TRADE, INVESTMENT AND COMPETITIVENESS TRADE, INVESTMENT AND COMPETITIVENESS EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT Data-Driven Company Registry GUIDANCE NOTE © 2022 International Bank for Reconstruction and Development / The World Bank 1818 H Street NW Washington DC 20433 Telephone: 202-473-1000 Internet: www.worldbank.org This work is a product of the staff of The World Bank with external contributions. The findings, interpretations, and conclusions expressed in this work do not necessarily reflect the views of The World Bank, its Board of Executive Directors, or the governments they represent. The World Bank does not guarantee the accuracy, completeness, or currency of the data included in this work and does not assume responsibility for any errors, omissions, or discrepancies in the information, or liability with respect to the use of or failure to use the information, methods, processes, or conclusions set forth. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of The World Bank concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Nothing herein shall constitute or be construed or considered to be a limitation upon or waiver of the privileges and immunities of The World Bank, all of which are specifically reserved. Rights and Permissions The material in this work is subject to copyright. Because The World Bank encourages dissemination of its knowledge, this work may be reproduced, in whole or in part, for noncommercial purposes as long as full attribution to this work is given. Any queries on rights and licenses, including subsidiary rights, should be addressed to World Bank Publications, The World Bank Group, 1818 H Street NW, Washington, DC 20433, USA; fax: 202-522-2625; e-mail: pubrights@worldbank.org. Cover and layout design: Diego Catto / www.diegocatto.com Acknowledgments The development of this work was led by Goran Vranic (Senior Private Sector Specialist) as author and Gabriel Martin Hernandez (Consultant) as co-author. The work was done under the general guidance and supervision of Asya Akhlaque (Practice Manager, Investment Climate Unit) and Sylvia Solf (Senior Private Sector Specialist, Investment Climate Unit). The case studies in Appendix 1 were based on the webinars on the use of emerging technologies for company registration delivered by the World Bank Group for Argentina, Cordoba company registry. The authors would like to thank Ernesto Franco- Temple (Senior Operations Officer) and Jessica Michelle Victor (Consultant) for their support in organizing the webinars, and Gerasimos Georgopoulos (Head of Company Law & Greek Business Register) and Carsten Ingerslev (Head of Advanced Analytics, Smart Government and Virk.dk at Danish Business Authority) for their presentations and inputs. The authors are grateful for the valuable peer review comments received from Josef Gasimov (Interim Administrator, Business and Professional Licensing Administration, and Superintendent of Corporations, Corporations Division at Department of Consumer and Regulatory Affairs of District of Columbia), Markus Kimani (Operations Officer), and Yan Liu (Economist). Nguyet Minh Nguyen (Program Assistant) provided administrative assistance. Design and editing were provided by Diego Catto Val and Susan Boulanger, respectively. Contents Executive Summary 6 Data-Driven Company Registry Defined 8 Summary of Key Policies 11 Key Functionalities 13 Transformational Roadmap 15 Appendix 1. Case Studies 18 Denmark 18 Key Policies 19 Implementation Considerations 21 Benefits Realized 23 Greece 24 Key Policies 25 Implementation Considerations 27 Benefits Realized 27 Appendix 2. Data-Driven Company Registry Functionalities 29 List of Acronyms AI Artificial intelligence AML Anti-money laundering BPM Business process management CMM Capability maturity model COTS Commercial off-the-shelf CTF Combating the financing of terrorism DBA Danish Business Authority DCED Donor Committee for Enterprise Development G2B Government to business GSB Government service bus HTML HyperText markup language IC Investment climate ICT Information and communications technology ID Identification IPF Investment policy financing JSON JavaScript object notation LLC Limited liability company ML Machine learning MSME Micro-, small-, and medium-sized enterprises RegTech Regulatory technology RUP Rational Unified Process WBG Word Bank Group XML Extensible markup language EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 5 Executive Summary The accelerated expansion of digital economy ecosystems mandates company registries to digitalize and connect to these ecosystems responding to new business dynamics. A company register belongs to a country base register and serves as the sole trusted source of information about companies.1 Through an initial company registration, a new company is born and receives a legal identity to operate in domestic and international markets. Frontier developments in the company registration domain involve fully automated real-time company registration, integrated company registry data, and emerging technologies for predictive analytics and fraud prevention. Company registries that achieve such advanced data use can be called data-driven company registries. Results of implementing data-driven company registries include duplicating new business density along with an increase in the annual revenue of company registries. Such results and increased revenues contribute to the sustainability of transformations and allow continuous improvements. Achieving data-driven company registries requires considerable effort to improve data management. Traditional company registration typically enables online processes by scanning unstructured documents. The data-driven approach demands that all such documents be replaced with structured data. The first step in this process is to design the company register’s mandatory data requirements, including input data from applicants as well as shared data from other agencies, such as tax and social security authorities. The design of data requirements is followed by initial data consolidation to improve data quality and rectify the status of companies. Improving data management thus becomes a continuous task for data-driven company registries. Some jurisdictions achieved significant automation of company registration procedures through digitalization. These approaches require minimum or no intervention from a company registrar to process applications and issue decisions on an initial registration or on registration changes. The utmost level of automation is a real-time company registration that fully eliminates any human interaction with the system by the registrar, meaning company registration cases are processed by a digital algorithm. Attaining such a level of automation requires data validation using high-quality company registry data, complementary data, and shared data exchanged between stakeholders. The real-time company registration switches the company registrar’s focus from checking and processing registration applications to continuously improving data management and AI algorithms. 1. “The law should provide that the business registry is established for the purposes of (a) Providing to a business an identity that is recognized by the enacting State; and (b) Receiving, storing, and making information in respect of registered businesses accessible to the public” (UNICITRAL 2019). EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 6 Real-time company registration requires fraud prevention mechanisms. Significant levels of simplification of company registration and removal of in-person interactions require improvement in fraud prevention and detection. Company registries have become key stakeholders in anti-money laundering and in combating the financing of terrorism (AML/CFT)2. Evolving approaches to fraud prevention require further development and integration of business databases, including general company registers data, financial accounts, registers of beneficial owners, and company ownership registers. The fraud prevention digital algorithms involve big data and the use of advanced techniques for data intelligence, including graph theory and AI/machine learning. The digitalization of a company registry requires a seamless cross-border digital identity. Jurisdictions are looking to simplify the onboarding for digital identity and the requirements for digital signature in the company registration procedures. Making company registration accessible for domestic and foreign founders and investors has become a mandatory improvement. Recent solutions involve the use of blockchain for digital business identity and online onboarding using biometrics and AI/machine learning for identity validation.3 Furthermore, some initiatives at the regional level aim to interconnect national business registers belonging to a region, allowing business intelligence through cross-border comparability of data and improving access to information on companies in a cross-border context.4 2. “The Danish Business Authority has the supervisory duty with the non-financial undertakings there are subject to the Anti-Money Laundering Act,” https://danishbusiness- authority.dk/money-laundering-and-terror-financing, accessed on July 15, 2022. 3. Marusic, Vranic (2021), “Is the Self-Sovereign Digital Identity the Future Digital Business Registry?” (blog), https://blogs.worldbank.org/psd/self-sovereign-digital-identity-fu- ture-digital-business-registry. 4. The Business Registers Interconnection System (BRIS) is a joint effort by EU governments and the European Commission to share information on companies in a cross-border context (see https://e-justice.europa.eu/489/EN/business_registers__search_for_a_company_in_the_eu?clang=en). In southeastern Europe, a system called BIFIDEX (Business and Financial Data Exchange) was established to enable extensive business intelligence by combining financial and statutory information from directly connected registry sources (see https://www.bifidex.com/en/about). EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 7 Data-Driven Company Registry Defined Data-driven organizations effectively and consistently use data in their decision-making processes across all levels of the organization. Organizations establish a data-driven culture through processes and systems to drive change and innovation, delight customers, and enhance employee productivity. Recent developments in company registries show that registry organizations embrace the data-driven model. Data-driven company registries embrace data-driven culture through regulations, procedures, and digital solutions for efficient company registry processes, trustworthy business data, and prevention of fraudulent behavior. Company registries worldwide are beginning to exploit the value of data. Greece implemented real-time company registration that allows fully automated application processing and issues registration decisions without human intervention (Figure 1). Denmark applies advanced data intelligence to prevent and identify frauds related to company registration and annual accounts. A recent survey of the company registries of 85 jurisdictions5 shows that 55 percent of entities are funded through customer fees versus government and other funding. Several jurisdictions have achieved a significant share of revenue from commercial services based on company registry data sharing, such as bulk data sharing or annual report data sharing.6 The revenue streams from such data monetization contribute to the self- sustainability of a company registry and support investments for the continuous modernization of registry services. 5. International Association of Commercial Administrators (2021), International Business Registers Report, available at https://app.powerbi.com/view?r=eyJrIjoiO- TQyMGY3ZmEtYmVkNC00ZmIwLWI3NGEtMzVlMGNkYTRlMmRlIiwidCI6IjU4Y2JkZGM0LWM3NGYtNDk1OC05ZjFiLWQzZWRiNGZmNmRlNSJ9&pageName=Report- Section. 6. Estonian Commercial Registry (RIK) established a price list for services that exploits data value. The price list is available at https://ariregister.rik.ee/est/pricelist. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 8 > > > FIGURE 1. Illustration of real-time company registration Registration processed with human intervention Decides s Automatic validation ervise Company cannot be done Sup Registrar Data validation/ AI algorithms Single Company Data sharing Applicant application register with external form Data entries are databases and automatically agencies validated Registration processed withouth human intervention Source: The authors. The table below (Table 1) shows a capability maturity model for a data-driven company registry. It shows how data is collected, transmitted, and analyzed to facilitate more efficient company registration and more accurate company data and to prevent of fraudulent behavior. > > > TA B L E 1 . Capability maturity model (CMM) towards data-driven company registries INITIAL REPEATABLE DEFINED MANAGED OPTIMIZING DATA Unstructured Simple application Single application Single application Single application COLLECTION documents form and form for company form and standard form and standard submitted unstructured registration articles of articles of for company documents incorporation incorporation registration DATA No data exchange Exchange of Data exchange Integrated Integrated TRANSMISSION documents (paper for integrated company data company data or scanned) company warehouse through warehouse/data registration data exchange lake allowing predictive modeling DATA Simple reports Ad hoc statistical Drill-down reports Statistical analysis Advanced data ANALYSIS (e.g., number of report and alerts of company analytics for real- new registrations) information and time registration basic forecasting and fraud prevention Source: The authors. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 9 The capability maturity level ranges from initial to optimizing, while the characteristics of each level are developed based on the analyzed case studies described in Appendix 1 and the authors’ experience supporting company registry transformation. The stages are as follows: 1. At the initial level, data is collected through unstructured documents submitted by companies to the registry; no data is exchanged between the involved stakeholders, and the analysis is rudimentary, mainly tracking the number of new companies registered. 2. At the repeatable level, a simple, specially designed application form for company registration is submitted, still accompanied by unstructured documents, exchanged between involved stakeholders on paper or as scanned documents; the process is ad hoc and does not standardize statistical reporting. 3. At the defined level, company registration involves a single application form with mandatory data requirements; requests from the company registry and other institutions (such as the Tax Authority) for information from applicants are not duplicated, and data in the company register is consolidated, allowing drill-down statistical reporting. 4. At the managed level, along with a single application form, standardized articles of incorporation with minimum content are designed to allow digital processes without the use of unstructured documents. The company data warehouse is implemented by combining general company data, financial accounts, and ownership data, allowing advanced statistical reporting and basic forecasting. 5. At the optimizing level, an advanced integrated company data warehouse or data lake is implemented, along with models allowing predictive modeling (such as graph theory or the AI/machine learning applied by the Danish Business Authority). This allows automated data to validate real-time company registration and prevent fraudulent behavior. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 10 Summary of Key Policies A crucial aspect of a data-driven company registry is interoperability between different data sources. Data quality relies on data sharing between stakeholders involved in the company registration procedure. Involved stakeholders and registers include the company registry authority, the tax authority, social security, business regulators, the natural persons register, the address register, commercial banks, and others. It is common that different administrations have their own business-related databases with different information. However, it is important that these databases be interoperable and that a mechanism be in place for sharing information between the databases. This allows real-time data validation and reduces the amount of input data required to perform the company registration. Reducing the input data requirements to a minimum and removing data duplication simplifies company registration. A good strategy to achieve this goal is to allow a single online point of contact that initiates, processes, and completes the company registration. In this way all information is gathered and managed at the same place, simplifying the procedures. For instance, in the case of Greece, implementation of an electronic one-stop shop (e-OSS) for business registration allows real-time registration of businesses. Another key aspect to simplify procedures is to allow articles of incorporation with minimum content. For instance, in the case of the Danish Business Authority (DBA), registration is performed directly by saving the input forms’ information as structured data in a database, thus removing the necessity of an article of incorporation. In the case of Greece, however, the articles of incorporation were simplified, with minimum content, and an online form is used that creates the articles using the data entries. In both cases, the simplified procedures allowed real-time business registration. A well-established framework for digital identification is also a crucial aspect of data- driven business registration. Allowing electronic signatures for digital identification promotes the use of digital means over traditional paper-based applications. Facilitating access to digital IDs with single sign-on system accessible to everybody, including foreigners, eases wider use of the digital administration. For instance, the DBA implemented a system for foreigners that allows them to access the digital ID by applying computer vision technology using their passports. This facilitates business creation for foreigners, thus promoting foreign investment. Unifying payments of different taxes associated with business registration into one centralized digital payment is critical to simplifying the process. A central authority may be in charge of orchestrating the payments to the different public bodies into a process transparent to the user, who will only have to pay a single, integrated administrative fee. Later, the authority in charge of orchestrating payments may distribute the integrated fee to the different administrations involved. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 11 Reducing the constraints on business naming is another basic policy that facilitates and simplifies business registration. Complex rules for naming and prevention of trademark infringement may be out of the scope of the business register, instead requiring solution in court through litigation. Removing these requirements from business registration simplifies the process. For instance, in the case of the Danish Business Authority, the identifier of a business is not its name, but a machine-generated identifier. In the case of Greece, a complex digital system was developed to automate validation of company names. Starting a public-private dialogue about digital transformation is essential before taking any action. The company registries should establish working groups with leaders from the various actors and organize public consultations before drafting the Law’s revisions. A good collaboration between the different actors affected is decisive in preventing strong interest group opposition that could impede the changes. > > > TA B L E 2 . Summary of key regulatory policies for a data-driven company registry Key policy Description Mandate interoperability and Data quality relies on data sharing between involved stakeholders in the company registration 1. data sharing between involved procedure. stakeholders Authorize a single authority for A single authority must be designated as the single point of contact and the authority responsible 2. initiating, processing, and completing for deciding on the company registration and managing the integrated company register. the company registration Unify payments of administrative fees A single authority should be designated to receive a single digital and integrated payment of 3. into one centralized payment fees related to the company registration. Define minimum data requirements for All input and shared data in a company register must be clearly defined, including mandatory 4. the company register and optional input data, and data should be shared between the stakeholders. Allow free public access to company The company register data should be published online and allow free searching and browsing 5. register data of individual company data. Simplify requirements for articles of Articles of incorporation can be standardized by defining a minimum content that will allow 6. incorporation automated validation of data entries and avoid any attachments to applications for initial company registration or registration of changes. Establish an easy but secure Lowering the requirements for digital signature and defining a single sign-on digital ID facilitates 7. framework for a digital ID public access to the online services of a company registry. Implement a unique business identifier A unique business identifier should be assigned at the initial company registration and shared across the government to facilitate interoperability and business data sharing. It allows the 8. government and businesses to uniquely identify legal entities in various transactions and regulatory interactions.7 Reduce constraints for company Clear rules regarding company names should be defined that allow in most cases automated naming at registration name validation without human intervention. Alternatively, removing complex rules for naming 9. and prevention of trademark infringement at registration facilitates and simplifies the company registration process, i.e., only a unique identifier is assigned to newly registered companies, while the validation of the company name is not a matter for company registration. Initiate a mandatory process of public- When drafting the Law’s revisions and developing digital systems, involve the different actors 10. private dialogue and collaboration through public consultations or encourage public groups to contribute or comment to prevent future opposition to the changes. 7. World Bank Group (2016), Implementing a Unique Business Identifier in Government, https://documents1.worldbank.org/curated/en/471531468196759403/pdf/103570-RE- VISED-Implementing-a-unique-business-identifier-in-government.pdf. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 12 Key Functionalities Standard functionalities of company registry digital platforms involve public portal, backend processing automation, and integration interfaces for data sharing. The public portal allows access to information on company registration regulations and procedures, online searches of the company register, and completion of digital transactional services (Figure 2). The prerequisite e-Government shared services involve an e-Payment service for digital payment of registration fees; cloud hosting; and an interoperability system for data exchange with stakeholders, such as tax authorities and social security agencies. A preferred option for digital ID is the use of e-Government single sign-on and digital signatures; however, jurisdictions also allow use of alternative digital identity mechanisms to improve accessibility and enable cross-border digital identification. These mechanisms are further explored in the case studies described in Appendix 1. More advanced functionalities involve an integrated company data warehouse or data lake, real-time company registration, and advanced data analytics for fraud prevention. The implementation of these advanced functionalities requires high-quality company register data, data standardization and integrated data management, and use of emerging technologies, such as AI/machine learning. Using a company register data alone does not allow implementing advanced functionalities. Also required is integrating internal and external registers and databases through data exchange, such as ownership data, and transforming the data to allow advanced analytics. More details about the functionalities of data-driven company registry digital platforms appear in Appendix 2. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 13 > > > F I G U R E 2 . High-level decomposition of functionalities of e-Company Register PUBLIC BACKEND DATA INTEGRATION CONFIGURATION PORTAL PROCESSING INTELLIGENCE INTERFACES Integrated Browse Integration of Receive company data Configuration of regulations and e-Government applications warehouse/data workflows procedures services lake Data validation Integration of other Search business Process and real-time involved agencies Configuration of registry applications company (tax, social registers data registration security) Advanced data Data sharing Online Issue registration Forms analytics for fraud with external services certificate configuration prevention consumers Predictive Digital business Publish business User accounts modeling for mailbox registration and roles forecasting Source: The authors. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 14 Transformational Roadmap Recent developments show that the digital transformation of company registries is best accomplished using an agile approach. The agile approach is mandatory when designing and applying emerging technologies for company registry processes, such as AI/machine learning to validate company names or supervise fraud prevention activities. It allows learning and experimentation through trial and error, reducing risks and complexity. Agility is also necessary for large transformations, such as the complete overhaul of company registry systems undertaken in Greece and Denmark. The agile approach ensures flexibility in uncertain environments, keeps legal and software developments moving in tandem, and supports faster launch of new digital platforms and services, thus maintaining momentum for the transformation. Comprehensive transformations of the company registry require significant coordination among legal, institutional, and digital developments. Necessary legal developments typically involve a company’s act and a framework law or implementing regulations on company and business registration to define procedural aspects. The legislation must be designed with awareness of the possibilities for data management and the use of emerging technologies. Identification of key stakeholders and ensuring commitment are key in the analysis stage. In the case of large transformations, high-level political support must be incorporated from the onset, along with the budgetary resources. The high-level design and technical blueprint must allow an agile approach to implementation. Compared to a traditional waterfall or Rational Unified Processes (RUPs),8 in which the technical blueprints include detailed descriptions of functional and other requirements and implementation plans, in the agile approach, requirements focus more on the scope and the outcome and less on how the outcome will be achieved. This approach allows more flexibility in designing and implementing iterations (“sprints”) that follow the priorities and advancements of other transformational activities, such as legal and institutional capacity developments. At the same time, the approach requires strengthening project governance by forming a strong core team at the outset and consistently applying agile project management.9 8. Per Wikipedia, Rational Unified Process is an iterative software development process framework created by the Rational Software Corporation, a division of IBM since 2003. 9. The agile approach offers iterative flexibility, with small parts of projects being built and tested simultaneously. See Tom Relihan (2018), “Agile, at Scale, Explained” (MIT Sloan School of Management, Cambridge, MA), https://mitsloan.mit.edu/ideas-made-to-matter/agile-scale-explained. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 15 Data management is a key development for digital transformations of company registries. The main product of a company registry is data. The data is the “fuel” for the sustainable functioning of a company registry and for the registry to fulfill its role of providing reliable company registry data. The application of emerging technologies, such as AI/machine learning for fraud detection in Denmark or automated business name validation in Greece, required most of the resources available, first to develop the data necessary to feed into the AI algorithms, and second to develop the AI algorithms themselves. Large-scale transformations of company registries invest significant resources into the data consolidation of those registries. Recent experience in Greece, which undertook data consolidation through interoperability and by combining business data from several sources, such as the taxpayer’s registry and the social security database, demonstrates this. In another example, Bosnia and Herzegovina undertook massive digitization of the paper archives, metadata recording, and ex-officio deregistration to consolidate its company registry data and remove dormant companies. > > > F I G U R E 3 . Digital company registry implementation roadmap High-level Market research Agile Phased Analysis design and selection implementation rollout • Identify and • Finalize project • Market • Develop/ • Review engage key governance research and configure processes stakeholders and team selection of e-Company • Roll out the • Map political, structure the approach Registry e-Company administrative, • Understand (COTS, custom • Conduct data Registry regulatory, functionalities development) consolidation according to and economic and develop • Develop an • Deploy system phases context a technical implementation (development, • Rectify the • Assess existing blueprint plan testing, status of software, data • Conduct • Make a budget training, and companies quality, and consultations estimate production) • Public outreach e-Government on the current • Identify risks • Implement on the new prerequisites situation and mitigations data exchange approach • Develop and future • Conduct interfaces (tax, • Establish e-Company e-Company procurements social security) service level Registry scope Registry • Cybersecurity agreements & concept • Identify data and other (SLA) for requirements testing business continuity and sustainability Legal and institutional transformation Capacity development, including training & communications Project & financial management Source: The authors. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 16 The importance of selecting and procuring the digital technology platform or components should not be underestimated. Success of the transformation largely depends on the capability of involved parties, software packages, and previous experience implementing similar transformations. Selecting the right software package for a certain transformational challenge is critical. This was clearly shown in the case of the Danish Business Authority and its selection of the graph theory and packages for large data transformations (Apache Kafka)10 to deal with the fraud prevention challenge. For large-scale digital transformations, the decision will be between off-the-shelf, highly configurable software packages versus custom software development. Often the advantage is with the former. The market provides off-the-shelf solutions, both as open-source software and commercial software packages.11 Use of highly configurable off-the-shelf packages can speed implementation and adoption of good practices and reduce software shortcomings and cybersecurity vulnerabilities. At the same time, use of off-the-shelf products leaves the company registry dependent on the software package developer. This dependence requires long-term commitments for sustainability that should be adequately addressed in the agreements, such as the license or software assurance agreement.12 For large-scale digital transformations of a company registry, agile implementation and rollout are organized according to the legal entity type. In Greece, the rollout was phased by digitalizing first the procedures for single-member and multi-member private companies, followed by general and limited partnerships, and finally by procedures for limited and joint stock companies. The initial stage is to design the company registry data, including mandatory data requirements and the data validation rules. This task also involves the design of the application and document forms, including forms for the initial registration and registration changes and the form for standard articles of incorporation. Internal and external communication is key for change management. Internal communication is required to develop staff awareness and capacity concerning new procedures and digital systems. External communication and outreach must be organized to inform businesses and citizens about the company digital platform’s new procedures and online services. For example, in Greece, G.E.MI. invested significant effort from the outset in communication activities around the transformation. The new digital platform (e-OSS) was even published for three months during the testing stage to capture feedback from businesses and citizens that was then incorporated into the final improvements made before the official launch. 10. As noted in Wikipedia, Apache Kafka is a distributed event storage and stream-processing platform. It is an open-source system developed by the Apache Software Foun- dation and written in Java and Scala. The project aims to provide a unified, high-throughput, low-latency platform for handling real-time data feeds. 11. The UNCTAD Business Facilitation Program offers an open-source package that is highly configurable for data, forms, and workflow management, and it is already de- ployed by several company registries. For more information, see “UNCTAD’s Digital Government Platform for Investment Facilitation,” available at https://businessfacilita- tion.org/. 12. Software assurance provides a level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at anytime during its life cycle, and that the software functions in the intended manner (Committee on National Security Systems 2010). EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 17 Appendix 1. Case Studies Denmark The Danish Business Authority (DBA) conducted a deep transformation of their business registration process that took advantage of digitalization and emerging machine learning technologies. In 2009, the DBA was paper-based, and it took up to two years to register a company. Business owners needed to hire lawyers to guide the process. Today, all processes have been digitized, and business owners can register their companies easily online in less than 24 hours. Digitalization of the business registry makes it possible to gather structured data, which is key for using machine learning technologies. The registration service is available 24/365 and is fully automated. The machine learning system looks for suspicious cases and refers them for later review by human experts. Manually revising all the cases would be impossible, due to the large number of business registration applications. By using machine learning technologies, however, the complex models developed by the DBA can assess hundreds of variables and determine which cases present the highest risk of being fraudulent. Furthermore, the system pinpoints why the cases should be looked at more closely. The machine learning system provides key points for further examination, significantly reducing the time human employees must spend reviewing each suspect case and thus increasing DBA staff productivity. The advantages of this are twofold: on one hand, legitimate businesses get easier and faster registrations, while on the other, suspicious businesses are manually reviewed in a guided way. Furthermore, the cases with higher probability of being fraudulent are prioritized, and only a manageable number of cases are referred to the available human employees, thus maximizing DBA staff productivity. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 18 Key Policies The machine learning system uses a high number of different variables that are gathered from different governmental sources, such as the tax authority, the civil register, and bank information. Data sharing between different governmental sources is necessary to highlight relevant information that could indicate fraudulent activity. Furthermore, the DBA is legally entitled to gather information from both public and private bodies for fraud detection purposes. Digitalizing and implementing the machine learning system has required DBA to reconsider and transform its business registration processes at a deep level. Before this change, the registry used a very complex process that was driven by lawyers, and it took up to two years to complete a registration; currently, the business owner on his or her own can present the application. The change from paper-based application to online forms containing the information required by the business registry authority has been key to the transition. The system compares the information on the forms with information gathered by other governmen- tal sources and uses machine learning to verify whether any risk of fraudulent activity is associated with the company. If it detects some risk, the system will raise an alert and the case will be handled manually; if not, the business will automatically be registered. The system automatically generates a unique business identifier, and the business registry does not validate a company name. This simplifies the process of business registration because the business register does not look into possible name coinci- dences or intellectual property issues that might require a separate process involving litigation. The registration consists of a set of structured data in a database. The application does not produce any final document to be signed or published. The registration consists of a set of structured data in a database that can be publicly accessed for consulta- tion. This simplifies the process, as the documents do not need to be double-checked, and the only source of truth is the database containing the information the business owner has introduced into the system when registering the company. Denmark’s second-generation national eID (NemID), introduced in 2010, made the shift to digital-first possible. Legal requirements imposed between 2012 and 2015 made it mandatory for Danish citizens to use digital self-service options. The eID serves as a shared login for online banking and public and private self-service applications. The third generation eID, known as MitID in Denmark, was released in 2022 as a result of a long-standing partnership between the public sector and the banks. MitID is now used by organizations, individuals, and government agencies. The MitID partnership was established out of a strong desire to develop a single, appealing national eID solution that could be applied to both public and private services and thus provide coherence for end users. With MitID, brokers serve as a gateway between service providers and the MitID solution. Also, MitID allows service providers to authenticate their users, and only a few brokers are certified. One of the main brokers, NemLog-in, provides a single log-on solution giving access to the public authority self-service solutions in municipalities, regions, and the na- tional government. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 19 > > > F I G U R E 4 . MetID solution architecture SP SP Ba -in n SP SP og kb NemL rokers (MitID partnership) SP Ot SP h e r b ro k e rs SP SP SP = Service Provider Source: Agency for Digital Government Danish Ministry of Finance. The MetID system allows foreigners to identify themselves through automatic passport validation. National citizens can migrate directly from the old NemID, but foreigners can obtain credentials on the MetID system only using their passports. The application uses computer vision technology to verify the individual’s identity and validate their passport. With this information, the system readily identifies the foreigner. All required transformations were made at the national level. This facilitates the changes and transformations, because all the various local and other government administrations apply the same changes at the same time. The system is under continuous development, and different machine learning models are trained and improved using new data obtained from new applications. Furthermore, new models are constantly developed. Continuous improvements pro- duce large and profound transformations if maintained over long periods of time. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 20 Implementation Considerations Developing the machine learning models requires close collaboration between in-house data scientists and legal ex- perts. It is important to use in-house data scientists and not external consultants because these experts work at the core of the business register authority. Furthermore, close collaboration between data scientists and legal advisors is key. This is because data scientists have the technical expertise to develop the machine learning models, but very little knowledge about legal matters, while the legal advisors typically have no expertise in machine learning methodologies. High-quality machine learning models can thus only emerge from this close collaboration. The cloud provides elastic infrastructure on demand to deploy machine learning systems. The elasticity of cloud services is very convenient for deploying and training the machine learning systems. However, use of cloud service providers also brings legal challenges in terms of data protection and data privacy. If the cloud service providers are third-party private corporations located overseas, the registry has no control over the protected data. The DBA has more than 26 machine learning models in production. Some models can forecast with high accuracy when in the ensuing 24 months a company will commit a crime. This is a sensitive area, and model explainability is consequently important: it is important to know why a model reaches every decision it makes. For instance, if a model detects some fraudulent activity, staff must be able to determine why the model considers the company to have exhibited suspicious behavior. At DBA, all the models provide explanations, and their decisions are fully traceable. In addition, the machine learning models do not have the last word. Because machine learning models have a high rate of false positive cases, they provide humans with insights into which cases should be reviewed. All final decisions are made by human experts. The machine learning models learn their own criteria for detecting suspicious behaviors based on training examples of fraudulent businesses. This is one main advantage of these systems; instead of a human defining a criteria on what is or is not suspicious, the algorithm learns about suspicious activity criteria from the examples given. Because machines can handle many mil- lions of cases with hundreds of variables at a time, they can learn to sort cases for potential fraud much more efficiently than humans. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 21 Machine learning is a powerful tool that should be used only within some ethical considerations. The main ethical principle considered by the DBA is that the technology and information are only used for specific and well-defined purposes. It is important that all machine learning models have a purpose and that all data be used only with a clear purpose. This main principle ensures the accountability of DBA operations. Other ethical rules include not storing lists of people. If some person has been detected to have performed some fraudulent or suspicious behavior in the past, the system will not take that into consideration in future predic- tions, because it would be discriminatory. Structured data gathered from the applications is stored in a graph database. The graph database helps to trace the relation- ships between different data nodes. Metadata is also produced from original data points and stored in the database. For instance, it is possible to produce a time series from data for different fiscal years or to merge information from different sources to increase the amount of information available for the machine learning process. Furthermore, the related data points in the database are grouped. Finally, some machine learning models produce metadata for other machine learning models. A platform has been developed to train and deploy the ML models. These models are periodically revised and a human is always in the loop to guarantee that the models are working properly and do not produce incorrect answers. All models are trained and deployed on the cloud. From DBA experience, with the developed platform now in place, it is possible to develop, train, test, and deploy new models within 16 weeks. Development is typically done by an internal team of experts; for example, the module for fraud detection was developed by team of 15 DBA experts.13 A new agile methodology was implanted in the models to lead to continuous and iterative development. Before agile de- velopment was introduced, the DBA used a traditional waterfall planning approach that was slow and resistant to change. With the introduction of the agile methodology, continuing development can be more flexible to change, as the agile methodology is based on sprints and continuous development. This is more user friendly as well, since the changes are gradual (Figure 5). Gradual im- plementation provides users time to adapt to changes and makes it easier to detect possible errors and resolve any bad decisions. > > > F I G U R E 5 . Agile principles were established in DBA and used in training the organization in the new approach and to become a true learning organization. NEW 7 A culture of trust BEGGININGS - DOING IT THE AGILE WAY 6 Multi-vendor set-up & outsourcing An effective project 5 Agile organization & processes & cooperation model 4 Roadmap of manageable projects A strong foundation 3 Architecture supporting gradual change 2 Strong governance & swift decision-making 1 Customer-centric vision aligning business & IT Source: Danish Business Authority. 13. A video illustrating fraud detection with graphs at Danish Business Authority is available on YouTube at https://www.youtube.com/watch?v=FAJaWAUTGOI. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 22 Benefits Realized As a result of these changes, the number of limited liability companies (LLCs) and the level of new business density14 has under- gone dramatic change since 2014 when the new systems were deployed. Figure 6 demonstrates the great increase in new LLCs and of new business density from 2006 to 201815. > > > F I G U R E 6 . Number of limited liability companies (LLC) and the new business density from 2008 to 2018 in Denmark 10 35,000 30,000 8 25,000 New business density 6 20,000 Number 15,000 4 10,000 2 5,000 0 0 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Number of New LLC New business density Source: World-Bank Group. 14. The new business density measures new registrations per 1,000 people ages 15-64. 15. The increase in business activity is also driven by overall economic activity. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 23 Greece The Greek Commercial Registry (G.E.MI.) was challenged by the private sector for its inefficiency and lack of online services for company registration. The Law on Simplification of Business Start-Up Procedures,16 adopted in 2016, allowed G.E.MI. to implement digital and paperless company registration. G.E.MI. realized that such advancements require significant improvement in the quality and management of company registry data. An earlier case study presented the entire 15-year journey to reform company registration in Greece,17 but the focus in this guidance note is on the policies pursued and developments achieved between 2016 and 2020 that enabled data-driven, fully automated real-time company registration. Figure 7 shows the number of registrations processed through digital means — paperless and contactless — versus those done through in-person visits to the OSS office before May 2022. Most of the registrations for all legal entity types are now done digitally through the e-OSS digital platform (https://www.businessportal.gr/) without in-person interactions, paper forms, or documents. > > > F I G U R E 7. Digital (e-OSS) vs. in-person (OSS) applications for business registrations by May 2022 100% 100% 88% 90% 77% 80% 62% 60% 38% 40% 23% 20% 12% 10% 100% 0% Private General Limited Limited Joint Stock Companies Partnerships Partnerships Companies Companies e-OSS OSS Source: Gerasimos Georgopoulos, Head of Company Law & Greek Business Register (G.E.MI.), Building an Efficient e-OSS: The Greek Paradigm. The G.E.MI. is one of the few company registries that has succeeded in implementing a fully automated, real-time company registration. The online service is available 24/7, and most cases do not require any human intervention from the G.E.MI. staff to process the registration application. That means that the applications for both an initial company registration and any registration changes are processed automatically by the digital platform without any back-office human intervention. Implementing such an advanced level of automation required significant improvement in the data quality in the company registry database. The process before the transformation relied on scanned paper documents, without recording the data in a structured format, which in turn required significant efforts to improve the existing register’s data. G.E.MI. pursued other developments as well to achieve this advanced level of digital automation, including digital payment of administrative fees, digital signature, company name validation, and process orchestration among all involved stakeholders, including the Tax Authority and Social Security. G.E.MI. designed regulatory policies to overcome these challenges and to allow digitalization of the company registration. For instance, a regulatory policy on interoperability of digital systems for data sharing was crucial to improving the quality of data in the company registry database and implementing real-time validation of input data entries. Another important regulatory policy lowered requirements for using digital signatures in online applications for company registration. The key policies for achieving digital, real-time company registration in Greece are described further in the following section. 16. The Law on Simplification of Business Start-Up Procedures, Removal of Regulatory Barriers to Competition and Other Provisions 4441/2016, https://www.kodiko.gr/nomo- thesia/document/245220/nomos-4441-2016. 17. World Bank Group (2021), “Reforming Business Registration in Greece,” https://openknowledge.worldbank.org/handle/10986/36259. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 24 Key Policies Enabling interoperability for data sharing between involved stakeholders in the company registration procedure was the key policy for improving data quality. The process for improving data quality involved the existing G.E.MI. registry data, as well as data from other business-related databases, including the taxpayer’s registry managed by the Tax Authority (IAPR), the data- base of the Social Security Organization (EFKA), and the Citizen Database (ERMIS). G.E.MI. first designed the company registry database by identifying mandatory data items and then conducted a one-off exercise to incorporate the business data from exter- nal business data sources to improve the registry’s data quality. In tandem, interoperability was implemented to validate real-time data entries from online applications for company registration. For example, entry of the founder’s name is automatically validated against the Citizen Database; similarly, the address of the company headquarters is validated against electric power company databases. The latter provides a good example of using private sector data to improve the efficiency of public service delivery. Authorizing G.E.MI. to initiate, process, and complete the business registration enabled a single online point of contact for Greece’s company registry. G.E.MI. was identified as an owner of the digital platform for company registration (e-OSS). Through e-OSS, G.E.MI. implemented an integrated process, including a single application form for company registration and a single administrative fee. Assigning authority to G.E.MI. to decide on company registration cases removed duplicate data entries and processes for completing the procedure, such as with the Tax Authority and Social Security Organization. The process is completely orchestrated through the e-OSS digital platform, with data provided once only by an applicant and shared automati- cally with all involved authorities. Through initial registration in e-OSS, the G.E.MI. assigns a unique business identifier (G.E.MI. number) to the newly established entity, as well as the Tax Identification Number (TIN) through the data exchange with the Tax Authority. All other relevant authorities are internally notified through digital data exchange about the company’s initial registration or registration changes. A final decision on business registration is issued by G.E.MI., delivered in a digital form to an applicant and published on the e-OSS online portal. The policy on standard articles of incorporation enabled real-time business registration. The Law on Simplification of Busi- ness Start-Up Procedures defined standard articles of incorporation with minimum content that may be used to establish limited, joint-stock, and private companies. These legal provisions enabled G.E.MI. to integrate an online form for standard articles of incorporation within the e-OSS digital platform. G.E.MI. also implemented automated validation of input data entries, allowing EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 25 creation of articles of incorporation using only the structured data inputs to the e-OSS without requesting any additional docu- ment. This approach made it possible not only to remove the need for any scanned documents from the registration process but also to fully automate real-time company registration without any backend intervention by the registrar. If real-time validation of data entries can be done using existing registry data or shared data from other relevant authorities, the registration is processed automatically by the e-OSS algorithm, including issuing the digital decision on company registration. The processing requires the registrar’s intervention only in specific cases when the data cannot be validated or an applicant chooses to use customized articles of incorporation. Following this approach, the role of the G.E.MI. registrar shifted from processing individual company registrations to improving data management, algorithm design, and overall supervision and operation of the digital platform. The Law defined clear rules for company names that allowed fully automated company name validation. These legally defined rules allowed G.E.MI. to develop a digital algorithm to fully automate the validation of desired company names. The de- veloped algorithm compares proposed names to the registry; suggests company names in Greek, Latin, and English; captures punctuation marks (dots, commas, and other symbols); and rejects inappropriate terms using the internal and shared data. G.E.MI. developed comprehensive dictionaries to prevent use of inappropriate terms. If the desired company name cannot be automati- cally validated, the algorithm requests human intervention. G.E.MI. uses these cases, as well as the annual analysis, to update the developed dictionary databases and improve the algorithm. A policy was adopted to lower the requirements for digital signatures in company registry transactions. The EU eIDAS regulation18 defines three levels of digital signature: simple, advanced, and qualified. While advanced and qualified digital signa- tures, according to eIDAS, require the use of public key infrastructure (PKI) to generate a digital signature, a simple digital sig- nature can be any data in electronic form that can be attached to the other data and serve as a method of authentication. Use of a simple digital signature for company registration in Greece is authorized under the Law on Simplification of Business Start-Up Procedures. G.E.MI. implemented the Tax Authority single sign-on (TAXISnet SSO) user authentication that, along with e-OSS, allows a paperless process using simple digital signatures. Introducing standard articles of incorporation supported this approach by eliminating the need to upload an article of incorporation document. User authentication is done through the TAXISnet SSO, while the e-OSS authorizes the founders to create and confirm the articles of incorporation. Lowering requirements for digital sig- natures allowed quick uptake of the company registry online services, as Greek citizens are allowed to use their existing TAXISnet SSO without obtaining an advanced or qualified digital signature as a prerequisite to access the online services. Still, cross-border digital identity has not been implemented in Greece, so in practice foreign founders must authorize a representative in Greece who then conducts company registry transactions on their behalf. > > > TA B L E 3 . Summary of key regulatory policies for the data-driven company registry in Greece Key policy Description Enable interoperability for Improved interoperability and data governance made it possible to enhance and maintain data 1. data sharing between involved quality in the company registry. Interoperability uses the G.E.MI. unique identifier19 and TIN to stakeholders. facilitate data sharing. Authorize single authority for initiating, A single authority (G.E.MI.) was designated as the single point of contact and the authority 2. processing, and completing the deciding on company registration in Greece. The policy defines G.E.MI. as an owner of the company registration. e-OSS. Define standard articles of A standard article of incorporation with minimum content allows the implementation of fully 3. incorporation. automated real-time company registration. Introduce clear rules for a business Clear rules allow automated company name validation without human intervention in most 4. name and business registration cases. processing. Lower the requirements for digital Lower requirements for digital signatures allow use of TAXISnet SSO and e-OSS as a simple 5. signatures. digital signature for company registration. 18. Regulation (EU) No 910/2014 of the European Parliament and of the Council, of July 23, 2014, on electronic identification and trust services for electronic transactions in the internal market. 19. A World Bank Group guidance note, Implementing Unique Business Identifiers, published in 2016, provided practical considerations and a roadmap for implementing a unique business identifier for use in company and business registries to facilitate business data sharing; see https://documents1.worldbank.org/curated/en/471531468196759403/ pdf/103570-REVISED-Implementing-a-unique-business-identifier-in-government.pdf. A 2021 blog post examines more recent considerations, focusing on the use of de- centralized identifiers applying blockchain and other distributed databases; see “Is the Self-Sovereign Digital Identity the Future Digital Business Registry?” at https://blogs. worldbank.org/psd/self-sovereign-digital-identity-future-digital-business-registry. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 26 Implementation Considerations These legal, institutional, and digital developments took place over the course of five years (between 2016 and 2020). This was the third modernization cycle for Greece’s company registry. The roll-out was organized in phases, first with single-member and multi-member private companies (July and September 2018), followed by general and limited partnerships (January and April 2019), and finally by limited and joint stock companies (June and November 2019). Three months before the new e-OSS became available, a testing digital platform was published online that allowed anyone to comment before G.E.MI. made its final improve- ments before the official launch. G.E.MI. engaged in public-private dialogue from the onset of the digital transformation. It created collaboration groups with staff from the different actors and organized public consultations to draft changes to be introduced into the Law on Simplification of Business Start-Up Procedures. This approach helped limit any strong interest group opposition to the transformation, such as from lawyers and notaries. Intense communication efforts allowed all actors to be well-informed on how the process would work and when the changes would be introduced. G.E.MI. developed a calendar of changes, providing detailed information and promoting the new systems and online services for companies and other interested parties. The transformation to real-time company registration required a new company register and a new digital solution for the company registration process (e-OSS). G.E.MI. developed two integrated digital subsystems from scratch: the company regis- ter database and the digital processing platform, mainly relying on in-house software development (only the algorithm for validating desired company names was outsourced to an external vendor). Benefits Realized Greece ranked sixth worldwide and first in the EU for the Starting a Business regulatory area, according to the IMD World Digital Competitiveness Index.20 Greece implemented an advanced digital platform for its company registry, instituted a signifi- cant number of online services, and shared an enormous amount of data with partner institutions. This effort is very effective in helping the economy. Many companies in Greece today were registered in real-time using the e-OSS algorithm, even if their ap- plications arrived outside G.E.MI.’s working hours. These and other advancements of company registration allowed a significant positive increase in new business density and overall new businesses registered, from fewer than 6,000 newly registered LLCs in 2016 to 12,000 new LLCs registered in 2020 (Figure 8). Both new businesses and business density show an exponential increase in Greece from 2016 to 2020.21 The country achieved ranges comparable to other countries in the region that had implemented company registry reforms and digital company registries (e.g., Albania and Serbia). The annual revenue G.E.MI. generates by providing company registry services reached €60 million, ensuring the return on investment of the digital transformation, as well as covering future investments and expenses for the e-OSS for business continuity and sustainability. 20. World Digital Competitiveness Rankings 2021, https://www.imd.org/centers/world-competitiveness-center/rankings/world-digital-competitiveness/. 21. World Bank Group, Entrepreneurship Database, https://www.worldbank.org/en/programs/entrepreneurship. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 27 > > > F I G U R E 8 . New business registered and new business density in Albania, Greece, and Serbia World Bank’s Entrepreneurship Database World Bank’s Entrepreneurship Database Number of new LLCs New business density (new registrations per 1,000 people ages 15 – 64) 14,000 2.5 12,000 2 10,000 1.5 8,000 6,000 1 4,000 0.5 2,000 0 0 11 12 13 14 15 16 17 18 19 20 10 11 12 13 14 15 16 17 18 19 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Albania Greece Serbia Albania Greece Serbia Source: World Bank’s Entrepreneurship Database. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 28 Appendix 2. Data-Driven Company Registry Functionalities The following table lists functionalities of data-driven company registry digital platforms. It was developed based on the analyzed case studies and the authors’ experience in other projects to modernize national company registry frameworks and systems. > > > TA B L E 4 . Functionality checklist for data-driven company registry digital platforms Functionality Description Public Portal The online portal of the digital company registry (or e-Government portal) shall publish the Online information on entity types and 1. information on the legal entity types, their specifics, and the requirements of the company company registration requirements registration procedure for easy navigation by business applicants. The online company registry search shall be available free of charge with public access 2. Online company registry search without requiring a prior user authentication. The company name reservation shall be offered as an optional online service. Business 3. Reservation of company name applicants can apply for initial company registration without the reserved company name. The online service for preparing articles of incorporation with minimum content shall allow the development of the articles using the data and real-time data validation. Using standard Online preparation of articles of articles of incorporation allows a significant level of automation of the registration procedure 4. incorporation and opens avenues to reduce requirements for the use of digital signatures. The applicants should also be allowed to use custom articles of incorporation and attach the digitally signed articles’ document to the application form for company registration. An online single application form for company registration shall be designed with mandatory and optional data elements. The form shall allow an integrated registration procedure with Single application form for initial 5. all involved “public” institutions, including the registrar, tax authority, and social security. The company registration form shall include all data items required to complete the registration process with all involved public institutions. The administrative fee payment for company registration shall be made through integration with the e-Payment platform. The e-Payment platform shall provide a digital receipt for the payment, automatically eliminating a request for such information from a business applicant. Online payment of company 6. In case the administrative fee combines fees for several beneficiaries, the e-Payment platform registration administrative fee shall distribute automatically the single payment made by the applicant to those beneficiaries. The e-Payment platform shall support various digital payment means, such as credit and debit cards, digital wallets, and online banking. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 29 Functionality Description Online submission of the company The platform shall support online submission of the company registration application and 7. registration application automatic receipts with the date and time of the submission. The platform shall provide an applicant with constant updates about the application’s Information about the status of the 8. progress, notify the applicant about any additional information required, and allow the online business registration process submission of any additional information. The platform shall automate issuing a digital company registration certificate and its delivery Receiving business registration 9. to an applicant. Some jurisdictions have implemented QR codes on the company registration certificate certificates that allow easy online validity verification. The platform shall support the selection of the commercial bank and an automated procedure for opening a bank account through interoperability and data exchange. The selected bank 10. Opening bank account shall receive all information from the digital company registry, and additional visits should not be required to finalize the bank account opening procedure. Submit business registration The platform shall digitalize all registration change transactions. All “public” institutions shall be application for changes (e.g., change automatically notified about changes in the company registry data. 11. of address, authorized persons, and similar interest/share allocation, founders’ names) Submission of annual and financial Good practice shows that the integration of annual and financial reports supports keeping 12. reports company registry data updated and contributes to the overall sustainability. Backend processing Receiving business registration The platform shall allow receiving online applications for company registrations by the 13. application and attachments Registrar and forming the case files. Validating and approving the The platform shall implement a completely automated algorithm to validate the company 14. requested business name name. The platform shall support an integrated procedure for processing the case file with all Internal processing of a business involved public institutions. The process must be fully orchestrated by the platform, the 15. registration case deadlines must be tracked, and the information on the processing status must be published to an applicant. Access to the business registration The platform shall have a complete digital archive linked with the company registry database. 16. archive to process the registration All documents in the archive must be digitally signed with metadata to allow the document changes search. Every registered company shall be assigned a unique business identifier (UBI). The UBI must 17. Assigning a unique business identifier be implemented in all public institution databases to enable interoperability and data sharing on businesses. The platform shall enable the publishing of the registration certificates and decisions on Publishing information on business 18. registration online for public access. The online publications of registration certificates and registration decisions shall fully replace publication in the official gazette. The platform shall enable automated data sharing of company registry data for the needs of Providing data from the company other public institutions (such as the statistical office) or to the private sector according to the 19. registry commercial terms (such as bulk data on businesses, data from annual and financial reports, etc.). The platform shall fully digitalize the voluntary liquidation procedure. The platform shall Processing business closure implement an integrated procedure and allow the publishing of information for creditors. For 20. (i.e., business exit) insolvency liquidation, the platform can implement the content management functionalities (i.e., document and status management) without a process orchestration. Receiving information from other agencies on potential changes not The digital platform shall support receiving notifications from other agencies that may 21. registered or court rulings for ex- require registry data updates. The Registrar shall process these notifications or court rulings officio changes (e.g., from business according to the registration procedures. licensing or inspection agencies) EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 30 Functionality Description Data Intelligence Advanced data intelligence in the company registry domain requires combining general company register data with financial accounts and ownership data. Also, such data Integrated company data warehouse/ intelligence requires transformation for the application of advanced data analytics (such 22. data lake as graph databases). The management of large amounts of data and processing capacity requirements necessitate establishing data warehouses or data lakes. Good practice from the analyzed cases is to use cloud hosting for the data warehouse/data lake. Advanced data integration and sharing allows implementation of real-time data validation in application forms and standardized articles of incorporation for a real-time company Data validation and real-time company registration. If the data entries can be validated automatically, the digital algorithm processes 23. registration the company registration without need for human interaction. If the validation cannot be done, the human intervention by registrar staff is required. In all cases, the digital platform and algorithms are supervised by company registry experts. The advanced data analytics for fraud prevention use a combination of various data on Advanced data analytics for fraud companies to indicate potential fraud behavior and request human intervention to process 24. prevention the company registration. The Danish Business Authority applied graph databases and AI/ machine learning for fraud prevention. The integrated company registry and business data allows forecasting, such as forecasting of 25. Predictive modeling for forecasting company’s life expectancy, as considered by the Estonian Commercial Register (RIK). Integration Interfaces The data-driven company registry digital platform must be developed using the horizontal e-Government shared services as a foundation. That means that the company registry digital 26. Integration of e-Government services platform must be integrated with the horizontal digital ID, signature, and e-Payment platform and must use the e-Government cloud hosting and interoperability system (like Estonian X-Road) for data exchange and sharing. Data exchange and sharing with other agencies involved with company registration must enable a fully integrated and orchestrated initial company registration and registration of Integration of other involved agencies 27. changes without requesting duplicate information provision from applicants. The implemented (tax, social security) data sharing shall only ask the applicant once for information, and the information will be shared with all relevant stakeholders involved in the process. Data sharing with external customers includes commercial banks for opening transactional 28. Data sharing with external consumers company bank accounts, as well as with the private sector digital platform based on commercial agreements. Configuration The digital platform must allow the configuration of workflows following business process management (BPM) principles. The processes must be configurable through the system 29. Configuration of workflows management console without a need to update software source code and should enable a continuous optimization of registration processes. The platform must allow configuration of registers and data items without software coding. It 30. Configuration of register data should allow adding new registers, data fields, and data validation rules through the system management console. The digital platform must allow adding and changing the configuration of the forms and linking the forms to the register data items. Forms management should be integrated into the system 31. Forms configuration management console, allowing changes in the data inputs and layout of the forms without software coding. The module for management of user accounts and roles must allow authorized access to the 32. User accounts and roles protected resources, including functionalities and data. The user permission managed through user roles defines the access level to the protected resources in the digital platform. EQUITABLE GROWTH, FINANCE & INSTITUTIONS INSIGHT <<< 31