The Bank of England’s response to the Department for digital, culture, media and sport

Introduction

The Bank is supportive of the Government taking the lead to set a national data strategy. The development of a unified approach to data is equivalent to public infrastructure, with the widespread adoption of best practices a public good. These attributes point to the need for a central co-ordinating body to develop data standards, skills and enablers in the national interest, rather than leaving this to the market and risking the emergence of a fragmented and inefficient approach to data usage. We agree that the Government should be that co-ordinating body. Data is becoming ever more important to the effective provision of public services, as well as transforming a range of industries in the private sector; it therefore has the potential to bring about broad economic and societal benefits across the UK. The Government is uniquely positioned at the confluence of these varied stakeholders, interests and use cases to develop hard and soft data infrastructure. It will be essential to develop this infrastructure in a manner that respects privacy and protects sensitive data.

In responding to this consultation, we note that the Government is seeking to consult with ‘policy organisations with a particular interest in the role of data in the economy and society’ – which clearly applies to the Bank. The Bank will itself operate within a future data framework when using data to carry out its core functions. And it will continue to shape the financial system’s interaction with data through its control over hard and soft infrastructure. While it recognises the importance of all the questions posed in the consultation, the Bank has only offered answers to those questions where it feels it has the most to add to the consultation, in light of its policy objectives and activities. Specifically, the Bank has three distinct areas of interest in data.

First, the Bank uses data in its core activities to achieve its objectives. The Bank is dependent on access to high quality and timely data in order to monitor, and reach policy decisions on, monetary and financial stability and the safety and soundness of firms. It therefore needs the right data infrastructure to be in place to facilitate this. Data is also at the heart of its monetary policy, markets and banking operations. Activities as diverse as forecasting inflation, supervising liquidity requirements for firms, stress-testing the banking system, publishing the sterling risk-free reference rate, and settling wholesale payments are all driven by data. Here, the Bank is particularly interested in the National Data Strategy (NDS) missions of ensuring the security and resilience of the infrastructure on which data relies, and championing the international flow of data.

Second, the wider financial system which the Bank strives to safeguard is also reliant on data. The degree to which data can be shared effectively, securely, and in a resilient way is of critical importance to the functioning of firms the Bank directly supervises, ie banks, insurers, and financial market infrastructures. Data is core to the provision of financial services to the real economy: monitoring financial markets, making lending decisions, modelling risk, and processing transactions are all reliant on data. Data security and the operational resilience of financial institutions contribute to public trust in the stability of the financial system, and so the Bank has a clear interest in the data standards that develop in the wider financial ecosystem. Here, the Bank is particularly interested in the NDS missions of unlocking the value of data across the economy, securing a pro-growth and trusted data regime, and ensuring the security and resilience of the infrastructure on which data relies.

Third, the Bank can make a meaningful contribution to the debate on a national data infrastructure. It has its own vision for the future of the financial system, as well as expertise in data and innovation. The Prudential Regulation Authority (PRA) has a secondary objective to act in a way which facilitates effective competition in the markets for services provided by PRA-authorised firms, while the Bank’s secondary objective is to support the economic policy of the government including its objectives for growth and employment. Taken together with the Bank’s experience in leveraging (often sensitive) data and its keen interest in financial innovation, the Bank can provide valuable insights and thought leadership on how to harness data for wider economic benefits. The Bank’s strategy in response to the ‘Future of Finance’ report is to enable innovation and empower competition by reforming its hard and soft infrastructure. The Bank is already showing leadership on the effective use of data in the financial system and it should contribute its expertise and vision to the broader data conversation. For example, we are working to enable richer data in payments through adoption of ISO 20022 payment messaging standards, as well as using ISO 20022 methodology for sterling money market data collection. We are working with market participants to catalyse reform in post-trade processes and unlock the potential of post-trade data. We are also promoting adoption of the Legal Entity Identifier (LEI) in sterling payments – the only globally unique identifier for legal entities, commissioned by charter by G20 finance ministers and central bank governors in 2012. And we are championing an open platform for small and medium-sized enterprises (SMEs) finance and striving to deliver a world-class data and regtech strategy. Here, the Bank is particularly interested in the NDS missions of unlocking the value of data across the economy, securing a pro-growth and trusted data regime, and transforming government’s use of data to drive efficiency and improve public services.

Response to consultation questions

The Bank strongly agrees with this statement. The NDS missions resonate with the Bank and our involvement with data. As stated in our introductory remarks, the Bank uses data in its core activities to achieve its objectives. This requires secure and resilient data infrastructure (Mission 4) and the international flow of data (Mission 5). Secondly, data is core to the provision of financial services to the real economy by banks, insurers, and financial market infrastructures. These activities require unlocking the value of data across the economy (Mission 1), maintaining a pro-growth and trusted data regime (Mission 2), and ensuring the security and resilience of the infrastructure on which data relies (Mission 4). Finally, the Bank has a vision for the future of the financial system. This speaks to unlocking the value of data across the economy (Mission 1), maintaining a pro-growth and trusted data regime (Mission 2), and transforming government’s use of data to drive efficiency and improve public services (Mission 3).

During the pandemic, macroeconomic variables have moved quickly and by large magnitudes. Given the publication lags for official data this has led to a greater emphasis on higher-frequency and/or more timely measures to track the economic impact of the pandemic and gauge the state of the economy in real time, helping policymakers to make more timely and informed decisions. The Bank has made intensive use of these newer and more novel sources of data, as discussed in a recent Bank Underground article: Covid-19 briefing: tracking economic variables in real time.

There have, though, been some areas where data could have been used more effectively to deliver public benefits. For example, better access to data could have sped up the distribution of Coronavirus Business Interruption Loans (CBILS) to small and medium-sized enterprises (SMEs). Given the scale and immediacy of demand, lenders struggled to access, verify and process SME data quickly enough to keep pace and enable timely lending decisions at the height of the pandemic. Acknowledging these frictions, the Government’s successor scheme (Bounce Back Loan Scheme, or BBLS) offered a 100% guarantee and eliminated most of the data requirements, enabling nearly 20 times more loans than CBILS.

There have been multiple challenges around accessing SME data for these schemes. First, it was challenging for lenders to verify the identities of SMEs, in order to prevent fraudulent applications from SMEs that did not exist, or multiple applications from the same SME. The use of LEIs could have aided in enabling identification of firms as well as understanding the network of loan exposures. Second, it has been difficult for lenders to verify the recent financial performance of SMEs. Better SME financial data could have helped lenders to focus funds on healthy, financially active SMEs, and to avoid lending to financially unviable businesses. The Open Data Platform proposed by the Bank could have helped here. Building on Open Banking and accounting software APIs, it would have provided SMEs with a portable credit file comprising of varied and up-to-date information on their business performance. Third, lenders were more comfortable lending to existing customers because of the above reasons. This increased the risk that some SMEs became frozen out of government lending if they banked with firms that were not part of BBLS or CBILS. Again, a portable credit file would have helped here, by enabling SMEs to demonstrate their creditworthiness to other lenders which did not already have their current account data.

Finally, the Government could produce open data sets and easily accessible data dashboards for other topics, or even other crises, as it has done with Covid-19 case data.

The Bank does not have visibility of data use in all of the sectors listed. We can comment on financial and insurance activities, which in turn interact with the data available in other industries. For example, data is gathered from virtually all these sectors by insurance companies: that data can in turn be used to provide information on many aspects of the UK economy. We see much to gain from better data availability in the financial services sector. And given that financial services are central to any modern economy, the effective use of data in this sector has wider benefits. The degree to which data can be shared effectively, securely, and in a resilient way is of critical importance to the functioning of the whole economy. Financial activities such as monitoring financial markets, making lending decisions, modelling risk, and processing transactions are all reliant on the availability of quality data. If leveraged properly the benefits of better data in finance will be felt by businesses in all sectors, all of whom need to engage with banking and insurance in some form. These benefits could manifest as better access to credit, lower finance costs, better detection of financial crime and other efficiency savings.

Improved standardisation and use of data would also yield benefits for the global economy. For example, improved international standardisation of data is a key element of the G20-endorsed roadmap for enhancing cross-border payments, which has potential worldwide benefits for international trade, global development and financial inclusion.

Finally, as the experience of Open Banking has shown, opening up access to data can act as a catalyst for innovation, as well as encouraging greater competition.

The Bank thinks that, where possible, the Government should make important and non-sensitive government data available to the wider economy, in a standardised way. This must be done with careful regard to privacy and data protection, and in accordance with applicable data protection legislation. Some examples where we believe this would be beneficial are:

• Sharing of identity verification information. This would ensure that ID credentials that are issued by government, and digital identities built on top of them, can be checked quickly and easily by the public and private sector. This will facilitate smooth on-boarding of new users of public services or new customers for new products, and boost financial inclusion. The Government could build on the Passport Office’s Document Checking Service pilot and communicate how this could be rolled out more widely.
• Sharing of data around businesses, and in particular SMEs. The Government should investigate making government data around tax liabilities available to SMEs and financial institutions (with the permission of the SME), to help lenders build up a richer picture of SME creditworthiness.
• Richer Companies House data. The Bank welcomes the proposals in the Companies House response to its call for evidence on register reform, such as International Securities Identification Number (ISIN) and LEI inclusion in the Companies House data set for specific use cases. We would also suggest extending the inclusion of the LEI and ISIN in the Companies House data set for all companies. Data on group structures would also be helpful.
• Sharing data used for KYC/AML and credit risk assessment, in accordance with applicable data protection legislation. This includes data on individuals’ income such as tax and benefits, or individuals’ criminal data such as County Court Judgements, as well as firm fines and corporate data.

In support of monetary and financial stability, the Bank conducts research on the UK economy and financial system. In doing so, the Bank benefits from the availability of government data, but notes that common standards could help to make this data easier to access and analyse. There is significant variation in the ease with which data can be accessed by researchers at different institutions. And in the Bank’s experience, when a research project requires analysis of two data sets from two different organisations, the lack of standardisation can make merging these data sets very challenging indeed. Therefore the Bank would encourage the Government to explore the establishment of a single centre of expertise on the curation of national data sets. This organisation could help public sector, academic and private sector users to access cleaned, anonymised data sets for research purposes. Where appropriate, it could also join different administrative data sets together.

More generally, the sharing of open data publications across all sectors and industries could be useful. These open data sets should use common standards, identifiers or code lists to enable better linking, mapping and re-use. Greater uniformity in the data published across government departments would make such data easier to consume. And developing and adopting standards for government data could also help the private sector to make non-government data available in a standardised way. There could be some guiding principles based on transparency, democracy and right to privacy underlying these open data sets. Sectors that require high transparency and therefore high levels of scrutiny may benefit from more open data approaches. Sectors which deal with personal data should have all the relevant protections in place before pursuing open data approaches, ensuring compliance with data protection legislation.

We strongly agree with this statement, because the private sector may lack the incentives and/or the co-ordinating mechanisms in the short term to develop these standards effectively. Data standards are costly to implement in the short term, and the benefits may not accrue directly and immediately to the stakeholders that incur those costs. But standards have significant benefits in the long term if widely adopted, and those benefits continue to grow due to network effects.

We therefore think that public sector intervention is likely to be required, to address three risks in particular. First, the risk that the private sector fails to develop standards at all. Second, the risk that even if the private sector does take on this task, the lack of a central, co-ordinating body leads to fragmented standards adoption which is highly inefficient and expensive. And third, the risk that private standards adoption – as opposed to open standards – leads to the creation of monopoly rents.

The Bank sees an important role for the Government in mandating a ‘level playing field’ of common data foundations, beginning with the most basic data elements such as identifiers. Those common data foundations can then foster innovation in the digital economy. As we discuss in response to question 12, the Government should also champion the development of global standards to ensure international co-operation and interoperability. It must also educate businesses and the general public on the existence of these data foundations, to encourage usage and trust of data.

The Bank suggests the Government should leverage data to help SMEs gain access to funding, tackling the long-standing SME funding gap. To do so, it should make government data – such as passport and tax return data – available, with the consent of the SME, to lenders, to support SMEs’ applications for credit. This should form one part of wider support for an Open Data Platform for SME finance. The Open Data Platform would provide a standardised means of permissioned sharing of data about businesses. The platform would run as a decentralised network of data providers using a standardised set of APIs. At a practical level this would mean an SME could, at the touch of a button, permission an API call to a handful of data providers to instantly share specified data fields with a third party, such as a lender. This would enable SMEs and lenders to quickly and easily harness a variety of data to build a richer picture of SMEs’ financial performance and creditworthiness. We would encourage the Government to lead industry agreement on the standards and APIs that could underpin the Open Data Platform.

We would also encourage the Government to consider steps to promote wider adoption of LEIs among businesses, eg enabling corporates to easily register for LEIs. As part of this, we would encourage the Government to consider whether it can play a role in the issuance process. The Bank’s long-term ambition is for each of the six million UK SMEs to have their own unique identifier to enable them to move seamlessly around the financial system.

Furthermore, the Government should continue to advocate for the digitisation of SMEs through schemes such as HMRC’s Making Tax Digital, as well as through developing digital skills. In order to become a ‘digital-first’ country, public understanding of data, and trust in data, is paramount. This includes developing guidance on why certain data and data standards are important. The Government should consider increasing public communications around data, and the opportunities and risks that it brings, to bring these topics into public discourse in the same way as cyber-security.

The Bank welcomes BEIS’s work to co-ordinate Smart Data initiatives across sectors. We agree that it is important to ensure the interoperability of new Smart Data initiatives, so that consumers can pull relevant data from their activities in one sector to access new products or services in another sector.

In this context it is important that consumers are able to identify themselves easily to businesses online, and connect their identity to their data. Therefore we would stress the importance of ensuring the interoperability of any new Smart Data initiatives with emerging digital ID initiatives. A successful Smart Data system would provide a smooth end-to-end customer experience, from verifying the identity of the end user, through to data sharing with a range of third-party providers, and eventually to on-boarding with the provider of a new product or service. Seamless identity verification is therefore a crucial element of enabling consumers to put their data to work for them in search of new products and services, thereby facilitating greater competition and innovation in the digital economy.

The Government also has a role to play in encouraging adoption of Smart Data initiatives. On the consumer side, it is important to educate and inform consumers on how their data can be put to use for them – this is key before any technology deployment. Part of this is also about allaying concerns consumers may have around sharing their personal data, by ensuring that regulations and guidance on consumer data usage are robust, transparent, well understood and trusted by consumers. On the business side, government has a role to play in mandating or encouraging businesses to introduce Smart Data initiatives. While the introduction of Open Banking was mandatory for the largest UK banks, the Government may choose not to mandate Smart Data initiatives for other industries. In this case, the Government could consider further pilot schemes to prove the benefits of Smart Data initiatives in new sectors, thereby encouraging businesses to establish such schemes voluntarily. In doing so it should learn from the experience of Open Banking (where adoption was slow at first but is now accelerating), to understand the cultural change required for new Smart Data initiatives to be successful within a given timeframe.

The Bank neither agrees nor disagrees on the objectives for the CDEI. We would, though, ask for clarity on the roles and responsibilities of the CDEI, especially in relation to the Office for AI and the ICO, to avoid the risk of overlap between these three entities.

One activity that the CDEI (or one of these entities) could helpfully undertake would be to take a cross-industry view of AI and data regulation. There is a risk that data and applications of AI are treated differently across different industries, and to mitigate this it would be beneficial to have a central body that understands and maps regulatory frameworks across the economy. We also ask for clarity on what ‘AI monitoring’ means in practice. For example, which aspects of AI would be monitored and why, how this monitoring would be carried out, what outputs would be produced, and what types of actions the CDEI or others would take to respond to their findings.

In general, we see value in bestowing statutory status on important authorities to empower them to have greater impact in their field and to do so independently. But we cannot form a view on this question until there is some greater clarity around the CDEI’s role and remit, as explained above.

The Bank agrees that it is important to enable better sharing of data between government departments. We suggest a number of actions to make that happen.

The Government should champion the development of global standards – the data infrastructure of the digital age. The Government should take action to help the development and adoption of such standards. On development, the Government should vocally support ongoing initiatives to develop standards, such as the LEI. On adoption, it should embed the use of such standards in its own systems, mandate the external use of global standards when it creates policy (such as when it mandates the reporting and disclosure of data), and call for the adoption of key standards in other jurisdictions.

The Government should start with global standards that identify common concepts in data – like legal entities, individuals or products. These standards allow government to link data sets on the same entity across government bodies and external data sources.

The Government should build on identifier work by championing content standards that define what data is or what it means. For instance, the financial sector could benefit from common standards to define and identify concepts such as the ‘loan amount’ of a mortgage. This would enable the Government and external bodies to merge and consolidate the same data but for different entities from multiple sources. This would help regulatory and statistical bodies, like the Bank, to efficiently merge and consolidate data from the multiple firms they regulate or interact with. The Government could start by using its soft power. It could call for the development of standards in industries, like the financial sector, where in large part they do not exist. It could go further by recognising the role law and regulation can play in defining the content of data.

The Government should consider standardising the format it uses for reporting and disclosure of data. This work should sit alongside efforts to de-duplicate data requests. Schemes like ‘Standard Business Reporting’ (SBR) which operate in the Netherlands and Australia have generated cost savings and process efficiencies for the public and private sector. For example the Australian Tax Office projected savings of US$1.1 billion in 2015/16 as a result of SBR. In the Netherlands, ING Bank passes savings on to their customers when they use SBR processes. Enabling individuals and businesses to file their information once and have it re-used across government will avoid duplication of effort for both government and the end-users of public services.

The Government can also influence how its data is used internally and in the wider economy. Publishing data wherever appropriate, and in an accessible manner, will enable users with varying levels of expertise to interact with and use the data. And ensuring that government data is of superior quality, free of bias and compliant with common standards is critical before advanced analytical methods can be applied. An AI assisted public sector and wider use of AI can only develop with the right data foundations in place. In this context, the Government should be mindful of key principles emerging in the field of data ethics, such as an increased focus on risk management and ethics, and giving due consideration to data privacy, legal risks and regulatory compliance at all times.

As per our previous answer, we would recommend prioritising standard identifiers. Identifiers allow data to be linked across and within the private and public sectors.

As already mentioned, public sector usage of the globally unique LEI should be a top priority, in line with global commitments made by G20 finance ministers and central bank governors. This does not preclude the use of the UK’s Companies House number, but instead enriches it by enabling linkage and mapping to other data sets.

We would encourage wider public sector usage of other financial sector identifiers such as the International Securities Identification Number (ISIN), Unique Product Identifier (UPI) and Unique Transaction Identifier (UTI) where appropriate. For example, ISIN is mentioned in the Companies House register reform consultation to enrich published data sets and enable better mapping.

The Government should support Bank, Financial Conduct Authority (FCA) and financial industry initiatives to develop content standards for financial data. Historically standards have developed in wholesale markets to facilitate electronic trading and settlement (such as FpML and FIX). The financial sector needs a broader set of standards that can be used for a wider set of use cases, including reporting to regulators. The need for a private/public partnership to deliver these standards is a key message from our forthcoming data collection review.

Finally, the Government should promote business reporting and financial reporting standards that enable both human and machine readable reports. The public and private sectors have worked together to establish technical exchange standards for the exchange of financial and business information, eg extensible business reporting language (XBRL). XBRL is used in the UK by Companies House, HMRC, The Bank of England, FCA and the Charities Commission. XBRL facilitates the digitisation of company disclosures as well as supporting a common global approach to publishing and exchanging financial information in both human and machine readable form. The UK has been the lead contributor to the development of this standard and other countries around the world should be encouraged to adopt this approach. XBRL is also used in the Standard Business Reporting programmes mentioned earlier in our response.

The Bank thinks that the National Cyber Security Centre (NCSC) guidance constitutes best practice for security and resilience, and should therefore be widely followed across the UK. The NCSC has developed advice for all members of society, from individuals to large businesses and the public sector. Its guidance therefore varies depending on the scope of data activities. For example, at a basic level, the NCSC’s ‘10 Steps to Cyber Security’ can be applied, whereas for larger organisations, there is specific NCSC guidance on protecting bulk personal data. Finally, vitally important services and activities are subject to the Cyber Assessment Framework and guidance.

Beyond the NCSC, evidence of ISO 27001 and SOC 2 certification is the gold standard for systems with significant data security risks.

For personal data, the ICO is clear on the responsibilities of data controllers and processors.

Government and regulators should set recommendations and expectations around which players should seek industry certification for secure and resilient infrastructure. This will vary according to the nature of the data and risks around it.