Yesterday I got a Scout alert, notifying me of a proposed rule change by the Federal Energy Regulatory Commission (FERC) in how electric utilities report their prices. The major rule change isn't of major concern to me, but it did include a passage that I found interesting:

However, DUNS numbers have proven to be an imprecise identification system, as entities may have multiple DUNS numbers, only one DUNS number, or no DUNS number at all. The Commission has considered various alternatives to the use of DUNS numbers, but finds none of the suggested approaches would provide a viable replacement. Accordingly, the Commission will continue to rely on the insertion of customer company names in the free-form fields, Field Numbers 16 and 48. In this regard, however, the Commission finds reasonable Entergy’s suggestion to require reporting of the name of the entity exactly as it appears on the reported contract, in both the contract and transaction sections.

The Commission's comments clearly summarize why the government's reliance on DUNS numbers for entity identification is problematic. This comes in the wake of a GAO report that came to very similar conclusions but explored the problems with DUNS numbers from a federal spending perspective. The GAO report also discussed the problems with the restrictions on the reuse of DUNS numbers, as well as their considerable expense ($154 million over three years).

Most notably though, the Commission notes the lack of a feasible alternative. It's true that an ideal alternative might not be available quite yet, but matching based on name alone is one of the least reliable ways of crosswalking company data. At the very least, the commission could require that the entity's home jurisdiction of incorporation (usually a state) and related number be reported. This would allow the data to be linked to company data in OpenCorporates or to the state registries.

Thankfully, more and more agencies and organizations are realizing the far reaching consequences of not having a reliable and unique entity identifier. We even saw a provision in the House version of the DATA act that required the use of non-proprietary identifiers for recipients in federal spending data. Unfortunately, this provision has not made it to the Senate version. We hope that this provision makes it into the final version of the DATA Act, spurring some movement forward on an issue that underpins so many areas of our concern here at Sunlight.

We've written about unique corporate identifiers on this blog with relative frequency over the past year. We even built a microsite to explain that this seemingly mundane bookkeeping detail actually has big implications for government transparency. Tracking entities uniquely in federal spending data, campaign contributions and lobbying data is very difficult right now. The federal government relies on DUNS numbers, which are not only expensive, but are also restricted in their use because of their proprietary nature.

This week, I attended a meeting for the Financial Stability Board's (FSB) Global Legal Entity Identifier initiative. The initiative has the backing of the G20 countries, all of which have already endorsed the FSB's 35 recommendations and 15 high level principles. The recommendations and principles contain many elements we at Sunlight are particularly thrilled to see:

Recommendation 5:

SYSTEM FLEXIBILITY Flexibility must be built into the global LEI system to provide the capability for the system to expand, evolve and adapt to accommodate innovations in financial markets. It must also allow the seamless introduction of new participants. To these ends, critical software and other relevant elements must be defined and made publicly available without any licensing, intellectual property or similar restrictions under open source principles. The LEI should be portable within the global LEI system.

Recommendation 12:

LEI REFERENCE DATA ON OWNERSHIP The FSB LEI Implementation Group should as soon as possible develop proposals for additional reference data on the direct and ultimate parent(s) of legal entities and relationship or ownership data more generally and to prepare recommendations by the end of 2012. The group should work closely with private sector experts in developing the proposals.

Recommendation 31:

LEI INTELLECTUAL PROPERTY The LEI Implementation Group should conduct analysis and provide recommendations on the treatment of the “LEI” intellectual property (such as the LEI code, software, reference data, anhttp://www.irs.gov/businesses/corporations/article/0,,id=236667,00.htmly other LEI data, operational protocols, etc) according to the principles of open access and the nature of the LEI system as a public good. The objective of this analysis shall be to ensure a regime that assures the availability in the public domain, without limit on use or redistribution, of LEI data, reference data, and processes. Any intellectual property rights should be held by, or licensed to the global LEI foundation unless defined otherwise by the Regulatory Oversight Committee. Copyright should be used to the extent possible to promote the free flow or combination of information from disparate sources.

The dedication to preventing vendor lock-in and the definition of the LEI as a public good is a huge step towards achieving a long term solution for this problem. And while the implementation is still not solidified, the FSB has nailed some of the core principles.

The motivation for a highly reliable LEI stems mostly from the need for international financial stability, and as such, financial institutions are specifically targeted with this initiative. The meeting I attended had a majority representation from financial regulators, investment banks, and related contractors. However, there was also strong representation from academia, NGOs, and foundations, especially those working in the prevention of international money laundering. Even though the financial sector is the main audience right now, there's a general acknowledgement that the global LEI will have further reaching applications than the board can initially anticipate. Because of this, they are soliciting diverse participation to make it as useful as possible to the greatest amount of people.

It was great to see that there are hundreds of people who are thinking about this problem from different perspectives and are committed to devising a system that will comprehensively address it. It may still take many years for the global LEI to become truly ubiquitous, but the foundation being built right now is a great start.

This week, the Open Government Partnership (OGP) will convene its first annual meeting in Brasilia. The OGP is a coalition of member countries that have made documented commitments to making their government more open and accountable (you can find a list of country specific commitments here). The OGP has five grand challenges, one of which is increased corporate accountability. This is a subject near and dear to our heart, particularly as it relates to those corporations that have interactions with the government, such as with contracting or campaign finance. Today, OpenCorporates releases a new report that surveys the availability of open corporate data in the participating OGP countries (including the U.S.). The results? The Czech Republic and Albania are killing us!

The report ranked the OGP countries in four main areas: Basic online data availability at no cost or registration, an open license, bulk data availability, and the depth of data available. In the U.S., this data is generally available at the state level. It's surprising how many states don't think this information should be publicly available at no cost. If you're asking why this data should be available, check out this World Bank report on how the ability of corporate structures to shield ownership facilitates corruption. Or read this news story on how one family used multiple shell corporations to get around the political giving limits. You could also peruse this report by members of the Federal Reserve Board on how opaque corporate hierarchies make it very difficult to evaluate the financial risk in a global market. Obscuring corporate relationships and ownership structures make it even harder to predict the kind of domino effect we witnessed in the recent financial crisis.

It's great the OGP picked increased corporate accountability as one of its five challenges, but as you can see from the graphic below, most OGP countries aren't living up to the ideal. The U.S. is being surpassed by the Czech Republic, Albania and the Slovak Republic (and in a couple of months, the UK). No offense is meant to those countries, but the longstanding democratic government of the U.S. should be in a better position than this.

One step we can take in the U.S. is to start collecting more corporate ownership information than we currently do. Right now there's a bill in both the House and Senate that would take concrete steps towards solving this problem. Write or call your representatives and ask them to support S.1483 or H.R.3416.

Disclosure: Kaitlin is on the OpenCorporates advisory board

Back in May, Roll Call ran a story on how one family, through various subsidiaries of their family business, donated $60,000 to Congressman Don Young's legal defense fund. The normal limit is $5,000, but using twelve corporate entities, they were able to legally donate $60,000. Yesterday, the House Ethics Committee concluded that Rep. Young had not violated the letter of the law, since the contributions came from twelve distinct entities. However, they did revise the regulation going forward:

However, the Committee is concerned that the identical ownership of the twelve entities challenges the principles of the contribution limits of the 1996 LEF Regulations. To that end, the Committee has simultaneously adopted revised LEF Regulations that, among other changes and clarifications, attributes contributions by certain types of entities, such as LLCs, to the owners of those entities. The revised LEF Regulations will take effect on January 1, 2012, and will apply to all existing legal expense funds and all legal expense funds approved by the Committee in the future.

According to the initial story, the reporter was able to piece together the ownership from comparing the addresses of these companies. In some cases they were the same, in others they were just nearby. This kind of process could be automated and flag contributions for human review, IF we had a reliable system for legal identifiers and corporate ownership information. I wonder how possible it will be to enforce this new rule very widely, without this kind of information.

For more information on (the lack of) corporate identifiers and the implications, check out Six Degrees of Corporations, or a guest post by the founder of OpenCorporates.

In November, Rep. Lankford (OK) introduced the Grant Reform and New Transparency (GRANT) Act of 2011. The bill requires that all grant proposals and applications, in their entirety, be posted online, available as bulk data, and fully searchable.

Awesome!

It's up in the air whether the website described in the bill would be an entirely new website, or an updated version of Grants.gov. Currently Grants.gov is intended to be the "one stop shop" for finding grant opportunities and applying for them. Unfortunately the website has suffered from problems, both tech and funding related.

Grants.gov requires applicants to register in the Central Contractor Registry (CCR) with a tax id AND to register for a DUNS number. The GRANT act is intended to bring more rigor and oversight to the entire process of grantmaking. However, as I've mentioned before, this is pretty tough to do without a reliable unique identifier, and DUNS is not up to the task.

Since Grants.gov is already collecting the applicant's Employee Identification Number in the CCR, why not use it as the identifier? Or at least include a provision that makes both of these identifiers accessible to the general public. I haven't been able to discern why EINs are considered sensitive information, but I'm often running into statements like this on agency websites:

The above image is from the Department of Health and Human Services Tracking Accountability in Government Grants (TAGGS) search. There isn't any information on where the "sensitive" definition comes from. But lets contrast this with a quote from another relatively new Census regulation eliminating the requirement for an SSN to be present as an identifier in the Automated Export System (AES):

The EIN is not as sensitive a form of PII as either a driver's license or SSN...

So basically, the EIN is too sensitive to expose on federal grant records (according to HHS), but something even more sensitive (according to Census) is entrusted to clerks at any Avis or Hertz? If you keep reading in that particular regulation, you'll also see:

Former SSN filers who want to use a Dun & Bradstreet Number (DUNS) rather than an EIN for identification purposes, must first obtain an EIN from the IRS, and apply to Dun & Bradstreet for a DUNS.

This seems to imply that D&B requires an EIN to get a DUNS number. If that's the case, then ... why are we using DUNS anyway? If we require contractors and grant recipients to get both an EIN and a DUNS, then why are we only exposing the proprietary version? And why are we paying over $50 million a year to use DUNS?

This guest post is by Chris Taggart, who co-chaired a workshop on organisational identifiers at the Open Government Data Camp in Warsaw last month. Chris is co-founder of OpenCorporates :: The Open Database Of The Corporate World.

How do you identify a company in a global world? Such a simple question, just 10 words, yet it is one that has been exercising many august institutions over the past few years, and one that is becoming more urgent as the world becomes more interconnected.

One of the problems is that 'global' aspect, requiring something that works across the world, respecting the different and varied jurisdictions and sovereignties, and avoiding a heavyweight governance structure, with all that that entails. Another, has to do with answering the question, 'what is a company'. Is it something like this:

Or this:

Or like this:

The answer is, it depends on your perspective, and what you are trying to do – tracking political donations, identifying securities issued, identifying where the liability for a bad debt lies, etc. Most large 'companies' are in fact a complex network of interlinked corporate legal entities, in different countries, and with complex ownership structures.

In addition, different countries, different states even, take a different view of what they register as companies. And it's from such uncertainties that Dun & Bradstreet have profited with their near 50-year domination (in the US at least) with the proprietary DUNS system.

However, from a legal perspective (which in the end is what all these things may come down to) it is a form of business that has a distinct legal identity, and this legal identity or personality allows it to agree contracts, employ people, have a bank account. This legal identity has to be created by something, and in virtually every case this is by a company register, which acts on behalf of the state to create it, to give it legal personality – and in fact in many countries, companies are referred to as 'unnatural persons'.

The question is, however, how to identify these things, and how to refer to them. A common solution in the US is to use Dun & Bradstreet's proprietary DUNS number. For a number of reasons, this is a terrible way to attack the problem – brilliantly demonstrated by Kaitlin Lee and colleagues at the Sunlight Foundation in their blog post.

In fact it was in trying to solve this problem that we first came up with the idea of OpenCorporates, whose goal is to have an entry for every legal corporate entity in the world. Only when you have such a list, openly licensed for free reuse (including commercially), will we be able to get a handle on how they are connected, where they exist, and what we think about them.

So, what do would a working company identification system look like, what would be the key properties?

1. Free to reuse, unencumbered by Intellectual Property issues
2. One that doesn't create a monopoly ID system, that is it doesn't require a lookup to an 'owner' of these IDs. Monopoly IDs create a single point of failure/dominance and are nearly always encumbered with subtle or de facto intellectual property (IP) issues. (Look at many of the standards organisations in the world and check out their IP restrictions.)
3. Relate uniquely to the legal entity. This is a critical but overlooked requirement, and comes to the heart of company identifiers. What exactly are we trying to identify – if it's the vague idea of 'Microsoft', we're talking about a complex organism that changes over time, and depending on your perspective includes/or doesn't include various majority and minority holdings, joint ventures and non-trading special purpose vehicles. Frankly if you're talking about this, you might as well use the Wikipedia entry as proxy for what ordinary people consider to be the company.
4. Be useful. From it you must have a route to get information about the legal entity – its status, filings, legal address, etc.
5. Be up-to-date, i.e. there's little or no time-lag between a company forming and an ID coming into existence
6. Work on a global level. While there are many companies restricted to a single country, there are very few large ones, and it's questionable whether very large companies even have a home country, as the issues surrounding BP and the Gulf Oil spill made clear.

Let's look at some of the suggested solutions:

1. Dun & Bradstreet's DUNS system This spectaculary fails every single one of these tests, being proprietary, not linked to the legal entity (a company may have many factories, each of which has a DUNS number; also many legal entities don't have one), and not useful. There have been attempts by various other companies to mirror this, tinkering with some of the issues, but all are essentially trying to create a monopoly system that locks you into their ID system.
2. Company Names These change over time to an amazing extent, and not only can the same company have many different names over its life, the same company name can apply to multiple different and unconnected legal entities over a period of time.
3. Stock market tickers (e.g. NASDAQ:GOOG) and security numbers (e.g ISIN). This falls down after just a couple of minutes of examination – a single company may have multiple listings, for different types of stock or security, listed on multiple exchanges. In addition many large companies aren't listed at all, or have just one corporate legal entity out of many hundreds listed. Finally, they are rarely explicitly linked to legal entities, although that's somethingOpenCorporates is working on fixing.
4. Tax numbers - These superficially appear to tick many of the boxes, until you look at them more closely. For a start, tax numbers generally relate to a lot more than just companies, including individuals, unincorporated associations, etc. Corporate tax information has also in recent times been private (although that's not always been the case, and there are certainly arguments that it shouldn't be), and for this reason a company's tax number is generally not made public. Many countries also have multiple tax systems, and multiple tax numbers – income tax, employee tax (social security), sales tax, national, local. Finally the tax number doesn't usually map to legal entities – depending on the country a company may have multiple tax numbers (one for each division), or share a parent company's tax number – and even when they do there's rarely a route to the information about the legal entity. In fact, many of the most 'interesting' companies (those used in tax planning, and complex corporate structures) don't actually have tax numbers – in the US this apparently can include S Corporations, some Limited Partnerships, and various flow-through companies. Having said that, tax offices undoubtedly have a lot of information about corporate structure, and opening up that would certainly shine a light on complex corporate entities. It's also worth adding that in some jurisdictions (Spain, and apparently also Massachusetts) the tax number and the company number are the same.
5. SEC numbers – these are great to know, but only relate to the biggest companies doing business in the US, and not only don't they map to US corporate entities (many are for foreign companies), there's no explicit link to the legal entity. In fact, the information they give is very problematic unless you know what you're looking at. This, for example, is the SEC entry for Bunge, which at first sight would appear to be a New York company, but is actually registered in Bermuda.

Over the past few years, many have looked at this problem, coming up with increasingly complex solutions to address these issues. Most centre on a new system of IDs, with a new global register (with some mix of mandatory/voluntary registration), introducing errors, time lag, governance, technical issues, and of course meaning that many of the companies that the wider world wants to identify won't be on there. In short, they are proposed 20th-century solutions for a 21st century world.

What we need is not AOL, but the web.

Bizarrely, this problem was encountered – and solved – a long time ago, when the first company registers were set up. In the UK (or rather England & Wales), this was in 1856, as the result of the 1844, 1855 and 1856 companies acts, and the first company on the register was the National Savings Bank Association Ltd with company number 1.

That company is no longer in existence, but the Ashford Cattle Market Company Limited is, registered on 25 September 1856, with company number 118. Over that time much has changed in UK and global company law and practice, but that company remains and it's company number is still the same (though today it's normally displayed as 00000118), and information on it can be found on OpenCorporates, other websites, and of course, the official company register, Companies House.

And in fact this pattern, of company registers issuing identifying numbers, is pretty much universal. But how do you distinguish between company number 12345 in Delaware say, and in Michigan?

A simple solution is to combine the name of the jurisdiction to the company number, so DELAWARE1234 and MICHIGAN1234 or UNITEDKINGDOM1234. A better solution in an interconnected internet world is to use web URIs to identify companies, for example the Ashford Cattle Market Company Limited is identified by the OpenCorporates URI of http://opencorporates.com/id/companies/gb/00000118 and the UK Companies House URI of http://business.data.gov.uk/id/company/00000118.

This has several advantages. A URI is by its nature unique, as the domain part of it can only be registered by one organisation at a time, which will serve up a web page corresponding to the bit after the domain – this makes it easy to distinguish between company number 1234 in Georgia, the US state, rather than Georgia the former Soviet republic. It also allows linking between ID systems – should the UK government start publishing tax numbers, for example, it's easy for those to be added to the information at the Companies House page.

In fact the W3C wrote a very interesting paper in 2009, referenced by Kaitlin in her list of resources for the six degrees project. As I said on the open-companies mailing list when I came across it, when we decided on the OpenCorporates URI structure (which is OpenCorporates.com/id/companies/[ISO code for the jurisdiction]/[company number] ) we must have been channelling their thoughts, as there's so much in common. A more likely explanation is that we were both looking at this in the context of the global interconnected network of the web.

Now that's not to say there aren't issues to be resolved – not least weaning the US government and other US institutions off the awful DUNS numbering system. There are also two jurisdictions in the world we have found that don't issue company numbers – Sri Lanka and New York State. But these are issues for corporate governance in those areas, rather than identifiers as such, as there's no way of knowing which legal entity you're dealing with, and compared with the alternatives are trivial problems to solve.

And of course, it would be good to require US companies to put their company number on all the correspondence and websites, as happens in many other countries. But this system doesn't require that to happen, just that it would be sensible for it to do so.

Using jurisdiction-based company numbers also has far fewer legal issues than central register solutions, allowing those that bring a company into existence to continue to identify it. Overriding the right of the individual US states to regulate and identify their own companies, still less other countries, particularly in the highly charged political backdrop of the financial crisis, is not somewhere anyone should want to go.

Corporate accountability can mean a lot of things. To some people, it's tracking the political influence of corporations via campaign contributions and lobbying (using Influence Explorer of course!). For others, it's monitoring how much the government awards a corporation in contracts, or tracking their EPA violations. For pretty much every definition of the phrase, you need some unique and reliable way to identify a corporation and its related subsidiaries. This is a much more complicated problem than it sounds. To help spread the word about this problem, we've created a new microsite that explores the issue. In homage to the great Kevin Bacon, we present, Six Degrees of Corporations.

Right now, the main way that the government tracks contractors is by using DUNS numbers. DUNS numbers are proprietary identifiers managed by Dun and Bradstreet, a business information services firm. By proprietary, I mean that you need to pay a hefty subscription fee to look up information about them, even if you're the federal government. By hefty, I mean millions of dollars. The federal government spends millions of dollars each year, just to have a company tell them how other companies are legally connected to each other. And what's more, this data isn't even sufficient for providing contractor oversight.

Although a contractor must get a DUNS number before contracting with the government, the parent company information is self reported by the contractor. This means that it is very easy for a company to create a new subsidiary with a new DUNS and just not report the parent company information. This makes it difficult or impossible to find out if this company's parent is on the Excluded Parties List (a blacklist for federal contractors). The GAO noted this in a report, and documents several instances of companies on the Excluded Parties List that get new contracts by using this exact method.

There is potentially another way that the government could keep track of corporate relationships. Each corporation files a form 851 when they file their federal taxes. This form requires them to detail their corporate affiliations, as well as the Employee Identification Numbers (EINs) of those affiliates. EINs are already public for publicly traded companies (via SEC reporting). If they were made public for all corporations, and the data on the form 851 was released, we would have a way for the public to reliably identify a corporation, even through its subsidiaries. This would greatly improve public accountability and government oversight of contracting.

But that's just one possibility. The truth is, we need to have a serious conversation about this problem and how it ties into better corporate accountability in general, and contractor oversight in particular. So head on over to the Six Degrees of Corporations and read up!