Decentralised and regulatory compliant. Too good to be true?
In an earlier blog post A Public, Permissioned Blockchain the concept of self-sovereign, permissioned, blockchain was explored as a potential solution to create a framework for regulatory compliance in finance.
The framework behind it is a Decentralised Social Organisation, where there is human interpretation of rules and information coupled with strong governance. This mechanism is fully self-sovereign, allowing groups to form based on residency, or place of registration.
Self-sovereign identity, a key part in establishing in which jurisdiction a person or business belongs, is managed by the self-sovereign groups through a governance process which has a system of incentives and punishments to ensure integrity of the validation process.
What are the intentions of regulation?
The intent of the regulations is key in determining what structures need to be put in place to support them rather than examining the implementation in each regulatory regime.
The first principal is that although a fully decentralised platform knows no boundaries, the regulators care about people and organisations within their jurisdiction. This is why the self-sovereign identity mechanisms are imperative to establish residency and link it to the blockchain addresses.
While the decentralised world without boundaries allows anyone to trade with anyone, doesn’t mean that because you can do something, you should.
One compelling argument for financial regulations is to ensure fair and transparent markets, investor protection, mitigate fraud, and the mechanisms to stem the flow of money from the proceeds of crime. In a wholly unregulated, free-for-all market, there are no checks and we see unfair markets with asymmetric information, scam projects and investors losing money in products they don’t fully understand. There is clearly a balance in the construction of systems between one with a defined set of rules and open access with no constraints. In the context of decentralised systems we see that it is possible to have a decentralised structure with multiple self-sovereign groups each of which manage their own rulesets. There are parallels in Commons where there are rules set around how Commons resources are used and managed, with the rule making as close to the end users as possible (for further reading on Commons: Elinor Ostrom, Governing the Commons). The Commons model is an attractive target model for self-sovereign groups.
The investigation of the flow of money and assets derived from the proceeds of crime in the traditional markets requires a lot of collection of data from all the participants involved in finance, as well as requiring the participants to collect data from their customers. The beauty of blockchain is that the regulators and the financial crime investigation units have access to the data and can track the flow of funds without collecting it from each of the participants as a matter of routine. The self-sovereign identity management process makes it possible to include ultimate beneficiary information where appropriate or ask questions about the source of wealth.
What needs to be in place to facilitate regulatory compliance?
Beginning with identity and associating an address with a person or institution which is done by the self-sovereign group, we have the foundation to associate relevant information about a person or institution. As part of the identity management the information collected is not only verifiable identity but for institutions proof that they have the required licences and permits, for individuals this could also be the basis of enhanced KYC such as understanding the source of wealth and assessing the individuals appetite for risk and knowledge of instruments. The self-sovereign proposer then submits the proposal as part of the governance processes which is decided by voting. The self-sovereign group, based on the rights allocated, have then determined who can transaction with whom and for which assets.
Now there is a self-sovereign group established the next step is to ensure the fair and transparent markets. The disclosure of financially sensitive information is the responsibility of the issuer and should be sent to all channels at the same time. The design of the marketplace should remove the ability for wash trades or spoofing to occur, this is through Zero Knowledge exchanges or periodic auctions. There is also an element of self-policing, as the self-sovereign group have verified each other, if there are members of this group who indulge in poor behaviour the other participants of the group have an interest in censoring the poor behaviour through governance mechanisms as part of the groups rules or dispute resolution mechanisms.
Having a self-sovereign group that have done AML checking as part of the verification processes there are further actions that can be taken. The boundaries of the group is where the AML processes need to be in place. One route is to link a profile to an address, the profiles can be a set of standard profiles rather than an individual one which categorises the level of activity and amounts that are “normal” these profiles are then used as references against which the transactions are checked. The issue then is what to do with flagged transactions and who are these reported to in a very automated system? Another, more radical solution, is to only permit send transactions through a smart contract which has AML processes embedded into it, this can be achieved through the self-sovereign permission management where send transactions are blocked for all participants but the send smart contract is permitted. There is also the argument that the AML is the responsibility of the institutions and part of their wider off-chain processes and procedures and does not belong on-chain.
Is there a solution that addresses this?
There have been a number of initiatives to create “Enterprise” solutions in finance that have the infrastructure for institutions to be regulatory compliant and projects like Corda, or Quorum which was spun out of J P Morgan and is now run by ConsenSys. As these are private chains there is a question around the decentralised nature and who really controls the network.
The public, permissionless, blockchains have not got the infrastructure to build self-sovereign groups natively. There is also a libertarian mindset amongst the crypto/blockchain communities around the choice of the individual being more important and effort is put into ensuring finance is fully decentralised thus ensuring that it cannot be regulated.
How does this evolve?
In the journey of creating frameworks to facilitate regulatory compliance this sets the landscape for orderly and, fair markets and the participants who understand the risks of the assets they trade in. Building on this framework we can see that the self-sovereign group demonstrating the strong oversight on what happens in the group is the emergence of trust and credibility. Establishing a mechanism of trust this becomes self-reinforcing where individuals and investors select the self-sovereign groups which have a higher reputation.
Tgrade is project that will be built in 2021 which has the frameworks to allow self-sovereign groups to form so that they can comply with their local regulations, have the mechanisms in place to trade in permissioned groups and to innovate in finance using smart contracts. Further announcements will be made in the Confio Blog and on Telegram
