Financial institutions and blockchain technology

Over the last few years, the potential to use distributed ledgers and blockchain technology has seen increasing interest from banks and other financial institutions.

From investments in blockchain start-up companies and consortiums to the establishment of innovation labs and the trial use of blockchain technology, banks are alive to the technology’s potential to cut costs and streamline processes in a wide range of areas.

However, as companies move from research and development to initial deployment, one of the key questions is what are the legal and regulatory implications and what approach will regulators across the globe take to its use in the banking industry?

In its simplest form, a blockchain is a ledger or database of the assets held and transactions entered into by members of the same blockchain network which is then shared or “distributed” amongst those members.

Blockchains are:

• public or closed: they can be public (open for all to inspect, and controlled by no-one) or they can operate privately within a closed community of participants (for example, within a virtual private network); and
• distributed: they operate on a distributed basis – that is, the record or ledger of all transactions is replicated in full on each participant’s computer. As such, they are highly transparent, because each participant has a complete, traceable record of every transaction recorded on the blockchain.

Correspondence between the respective copies of the ledger provides the requisite trust between participants, even if they are strangers. It is the system itself, rather than a central authority or third party with whom the parties interact, that is the basis of that trust.

As banks move from research and development to deployment, attention has turned to an analysis of how, or if, the potential use cases for the technology will fit within the existing regulatory and legal framework within which banks operate and whether new regulation will be required to accommodate it.

To date, the responses of regulators globally to blockchain technology have been somewhat fragmented, and are (generally speaking) at quite an early stage. Banks may therefore continue for some time to face a lack of certainty and consistency in terms of the regulatory treatment of blockchain technology.

However, many regulators have expressed both interest in its potential and a desire to interact with banks and the technology companies themselves on the regulatory implications of the technology. Similarly, many technology companies and financial institutions have been working on the adoption of voluntary guidelines and self-regulation to promote best practice.

In the UK, the government and regulatory authorities have shown a desire to encourage innovation in this space. The UK Government Office for Science’s report on the technology, “Distributed Ledger Technology: beyond block chain” describes developments in this field as potentially catalysing “exceptional levels of innovation.” Similarly, the UK’s Financial Conduct Authority, has expressed a desire to explore the technology’s use in financial services beyond the domain of virtual currencies and the Bank of England has said that the application of distributed ledger technology could have “far-reaching implications” for the operation of financial services.¹

Likewise, the European Securities and Markets Authority (ESMA) has established a Financial Innovation Standing Committee to seek a harmonised approach amongst European national supervisory authorities to the supervision and regulation of innovative products. Verena Ross, director of ESMA, recently spoke of a desire for a “balanced regulatory response” that assessed both the potential benefits of the technology and addressed barriers to entry while identifying potential risks and mitigating them. Further details can be found here.

In the United States, there is general interest in the idea of the blockchain as a concept and the Office of the Comptroller of the Currency has announced plans to release a white paper on the technology.

It is worth noting that there has been some regulatory activity in the cryptocurrency space. For example, the regulation by the New York State Department of Financial Services of businesses that engage in “virtual currency business activity” which includes receiving virtual currency for transmission or transmitting virtual currency (subject to limited exceptions); storing, holding, or maintaining custody or control of virtual currency on behalf of others, and buying and selling virtual currency as customer business. A more detailed description of the regulations can be found here.

Similarly, the European Parliament’s Committee on Economic and Monetary Affairs (ECON) has published a draft report on virtual currencies, which amongst other things, contains a motion for a European Parliament resolution on virtual currencies and welcomes the European Commission’s proposals for including virtual currency exchange platforms in the Fourth Anti-Money Laundering Directive. Further information can be found here.

While there has, to date, been little formal feedback or regulatory guidance on the use of blockchain technology by banks and other financial institutions, there are a number of key questions that law- and policy-makers need to consider in developing their regulatory responses to blockchain technology. These include (but there are many more):

• what exactly is it that should be regulated?
• which activities related to the operation of blockchain technology should be regulated?should they be regulated only where they relate to the delivery of financial services in respect of regulated instruments or products (like shares, for example)?
• should the category of “regulated instruments” be extended, to include digital currencies (for instance)?
• where regulation is applied, who is it that should be subject to and responsible for compliance with the relevant obligations?
• how should regulatory responses be pitched so as to avoid stifling innovation?
• how will banks manage the records they have stored on the blockchain to the satisfaction of their regulator?

Some of the key areas of concern from a regulatory perspective include the application of consumer protection measures and prevention crime legislation, particularly in the anti-money laundering and anti-bribery and corruption arenas.

Consumer protection measures

Legislatures in many countries acted to regulate in favour of consumer protection when it became clear that business-to-consumer (B2C) contracting (and other commercial interactions with consumers) would become a significant feature of the Internet. Prescribed requirements for website terms and conditions for online sales, online privacy policies, cookie use transparency, and distance selling consumer cancellation rights are all examples of legislative initiatives implemented in a number of jurisdictions to protect consumers.

If, therefore, blockchain technology and, more specifically, smart contracts (which is an increasingly common feature of use cases looking at the technology) are likely to become ubiquitous on a B2C basis, it would not be surprising if legislatures were similarly to act to implement or extend specific consumer protection measures in relation to them.

The legal systems of many developed economies already include laws providing for a range of consumer protection measures that give consumers enhanced redress in relation to the provision of goods and services. Depending on the jurisdiction, and what is being supplied, these might include one or more of the following:

• rights in respect of the provision of pre-contractual information;
• cooling off periods (that is, the right of a consumer to get out of a contract for a short period after having entered into it);
• standards of performance, such as warranties; and
• other rights that must be included in the terms and conditions of a consumer contract (for example, rights to require re-supply or repair of defective content and refund rights).

In addition, in many jurisdictions the regulatory or licensing requirements specific to the banking industry, prescribe contractual provisions that must be included in consumer contracts. It may be difficult for banks to demonstrate that an encoded smart contract includes such information, and encoding such information may not satisfy applicable transparency obligations.

Moreover, banks will need to consider whether operating a smart contracting form could, in and of itself, prevent a consumer from being able to exercise consumer rights.

Accordingly it will be necessary for banks to take appropriate legal advice on a jurisdiction-by-jurisdiction basis before deploying blockchain technology and smart contracts.

Prevention of crime

It remains unclear how anti-money laundering and know-your-customer regulatory obligations may be credibly performed in the context of a pseudonymised blockchain transaction, where the ability to identify the other participants can be obscured. Regulatory advice on a jurisdiction-by-jurisdiction basis will be required to ascertain:

• whether private blockchains (within closed communities of identified counterparties) might deliver sufficient information to enable a regulated bank or financial institution to discharge its anti-money laundering and know-your-customer obligations; and
• how such obligations could be performed in the context of blockchain solutions and smart contracting more generally.

Compliance with anti-bribery and corruption legislation generally requires a business to have an understanding of (and an ability to control) its supply chain participants. That may be impossible if the counterparty is not identifiable. Legal advice will be necessary to determine whether private blockchains within closed communities of identified counterparties might enable a bank to assert control over, and have sufficient transparency in respect of, its supply chain.

Banks and other financial institutions are commonly subject to governance, systems and controls obligations (for example, securing systems, managing risks, and reducing the risk of financial crime). Firms’ directors and senior managers should be aware that, while it may be attractive to develop new business models, improperly delegating tasks to blockchain solutions and smart contracting systems without adequate risk management systems in place may carry significant risks. It is critical that existing, new and emerging risks associated with innovative financial technology are identified and managed effectively to achieve resilience, security and reliability (for example, through robust design and testing procedures).

With increasing deployment of the technology anticipated within the next couple of years, it is likely that more formal regulatory guidance will be given. In the interim, any bank contemplating using blockchain technology will need to take appropriate regulatory advice before doing so.