The arguments supportive of electoral bonds emphasis that privacy of donors exist and is a form of free speech. Let us examine the data flows to verify if privacy / anonymity really exists in electoral bonds.
At the centre of India’s controversial campaign financing system is the concept of privacy.
Top ministers of the Indian government believe that the anonymity of corporate donors needs to be protected — the logic being that if political parties knew that certain companies donated heavily to their rivals, they would then be in a position to harm those companies whenever they next formed a government.
The Centre itself made this submission(privacy is paramount) in Supreme Court.
Privacy of electoral bond buyers vital: Centre tells Supreme Court
The electoral bond scheme notified last year by the Centre will remain anonymous to maintain the privacy of its buyer…
One recent analysis on this issue classifies the criticism surrounding the project into four categories:
- Voters have a right to know which company is donating to which party.
- Anonymity anyway cannot be ensured because the government of the day knows the donor’s details as the State Bank of India is a “sovereign surrogate”.
- Electoral bonds are instruments for laundering money.
- Electoral bonds ease quid pro quo dealing between parties and donors.
The analysis argues that these four concerns are effectively irrelevant because in-built mechanisms — clauses in the underlying legislation and know-your-customer (KYC) regulations — protect anonymity while ensuring that the money that is used to purchase the electoral bonds comes from legitimate sources.
This argument gives the game away though: effective enforcement of anti-money-laundering regulations cannot happen while maintaining perfect anonymity and privacy of the corporate donors.
Any defense of electoral bonds that places a premium on anonymity and donor privacy exposes itself when it tries to argue that the same bonds cannot be instruments of money-laundering.
The anonymity extended to the buyers of electoral bonds stems from clause 7(4) of the finance ministry notification that brought the scheme into effect. The clause reads:
“The information furnished by the buyer shall be treated confidential by the authorised bank and shall not be disclosed to any authority for any purposes, except when demanded by a competent court or upon registration of criminal case by any law enforcement agency”. [Emphasis added]
Now, one interpretation of clause 7(4) is that only data furnished by the bond buyer (KYC, other documents) during the purchase is confidential and that transaction metadata as well as historical transaction data is not exempted and thus potentially shareable.
In fact, if one accepts that electoral bonds are safe from money laundering — and that this is regulated on a proactive and not merely reactive basis — this implies that some data from the banks is being shared with the finance ministry’s financial intelligence unit (FIU-IND). Some of this data even before purchase of the bond and some after — data and metadata which would be enough to identify donors.
The FIU-IND is the agency responsible for enforcing anti-money-laundering regulations in India. The Prevention of Money Laundering Act (PMLA) sets out mandatory reporting requirements for all financial institutions so as to enable FIU-IND to carry out its functions.
What kind of data does FIU-IND collect?
Every bond purchase consists of, at the very minimum, two transactions. The first is the transaction required to assemble the funds needed to buy the bond. And two, the actual purchase of the bond.
The first happens through a series of incoming transactions which could be a wire transfer (foreign or domestic), cash deposit or a mixed set of transactions that pool the amount used to buy the bond.
First off the bat, all cross-border movement of funds is auto-monitored in India. Specifically, all cross-border wire transfers greater than Rs 5 lakh where either source or destination of fund is in India.
RBI FETER Codes for reporting forex transactions used in PMLA reporting.
So any person or corporate receiving money to further buy electoral bonds from foreign person above Rs 5 lakh is auto-reported to FIU-IND.
Easier filtering for FIU-IND, should the remitter uses purpose codes that explicitly say those are gifts / donations.
The FIU-IND gets three types of transaction reports from a large number of financial institutions including State Bank of India. The three types are ‘cash transaction report’, ‘suspicious transaction report’ and ‘non-profit organisation transaction report’.
NPO Transaction Report contains information related to transactions involving receipts by non-profit organisations of value more than rupees ten lakh, or its equivalent in foreign currency. All reports relating to cash transactions, counterfeit currency, non-profit organization transactions and cross border wire transfers have to be filed by the 15th day of the succeeding month.
CTR / Cash Transaction Reports
Any person (let’s say local merchant) who wishes to donate to party buys a bond but would most likely use cash deposit as source of funds and all deposits greater than 10 lakhs within a period of 30 days will get reported to FIU-IND.
Any other incoming transfer that could trigger suspect transaction filter (most likely based on algorithms which detect unusually high volume / value of transaction) will likely to trigger STR. But the most interesting thing would be transaction of buying the bond itself, which would be a single large debit that would most likely trigger value filter or a series of small debits triggering volume filters marking them as Suspect Transactions.
It is to be noted that the 7(4) notification only mentions information furnished by the buyer shall be treated confidential, but the transaction metadata (including suspect transaction record) is data generated and could hence be argued outside the ambit of such definition and still report them to FIU-IND. The report itself would contain details like account number and other KYC details linked to account and reported to FIU-IND.
It needs to be noted there is no standard definition of STR and most banks (most certainly SBI) would be using systems that would mark suspect based on pattern of transactions. This also gives unfair advantage to accounts which usually have large value / volume transaction activities and of similar scale as that of donations as against an account where channelizing funds for purchasing bond / purchasing of bond gets marked as suspected making the entire funding possibly relatively more privacy friendly for large accounts.
There are no explicit exemptions for STR reportage for purchase of electoral bonds and unless the state bank clarifies in detail and makes algorithm which marks transactions as suspect open, it is hard to say if purchase transactions are reported to FIU-IND / not.
Despite the Supreme Court ruling Aadhaar as not necessary for any purpose other than availing subsidy benefits, the notification through 4(2) on electoral bonds grants additional provisions to support authorized bank to seek more documents in addition to those required to satisfy KYC norms and SBI has made Aadhaar mandatory for both donors of all types (with Aadhaar of person holding/ issued to managers, officers or employees holding an Attorney to transact on the entity’s behalf), as well as authorised representatives of political parties.
Person Details shared as part of reports suggest that Aadhaar, most certainly PAN is shared as part of reports to FIU-IND.
Data Retention & Privacy
SBI and FIU-IND store these data. Reporting entities are required to store data for not less than 5 years as per obligations of PMLA. Any data that is stored is bound to get accessed and shared irrespective of the existence of law. Placement of excessive trust on the law when it comes to banks/arms of state sharing data seems to be childish, particularly when information is related to political process such as elections. The absence of real privacy for donors not only leaves scope for abuse from the government of the day but also government(s) of the future.
Electoral bonds also affect federalism as arms of centre will be monitoring state elections and its funding closely giving an unfair advantage to ruling party at the centre.
More broadly there needs to be not just institutional mechanisms that are responsive to scrutiny of systems / processes guaranteeing privacy, but a detailed deliberations inside the context of data protection law on how to systemically / technologically verify, validate claims of having a privacy / anonymity friendly systems, especially in critical contexts such as electoral funding.
Privacy / Anonymity and Surveillance reform
Privacy / Anonymity can truly exist only after a surveillance reform that places checks and balances on intelligence apparatus with sufficient oversight. It is important to note that intelligence agencies are exempt from Right to Information.
Financial Intelligence Unit — India has been included in the Second Schedule of RTI Act, 2005 vide Department of Personnel & Training notification dated 28th September, 2005 and therefore under Section 24 (1) of the RTI Act, 2005, FIU-IND is exempt from the operation of this Act
Broadly, like any other surveillance agency operating in the country there is no oversight. We need surveillance reform that not only puts institutional oversight and checks, but also build systemic mechanisms to protect power abuse using data can be potentially tackled by transparent, accountable software systems that imbibe Privacy by Design (PbD) principles to achieve end goals (prevention of money laundering in the case of FIU-IND) without compromising on fundamental right to privacy.
- Any system guaranteeing privacy and claims anonymity as feature must explicitly stand to scrutiny on tests related to it. From the above information that is publicly available, it does look like donor information, sufficient enough to identify is being shared with FIU-IND (a body under MoF) and hence visible to government of day (and governments of future). It is up to SBI and FIU-IND to come with a white paper on how they preserve donor privacy / anonymity in electoral bonds while preventing money laundering with the given systems in place.
- There is a need to revisit PMLA and draw borders for financial intelligence / surveillance to include privacy features post Puttaswamy comprehensively while retaining original stated goals of preventing terror financing / money laundering and more specifically in the cases like these where role of anonymity / privacy is greater and is a cited as a key feature for its existence.
- For a vibrant democracy, electoral processes and role of technology need to be transparent to citizens across various aspects related to festival of democracy such as electoral bonds, voter roll preparations, EVMs, voter data systems and any blind trust on technology is a disaster. All technologies and systems must be open to social audit, scrutiny. Electoral bonds that are quasi-transparent to arms of state offering poor privacy protection while claiming otherwise is equally dangerous if not more than opaque electoral bonds/cash based political funding.
Thanks to Anuj Srivas for edits.