Blockchain – Considering the Regulatory Horizon
This post comes to us from Gregory Brandman and Samuel Thampapillai of Eversheds. Gregory Brandman is a Partner in the Litigation and Dispute Management Team and Samuel Thampapillai is an Associate in financial services disputes and investigations group. This article was first published on http://www.ky360.com (subscription required). It has also been featured on Lexology and Eversheds websites.
Blockchain, the mechanism for information storage based on a distributed ledger structure, has generated considerable levels of interest and speculation in recent times as to how it might transform the exchange of data and ability to transact globally across a vast array of fields, including financial services. Blockchain technology promises to be an innovative disruption to the fintech ecosystem, the Financial Times very recently quoting 42% of polled asset managers identifying blockchain as an area of financial technology that will have the biggest impact on the fund industry. However, blockchain technology is still relatively new and while there are numerous examples of it being adopted, it is still in a largely nascent phase within major institutions.
UK & European regulators nonetheless have had their attention piqued by the development of blockchain technology and although the approach that regulators intend to adopt is unclear, it seems that this focus will only grow as fintech increasingly features on the regulatory agenda. Indeed the EU Parliament in April 2016 hosted a non-commercial roundtable on cryptocurrencies and blockchain technology attended by a number of key monetary agencies including the EU Commission, the Bank for International Settlements, the World Bank, the United Nations, Europol, ESMA, the UK Treasury, the Bank of England and Nasdaq. This article seeks to explore some of the key regulatory issues that may arise out of the development of blockchain technology that market participants and industry players should consider.
What is Blockchain?
Blockchain is often referred to as a type of distributed ledger technology (DLT) that provided the foundation for bitcoin and other cryptocurrencies when they first emerged. A simple way to conceptualise blockchain, however, is as a permanent ledger which records transactions. However rather than one ledger, there are multiple copies of the ledger in the network called nodes. If a new block of data is to be added to the blockchain, a majority of the nodes within the network, each of which possesses copies of the existing blockchain must verify the proposed transaction. A key feature of this multiple node structure is that it enables unknown counterparties to trade with each other securely and uses a cryptographic key to authenticate participants. An attractive attribute of blockchain technology is that it solves the 'double spend' problem, enabling counterparties to transact with each other as it removes each party’s need to 'trust' the other. They can trust the authenticity of the ledger. Blockchain companies are also investigating how different types of data can be stored on a blockchain e.g. patient health records, property registers, voting information. Consequently, the benefits of blockchain technology have been touted as improving services and performance across a range of industries. For example, the Government Chief Scientist, Sir Mark Walport, released a report in January on how blockchain could transform the delivery of public services and boost productivity.
Impact of Blockchain
There are several aspects to the development of blockchain, many of which are widely acknowledged as serving to minimise conventional regulatory and market risks and enhance protection for the consumer. A number of the potential benefits of blockchain are:
Reducing errors, fraud and cybercrime. This is far more difficult within a blockchain as a majority of nodes need to be convinced of any change to the data before that change is accepted. This extends to any retrospective attempt to tamper with data as any alteration would need to be effected on all the nodes.
Privacy and data security. Another ostensibly positive feature of blockchain is that all of the data in each block is encrypted under a pseudonym. Although the data is public, whom the data relates to is private. For example, the Enigma project, a decentralised cloud-based platform developed in MIT, enables private data to be stored, shared and analysed without ever being fully revealed to any party using multi-party computation, empowered by the blockchain.
Increased scope for automated transactions. This includes programming a blockchain so that dividends are paid on declaration, automating hedges or blockchains such as Ethereum which execute peer to peer contracts using cryptocurrency i.e. a type of “smart contract.” Another such company using automation is London based Crowdaura, who utilise the blockchain to provide product issuance, settlement and administrative activities for corporate and investment banks. The US state of Delaware, where over half of all publicly traded US companies are incorporated, recently announced the establishment of the Delaware Blockchain Initiative in partnership with Symbiont to encourage expanded use and development of smart contract technologies. Symbiont’s blockchain technology includes enabling financial instruments such as securities to be modelled, traded and fully digitised onto a distributed ledger. In the same vein, only last year, the SEC approved an amended From S-3, enabling TØ, a subsidiary of Overstock, to issue public securities via blockchain technology. Automation saves cost and reduces the scope for error and fraud, as it removes the requirement for someone to independently execute these processes.
Decreased role for intermediaries. Intermediaries, such as banks and clearing houses, are often used as a way of verifying transactions. However, this role is challenged by blockchain as it provides an in-built authentication mechanism. The Nasdaq, for example, has opened up to investors buying shares using its Linq blockchain ledger, exploring the use of blockchain as part of its infrastructure. This could also lower costs, as most intermediaries charge a fee for their services.
Liquidity and capital flow. By reducing the need for intermediaries, blockchain is likely to speed up the rate at which transactions can be executed. This, in turn, reduces the amount market participants have to set aside at any one time in preparation for execution, thereby freeing up capital. That said, the transfer of significant amounts of capital to blockchain technology, were it to take off, could pose liquidity challenges for the regular banking system.
In a recent speech, Christopher Woolard, the FCA’s Director of Strategy and Competition, noted that blockchain could potentially revolutionise financial services, and even help firms meet their KYC and AML requirements more efficiently. The German regulator Bafin, in a recent paper, identified blockchain as potentially establishing a new standard in the financial market. At an even higher level, there remains the possibility for blockchain to assist regulators and compliance officials in performing their own regulatory and investigatory functions in a superior way.
Market risks and regulatory concerns
Although the potential benefits from blockchain are known, there remain areas of risk which regulators are likely to focus on as the technology develops. At present, UK regulators have primarily been observing the development of blockchain, wary of stifling innovation through the premature imposition of regulation. As a nascent technology, the lack of standardisation from a technology or network architecture perspective is a risk factor. Woolard, in his speech, recognised that blockchain is a growing industry, and that developers should be allowed space to develop solutions to the issues arising, some of which may well be achieved through the FCA’s regulatory “sandbox”. The Bank of England has also expressed general support, stating on its website that it will monitor developments in this area. At the EU wide level, there are indications that a cautious approach may be taken to blockchain. The European Parliament’s Committee on Economic and Monetary Affairs has recently released a draft report on crypto-currencies and blockchain. Although it recognises the positive impact which these developments could have for consumer welfare and economic development, it calls for regulation to deal with the risks they could entail. In particular, the risks of money laundering, terrorist financing, fraud, governance gaps, systemic risk, regulator resources and legal uncertainty were highlighted. For firms looking to employ blockchain technology, the areas identified above are likely to form the basis for a blockchain regulatory compliance framework. Some more specific risk factors are explored below.
Despite the fact that changes to data occur via the network of nodes rather than a central authority, there are still concerns as to the level of cyber-security within blockchain networks. Although data in a blockchain is encrypted, the levels of encryption vary, so if that can be breached, the data is no longer secure. This is particularly the case given the absence of common network standards and protocols with users presently having their own mix of back-office systems and technology stacks. The Bafin paper echoed these concerns, flagging the need to protect systems from cyber-attacks and the importance of data protection in transactions.
Even absent cybersecurity concerns, Woolard, in his speech, identified the need for regulatory focus on how individuals gain access to a distributed network and who controls this process, along with what data security exists for users. To apply this to a financial services context for example, it is still unclear how much visibility about a trade each node needs to be able to have in order to verify a transaction while still keeping the contents of a particular trade confidential.
Identification of errors and reporting responsibilities
One of the ironies of blockchain is that, despite its strengths in making life more difficult for cyber criminals, these strengths actually serve to exacerbate the consequences where a fraud is successful. If a fraudulent transaction is verified it becomes very difficult to detect as it has become embedded in the chain. If a fraud is later identified, it is very difficult to identify the source of the fraud and to ring-fence that stream of transactions from the rest of the system. The FCA Business Plan for 2016/17 recognises this tension in its chapter on the Risk Outlook when it says:
“Blockchain technology represents an alternative approach to the safe storage of information of value such as trade execution, clearing and settlement and custody. It can provide for secure, transparent and immediate confirmation of information that can then be distributed to all interested parties without the need for a central record-keeping authority. While this new alternative approach has many advantages, it also presents new challenges related to data privacy, defect corrections, and trust in decentralised financial servicing."
Self-regulation – the need for checks on blockchain
Connected to the above issue is how the inherent characteristics of blockchain technology make redundant a significant amount of regulatory architecture that would otherwise serve as a check on the risk of fraud or error. For example, preventing the commingling of funds within a financial institution can now be achieved through the use of internal blockchains and automated technology. The operation of the CASS rules, for instance, and its associated mechanisms in this environment have no meaning. However, if the blockchain were to malfunction or be tampered with, there would be no system to detect or prevent any error as a second line of defence. Also, while technology can enable the disintermediation of certain functions that are currently centralised, it is worth noting that these intermediaries can fulfil a range of functions, which may not all be replaceable by the introduction of DLT. There will be some regulatory focus on how to retain such roles. In a broad sense, whilst there are positive risk-mitigating characteristics inherent within blockchain technology itself, a key focus for regulators will be the need to develop alternative mechanisms that serve as an independent check against the risk of fraud or error.
Consumer understanding and treating customers fairly
The sophisticated nature of the technology has the potential to render blockchain inaccessible to those not schooled in it. This has particular import when blockchain is used, not just as an overarching network to transact or exchange data but as a tool to enact algorithmic codes within structured products and various other exotics. Of concern to for regulators will be the extent to which consumers understand how the blockchain works and the extent to which it is communicated that blockchain in this context is merely a more optimised internal algorithm – particularly given the current hype surrounding blockchain which could be misrepresented as somehow guaranteeing investor returns. Recent FCA guidance on the promotion of structured products and TCF will equally apply in a blockchain environment. Having said that, among the largest barriers to liquidity within structured products are: the lack of variation of structured products and the issuance, execution and administration process –hurdles which blockchain technology could potentially rectify.
There are also a number of logistical issues around the implementation of blockchain mechanisms that pose an issue for regulators. One issue is the scalability of blockchain mechanisms. While blockchain technology has underpinned global phenomena such as bitcoin, when blockchains are designed for sophisticated multijurisdictional purposes e.g. as the network for an investment bank’s operations, there remains an open question as to whether they can be built to a level that is both functional and cost-effective with the requisite safeguards given that all the risks associated with blockchain would be magnified when operating at that larger scale.
Related to this issue is the extent to which common standards can be developed that create uniform technology and network protocols that would enable multiple networks to interface meaningfully with each other. The development of these standards as blockchain networks grow will be a key feature of the regulatory agenda.
Jurisdictional issues and the international footprint
One of the key selling points of blockchain technology is that it enables an even more integrated approach to cross border transactions as the nodes on a blockchain can be located anywhere in the world. However this poses a number of jurisdictional issues. At a simple level, every transaction potentially comes under the legislative umbrella of wherever a node exists whether in respect of financial services or data protection. The blockchain would then need to be compliant with a potentially unwieldy number of legal and regulatory regimes. In particular, the new EU General Data Protection Regulations (and existing data protection regulations governing the transfer of personal data) may create legal and regulatory issues for a distributed ledger that enabled the transfer of data across geographical boundaries.
Building on this, in the event of a fraudulent or erroneous transaction, the locus of the relevant “act” could be unclear as the transaction may have occurred simultaneously in a number of different places. This is particularly the case if there are flimsy contractual provisions governing a transaction done across blockchain which would be likely in the case of certain, more novel, transactions. In contrast, however, in a conventional banking transaction if the bank is at fault, irrespective of the transacting mechanism or location, the bank can be sued and the applicable jurisdiction will most likely be contractually governed.
A further litigation issue arises where it is the blockchain itself that is the source of the fault. In addition to the ambiguity as to the actual locus of the blockchain, the absence of formalised blockchain standards and providers could potentially leave consumers with no relief.
Due to many of the abovementioned risks, including data security, financial institutions are often reluctant to use a public blockchain. Accordingly, many firms have been experimenting around deploying private blockchains and testing the types of information on there from legal contracts to the clearing and settlement of securities. The R3 CEV consortium, which includes around 24 of the world’s largest banks, has been set up with view to achieving this goal. In theory, the advantage of this development is that membership of the network can be limited to trusted parties, meaning that fewer safeguards need to be built into the blockchain to prevent dishonesty. A private network would also be able to develop standards and protocols that would assist members to interface with each other.
However, the existence of a private blockchain would appear to undermine the general principles of openness and participation that underpin blockchain. Moreover, were a private blockchain to become the default network in financial services, dominated by major institutions, key competition risks could arise that would concern regulators. This would particularly be the case, if high barriers to entry prevented smaller providers from operating on the private blockchain network. Furthermore, the likely outcome could be a two or multi-tiered system, which, rather than promoting consistency of standards, could compound regulatory concerns. Also, regulators may be concerned that a private blockchain dominated by major institutions, rather than promoting honesty, could theoretically become a vehicle for collusion, particularly in the aftermath of the LIBOR and FX scandals.
It is likely that blockchain technology will feature prominently in the future on the regulatory agenda. Blockchain has the potential to ease many current regulatory issues, including by increasing transparency, boosting liquidity, facilitating trust between market participants, securing data and improving accessibility to the markets through lower transaction costs. However, as we have discussed, regulatory concerns would remain about the “new” technology and regulatory concerns are likely to evolve considerably while blockchain technology and its surrounding architecture continue to develop.
YOU MAY ALSO BE INTERESTED IN