OBR chair Richard Hughes resigns over Budget day publishing error

The chair of the Office for Budget Responsibility (OBR) has resigned after a Budget Day error in which a key document was published early.

Richard Hughes said in his resignation letter that he takes “full responsibility” for the issues identified in the OBR’s investigation into the mistake.

That investigation found that the initial publication of the OBR’s forecasts was the worst failure in the organisation’s 15-year history.

The UK’s official forecaster confirmed that the market-sensitive report was accessed 43 times from 32 different devices in the hour before the Chancellor’s speech.

In a letter sent to both the Chancellor and the chair of the Treasury Select Committee, Dame Meg Hillier, Mr Hughes said he believed the OBR could “quickly recover and restore that trust and respect” earned by implementing the report’s recommendations.

He added, “But I also have to play my part in enabling the organization that I have led for the last five years to move quickly forward from this regrettable incident.”

“Therefore, I have decided that it is in the best interests of the OBR that I resign as its Chair and take full responsibility for the shortcomings identified in the report.”

Mr Hughes was due to face questions from the Treasury select committee on Tuesday about the budget and the OBR’s economic forecasts, but Dame Meg confirmed he would no longer be attending.

In response to his resignation, Chancellor Rachel Reeves said: “I want to thank Richard Hughes for his public service and for leading the Office for Budget Responsibility over the past five years and for his many years of public service.”

But Conservative Party leader Kemi Badenoch accused the chancellor of “trying to use the OBR chair as her human shield”.

Paul Johnson, former director of the Institute for Fiscal Studies and provost of Queens College, Oxford, said he was not surprised that Mr Hughes had resigned.

“That was a really bad mistake,” he told BBC News, but added that Mr Hughes was a “very effective and very strong” head of the OBR.

“I think it’s a shame for Richard Hughes and a shame for the OBR.”

Mr Hughes recently began his second five-year term as OBR chair, after being re-nominated by the Chancellor in May. He first took up the job in October 2020 during the Covid pandemic.

Before that, he was Director of Fiscal Policy at the Treasury, and before that he was Division Head of the Fiscal Affairs Department of the International Monetary Fund for eight years.

Earlier, Sir Keir Starmer denied that the Chancellor had misled the public about the country’s financial position ahead of last week’s Budget.

Reeves had given strong signals in the lead-up to the budget that she planned to raise income tax rates, pointing to gloomy forecasts for economic productivity.

But on Friday, the OBR revealed it had already told the Treasury that its productivity decline would be offset by higher incomes, boosting the government’s tax receipts.

Asked on Monday whether Reeves was misleading, Sir Keir said the government was committed to a number of things, including cutting borrowing, which meant the government “will always have to increase revenue”.

After the Budget Day leaks, Mr Hughes called in a leading cyber-security expert to investigate how the crucial document had been put on its website so long ago.

The report into the accident on Monday concluded that it “caused huge damage to the OBR’s reputation” and was “severely disruptive” to the Chancellor, but also said it was unintentional.

The report said “ultimate responsibility” lies with the OBR’s leadership for the circumstances that allow people to access reports early.

“This is the worst failure in the 15-year history of the OBR,” it said.

Monday’s report also found that someone gained early access to peer financial forecasts in March when Reeves was delivering his spring statement, although he did not act on the information.

The Chancellor’s Budget was thrown into disarray when the OBR’s forecast was revealed online.

The OBR assesses the health of the UK economy. It is independent from the government but works closely with the treasury.

Its reports are issued in conjunction with major government events such as the Budget, the details of which must be kept secret until the Chancellor announces them to the House of Commons.

The OBR’s initial publication effectively confirmed a number of new measures, including the payment of a per mile charge on electric vehicles and a three-year moratorium on income tax and national insurance caps, before they could be announced by the Chancellor.

The OBR brought in Ciaran Martin, former chief executive of the National Cyber ​​Security Centre, to lead an investigation into how the forecasts were reached so quickly.

However, the OBR concluded that there was no reason to suspect the involvement of foreign actors or cyber-criminals, or “collusion by anyone working for the OBR”.

In his investigation Professor Martin found:

• The OBR analysis was available on a hidden URL between 11:30 and 12:08 on the morning of the Budget
• An attempt was made to access the URL at 05:16
• This was a pre-existing weakness in the OBR publishing system, demonstrated by premature access to the March forecasts
• The initial publication was related to software that the OBR had chosen to publish on its website, which was more suitable for a small or medium company than a major publication of important market-sensitive data.

While OBR staff thought they had implemented security measures to prevent expedited publishing, there were two errors in the way they were set up on the publishing platform WordPress that effectively bypassed these controls.

One concerned a plug-in installed by the OBR (an optional extra), the unintended effect of which was to bypass the need to log in to access documents intended for future publication.

The second was the directory in which the file was placed before publication from which anyone could download the file directly.

The OBR received a waiver in 2013 from using a more secure government publishing platform for independent officials to help its autonomy. In other IT security areas, such as secure email, the OBR had adopted secure treasury systems.

A Treasury spokesperson thanked the OBR for its report and said a minister would respond “in due course”.