(2 years, 1 month ago)
Public Bill CommitteesGood morning, everybody. We will go into private session to discuss lines of questioning. With the agreement of the Committee, we will delay the end of each panel of witnesses by five minutes, because we have been held up.
I thank Members and those giving evidence for their flexibility in moving rooms, and I inform Members and those giving evidence that we will be in this room all day today. Could the witnesses please introduce themselves for the record?
Helena Wood: Hello, my name is Helena Wood. I am a senior research fellow at the Royal United Services Institute, where I lead the economic crime programme.
Duncan Hames: Hello, I am Duncan Hames. I am the director of policy at Transparency International UK.
Forgive me, Ms Wood; my hearing is not very good. Can you speak straight into a microphone?
Helena Wood: Yes.
Q
Helena Wood: To place it in context, one of Britain’s great financial crime exports of recent years has been our joint money laundering information taskforce, which is one of the first public-private partnerships. That model has been replicated across the globe, with public-private partnerships now seen as a norm by the FATF, the international standard setter on tackling money laundering and terrorist financing. In one respect, we really have been a global leader in that regard. However, as with many British exports, we are now exporting that abroad and it is being copied and replicated at a speed and scale beyond what the UK is doing. Increasingly, we are seeing people moving from peer-to-peer information sharing towards a more collaborative data analytics model. I point to the models being set up in Holland and in Singapore as particularly groundbreaking in that regard.
Coming back to the provisions in the Bill, do they get us from where we are now on peer-to-peer information sharing, which is one thing, towards this world of collaborative data analytics, which we need to get to to really home in on financial crime? No, they do not. Although the provisions in the Bill will go some way towards increasing private-to-private information sharing and, in particular, the risk appetite in the banking sector, they really do not keep pace with the global standard.
What we would like in the next economic crime plan, which we hope to see this side of Christmas, is something that is much more ambitious. In many ways, I would say that while it is welcome, the Bill is a slight missed opportunity with regard to information sharing, given that it really does not push forward to this big data analytics model that others are moving towards.
Q
Helena Wood: Absolutely. We have sat around for three years discussing information sharing in various working groups under the first economic crime plan, and it is a disappointment that all we have come up with is these one or two clauses of a Bill that merely take us towards quite analogue sharing between individual institutions. They do not take us as far as we should go.
I am not saying that at this stage, where that opportunity has been missed, we should push for something within the context of this Bill. These are really complex issues that require and deserve much further public consultation, particularly given the link with data privacy and individual rights of confidentiality, but we must see it in the next economic crime plan if we are not to get left behind. We invented public-private partnership, but we are really not driving that forward in the global context any more: we are being left behind. While this is a welcome step, and it is welcomed by the banking sector, it does not get us to where we need to be in 2025 and beyond.
Q
Helena Wood: Absolutely. On the information-sharing gateways that we have in place currently, I particularly point to section 7 of the Crime and Courts Act, which, although being used for JMLIT purposes—this public-private partnership—they were not designed for that purpose. There was an opportunity within the context of the Bill to push for something that really is fit for purpose and gives the regulated sector the confidence to share under a collaborative data analytics model.
We have seen others—I particularly point to the Dutch, who at the moment have some legislation going through, which really gives a lot more confidence to the regulated sector to share. The Transaction Monitoring Netherlands platform allows some of their biggest banks to share transaction monitoring data at scale to point to where the biggest risks are emerging. Would this legislation allow us to set up a similar shared utility? No. It would not give them the confidence. Although it takes us a step forward and should be welcomed, it is not taking us where we need to be. We need something much more ambitious that keeps pace with global best practices when we look at the next economic crime plan, which I believe the Home Office will be launching imminently.
Q
Helena Wood: I will start and then pass to Duncan. I would always say there is only so much that legislation can do. In many ways, as the Financial Action Task Force pointed to in the 2018 evaluation of the UK, we do have some of the best laws in place in the country. Although this law is absolutely essential in catching up with the threat, particularly around Companies House reform, we really do not have a problem with law; we have a problem of implementation in this country. We had an economic crime plan tracker, which is online and which you can scrutinise. It looked at all the 52 actions under the economic crime plan, and the most progress was made in areas of regulation and law—the bits that are quite easy and cheap to implement.
There was less progress in the areas of implementation, particularly around the enforcement of the existing laws in place. The big things that I would like to see prioritised outside the context of this particular Bill are things like policing reform, investment in the National Economic Crime Centre—I know you took evidence from them on Tuesday—and a real implementation of what we have got. That is not to say that this Bill is not necessary. It absolutely is, particularly around the huge gaps in Companies House capability and fundamental changes to its role, but none of this will come to anything if we do not invest in the enforcement response. I will pass over to Duncan, if I may.
Duncan Hames: We certainly welcome the Bill, and we welcomed the Government’s announcement that they intended to legislate for these reforms three and a half years ago. It is great that these are now before you, as Members of the House. The opportunity to address these issues dos not come along as often as it might feel that it has this year since Putin’s further invasion of Ukraine, so it is really important that we get reform of companies right this time rather than wait for things to be done later.
On what we would like addressed in the Bill, first, it is incredibly important that we do not allow a situation to develop where UK companies become the respectable front of otherwise secretive networks of corporates that provide the layering required to launder illicit funds. The use of corporate partners in offshore jurisdictions to control UK limited liability partnerships, for example, is a particular weakness that I can elaborate on.
Secondly, with these very welcome reforms, shareholder information will become the poor relation on the company register. That is a particular concern in instances where companies claim not to have a person of significant control, and shareholder information becomes our next best attempt to understand who is really behind those businesses.
May I say to the hon. Member that she has had quite a few questions and we are limited on time, so this will be her final question?
Q
Duncan Hames: A lot of information was collected on shareholders when this register was developed six years ago, and in many cases companies have been able to say, “There have been no changes.” That means there is a risk that information on shareholders has become quite dated, and finding what information there is involves tracking down PDF format documents that were uploaded a long time ago. There is an opportunity, whether in legislation or in practice at Companies House, to make sure that shareholder information does not become much less usable for investigation and due diligence.
On the third thing you asked me about, we think it is very important that Companies House has the powers and uses them to check the information, where it thinks necessary, that has been used to verify information by trust and company service providers, and not simply take that on trust where it has concerns or suspicions.
Q
Duncan Hames: Limited liability partnerships have been a company entity available for the last 20 years or so, and 200,000 have been formed. We noticed that they kept appearing in revelations about major money laundering scandals. In the Danske Bank scandal, for example, the investigations found that UK limited liability partnerships were the vehicle of choice for the non-resident clients of its Estonian branch basically to hide their identity from those conducting compliance checks.
There are 1,600 LLPs that have appeared in these various scandals, but there are thousands upon thousands of UK limited liability partnerships that share the same offshore corporate partners. A pair of corporate partners registered in Belize are the controlling corporate partners of over 2,000 UK limited liability partnerships.
What is bizarre is that MPs have thankfully legislated to end secretive ownership of UK property, but we do not have the same requirements for overseas entities that control UK limited partnerships. As a result, we still have a veneer of UK respectability presented over what is essentially a secretive corporate network.
Q
Helena Wood: There are some fundamental flaws. Although this is a significant step forward from where we are, as we all recognise, there are some flaws in the model that has been designed. When the consultation was put out three and a half years ago, we advised against outsourcing ID verification checks to the trust and company service provider sector.
Our evidence for saying that was that there was an assumption in the model being developed that these sectors were largely compliant with money laundering regulations, but we know from the various scandals that Duncan has pointed to and the great investigative work by Duncan and others that that is not the case. I have referred publicly to some of that sector as a bunch of cowboys, and I would gladly go on the record to say that today. That comes from poor levels of compliance, which is the result of poor Anti-Money Laundering Council provision in the sector.
If we are to go ahead with this model where we outsource those checks to a sector that hitherto has not been known for its compliance with the standards, we need to do something outside the context of this Bill to really hammer that home. I particularly point to HMRC as the supervisor of the standalone TCSP sector. We really need to hammer down on compliance in that sector to raise standards overall so that HMRC can properly take on the role, although I restate that we initially advised against it taking on that role, given the current state of compliance in the sector.
Q
When Seema was asking about data sharing, Helena, you were saying that the Government are not going far enough. It is odd for me to ask you to second-guess the Government, but why do you think we are not going far enough? Sometimes it feels to me that people are in a hurry for legislation to do everything that needs to be done to improve a situation, whereas that, sometimes, is almost counterintuitive because it is better to do it incrementally. Let us do some stuff, get it right, come back, revise, learn and move forward again. What are your thoughts with regard to their pace of movement?
Helena Wood: The pace of movement on information sharing? I think there is an inherent tension at the heart of all global anti-financial-crime standards, which is often with how we square the circle of data privacy. They are two often quite diametrically opposing concepts. We need to find a way to not rush into this. Your point is well made. If we are going to push people into sharing more individual personal data, we need to do so in a way that utilises the best technology to preserve the privacy of innocent individuals. We need to bring in the data privacy community to make sure that whatever we craft meets the needs of that community also.
We should not—I agree—push forward so quickly with something that is inherently complex. I absolutely do not think that we should be pushing for amendments within the context of this particular Bill; we need to be looking at the issue more broadly. We need to look at how the Data Protection and Digital Information Bill, which is currently stalled—I do not know what its future is—will also facilitate greater sharing for financial crime purposes while protecting individual privacy.
The simple fact is that this is a very complex and emotive issue that deserves due consideration and full public consultation. However, we have had three years. This was a key tenet of the economic crime plan that came to an end in July. There were multiple meetings to look at how we could do this and what we came up with were these two clauses, which, for me, are a missed opportunity, given that others have managed in the same timeframe to move forward with much further-reaching legislation, such as that currently being debated in Singapore and the Netherlands. I think we could go further than we need to, otherwise we get left behind.
I am very sorry, but we are going to have to move on to other Members. I will come back if there is time at the end for further questions.
Q
I am going to ask about another issue, just to get it on the table. People engaged in the debate over dirty money are very anxious that we should move from just freezing the assets, particularly of the Russian Government and Russian oligarchs, to seizing the money so that we can use it—particularly for the reconstruction of Ukraine, when that war comes to an end. Can I have your views on that, starting with you, Duncan?
One final thing: a big thank you to both of you for the work your organisations do in exposing a lot of the problems and for the very positive attitude you have taken to establish solutions. Thank you to both of you, individually and to your organisations.
Hear, hear!
Duncan Hames: Thank you. I think it is important that we should continue to respect the rule of law and have a judicial basis for asset recovery. Too often, it is tempting to have a more administrative approach, and with that comes risks. It is very important that, as well as having the clarity of purpose to designate a whole substantial raft of individuals and entities for Russia sanctions, we have the determination to make those sanctions work.
We published some research just last month that found hundreds of millions of pounds’ worth of UK real estate that we were fairly sure was owned and controlled by individual entities that have been named under Russia sanctions. However, if you check on the Land Registry, there are not any of the typical markers to say that you cannot sell or transfer or trade this property. That is partly because of some of the very clever and complicated arrangements for their ownership, including using trusts.
In the work you are doing on the Bill, there is an opportunity to ensure that really important measures for global security, such as our Russian sanctions, actually work, bite and make it impossible for those who have moved large amounts of wealth out of Russia to continue to control it in the interests of their political sponsors.
Helena Wood: I could not agree more that we need to start moving from freeze to seize, but I echo Duncan’s sentiments that we must do so in a way that protects the very things we are trying to protect and do: the rule of law, due process and democracy. We should not push towards measures that effectively put in place a ministerial decree for confiscating individual assets and run roughshod over A1P1 principles.
That said, there is further we could go in UK legislation. Even with the advent of the much vaunted unexplained wealth order, our law enforcement agencies remain on the back foot. There is more we can do within the confines of European rights compliance-tested laws of reverse burden mechanisms to put law enforcement on the front foot.
Fundamentally, though, it is not going to be an easy fight to link those assets back to the criminality from which they once derived, given the difficulties of gaining evidence across borders. However, there are models we could replicate that have been tested for ECHR compliance, such as in Italy and Switzerland—I could name others. If the Committee will forgive me for trailing some forthcoming RUSI work, a paper is coming in November or December this year that sets out some recommendations of where part 5 of the Proceeds of Crime Act 2002 could replicate some of the principles of other regimes and push forward to at least put law enforcement on the front foot.
The other issue I would point to, which has already been partly legislated for, is cost protection for our law enforcement agencies. We have legislated for cost capping in cases involving UWOs, but they are not the right tool to use in all cases; I particularly point to the oligarchs, who do not fit under the definition of PEPs in UWO legislation. There is an argument for the Bill to potentially push for full cost capping of part 5 cases to increase the risk appetite of our law enforcement agencies to take those cases on in the first place.
Q
“direct sharing between two businesses in the AML regulated sector”
and
“indirect sharing through a third-party intermediary for businesses in the financial sector”.
That is what the Bill does. Putting it bluntly, what is wrong with that? What is the criticism of those aims and the things it allows businesses to do?
Helena Wood: Civil liability for confidentiality is one barrier. It is an important one, and removing it will hugely increase appetite, but it is not the only barrier. The boundaries within our data protection legislation are not explicitly clear; they are open to interpretation. We need more guidance, potentially from the Information Commissioner, to make clear what those boundaries are. We potentially need further clarification in the data protection legislation that is currently going through—
Q
Helena Wood: They absolutely are, and I would not—
Can we very quickly come to you, Mr Hames?
Duncan Hames: Helena is the expert on this particular subject.
Helena Wood: This is a welcome step forward. Others are going much further. The legislation that has been put forward in Singapore and Holland basically removes any barrier to information sharing by making it mandatory to share private-to-private in the context of the shared utilities that are being set up in those jurisdictions. Whether we should go down mandatory sharing is, as I have said, something that requires much further and longer public consultation. But we do need to look at that.
Q
Duncan Hames: It is a serious matter, and this Bill doesn’t. Although, as you say, we published that report very recently.
Q
Duncan Hames: Doesn’t. What I said earlier was that if you use an offshore entity to hold UK property, as a result of legislation MPs passed this year you now have to register on the register of overseas entities who the beneficial owner of that entity really is. We find out who really owns bits of Britain. But you can control a UK limited liability partnership through offshore entities, and we do not find that out. There is no way of checking the information.
We are presenting a respectable veneer behind an otherwise opaque offshore corporate network. If we could require the same level of declaration around the corporate partners of those limited liability partnerships, then we would lift some of that veil of secrecy. Then maybe we would not have a situation where rogue bankers in Baltic states were getting their clients to use UK limited liability partnerships to get around the compliance checks in their own organisations.
Q
Duncan Hames: Not yet. I hope you will be able to address that.
Q
Duncan Hames: Yes, happily. We are quite a small organisation, but this is about the power of putting information in the public domain. The report that we were describing earlier is a form of network analysis; that is the sort of thing you can do if open data is published, rather than information in PDFs, which are essentially photographs of old documents.
Whether it is organisations like ours, or investigative reporters such as the Organized Crime and Corruption Reporting Project, civil society has shown its potential to help uncover those crimes if there is information in the public domain. If we want a spirit of partnership, and if Government want the private sector to be its first line of defence, then it is really important that everyone is equipped with the tools that they need and that the company register is providing accurate information, which has been checked, that they can rely on.
Q
Do you agree that those reforms begin that process and that fightback? Do they make a difference by scrubbing, as it were, the inside of the whitened sepulchre to ensure that we are exposing it to sunlight, so that organisations such as yours, the media, and many others around the world, will be able to identify where that money is going and from where it has come? This is also about jurisdictions overseas who are losing money through our system, not just about us who have to control it.
Duncan Hames: Yes, I agree. The Bill is beginning that. The challenge that we have is that it is six years ago that we last made reforms to Companies House, and I do not know when you are next going to get a chance to make further progress.
I have only just come into post.
Duncan Hames: It is hard, as we are often told, for legislative time to be found. So please make the most of the opportunity and take it as far as you can. It was only this summer that the US Treasury issued a money laundering alert about evasion of Russia sanctions. In that, they identified UK limited liability partnerships as part of the typology of the financial logistics for evading sanctions.
Q
Duncan Hames: But this is the jurisdiction that Members of our Parliament are responsible for.
Q
Helena Wood: May I come in on that particular point around Companies House reform? The point has been made by others giving evidence here this week and I will make it again until it sticks. Companies House reforms mean nothing if we do not resource Companies House properly. Using that secondary legislation to raise formation fees to £50, at least, is absolutely essential—
That is absolutely true, which is why the partnership that we have to put in place alongside agencies, NGOs and journalism, to make sure the application programming interfaces are open is so important.
Order. I am afraid that brings us to the end of the time allotted for the Committee to ask questions.
I very much thank our witnesses, Helena Wood and Duncan Hames, for their time, and I thank Members for their questions. We now move on to the next session.
Examination of Witnesses
Chris Taggart and Elspeth Berry gave evidence.
We now hear from Chris Taggart from OpenCorporates and Elspeth Berry from Nottingham Law School. You are both very welcome; thank you very much for joining us this morning. Could you please introduce themselves for the record? We have until 12.35 pm.
Chris Taggart: My name is Chris Taggart and I co-founded OpenCorporates, the largest open database of companies in the world. Essentially, we take official company information, from Companies House and the equivalent of Companies House in about 140 jurisdictions, and we put it all in one place and make it freely available for everyone to use. About five million users a month use the data—everyone from journalists to law enforcement, regulators, banks, ordinary companies and so on. We are also a social enterprise: it is a company, but with public benefit at its heart.
Elspeth Berry: My name is Elspeth Berry. I am an Associate Professor of Law at Nottingham Law School. My teaching and research includes limited partnerships—well, all partnerships, including limited partnerships and limited liability partnerships, or LLPs—and my research in recent years has focused on limited partnerships and LLPs.
Q
I want to ask you a bit more about the lack of transparency when it comes to shareholders. How much do you see that as an issue? Can you suggest any specific measures to increase shareholder transparency?
Chris Taggart: I will maybe talk about the information sharing after. First, shareholding data is not even data. It is just a name; it is just some letters put together. We have opened the gates by allowing it to be just a transient historical record—you know, somebody owns shares in a company. They make a report. They put down a name; we assume that they put down their own name, but of course they can put down any name. But the shares are transferred the next day—maybe into a trust, maybe to somebody else—and there is no record.
At the moment, I think we have that with shareholding, particularly given the international context of cross-jurisdictional context networks and so on. Shareholding actually matters. If someone who runs a chip shop in south Wales or is a mechanic in Estonia, or wherever, owns the shares, they own the shares. That matters. We are not recognising this.
I absolutely welcome the Bill and think it is a huge improvement on where we are, but I think the shareholding is a particularly strong example of how there is essentially still the same problem, which is that Companies House is a historical record of information submitted by people, and the bad actors will always lie. We need to change things, so that it is much more difficult and risky for the bad actors to lie. I think that is the fundamental criticism of the Bill, which, by the way, I think is entirely welcome. It is an incredibly thoughtful and well-drafted Bill, but it is fundamentally coming from a different era. The Bill is a better horse and cart, and the criminals are driving around in fast cars.
Elspeth Berry: On the shareholder transparency point, I noticed that the identity verification is not being applied to shareholders and I think it could be, possibly subject to some de minimis requirements. If they come in as PSCs, which is possible, that also brings us to the problems with the PSC legislation, because the thresholds are, depending on which view you take, either woeful in terms of not catching enough people or should just not be there at all.
The third thing is that, for reasons I do not fully understand, I see that the central register of members is going. Some things now have to be central and some things cannot be central, and shareholders will not be central. I would also point out that the unique identifiers are not being applied to shareholders, although, in any event, they are apparently they not going to be made public. I am not a journalist, but I rely on the work of some fantastic investigative journalists and organisations to dig through that stuff and find out, “Well, that shareholder is appearing here as a partner, there as a director and there as another shareholder,” but that cannot be done.
Q
Elspeth Berry: The idea is that the John Smiths, the J. Smiths and the Mr Smiths can be linked. Where it is a common name—or an overseas name, where a person like me who was looking at this would not know it was a common name and might assume, “Well, that must be the same person,” when actually it is not, because it is such a common name—it is important to find links. I can see that it is important for Companies House as one of their red flags, and they are going to be able to operate this system, but only partly, because it will not apply to shareholders or partners. But outsiders—people who do fantastic work that Companies House can’t, doesn’t or won’t—are going to find it difficult, or at least as difficult as it is now, to do the work of trawling though everything.
Q
Chris Taggart: Perhaps not as much as you would think. Companies House currently has a thing called the personal ID, which is sort of inferred. It is not that somebody has confirmed they are this person, that they are the same as that person and that it has been identity-verified. By looking at the home address and other information that has been supplied and that they have, Companies House create a personal ID. We actually pull in information from the API and from various dumps. In some of those dumps, that information exists, but not in the normal stuff. So that information is there.
I would just back up what Elspeth said: not only is it essential, but I see no benefit otherwise. If you are a business trying to understand whether you want to do business with another company—this is not just about crime; this is about creating a great business environment—you can go to a director page on OpenCorporates and see other people with the same name. Okay, that is useful, but do you really want to be trawling through that and making a judgment call? It is almost like sending investigators off to try to understand whether they are the same. If this person has three other companies that all went bust owing money, you do not want to do business with them. I see no public benefit at all to keeping this identifier private and a secret.
Elspeth Berry: In terms of historic information, I think that has changed over time and gone in a bad direction. As I understand it, Companies House is now restoring some of the historic information, and it is important that that is available.
I would also raise the issue that there are provisions here for limited partnerships to be deregistered or dissolved. I think the provisions themselves do not do what it was hoped they would do. We also need to know how those are going to appear on the register, because that has been a problem with—shall I say—shady limited partnerships appearing and disappearing.
Q
Elspeth Berry: In terms of the historic record? I would think 20 years; I understand that has been done for a lot of company information. If we are now going to have a registry power to dissolve and/or deregister, it is a little problematic. All of that needs to be clear. We know that there has been a pattern of limited partnerships appearing and disappearing, perhaps ceasing to trade and perhaps coming back. We know that that is a pattern, which we want to see, and if 20 years has been the standard at various times for companies, why not for everybody?
Q
Chris Taggart: That is a good question. Certainly, we have been dealing with Companies House on quite a close level since we were founded 10 years ago. I have huge respect for them; they do really good work incredibly efficiently and so on. The challenge is that they are good people, but the people we are trying to stop are not good people, and they think in a different way.
What Companies House think they are doing is creating companies—when people think of companies, they think of a factory, a shop, a company providing services or manufacturing things, and so on—but what they actually do is create legal entities; they create things that have a distinct legal personality and limited liability. The criminals know that, they are using it and they are using networks of these things. More than that, we are talking about a situation where you start to think about things from a traditional company point of view—what we all used to think of as companies—but, actually, the legal reality is one of legal entities, so you need to start thinking about this in an entirely digital way, an entirely data way and an entirely legal way.
I will give you an example. Where a company has got assets—it has got things—there is a downside to it being struck off. If you are overseas and you create a UK company, and the company is struck off, as long as the money has come in and out before that, that is fine—you have done the job for the company. We need to have a change of mindset, and that change of culture will be as important as the powers that Companies House actually have.
Q
Elspeth Berry: There will always be a problem, but that does not mean we should not tackle it and it does not mean that we cannot tackle it, and I appreciate that the Bill is attempting to tackle it. All of the things it is trying to do are good, but almost all of them could be significantly improved. We have to deter the wrongdoers. We have to stop looking as though this is a good jurisdiction to do this in. For example, there have been arguments about the fees. It is generally accepted that they should go up, and if your business plan cannot cope with £100 or £500, what kind of businesses are being set up here?
If we are not checking the identity of shareholders and applying PSC legislation to partners, there are still so many loopholes. It is not that there is something there that would be a sanction if they ever caught you—we know this from police and crime; if people think there is only a vanishingly small chance of anyone ever noticing, it is worth taking the risk. I suppose that brings us back to the point about the registrar’s powers, which are great, but they are not duties in most cases. How will we know if she has done it, or what she can reasonably do to minimise the risks of various things—to check information?
One of the things we need is a clear database of things that are red flags—things that Transparency International and lots of journalists have identified that the registrar should be looking for, some of which the legislation still allows, such as things like overseas registries and multiple formations, and the use of company service providers. The problems with those were talked about during the earlier session, and the Bill is not going to entirely resolve those, if at all. If we can tighten down on a lot of those, we will reduce—never eliminate, but reduce—the amount of wrongdoing that is here because of problems we have either created or left in our laws.
Q
I wanted to ask about shareholders and then about the disappearance of limited companies if they dissolve. I agree that shareholder information is really important—Usmanov brought that home to me. When we sanctioned Usmanov, he just gave everything to one of his daughters or something—anyway, it disappeared into other people’s hands. Can you explain a little what we need to do on shareholder information? At the moment, there is a 25% shareholding barrier. Should that be reduced to 5% or 10%? That is my question.
Then, on limited partnerships disappearing, that was brought home to me very much as a result of the terrible incident in Lebanon—the explosion in Lebanon. It was found that a British-owned company was behind that, with a beneficial owner in Cyprus who happened to be a corporate service provider. It then turned out that it was a nasty situation where the actual owners were some Syrians, and the fertiliser was not going anywhere near Mozambique—which was where it was meant for—but was being used for barrel bombs to kill Syrian citizens. The moment that happened, they tried to dissolve the company and get it to disappear, and obviously in that area of wrongdoing, we need to hang on to any knowledge that we have.
This is for both of you: what amendments do you think are necessary to enable us to stop people dissolving companies and to force information out, so that where there has been that terrible terrorist wrongdoing, we can pursue the wrongdoers? That said, I take the view that a lot of what we are trying to do is prevent these things from happening in future.
Elspeth Berry: On the PSC point, a reduced percentage would be a vast improvement, but I think a zero percentage could be considered. You can have a lot of influence in all sorts of ways while not necessarily hitting those targets, because you are connected with somebody else in a way that we do not catch through the legislation. But I certainly think that a reduction would be a big improvement to try and catch more people who are de facto PSCs, but not in law.
On the limited partnerships point, there are a lot of things we could do. The Bill makes a start in doing those, but given that a lot of this started with the limited partnerships consultations, I am slightly concerned that they got put aside because it was a case of, “Here comes all the corporate stuff,” and that is where all the money and excitement is. There is this small area of limited partnerships where there is a strong lobby for those people dealing with limited partnerships for particular purposes—quite legitimately—who do not necessarily want this to be made too difficult, but we get things like the restrictions on corporate partners not being applied to LPs. I had to read the provisions several times. I dread explaining them to my students, because of the difficulty in trying to get at who owns limited partnerships and who is in control of what is going on in them.
That level of “corporate partner on corporate partner on corporate partner” exists, and we know it is a problem. It is going to continue, depending on what we do with LLPs, and it is a big problem that they are just not in the Bill at all. It is like, “Oh, well, we’ll just apply the legislation to them later,” but which bit of the legislation? The corporate bit? The partnership bit? LLPs have a history of having the bits they want—the nice bits of corporate law and the nice bits of partnership law. Things can get missed because we think, “We have done the big task with the Bill.” PSCs can be applied to partnerships; they haven’t been here, and there is an assertion that it is not possible legally, but as a lawyer I would say that that is not correct.
You even have a provision here saying that people who have been disqualified under the company directors disqualification legislation can still act as limited partners. Limited partners have a limited role by definition if they are behaving properly—of course, they may not be—but even if they are behaving properly, a limited role is not no role for someone who has actually been disqualified from acting as a company director.
Chris Taggart: To pick up on an earlier question, the best information sharing is going to be information sharing in public. A lot of the great work that was done on people after the invasion of Ukraine was done using public domain information. There is a risk to lying in public. The fact that criminals will lie is also an opportunity to catch them out, because it is quite hard to lie consistently.
We get people all the time saying, “We don’t want our information to be on OpenCorporates”—even though it has come directly from Companies House and other places—“I don’t want people to know that my last two companies went bust,” “I used to have a company running a brothel in Germany, and I don’t want my new employees to know that” or, “I don’t want people to know that I am running a company on the side or working for someone else.” There is a cross-over here with data usage. When something is in the public domain, it needs to be functionally public. “Functionally public” means that you can use it and reuse it, and have it as data so that you can combine it with other datasets.
The shareholding data is so important, not just in and of itself, but because it allows you to ask, “Wait a minute. How is that happening with that?” Having it as data allows you to do that programmatically so that you can see trends.
Q
Chris Taggart: Yes. With shareholders, we ultimately need to get to a statement of fact—an authoritative record—so that what Companies House says is actually what the courts agree are the shareholders, and people cannot say, “We will move the shares, and then we will tell Companies House,” or, “We forgot to tell Companies House.” That will take work and time. We can extend the verification provisions for directors and PSCs to shareholders, at least over a de minimis amount, but ultimately we need to make Companies House the authoritative record of shareholding, so you are only a shareholder if you are on Companies House.
Elspeth Berry: On your question about dissolution, for limited partnerships it is a different issue because they are not an entity and you can still go after the partners, but of course that is why corporate partners are such a problem. Entities were a problem in Scotland some years ago. I am sure your Scottish colleagues can tell you more than I can about how that was dealt with after a fairly horrific criminal incident involving a lot of deaths. It was not possible to prosecute the partnership after it had dissolved. That is a problem with legal entity status, which is a whole big issue.
Q
Chris Taggart: On the latter question first, I have been a director for some 20 years. The first time, someone sat me down and said, “This is what’s involved in being a director.” You think, “Wow, that’s kind of scary.” You have a fiduciary duty and you have to understand the company. If you are a director of 200 companies, I fail to see how you can perform that fiduciary duty, or those companies are, in some ways, just legal entities for some conduits for something. They are not actually in business; they are just conduits. I struggle when someone is a director of 200 companies: either those are just legal entities for some purpose other than as a normal company or they are not doing their job. It seems to me obvious that there is a challenge there. Whether that is a limit or whether that is actually holding directors much more personally liable for the wrongdoing of the companies, I do not know, but I think that there is something. There seems to be a contradiction there, fundamentally.
Elspeth Berry: I agree. I would have supported a cap on the number of directorships for exactly those reasons, in that I do not think a director can fulfil their duties if they have a lot of companies. However, if you are not going to have that, that certainly has to be a red flag for Companies House. It has to be a thing they will investigate and that they have the resources to investigate, which comes back to the problems that we identified earlier.
On the addresses, if you have a company service provider giving their address, it is quite possible you will have multiples and that might be okay if that is their business, they are doing it properly, they are AML regulated and all the rest of it. The problem is that we have seen in recent years that they are not. Again, that ought to be a red flag. In the limited partnership proposals, where you are trying to establish some real connection, economic or otherwise, with a particular jurisdiction within the UK or, at least, with the UK, that is one of the problems. One of the options on the list—they are all problematic—I personally thought that the principal place of business might be quite a good one, showing an actual connection, but I have been corrected in my beliefs by my journalist colleagues who say that almost all the wrongdoers were able to tick that box. I think it is a problem if you are saying that as long as somebody will pick up the mail here, that is okay. Again, that needs to be a red flag.
Q
Chris Taggart: There are two issues. I watched some of the previous witnesses and the things that came across were issues to do with identification and resourcing and I back up both of those things. On identification, allowing the corporate service providers to essentially say they have done something seems both a huge vector for misuse and also unnecessary. The technology allows us to look like we are using one company when we are signing up online and so on, but it is all authenticated with another company. They could be using Companies House back ends or banks’ back ends—we could have that authority and those standardised processes—and still you would appear to be transacting with a corporate service provider.
Having corporate service providers doing the identity verification seems like we have walked away from doing it properly. Once you allow corporate service providers to play a significant role, particularly on identity, I think we have a bit of a problem. Assuming that loophole is closed, this is really good, but it is still state of the art two, three or four years ago, and I think we need to start using digital identities. We need to make sure that, with somebody’s identity, they are not saying one thing on this hand and not saying another thing on that hand. Again, the unique identifiers—
Q
Chris Taggart: Absolutely, but I think there are technical ways of doing that. It does not have to be one ID that everyone can see—
Order. I am very sorry. That brings us to the end of the time allotted for the Committee to ask questions. I am very grateful to our witnesses for giving evidence.
Examination of Witness
Graham Barrow gave evidence.
We will now hear from Graham Barrow, a journalist and author appearing via Zoom. We have until five past 1 pm. Could you introduce yourself, Graham?
Graham Barrow: Thank you. I suspect I am probably unique among all the different people giving evidence because I am effectively a private citizen. I am not actually a journalist. I write, but not in a professional capacity. I am just somebody who became obsessed by what was happening at Companies House and have spent much of the last five years rooting away in the darker corners of it, to establish exactly how bad things are there.
Q
Graham Barrow: Thank you. Let me pick up on both of those questions. I think the reason why I have been successful is because I have a mandate to go wherever I want to and do whatever I want to. I also ought to congratulate Companies House because a lot of what I now know is through the release of its advanced search function, which has transformed our ability to understand networks of suspicious companies.
I really want to emphasise this idea of the network. No criminal ever set up one company. It is just not how it works. They work in networks of companies. At £12 a go, it is probably the cheapest way of organising a criminal network. Of necessity, they leave company DNA behind them. I guess I have a capacity for identifying that DNA and extracting it from the background noise at Companies House.
Your question about offshore entities is really interesting. I came into this five years ago very much thinking about what you have just been talking about—limited partnerships and limited liability partnerships. They feature prominently in a lot of the reporting. I think part of the reason for that is that they are, by and large, a very small subsection of the entirety of what is incorporated in Companies House. Therefore, the focus has been on some of that DNA that is exhibited by LLPs and LPs.
Before now, we have had very few tools that could establish the role of limited companies. To give that some context, since 1 January 2000, about 10 million companies have been incorporated at Companies House, of which about 5 million are still active. The loss rate is very high; it is consistently 50%. Nine and a half million of those companies are limited companies. That is an exceptionally difficult body of data to trawl through to establish suspicious activity.
I think one of the reasons why perhaps some of the stories I now re-tell on social media are novel is simply because we have never been able to extract those signals from the Companies House data before. For whatever reason, I appear to have a brain wired in a particular way that allows me to do that, and I have a very good relationship with Companies House. We share information quite regularly.
Q
Graham Barrow: Where do I start? The scale is enormous. Even today, I have been looking—I have a company that tracks new company registrations. I can tell you that 20 or 30 companies have been set up in Leeds and in Birmingham today that have used real peoples’ names and addresses, some of them for the fifth, sixth or seventh time. One gentleman is 92 years old and has just had his name used for a second time. It is an absolute scandal what is going on. I would say that at least 1,000 people every week have their names used as directors on companies without their knowledge or permission. You are talking about potentially 50,000 people a year. It is on an unimaginable and wholly unreported scale.
Q
Graham Barrow: No, and there are a whole range of reasons why, one of which is that you would need to identify the problem in the first place in order to understand that it is an offence. How do you deal with thousands of weekly company registrations that are clearly breaching the false declaration rules? It would overwhelm you. I think one of the conversations we probably need to have is that you are not going to address the problem instantly.
One of the things that will happen when this legislation is enacted—and I am massively supportive of it—is that company registrations will fall off a cliff to begin with. At this point, I do not think people realise just how many registrations currently would just not go ahead because it is not worth meeting, or they will not meet, those requirements. Will it have an economic impact? Absolutely not, because none of them were ever set up to do anything commercially relevant in the first place. I would not worry about it, but I do worry that the reaction to potentially a 30% or 40% drop in company registrations may force people to start rethinking the tenets of this, but they should not. I do not think you will see any economic consequences.
Q
Graham Barrow: I think there have been a couple of opportunities missed. You have been talking about PSCs, but what I have not heard yet is the fact that there is no minimum age to be a PSC. That is an issue, because you can be a shareholder and PSC at the age of zero. I do not know how you going enforce the identification verification for somebody who has absolutely no documentation. I do not see that addressed in the Bill. That is my first point. Secondly, I see nothing in the Bill to address statements of capital. I think that is problematic. At the moment the record is held by a gentleman from Equatorial Guinea who registered a company with £670 trillion of capital. That is a pretty neat trick, because that is 10 times the global GDP.
The other one that worries me, and this is something that I would like to talk about, is burner companies. That is a phrase that I have come up with; it means companies that start out with no long-term use whatsoever. There are elements within the Bill that allow grace days for conforming with requirements. If you are a burner company, it is fantastic because you have no intention of conforming. All you need, effectively, is to get that registration document to do whatever it is you want to do with it—and there are a range of things that you might what to do with it—and then you have no further use for it. Allowing grace days for conformance is potentially problematic. Those are my top three. I am not going go down the route of allowing CSPs—that has been done to death. It is obvious that it is a difficulty because you have no history of assertive regulation outside of the FCA and banks. We are aware that has not worked desperately well by the level of fines that are being administered. I think there is a bit of a hit-and-hope model, which in the end is unlikely to translate into any sort of useful outcome.
I have asked for the volume to be increased, because I know that some Members are struggling to hear.
Graham Barrow: I will move my microphone closer.
Yes, if you could speak directly into your microphone, we would be very grateful.
Q
Graham Barrow: Absolutely. What I am looking at is probably not even 5% of what I could look at in terms of suspicious activity and red flags. I have not the hours in the day; bear in mind that I do not get paid for any of this, so it is a labour of love, or whatever. There is a sensible answer, which is that we are now in a world where data is manipulated really easily and in bulk. Therefore, something that my company has done is to design algorithms that looks at clusters of red flags. If all we look at, Dame Margaret, is red flags, we are going to be overwhelmed. We have to accept that we cannot address every issue straightaway, which means that we need to look at clusters of red flags, which, taken together, can indicate significant organised crime or corruption that is being utilised through the formation of companies.
This year I have seen one organised crime group create about 1,500 companies, using data that they have stolen from two major global organisations. These are HR files, so the data is replete with all the personal information of those employees, who have then found themselves directors of companies that have been registered to empty shops, which have then been used to access banking, particularly overdrafts or other banking credit. There are about 1,500 companies, and the average overdraft might be £5,000 to £8,000; you do not need too many of them to be successful to understand that millions of pounds are being extorted or fraudulently obtained from banks through this ease of use.
Something else that is really important is the ID&V piece. If you have stolen ID&V data from, for example, a company’s HR files, the implementation of proof of life at the same time—that is, you do not just have the documents, but can prove it is you by having some form of selfie or other real-time interaction—is vital, because these people do not just set up companies; they open banking with them. Banks can be criticised, but they do an awful lot more due diligence than Companies House. If these people are opening bank accounts, the ID&V they currently have is clearly high quality. We must bear that in mind.
Q
Graham Barrow: Probably not. We have done some analysis of phoenix companies. For example, I think that something like 30,000 companies on Companies House have changed their name for fewer than seven days and then changed it back to its original name. That is a variety of phoenixing by which you disappear from your company name for a few days and then come back again. As you will probably know, Gavin, every year on Companies House there are thousands of proper phoenix companies—those that have dissolved and reopened, either geographically close or at the same address with virtually the same name. It is a real issue, and it is part of the whole broader issue of company name observations. There was a piece on “You and Yours” on Radio 4 a few weeks ago about a lady who had Asda Ltd registered to her terraced house in Huddersfield. She received 7 kg of post and all sorts of other things, and bailiffs turned up at her door.
The Bill does include the ability for Companies House to reject similar names, but if you have 3,000 companies a day—and that extends to companies across the world that may have similarities—I do not see how you are going to enforce that reasonably. There is just too much volume and too many potential comparative data points to compare them to. That is a huge issue, and one that inserting a little bit of friction between application and registration would help to address. At the moment, the focus is entirely on speed of getting on to the register. Putting in a bit of friction to do some proper checking would be a good idea.
Q
Graham Barrow: Being clear that a company will not be allowed on to the register until those full checks have been made would be one. I would also be a lot stricter about the ability for people to register a company that has significant similarities to a previously registered and dissolved company. That may need a bit of crafting, in terms of the words, but I do not think that is beyond the wit and wisdom of people.
Companies House refused to dissolve or eject Asda Ltd because it was not close enough to Asda Stores Ltd, which is the actual name of the well-known supermarket. That seemed to be a bit of a nonsense. I am not saying that Companies House did not apply the law correctly; it suggests the law is not very good in terms of the intellectual capital.
There is a guy in Cheam who has legitimately registered Renault Ltd, Volkswagen Ltd, Adidas Ltd and Asda Ltd—which he re-registered after Asda Ltd in Huddersfield got struck off. That is simply nonsense. Intellectual capital is clearly being compromised by those registrations, yet we do not currently have the powers to deal with it. I know there is wording in the Bill on this. Obviously, the proof of the pudding is in the application of that, but I would like to see it tightened.
Q
Graham Barrow: I guess the Bill is trying to assist by not allowing that to happen in the first place. That is the premise, is it not—that you should not be able to get somebody without their clear permission?
Q
Graham Barrow: That is a difficult one to answer, because very often the address that appears on the public register is not their own address. However, it is potentially likely that a residential address appears on the non-public aspect of the register, because that is often the conduit for getting access to banking, as they will do electronic identification checks against somebody’s residential address rather than other elements.
At the moment, there is one piece that is rightly hidden from public view, which is the director’s residential address. That is almost certainly used by criminals where they have access to it, because that opens up access to banking. If we are not successful in stopping fraudulent use of directors’ names and addresses, the Bill needs to be looked at carefully in its ability to give redress to that, without, of course, allowing people with rather ulterior motives trying to remove legitimate directors because they have some sort of vendetta.
We should always remind ourselves that, in our attempts to correct all of the bad stuff, we must not make it possible for people to use those corrections to then make life harder for the people who are doing the job legitimately. That is an ongoing discussion, I think.
Q
Graham Barrow: That is kind. You must understand that I am a private citizen, so I do not have access to huge swathes of information that I would love to be able to get hold of to give a much rounder view of that. Companies House, of course, does, so there are some interesting things that it will have, such as email addresses, IP addresses and credit card details.
There are some important provisos there. Do not allow people to pay for their enrolment through a pre-paid credit card. That would be a bad thing. Do not allow people to apply through a virtual private network—a VPN. That would be a bad thing. Do not allow people to apply through something like Proton Mail or an encrypted mail account. That would be a bad thing. What we need is transparency in all those things so that we can aggregate that data with, for example, data from His Majesty’s Revenue and Customs, voter roll data and other data, to get a much more rounded picture of people who are applying for company directorships.
Now, that only works here in the UK. It is worth bearing in mind that about 150,000 company incorporations every year emanate from outside the UK. That adds further difficulty. There were 50,000 applications from China last year, so that is clearly a problem. Incidentally, those numbers soared after China banned cryptocurrency at the end of September last year. There was an extremely easy to observe uptick in UK corporate registrations from Chinese individuals.
The Bill will start to address such a range of issues. I think it will be the first of many if we are really going to make our corporate environment safe and secure, and start tackling economic crime and the abuse.
Q
Graham Barrow: No. I am saying that for the purpose of registering a company in the UK, you should not be afforded that benefit.
I understand the distinction. I just wanted to make the point. As you can understand, it would raise other difficulties.
Graham Barrow: Absolutely.
Q
Graham Barrow: They are good friends.
They are brilliant. These people are quite literally on the frontline of our democracy, defending our freedom by defending our corporate integrities. Their work is extraordinary important. I would be grateful if you would say a little bit more about shell companies.
Graham Barrow: I count all those people as friends. Oliver and I exchange daily emails. We work very closely together. The last time we met was on a bus.
I should put on the record that he is a friend of mine as well.
Of lots of us around the table.
Graham Barrow: Shell companies are containers. Effectively, it is a container for assets. They are used in a whole variety of ways. They are used, clearly, as conduits for corrupt and criminal funds to be moved around the world. They are also used just as a container to access banking and do as I have just described—a one-off hit to get a bank account open and get an overdraft.
I have seen physical evidence of a company being incorporated to an address of somebody in Cardiff who knows nothing about it; on the same day, they open a bank account with one of our high street banks, and on the same day, they remove the automatic £8,000 overdraft that came with that bank account. Then they disappear, and of course it turns out that they were untraceable because none of the details they provided were real. That is a shell company, because that is not doing any normal commercial activity.
The Committee mentioned addresses earlier. I am sure some members of the Committee will know that there are addresses in central London that are home to 100,000 companies. That is clearly a matter of concern, particularly with the proportion of those companies that are registered from some of the more remote parts of the world—places you would struggle to find on a map—that concentrate at those addresses.
We need to be quite clear about the legitimate use of corporate service provider addresses. Some of our banks now provide that as a service. That is fine. There is one firm that offers this thing called a non-resident package, which should immediately make your ears prick up. Somebody from outside the country can register a business and be given the business bank account for a fixed fee. That bothers me hugely, because it makes me ask why.
The thing about shell companies is that they are not always easy to identify at the point of incorporation. We are getting very good at it, but it is still not an exact science. It is about lifetime analysis of a company’s behaviour, as well as some of the red flags that are raised at the point of incorporation.
Q
Graham Barrow: It probably does not assist me an awful lot, because I do not have access to a lot of the other data that particularly members of JMLIT, and other law enforcement and Government organisations, have access to. As a private citizen, I will not have access to that much more information. That is probably a good thing, because I am already drowning in information. For a man who is going to be 70 next birthday, it is not exactly the retirement that I had planned. In a way, I think the best thing I can do is help to inform and educate others so that as the Bill starts to generate that information, some of which I will not be privy to, I can at least help people to understand better how to analyse and aggregate that information to extract signals.
Ultimately, there will be too much information to do everything with, so it is about how we organise ourselves, particularly at the point of incorporation, so that instead of waiting for a problem and going back to see how it happened, we identify that problem in the process of being set up, and start proactively managing the people who are part of organised crime or corruption and are using or abusing Companies House to do that. We have never done that before, to the best of my knowledge, but we are now in a situation where we can start doing it.
Q
Graham Barrow: Dame Margaret, you ask me a tricky question because I worked at Deutsche Bank, and some of what I know is privileged and I cannot talk about it. In fact, my work in Deutsche Bank is what has led me to be sitting here, because it was while I was there working on the Russian mirror trades that I realised that two completely different firms had filed exactly the same set of accounts—identical accounts—signed by the same person. My rather naive reaction then was, “How on earth did this happen?” I know better now. That person’s name is in the public domain: it is Ali Moulaye. He is a dentist who currently lives in Belgium and has been written about frequently. I kind of discovered him, in a way. He has signed more than 10,000 sets of accounts on Companies House on behalf of at least 2,500 limited liability partnerships, a significant proportion of which have, sadly, been named as being involved in various laundromats.
One issue was that all those accounts were filed on paper and were then scanned in as an image, not as a machine-readable document. That is a really big disadvantage, because it prevents people such as me, or those with access to clever technology, from reading those documents into artificial intelligence engines and performing deeper analysis on them. It is a very difficult problem. It would be a wonderful thing—although I suspect quite labour intensive—to retrospectively digitise all those old PDFs, because there is a huge wealth of intelligence still residing in them that we truly do not understand. That is also very much true of limited partnerships, which still can only file on paper. The only way to incorporate a limited partnership is on a paper application. That makes reading the data on those registration forms extremely difficult, which is why lots of it has remained hidden for so long.
If there are no further questions from Members, I thank the witness; Graham, thank you very much for your time.