Understanding corporate networks. Part 3: where’s the data?

What is a subsidiary? What do we mean by control? In Part 2 of this series on understanding corporate networks, I explored these questions and how they are answered by regulatory regimes around the world.

It’s one thing to define “control” in the regulations and accounting standards; however, without disclosure, we can’t begin to map corporate networks, which here at OpenCorporates we’re pretty focused on. So where can we find the data?

The obligation to list consolidated entities

In the UK, the situation is surprisingly good… in theory. The UK regulations require every company to disclose its subsidiaries in their annual accounts, which must be submitted to the UK corporate registry each year.

The regulations allow an exemption on grounds of “excessive length”, which companies with large networks invariably adopt; however, they must report a full list of subsidiaries at a later date. This list is typically provided as an annexe to the annual return (rather than the accounts); for example, a full list of Tesco PLC’s subsidiaries can be seen pasted at the end of this document (spoiler alert: it’s a poor-quality scanned image of a table turned on its side!). This complicated picture is made much worse, however, by basic non-compliance: according to some research, 30% of all UK Companies are not asked to submit returns by the regulators.

In the rest of Europe, the situation varies. The good news is that under EU regulations, every member state must collect (and make available) annual accounts from companies. The bad news is that national accounting practices vary considerably. (It’s also a problem for open data that most countries in the EU opt to charge for access to this information – you can see how they compare in our Open Company Data Index.)

The light at the end of the tunnel is the International Financial Reporting Standard (IFRS).  All listed companies in the EU must use IFRS, and countries around the world are increasingly converging on this standard. A recent update to IFRS, due to come into effect in 2014, requires a parent to disclose information about all its subsidiaries and related entities.

In the US, however, the situation is not so good: under US GAAP there is no requirement to provide a list of subsidiaries, and the signs that the authorities are moving with the rest of the world towards IFRS are patchy. So how can we find out anything about corporate networks in the US?

The SEC to the rescue… or not?

In the US, the Securities and Exchange Commission exists to protect investors and ensure an efficient, fair market.  It requires large, listed companies to disclose meaningful financial information to the public, including annual accounts (not so useful to us), and tables that list “significant subsidiaries” (which are potentially very useful).

Here’s one such list of significant subsidiaries, as an example:

A list of subsidiaries in an SEC filing
A list of subsidiaries in an SEC filing

Because annual accounts in the US don’t list subsidiaries, this makes SEC filings one of the most important sources of information about the corporate structure of large companies. However, this crucial source of subsidiary data seems to be drying up.

As we investigated last year with the Wall Street Journal, large companies like FedEx, Microsoft, and Raytheon are quietly dropping the number of subsidiaries they report, even while their corporate structures remain the same, or get more complicated. Google Inc, for example, reported more than 100 subsidiaries in 2009. In 2013, they reported two.

How is this possible? It’s not clear, but when asked, a Google spokesperson said the company is in compliance with SEC rules regarding the disclosure of subsidiaries.

When a company makes a filing, it is asked to list “significant subsidiaries”. There are four ways the regulations that define “significant subsidiaries” could be open to interpretation.

  • The definition of “subsidiary” is an affiliate controlled … directly, or indirectly through one or more intermediaries. As we’ve seen previously, the notion of control is slippery and open to interpretation.
  • The definition of “significant subsidiary” refers to a subsidiary, including its subsidiaries. This could be interpreted as saying that if Google Inc owns Google UK via Google Ireland, then only Google Ireland needs to be reported.
  • The regulations define “significant” in terms of financial flows between the subsidiary and the parent, with anything lower than a 10% threshold not being significant. It is possible to structure a company so that there are enough companies to split financial flows into small chunks, and in fact the larger the number of operations, the more likely it is that no single one reaches that 10% threshold.
  • These financial flows can exclude amounts attributable to any noncontrolling interests; again, open to a range of interpretations regarding control.
  • The guidance states that “information required by any item or other requirement of this form with respect to any foreign subsidiary may be omitted to the extent that the required disclosure would be detrimental to the registrant.”

So, while the UK and the EU have adopted clear regulations regarding the disclosure of subsidiaries, the situation in the US is not great, and appears to be getting worse: neither the US accounting standards, nor the SEC, requires a full list of subsidiaries (and of course, the filings are in the form of free text, often difficult to parse).

However, there is one area where we can still shine a light on US company networks: the financial sector.


Banks have been more strongly regulated than ordinary companies for quite a long time, and the regulatory regime in the US is particularly strong. It is overseen by the Federal Reserve, who are empowered by a raft of legislation (such as Regulation Y, the Bank Holding Company Act, and the Sarbanes-Oxley Act) to gather data whenever there are any structural changes to a banking group.

Much (but not all) of this data is made public on their website, and this is the source for the amazing corporate hierarchy visualisations we released a few months ago.

So how does this Federal Reserve data define “control”?

In Regulation Y, control is defined at a 25% voting equity threshold. It is also defined as “the power to exercise, directly or indirectly, a controlling influence … as determined by the board”. A similar definition is contained in the Bank Holding Company Act, and at least one court has stated that this can mean “the mere potential for manipulation of a bank”.

The Federal Reserve banking data is, therefore, the single best source of structured data that exists for companies in the US.  The information OpenCorporates is able to compile about bank hierarchies shows what could be possible if the data were opened up, especially when compared with the dwindling corporate structure available from the SEC.

Shopping for the most secret jurisdiction

It should come as no surprise that the reporting requirements regarding subsidiaries vary across the world. As we’ve seen, all companies in the UK must disclose their subsidiaries; all listed companies in the EU should report them from 2014; and large listed companies in the US should report “significant” ones.

What about the well-known tax havens? To take one example, the Cayman Islands don’t make any of the information they gather publicly available. They don’t require accounts from most companies, and where they do, they don’t mandate any particular accounting standards.

From the point of view of a company who doesn’t want to disclose its corporate structure, therefore, this is a great opportunity. From the point of view of an investor, consumer or regulator who needs to understand risk, this is a big problem.

There is one more option in our toolbox for reconstructing corporate networks: instead of looking at which entities a company controls, we can ask who controls a particular company.

Walking up the ancestors

The UK legislation, for example, requires the “ultimate parent company” of a company to be identified in the accounts. There can be several parents between the subsidiary and its ultimate parent that are not listed, but this can still give us valuable information.

Other legislation around the world requires companies to disclose who controls them. The Hong Kong Stock Exchange requires all the respective holding companies of a stock to be listed, right up to the ultimate parent company. For example, this filing shows that Tesco Investments Limited (in the Bahamas) controls a company called China ITS (Holdings) Co., Ltd. in Hong Kong, via four intermediary companies in the British Virgin Islands and the Cayman Islands. The BSE exchange in Mumbai requires similar disclosures.

There are likely to be new sources of “bottom-up” control data over the coming years. At the G8 summit in June 2013, the subject of “beneficial ownership” was high on the agenda (a “beneficial owner” is a person who ultimately controls a company). Consultation recently closed on plans to introduce a new register of beneficial owners for the UK, and the definition of control includes both narrow and broad definitions as discussed in Part 2.

We’re still at very early stages of gathering and aggregating this data, so watch this space. However, this piecemeal approach can only ever give partial pictures of the information, which is why we’re working with organisations like the World Bank Institute to open up corporate registers and change the way information like this is recorded.

In Part 4, I’ll recap and summarise the terminology and concepts explored so far, and show how they are represented in the OpenCorporates database.