Open in app

Sign in

Write

Sign in

Security Tokens (Part 3)

Stefan Loesch
10 min readJan 15, 2019

--

In Part 1 of this post we have discussed the different ways of how investors can hold securities, notably in paper-based bearer format, in centrally-registered dematerialised format (the current default), and in tokenised aka blockchain-registered dematerialised format. We have also identified and defined a number of dimensions in which those formats differ. Those dimensions were

  1. Custody
  2. Registration
  3. Liquidity
  4. Ease of settlement
  5. Payments
  6. Communication
  7. Authentication
  8. Fungibility
  9. Traceability
  10. Tainting
  11. (Im)mutability
  12. Recovery
  13. API access

In Part 2 of this post we discussed the points 1–7. In this part here we discuss the remaining points.

Note: Colin Platt commented on a pre-view version of this post; I have decided to include his comments as notes and address them explicitly as I think they make very interesting discussion points

Fungibility, Traceability and Tainting

Fungibility. Fungibility refers to whether different securities of the same type are distinct, and/or can be distinguished. Note that those are slightly different properties — eg bank notes are fungible in the sense that every 10-dollar not is worth the same, but nevertheless they all have a unique serial number.

Traceability. Traceability refers to whether a specific security can be traced when it is traded between investors. If it is strongly traceable then it can be traced forever, if it is weakly traceable that information will wash out over time.

Tainting. Tainting refers to whether assets that have been obtained unlawfully are tainted, meaning that there is a risk that they’ll be returned to their rightful owner, even if the current owner has obtained them in good faith.

First of all, the securities we are talking about are all functionally fungible: from an issuer perspective they are all the same, receive the same cash flows etc.

Note: one exception would be lottery bonds which are sometimes sold to retail, and where on specific securities can win some money, or a golden ticket or something of that kind

Whether securities can be distinguished (and are therefore not fully fungible in all scenarios, because they get “tainted”, say after a heist) is very important. A related property is traceability which is about whether is is possibly to follow a security around when it changes owners. It is strongly traceable if it is possible to follow it around until the end of time, and it is weakly traceable if (typically) that information washed out over time. Those terms will become clearer in the discussion below.

Bearer papers can have serial numbers just like bank notes, and to the best of my knowledge they usually do have them. This means they are not completely fungible at least on the physical level: if I note down the serial numbers of my bearer shares in the notarised purchase contract, and they are subsequently stolen then I will still be able to identify the new owners at the next coupon date when they are submitting a coupon with the serial number corresponding to those that have been stolen. However, securities law usually states that the new owners of a stolen or otherwise misappropriated bearer asset are the rightful owners of it, provided they can plausibly represent that they purchased those securities in good faith, for example on a regulated market where they had no control (and possibly even no information if securities are cleared) over the choice of the seller.

This might sound a bit unfair — and on a personal level it probably is — and it is not in line with happens with other assets, say works of art. However, it is important for the functioning of securities markets that securities can not be tainted: if as a buyer I have to check provenance of each and every security that I buy I can for example no longer use organised markets where buyers and sellers are matched automatically. Instead, at every purchase I have to engage in a lengthy investigation of the entire chain of provenance that all but destroys market liquidity.

To summarise where we are: bearer securities with serial numbers are strongly traceable, provided I can look at the serial numbers of the coupons, but they are nevertheless fully fungible not by physical design but by legislative fiat.

Let’s now move on to classic dematerialised securities. For dematerialised securities it depends on the exact structure of the database to understand whether they are “physically” fungible or not. That of course does not usually ultimately matter as the fungible-by-fiat property in case of fraud or theft applies here as well. Be that how it may, there are fundamentally two possibly ways of how share ownership can be represented in a database: either there is a record for each share issued, and its owner is recorded (Method 1), or for each and every owner the number of shares they own is recorded (Method 2). Method 1 is slightly more fault tolerant as the number of shares recorded will automatically be the same as the number of shares outstanding, which is not the case for Method 2 where this needs to be asserted at the transactional level. However, Method 1 is more resource intensive.

If Method 1 is used there is strong traceability: like with serial numbers, every share is uniquely identified, and if an append-only log of the database changes is kept it is even possibly to trace the entire path between any two owner, which is even stronger than in the bearer securities case where intermediate owner might or might not be identified. If Method 2 is used however there is only weak traceability. To understand why, let’s look at an example:

Assume that you already own 1,000 shares in Company X, and you then buy 100 more, and assume those second ones have been fraudulently obtained by the seller. At this stage it of course it could still argued that you own 1,000 shares rightfully, and 100 shares that are tainted. However, what happens is you sell shares? The shares you hold are not distinguishable under Method 2, so there is no way to assert whether the shares you sold are tainted or clean. We could of course argue that all your shares are now (weakly) tainted — but note that in this case by incorporating 100 shares into your portfolio you created another 1,000 (weakly) tainted shares, and as time goes on this tainting will spread across the entire set of traded shares, to the extent that tainting is no longer a useful concept.

The summary here is that standard dematerialised shares recorded under Method 2 are only weakly traceable, meaning that the concept of tainting no longer makes sense, and that there is no real choice but to employ fungibility-by-fiat.

Let’s finally get to tokenised assets, and that’s where it gets interesting: both in standard ERC20-style tokens and in UTXO-based design (which together probably cover 99.9% of the use cases we have seen so far) the tokens are weakly traceable but with an in practice relatively small decay coefficient. What this means is that the information over the provenance of a token only wears out were slowly, so that the notion of a tainted token makes mostly sense

Note: This might get a bit technical, so feel free to skip it and just accept the statement above. Let’s start with ERC20 tokens: they generally employ the equivalent of Method 2 above to record ownership, so there is only weak traceability. However, if people follow the privacy advice to never re-use addresses this does not matter: if every address only ever receives one incoming transfer then it does not contribute to spreading the tainting.

For UTXO-based tokens there can be strong traceability even if addresses are re-used as within a given address the different UTXOs can be distinguished. Where this falls over is when multiple UTXOs are used as input for the same transaction (a technique that is employed in coin mixers, but that happens even in regular transactions when different UTXOs are combined in order to achieve the right number of outputs).

As of yet, tokenised securities do not have fungibility-by-fiat, meaning that there is always a risk that there is a “previous owner” who can prove that their coins have been stolen who can successfully sue the new owner for returning those assets.

This is not a particularly encouraging situation for tokenised assets. At the moment the only mitigant for this risk is to either sit and pray and wait until case law develops in this area, or to only buy proven clean assets (ie, either in primary or assets with clear trace, so not on an exchange).

(Im)mutability and Recovery

(Im)mutability. (Im)mutability refers to the ability to adjust the ownership records so that they match the ownership in the real world in case those two have diverged

Recovery. Recovery refers to the ability to recover lost assets, eg because of lost certificates or lost private keys.

Real world assets are subject to real world jurisdiction and enforcement (the latter point being the important one; even distributed ledger assets are subject to real-world jurisdiction, but enforcement might be impossible), and therefore any recording system that is meant to represent the real world needs to choose between being structurally inaccurate or being mutable (thanks for Prof Schusterpointing this out). Opinions may differ, but there is a strong argument to be made that “structurally inaccurate” is not acceptable, so any recording system must mutable in reaction to the relevant legal events.

Note: Colin points out that “mutable” might not be the best term to use here, and I somewhat agree, but I currently don’t have a way of expressing it better. Maybe in a later post…

This is generally true for our bulk standard centralised registry system: if a court decision is handed down that impacts the ownership of securities then this decision is implemented. There is one caveat though: if the jurisdiction where the shares are issued is not the same to the one where the registration system is located then there might be an enforcement issue; however, local courts might still have the option to seize the asset in question and to force an adjustment at the security holder level in this manner.

For bearer securities similar possibilities exist: whilst it might not be possible to force the transfer of the actual paper, for example because it is hidden or deposited outside of the reach of the courts, courts can in principle prevent companies in their jurisdiction from ever making payments on coupons with certain black-listed serial numbers rendering those securities worthless.

Note: this in principle requires a more subtle discussion of the interaction of this with the fungibility-by-fiat discussion in the “Tainting” section, but this is for another post.

Finally, blockchains are immutable: in principle they can be hard-forked to adjust the state if need be, but in practice because of the decentralised character of blockchains that is not likely to happen for a mature chain, the events around the DAO notwithstanding.

Note: this statement strictly only holds for blockchains of the public kind; for proof-of-authority chains in particular a hard-fork might be possible, but repeated hard forking would probably still be rather strange as this would negate one of the main benefits of a blockchain.

This immutability means one of two things: it could be that a certain divergence of the state as recorded on-chain and the state of the real world is acceptable. This acceptability in turn could come in one of two forms: either it is considered acceptable to live minor errors that are not rectified such as the wrong person is receiving the coupon payment (Case 1), or there is a second-layer rectification process in place (Case 2). Case 1 is probably not acceptable because it infringes personal property rights, and Case 2 probably negates the benefits of using a blockchain; for example it might mean that coupon payments can no longer be made through the token, but that issuer would have to read the beneficiary list, make the necessary adjustments, and then make a payment directly.

If divergence of state is not acceptable — and in the security token world we have just made a strong argument that it is not — then the only other option is mutability of state. Mutability of state can be introduced at three distinct levels

  1. the blockchain level
  2. the smart contract level
  3. the legal contract level

We have argued above that Choice 1 is not realistic, which leaves us with Choices 2 and 3: Choice 2 would require something like a god-mode where state can be adjusted through a well-defined process. Choice 3 is mostly along the lines of being able to switch over the smart contract if need be, and it is interesting to know that for example the Gemini stable coin went down this path.

Note: Colin made the very interesting point that miners might ideologically object to contracts that contain a god mode. I had not considered this, but I can absolutely see where he is coming from. It would be extraordinary though: miners censoring transactions for ideological reasons is also not quite in line with blockchain ethics. Having said this, I believe that the future of securities tokens lies on proof-of-authority chains run by a consortium that include eg censorship resistance as part of the charter, not through technology.

For recovery of lost coins (or lost share certificates; or registered shares that are lost eg because of an inheritance) the arguments go along the very same lines, with the only difference being that there might be non-judicial processes in place to recover those coins in case the loss and ownership can be asserted.

API access

API access. API acces refers to if whether is possible to execute ownership operations through an electronic API, and if yes, how easy and how standardised this access is.

API access is a comparatively easy but important point. For paper certificates there is a priori no API access, but of course if paper certificates are held with a custodian this custodian might provide an API that the rightful owner can operate. The same holds for centrally registered securities, except that because they are already held in a database there is a good chance that there is API access. However, a priori those APIs will be specific to the custodian in question, and in particular rely on specific authentication methods.

For blockchain-based assets there is a native API; in fact this native API is the only way to interact with those assets, and everyone with the relevant keys will be able to operate the API (except for some private chains; but those are really just fancy centralised-but-backed-up databases anyway). Note that a priori the API is not standardised either, but at the very least it is publicly known, and there are a number of standardisation efforts under way (eg, the ERC20 token standard) that at least standardise basic functionalities.

this is the end of Part 3; here is Part 4

Stefan Loesch a managing partner at LexByte, an advisory firm specialising on tokenised investments. He has more than 20 years experience in financial markets, and his previous roles include advisory at J.P. Morgan and McKinsey and quant development at Paribas. He is the author of “A Guide to Financial Regulation for Fintech Executives” (Wiley 2019).

a frozen lake
Blockchain
Crypto Assets
Security Tokens
Sto
Ethereum

--

--

Stefan Loesch

Written by Stefan Loesch

40 Followers

Fintech. Author of "A Guide to Financial Regulation for Fintech Entrepreneurs" (Wiley 2018). Contact virtcard.co/c/skloesch.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams