very often costly mapping between existing internal identifiers and the LEI system as well. In terms of the research, what we did was the theoretical motivation was very much around this idea of infrastructures that connect people and things to time and space, spanning organisational and disciplinary boundaries, and affording new ways of collaborating and generating possibilities for action. So what you find from theories, that infrastructure embodied in act very many different rationalities for a range of stakeholders. And it’s important to understand how the different rationalities involved in the establishment of the GLEIS. But how did they coalesce but also collide or clash in the process? So our key research question in this case was what were the key competing rationalities? logics found in the, in the global legal identifier system, and how were they reconciled in order to arrive at a working data driven regulatory infrastructure. So in terms of the research, we collected documentation, we did a number of interviews, participant observation, I can go into details of the discussion. These were then coded in order so we could identify kind of one of the top controversies. And then we sort of focused in on that in the interviews in the second round of interviews. And the controversy, really, that we identified that was key to the kind of future of the infrastructure was this idea, controversy around the quality of data. So there were perceptions of a lack of data quality. And these were seen as contributing to a lack of enthusiasm for wider use beyond the mandated uses lack of incentives for data owners to maintain the validity of their data, possible undermining of the effectiveness of regulatory action because of these reasons. And just to sort of show visually, you know, these are the sort of key kind of stakeholder groups, key participant groups. And as you can see, they all had sort of different perspectives on how what data quality was and how it could be ensured. The key presumptions by the sponsors was the entity identification, data quality is a non issue. So this is what people from the rock were telling us, quality was assumed to be already high. Entities themselves would have a strong interest to maintain their identification data updated for that business purposes and their own benefits. And existing commercial and business registry data was not problematic and was of high quality. Also, the owners of entity identification data can be compelled by regulators to maintain the quality just through mandating so there’s a great deal of faith put in mandating. So none of these we found from our research was a given. What we found was that they needed to be able to meet the need for the quality of the LEI data to be inter subjectively assured. And the client initiated what they call the total quality mandate and management programme. Key elements of the strategy was to provide a definition of data quality and methodologies and processes for measuring monitoring and improving the data on the side of the LOUs, control tightly the performance of the LOUs through highly prescriptive Master Agreement and service level agreements. And the key kind of quality criteria were openness, reliability trust.

And these were put into a number of quality criteria, you can see all these quality criteria here. And these would then be sort of broken into you know, more than 200 something quality measurements for each of these categories. So the strategy was an obligation to maintain high quality data is to be enforced not on the owners of the data, the entities seeking identification, but on the registration providers the LOUs, which were bound by agreements with the GLEIF, establish a public visible performance ranking for LOUs based on the quality criteria, leverage the revenue dependency of the LOUs on their ability to issue numbers and their need for accreditation by GLEIF. And finally, increase the attractiveness of LEI registration to incorporating LEIs in other reporting and operational platforms. And this is sort of one of the kind of reports on the data quality from the LOUs. In conclusion, ensuring high quality data is associated with identifier is a crucial part of establishing a data driven regulatory infrastructure. Definitions and assessment of data quality is a highly situated techno-institutional process which is inter subjective rather than Objective needing to incorporate the logics and rationales of all the key participants. Mandating use is not enough in itself to get adoption and bind beyond the tick box use. It’s important to develop a process for giving value to the data that is derived from basic business data. It’s important to ensure the value/benefits and costs of establishing data quality are shared equitably across the participant groups. And finally, very important to link LEIs or any kind of identifier with other information or infrastructures in finance beyond is a good way to expand the value of identifier and reduce adoption costs.

Thank you very much. for your attention. I’m happy to take any comments or questions.

Anindya Chakrabarti

Thanks, Niki. It was actually a very interesting talk and very important work as well. There is one question from a racing seaman. can you see in the chat box?

Nikiforos Panourgias

So, shall I start from the, from when we consider relationships between entities, does it consider international entities, individuals and non individual entities? So, yes, this is international in all the jurisdictions where this has been mandated, obviously, the mandating is within the jurisdiction where the trading is taking place. So for example, I mentioned the Mongolian timber company, that is a company we did come across, in terms of needing an LEI to trade, say, on the Chicago Mercantile Exchange or some of the kind of commodities exchanges. So you know, anyone who wants to trade in the EU in the North America, and many of the other countries that have mandated the use would need a legal entity identifier number, that is, but it’s purely for legal entities, not for individuals. So it’s, and this is basically where the sort of level data kind of eventually at the parent level comes up against, you know, the point where you have the beneficial owners of the ultimate parent owning a particular kind of group of companies. And then at that point, you don’t really see who those owners are anymore. So yes, it wouldn’t be relevant to individuals. So many times ownership might be increased by using leverage, how do we consider the level two relationships? So as I said that the ownership is purely in terms of owning 51% of the subsidiary. So it’s a purely kind of the accounting view of ownership. So if you’re 49%, you no longer have to declare yourself as a parent, if you’re 51, you have to declare yourself as a parent. And again, that probably doesn’t give you an ultimately a very accurate picture for what the regulator’s are trying to do.

Anindya Chakrabarti

Sheri also has a question, can we take that up?

Sheri Markose

Okay, Niki, Niki, that was very excellent, comprehensive talk. Let me just ask you, you know, this, whole business of getting legal entity identifiers, you said, started with the financial crisis in 14 entities with the same name, and they didn’t know, who was the entity in question that they owed money and so on. So, you know, from 2008 to 2019, you know, the last time I looked at it, the whole process seems to be over engineered. In other words, you know, you talk about the perfect being the enemy of the good. So, to what extent, you know, we’ve taken over a decade or so, how much is it in place at this moment in time? And how much is it self enforcing, because there is no way in which we could sort of enforce it at a global level, those entities like the Mongolian timber company wanting to trade on the mercantile exchange with them, you know, choose to get this legal entity identifier. So I want you to sort of tell us, you have said that sort of unsatisfactory meaning in some ways. I thought it was overly ambitious and over engineered when I last looked at it, so Can you throw some light on that?

Nikiforos Panourgias

Yes, I mean I think that definitely is, is something on what you’re saying. But I think at the same time, you know, to be, you know, to give the other side of the picture, I think, you know, trying to do such an endeavour is a massive endeavour. And I think, you know, the inability to have an early warning system is a real challenge, you know, to regulators. But, you know, I definitely think the over engineering is an issue. And in essence, you could understand over engineering, if it then gave you a very accurate picture of ownership. But my feeling is, is that the level two data doesn’t really ultimately give the regulator’s exactly the tool that they were hoping to develop. But I know at the same time that you know, in a sense, it’s, it’s a work in progress, and I think it’s sort of something that as long as I’m guessing, as long as they can fence off the sort of really important bits of the global system that matter, you know, and that I, you know, account for the majority of the liquidity that is protected, that would probably satisfy a lot of the kind of initial originators of the idea of the legal entity identifier. So in a sense, when you say, Well, you know, you know, certainly covering these particular markets, you know, they’ll come up and say, Well, you know, that’s 85% of global liquidity. So, you know, we can afford to not care so much about, you know, the rest of the 15% or 20%, or whatever. But I think, you know, there is a move to sort of spread it into many other infrastructures. So I think they were working on basically using it, as the identification infrastructure for all federal uses in the US, for any kind of federal use of, you know, for any identification to do with the federal authorities. So I think, you know, it will take a long time, I think it won’t necessarily deliver all the benefits that, that were argued for, but I think, I doubt it will also go away, you know, as it’s getting more and more embedded, which is probably not answering really, what you’re asking me, but that’s the sort of best I can offer at the moment. But I do agree with what you’re saying, you know, there is an element of over engineering, but I wouldn’t underestimate the task, you know, of trying to do so. So, you know, even just seeing how difficult it was getting the level one data and getting that accurate, you know, is very, very difficult. You know, it’s very, very difficult. You think, you know, it’s just like business card information, how difficult can that be? It is very difficult when you’re trying to sort of get to a, you know, as close to 100% data quality as possible, you know, without duplicates, without all these kinds of things.

Sheri Markose

Thank you