Blockchain technology: a regulatory solution, not a regulatory problem

There has been a lot of development and discussion around Distributed Ledger Technology (DLT), more specifically Blockchain[1], as well as the applications that utilize these underlying technologies, such as cryptocurrencies[2], Initial Coin Offerings (ICOs)[3], tokens in general[4] and smart contracts[5].

These discussions have been largely confined to the innovator, investor and intermediator community, trying to determine what an ecosystem should look like and trying to convince the broader community of its real world benefits. That discussion continues and certainly further work is required.

The discussions between industry and the regulatory authorities have been pivoted around the central thesis that new emerging Blockchain[6] enabled financial systems are trying to circumvent existing regulatory rules. Regulatory authorities quite rightly under those circumstances have looked at Blockchain and token economics with a degree of suspicion.

Sadly, many regulatory authorities confuse Blockchain with cryptocurrency; one is the underlying technology infrastructure and the other is an application that utilizes such infrastructure. This broad brush ignorance has led to regulators viewing the technology as a potential problem and something that needs to be ‘controlled’ and many Blockchain related businesses seeking some form of regulation as a means of providing long-term certainty.

Turning the regulatory dilemma into an regulatory solution

The reality is that Blockchain and associated technologies can be tools for regulatory oversight. They can fundamentally improve the transparency of the financial system, embed compliance and real time reporting, protect the end-to-end integrity of the system and nurture further levels of trust within and outside of the system.

I am not advocating more regulation per se. Innovation has almost always outpaced regulation. Blockchain development and implementation are happening at a pace well beyond the capacity of regulators to respond. Trying to heavily regulate such a space is likely to do more long-term damage than good. What I am suggesting is that regulators utilize their existing toolkit for supervising and controlling the space if need be, but to do so with real time knowledge, and at a pace that keeps up with innovation.

Whilst good regulation is critical — you cannot have good regulation when you do not know the lay of the land. At the same time, you cannot not regulate, just because you do not have the full facts. The path forward must balance the priorities of regulators to uphold the law, preserve the integrity of capital markets, whilst allowing innovation to flourish.

We need to move from strict regulation to good governance. Just because you are decentralized does not mean you need to be disorganized[7].

How? By the regulatory authorities themselves becoming a full node on the Blockchain with multi-signatory rights to view all the transactions on the Blockchain. The regulatory authority would effectively be assigned the rights of a miner, without having to actually mine.

By being mandated broad rights, which may include broader governance capabilities, they would not only have broad oversight of all activities, but would ensure the network is run in a manner that is not contrary to agreed governing principles.

The regulatory authority in this context would move away from a policing force, trying to police a problem it does not really understand. It would instead collaboratively work with the industry to develop regulatory governance mechanisms that can provide the necessary levels of oversight and control required by the regulator to fulfil their statutory duties whilst allowing this nascent technology and business model to grow and flourish.

Regulatory authorities should have a stake in being intimately involved in defining the governance principles for the Blockchain enabled eco-system. The core principles and attributes of Blockchain enabled systems are aligned with the core objectives of most regulatory authorities.

Today’s reality

A number of key stakeholders (Banks in particular) in those industries that are prime for disruption (financial services) have begun to take notice to developments in the Blockchain and associated technologies space. Governments and regulatory authorities have started to pontificate what it all means for the real world, they are looking around to see what others are doing, if anything, and whether they really need to do something now or can wait until, as some would hope, this bubble bursts.

This is the wrong approach. Regulatory authorities should be thinking of regulatory sandboxes[8], not burying their heads in the sand.

Much has also been written about the impact cryptocurrencies can have on the broader global financial systems, some predicting or hoping that central banks’ role will become irrelevant with the emergence of decentralized technology (or rather protocol) driven trust creating networks.

The evidence to date is that government controlled central banks are unlikely to give up their central role in determining their monetary policy, their ability to manage interest rates, inflation or their currencies. Major established systems are typically more resilient than they appear.

I believe it is fair to say that decentralized Blockchain based applications must complement the role of central banks and indeed other regulatory agencies, rather than trying to bypass them — this is certainly true for permissioned systems[9]. This is not to say that Blockchain based models will not be a disruptive force: the tokenization model, in which value resides in the network rather than its controlling operator, offers the potential for disruption — transferring power from the large and few to the small and many. The Blockchain architecture treats trust as a public good rather than a source of private advantage.

Participants on Blockchains need to trust in a decentralized model in which either there is no central control or that they can have effective shared control. At the same time, governments need to trust that their citizens will be protected, taxes will be paid, and criminal activity effectively monitored and policed.

The academic literature suggests that legal contracts, trust and control are not necessarily on opposite sides[10]; they are complimentary mechanisms that work to enhance each other. Mechanisms of exerting legal control help to develop greater levels of trust between the participants. The greater the level of trust between participants the more efficient and effective are the legal controls. Over time, legal controls can give way to trust, although eliminating legal controls altogether could be a recipe for disaster. The legal contract provides the foundations for trust.

The same is true when it comes to Blockchain. Whilst they may have inherent mechanisms of trust built in, these need to be complimented with mechanisms of Governance and Law. Blockchain allows participants to trust the technology, which dispenses from the need to trust human counterparties or institutions, although trust is placed in code and those that develop it.

Regulatory authorities to date have framed the discussion around Blockchains and associated technologies with a narrow lens of suspicion and fear: they see it as a regulatory problem, whereas it can actually be a regulatory solution.

Back to basics

The role of regulatory authorities (in the financial space at least) is pivoted around three pillars:

· Pillar I: to protect consumers (sometimes from themselves in the case of investing in high risk investments) or ensure universal access to services by all consumers;

· Pillar II: to protect the competitive process and prevent any abuse that may result from market power or dominance (however these are defined); and

· Pillar III: to protect the integrity and security of the system itself — i.e. ensure it is fully trustworthy.

*Note: whilst discussing more general regulation, in this paper I pay particular attention to financial conduct regulation.

On the first pillar: consumer protection— Blockchain based systems are helping expand financial inclusion to previously unbanked populations, one of the key mandates of regulators. Whilst many regulatory authorities have expressed concerns around tokenization (their different characteristics, and whether the regulatory status of an asset or activity is affected by the use of Blockchain and the process of tokenization), most appear to be reaching at least an interim conclusion that the existing regulatory systems are capable of regulating such activities. Sometimes the regulatory solution is to expand the licensing regime to capture these new entities of activities[11]. The traditional ethos of high quality regulation being ‘technology neutral’ means that most of the existing regulatory tools should be capable of regulating these services, whatever technology may be used to deliver it. The broader question of managing cross-border activity which Blockchain enabled systems enable is not a new one. The internet has vexed many regulatory authorities for many years, without definitive solutions to date. Trying to find solutions for regulation of cross border activities through Blockchain activities may be as futile as ever, although there are some interesting ideas emerging.

On the second pillar: competition — it is too early for regulatory authorities to have concern in the Blockchain and token space. It is still very much a fragmented space without the emergence of dominant players. This is not necessarily true when it comes to the Artificial Intelligence (‘AI’) space. Here there is a need for regulators to have concern given the dominance of a few global players who have access to data required for AI systems — this is beyond the scope of this paper — however, one area where regulators need to pay attention is the inter-operability of different Blockchain based systems. This becomes important, as will be discussed later in this paper.

On the third pillar: system integrity— it is fair to say that regulatory authorities have started from a perspective that Blockchains (read cryptocurrencies and in particular Bitcoin) have inherent regulatory problems; significant volatility, reduced transparency and being used by unscrupulous people (tax evasion[12], money laundering, terrorist financing and other Dark Web activities). This is a misconception. Blockchains have five basic principles underlying the technology that actually make the system more transparent, robust and resilient:

1. Distributed Database: Each party on a Blockchain has access to the entire database and its complete history. No single party controls the data. Every party can verify the records of its transaction partners directly, without an intermediary. There is no single point of failure, improving system resiliency[13].

2. Peer-to-Peer Transmission: Communication occurs directly between peers instead of through a central node. Each node stores and forwards information to all other nodes. There is a single shared version of the truth.

3. Transparency with Pseudonymity: Every transaction and its associated value are visible to anyone with appropriate access to the system. Each node or user on a Blockchain has a unique address that identifies it. Every transaction is associated with such address. Users can choose to remain pseudo anonymous or provide proof of their identity to others. This governance problem must be given adequate thought. Contrary to popular belief, there is more transparency with Blockchains based technology.

4. Irreversibility of Records: Once a transaction is entered in the database and the accounts are updated, the records cannot be altered because they are linked to every transaction record that came before them through hash functions. Various computational algorithms and approaches are deployed to ensure that the recording on the database is permanent, chronologically ordered, and available to all others on the network. Blockchains support more robust automated and accurate record keeping, improving the audit and oversight capabilities of regulatory authorities.

5. Computational Logic: The digital nature of the ledger means that Blockchain transactions can be tied to computational logic and in essence be programmed. Therefore, users can set up algorithms and rules that automatically trigger transactions between nodes[14]. As long as the computational logic is robust, Blockchains eliminate unnecessary intermediaries, improve efficiencies by eliminating the need for lengthy reconciliation processes, and reduce ambiguities and disputes. Blockchains provide access to real time verifiable data, potentially reconciling end-to-end processes that would otherwise be difficult or impossible to do. Having all the transaction information in a shared register in almost real time would allow regulatory authorities to monitor financial activity without having to wait to receive the required reports from the various financial institutions.

Furthermore, where Blockchains are combined with trustworthy multi-signature and cryptography functions, the security of the entire system and data can be enhanced. Using the technology, data can be hashed onto the Blockchain and only accessed with signature approval from a predefined group of people; something that would enable the open transparent nature of Blockchain technology to be reconciled with data protection regulations such as GDPR. One aspect of GDPR that many commentators state may not gel well with Blockchain technology is the ‘right to be forgotten’. I suspect this a red herring — GDPR was never intended to be used by unscrupulous individuals to use the GDPR provisions to wipe clear illegal transactions or activities. The ‘right to be forgotten’ is not an unconstrained right.

Blockchain technology: a regulatory solution, not a regulatory problem

When you examine the inherent principles underlying Blockchain technology, you come to realize that Blockchain technology (especially in the context of smart contracts) can support the regulatory authority systematically adhere to the third regulatory pillar: making the end-to-end system more trustworthy. It can more effectively and efficiently[15] bridge the gap of trust between those they regulate and the public.

How do regulatory authorities incorporate and turn these principles into reality?

By themselves being a full node on the Blockchain and being provided multi-signatory rights to view all the transactions on the Blockchain. The regulatory authority would be given the rights of a miner, without having to actually mine. They should in fact be given the role possibly broader than a full node — with broader governance capabilities. This would ensure the regulatory authority not only has broad oversight of all activities, but also ensures the network is designed and run in a manner that is not contrary to agreed governing principles.

The real issue to implementing this apparent solution is that many permissioned Blockchains are global in nature and may have multiple consortia. A regulatory authority’s powers are local in nature, whilst the transactions are global in nature. Where the permissioned network is local in nature, where transactions are between the nodes that are local in nature, establishing a regulatory node could be a relatively easy solution.

Where transactions are global in nature, it becomes a little more complicated. One solution that is being promoted is that regulatory authorities from different geographies have presence in each of the global consortia, with access rights to the information needed to perform their supervision activities related to the entities that fall under their jurisdiction. Then, information extracted by one regulatory authority from every consortia is shared in a private ‘regulatory authority’ network — thus combining all the information needed for monitoring global transactions.

The need to iron out the kinks is the chain

For a regulator friendly system to work there needs to be inter-operability of different Blockchains for which the regulatory authority may need to be a node, as well interoperability with existing systems. A regulator having to have nodes on multiple Blockchains, each potentially with different protocols and reporting standards will make the life of the regulator difficult[16].

A set of standards about what kind of relevant information about the transactions have to be stored in the ledger and its format so regulators can easily extract the needed data, needs to be agreed on a global level.

Close collaboration between permissioned based systems and regulators is needed to ensure the Blockchain and its transaction have legal validity (there is also a question of which jurisdiction applies). Regulators (and more broadly legislators) need to be involved in ensuring that there is legal recognition of data on the ledger of a Blockchain; that the data on the Blockchain represents real ownership or existence of that asset or financial instrument.

[1] Blockchains are shared (“distributed” or “decentralized”) digital ledgers that use cryptographic algorithms to verify the creation and transfer of digitally represented assets over a peer-to-peer network. They operate via an innovative combination of distributed consensus protocols, cryptography and in-built economic incentives based on game theory.

[2] A digital asset designed to work as a medium of exchange that uses strong cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets. Cryptocurrencies use decentralized control as opposed to centralized digital currency and central banking systems.

[3] Like an IPO in mainstream investment, ICOs are a means of fundraising, used primarily by firms looking to create a new coin, app, or service whereby interested investors buy in to the offering, either with fiat currency or with preexisting digital tokens. In exchange for their support, investors receive a new cryptocurrency token specific to the ICO that could be classified as a security or utility token.

[4] Tokenization allows for fractional ownership of assets, which can lower barriers to investment, improve liquidity, and facilitate tradability.

[5] Smart contracts are programmed to generate instructions for downstream processes (such as payment instructions or moving collateral) if reference conditions are met. Like passive data, they become immutable once accepted onto the ledger.

[6] The purest Blockchain entails a public network and a ‘mining’ process based on a proof-of-work (‘PoW’) consensus mechanism in which tokens are issued in a decentralized way, while distributed ledgers can be public, federated or private, and do not necessarily entail a PoW consensus mechanism or even a ‘mining’ process. In fact, token issuance can be centralized while the ledger is decentralized, akin to ICOs.

[7] 2018 Blockchain Regulation Roundtable: Addressing the Regulatory Challenges of Disruptive Innovation, Don Tapscott, August 2018.

[8] While each sandbox is different, the goal is generally to encourage compliance whilst enabling innovation by simplifying the regulatory burden on start-ups. A regulatory sandbox can be defined as a set of rules that allows innovators to test their product or business model in an environment that temporarily exempts them from following some or all legal requirements in place. In exchange, they are often obliged to operate their business model in a restricted manner, for instance through a controlled number of clients or risk exposure, and under close regulatory supervision. The technique is designed to be mutually beneficial for regulators and the regulated in reducing legal uncertainty for the latter.

[9] A permission-based framework requires rules to approve/reject authorized participants, including perhaps minimum capital requirements, conduct of business rules and risk management processes. Permission-less systems in contrast, allow anyone to participate as long as they install the software with the requisite protocols.

[10] Research conducted for my PhD on the interplay of legal contracts and trust.

[11] In some countries, a licensing framework approach for Blockchains applications has also started to emerge, in particular, for cryptocurrency application environments. For example, the State of New York in the USA is offering “BitLicense”, which allows business to conduct virtual currency activities on DLT infrastructure.

[12] Some countries consider them as digital money (subject to related regulation), while others treat cryptocurrencies as digital products or commodities (subject to VAT). Regulators in the USA have different criteria around bitcoin for instance: some consider it as money (FinCEN, SEC), while others consider it a commodity (CFTC), or even a property (Internal Revenue Service).

[13] Most DLT or Blockchain technologies use Public-Private Key Infrastructure (PKI) to secure rights to view and add to blocks — therefore the risk of system security is somewhat transferred to the PKI operator and the individuals that need to guard their respective ‘keys’.

[14] Counterparties would need to establish obligations and settlement instruction (put assets under custody of the smart contract(s) and establish conditions for execution). Upon an event trigger (e.g. transaction initiated / information received); the contract would be executed based on terms of the contract. Movement of value based on conditions being met, which could be ‘on-net’ or ‘off-net’ (e.g. issuance of settlement instructions and reconciliation) would occur and the distributed ledger updated. Any smart contract defined on the Blockchain will have to comply with the regulation with respect to contracts applicable in the corresponding jurisdiction, as well regulation KYC and AML regulation, capital markets regulation, lending regulation, and so on. Note there are separate issues around the enforceability of smart contracts — that is a much broader topic beyond the reach of this paper.

[15] Blockchains and smart contracts have intrinsic advantages: instant settlement, easier and more trustworthy management of collaterals, monitoring of OTC operations invisible today to the market, lack of need of clearing houses etc.

[16] There is already some collaboration in this space. In September 2017, R3 announced that it had developed a prototype of the system together with the UK Financial Conduct Authority, the Royal Bank of Scotland Group Plc and another global bank, built using R3’s Blockchain called Corda, which enables banks to generate automated delivery receipts for the regulator each time a mortgage is booked.