This morning the Reserve Bank released a variety of material that followed on from the leak of OCR at the time of March MPS.    Slipped out quietly onto their website – in response to an OIA request from me – was what might best be called the second stage of the leak inquiry report.  It is a document written by Deloitte almost a month after the release of what the Governor has called the “summary report” that was released on 14 April, and in places it is clearly phrased to respond to criticisms made after the release of that report.  I’ll have more to say about that document another day, but would just note that I was touched by the solicitousness of the Bank in deleting my name from a report they were releasing to me, apparently so as to “protect the privacy of natural persons”.  Perhaps they thought I’d forgotten my involvement?

The Bank also put out a press release headed “New Reserve Bank procedures for policy releases”.   After the discontinuation, from 14 April, of pre-release MPS and FSR lock-ups for journalists and analysts, there was pushback, especially from journalists, seeking the reinstatement of media lock-ups, under new and improved security arrangements (as distinct from what Deloitte call the “very high trust” arrangements –  under  which journalists could simply email from the lock-ups whenever they liked –  which had been found sorely wanting).   The Governor had indicated that the Bank would consider the options, and apparently commissioned a “security review” to explore the feasibility of lock-ups with much tighter security.  That review was undertaken under the leadership of Deloitte, but from the text the Bank has released today it is clear that it had a high degree of Reserve Bank staff involvement.

At the end of the process, the Governor has come to the right conclusion.  Lock-ups are not being reinstated, whether for analysts or journalists.  That was an approach I recommended at a time when the Bank itself didn’t even believe there had been a leak.  I commended the Governor’s initial decision to terminate the lock-ups, and I commend him again today.  There is simply no need for such lock-ups, and to hold them inevitably exposes the Bank to unnecessary security risks and/or unnecessary costs.  The public might have been well-served by lock-ups in a pre-internet age –   when it was hard to get timely access to the released documents –  but with today’s technology, the text is open to everyone at much the same time, and the onus is on the Bank to write its documents in a way that clearly communicates the messages it wants to convey.

Of course, the Bank is not seriously committed to openness or competitive neutrality in the access to information.  I have heard that they are still running briefings for analysts after the release.  [UPDATE: A market economist tells me that although they had such a briefing in June, there won’t be any in future]  An overseas expert on central bank communications has recommended –  and I agree with him –  that if such briefings are to be held (and there may be a useful place for them) they should be webcast, so that everyone has access to the same information/interpretation, not just the invited few who find it worthwhile to come all the way to Wellington (recall that most trading in the NZD is done offshore, and most New Zealand government bonds are held offshore).

[UPDATE: On further reflection, I would argue that such a post-release briefing, provided it is made openly available, would be a sensible option and cannot really understand why the Bank has scrapped them.  At a minimum it is less bad (and less costly in time) than lots of analysts approaching the Bank individually, and getting answers that could be (a) inconsistent across analysts, and/or (b) could be influenced by how well the analyst in question gets on with – eg  doesn’t criticize too much – the Bank and its senior economic staff in particular.]

For the media, the Bank notes that

We will also be placing additional emphasis on other opportunities for media access, such as on-the-record media briefings which have been trialled successfully this year.

There may be a place for such briefings, but if they are on-the-record again there is a strong case for webcasting them –  or even quickly publishing a transcript –  again so that everyone has the same information on a timely basis.  And, of course, on-the-record briefings –  with an emphasis on what the Bank wants to tell the media –  are very different from the sort of on-the-record searching interviews that the Governor consistently refuses.

I noted the other day that the Bank is sheltering behind an old provision of the Reserve Bank Act which, they argue, imposes serious sanctions (including a large fine or a term of imprisonment) if they were to release submissions –  especially from banks –  on proposed changes in regulatory policy.  I argued that if they had any sort of commitment to open government they should be promoting a simple amendment to the Act, to ensure that such submissions were fully, and simply, within the ambit of the Official Information Act.  If the Bank won’t promote such a change, perhaps an MP with a commitment to open government might.

So when I read through the Deloitte security review document, I was struck by the number of times that report had encouraged the Bank to seek a change to the Reserve Bank Act, this time to provide criminal sanctions for the early unauthorized release of OCR or MPS (or FSR?) material.  I suspect the idea for such a change did not come from Deloitte, but from Bank management themselves – in particular from the Deputy Governor responsible for such things (and former Government Statistician) Geoff Bascand.  In previous material released on the OCR leak, Bascand was on record as noting that Reserve Bank material of this sort did not have the sort of protections the Statistics Act provided to Statistics New Zealand.

It is really important that when the coercive powers of the state are used to compel individuals and firms to provide information to state agencies that people can be confident that that information is held securely.  Severe punishment for the inappropriate release of private information supplied by other people is quite appropriate.  But in fact, both the Statistics Act and the Reserve Bank Act already provide such penalties –  under the Reserve Bank Act someone can be sent to prison for three months, or a company can face a half million dollar fine.

But the economic forecasts and policy views of a government official (the Governor in this case) are a quite different matter.  And in many respect, that sort of information is not so different than the private information a firm might hold about a proposed merger or acquisition, about its planned dividend, about a new investment project, or –  in the New Zealand case –  Fonterra’s expected dairy payout.  Perhaps I’m wrong, but I’m not aware that there are criminal sanctions that protect, say, government Budget documents, or any other release of planned policy or legislation by government ministers.

In all those cases, confidentiality is clearly important to the information holder.  But in each case there would appear to be civil procedures open to information holders to protect the confidentiality of their information.  Typically, some staff in the relevant organization would have access to such information, and early unauthorized release would typically be a grounds for disciplinary action or perhaps even dismissal.    But other parties might too –  government Budget documents are printed externally, as is the MPS.  Sometimes professional advisers –  eg lawyers –  will be involved. And in some cases, entities will choose to provide information under embargo, or even to hold a lock-up.  In each and every case, it is open to the owner/provider of the information to specify in contract the confidentiality obligations of any party receiving the information.   Remedies for breaches of those policies are the responsibility of the institution providing the information.  There is no obvious need for criminal sanctions to be introduced in the process.  I hope that the Reserve Bank thinks again, and decides not to seek amendments of the sort Deloitte (no doubt at the Bank’s prompting) has suggested.  There is simply nothing that special about the OCR information –  it is not private information involuntarily provided to a government agency, and nor is it (say) material relating to national security.

In conclusion, it is interesting that in all the material that has emerged in recent months there has been little or no mention of one of the greatest security risks the Bank –  quite unnecessarily  – faces.    In most countries, the OCR decision is made and released on the same day –  that will have been what happened at the RBA yesterday.  The Reserve Bank has considerably shortened the lags over recent years, but as their recent article on the monetary policy process decision illustrates, the OCR decision to be released next Thursday will be made by the Governor this Friday.  There is six whole days when the information about the decision is known within the Bank.  Even if the formal knowledge is kept to a relatively small group –  when I was involved it was 10 to 15 people – it is simply an unnecessary risk.  With the best will in the world,it is almost inevitable that one day some one will let something slip, and there will be a huge uproar.  In terms of tightening security, still the best reform the Bank could make would be to release the OCR decision on the day it is made.