An increasing awareness among financial regulators of the
benefits and risks of distributed ledger technology, such as the
blockchain which underpins cryptocurrencies, has revealed the
conundrum it poses – to regulate or not to regulate? With one
financial regulator in Europe already having introduced rules on
the use of distributed ledger technology, we consider whether
others will follow suit.
On 1 January 2018, the Gibraltar Financial Services Commission
(GFSC) became the first regulator to introduce a framework to
regulate the use of distributed ledger technology (DLT). While DLT
is not currently the subject of UK or EU regulation, the pace of
discussions around its applications in the financial sector
highlights that regulators are now starting to grapple with this
rapidly evolving area.
What is DLT?
A distributed ledger is essentially a database that can be
shared across a network of multiple participants. Unlike a
traditional ledger which is controlled from a single source, a
distributed ledger can be updated by multiple participants
accessing the database from various locations. Each participant has
access to an identical copy of the database and any changes are
reflected virtually simultaneously across the network.
The concept of a shared database is not new, but the main advantage
of DLT is that it allows information to be shared both securely and
efficiently. Thinking of each record or entry in a distributed
ledger as a block, any change to the ledger is effected by the
creation of a new block.
Each new block is attached to the previous block, effectively
creating a chain of blocks which acts as an audit trail of
information and is difficult to tamper with. Individual blocks
cannot easily be deleted and the public nature of the database
means that a complete history of every transaction relating to a
particular record or entry is permanently available.
While Bitcoin is arguably the most public example of DLT in
practice, the potential applications of the technology extend far
beyond virtual currencies. Its use in securities trading,
post-trade settlement and cross-border payments have all been
promulgated as offering considerable advantages to the financial
services sector.
Other possible functions of the technology include assisting with
mortgage loan applications, maintaining company and/or land
registries, managing insurance claims and assisting with know your
customer (KYC) and identity checks.
Gibraltar
Since the start of the year, all Gibraltar-based firms using DLT
for the transmission or storage of value belonging to others need
to be authorised by the GFSC as a DLT Provider. By providing
regulatory certainty in a rapidly evolving area, Gibraltar aims to
encourage firms carrying out DLT activities to develop new and
innovative business models and products by offering them a safe and
progressive environment in which to operate.
The aspiration of the GFSC is to grow talent and skills in the
fintech area and in particular to provide Gibraltar with a
competitive edge that will position it as a major player in the
global financial sector.
The regulatory framework adopted by the GFSC recognises the
evolving nature of DLT and the novel business activities, products
and models involved. Rather than adopt rigid rules which are likely
to become outdated quickly, the regulatory framework is designed to
be purposefully flexible. All DLT Providers are subject to a set of
nine principles (the DLT Principle") to which they must adhere
during the lifecycle of their product or service.
The DLT Principles are:
- A DLT Provider must conduct its business with honesty and integrity.
- A DLT Provider must pay due regard to the interests and needs of each and all of its customers and must communicate with its customers in a way which is fair, clear and not misleading.
- A DLT Provider must maintain adequate financial and non-financial resources.
- A DLT Provider must manage and control its business effectively, and conduct its business with due skill, care and diligence; including having proper regard to risks to its business and customers.
- A DLT Provider must have effective arrangements in place for the protection of client assets and money when it is responsible for them.
- A DLT Provider must have effective corporate governance arrangements.
- A DLT Provider must ensure that all systems and security access protocols are maintained to appropriate high standards.
- A DLT Provider must have systems in place to prevent, detect and disclose financial crime risks such as money laundering and terrorist financing.
- A DLT Provider must be resilient and must develop contingency plans for the orderly and solvent wind down of its business.
In determining whether a principle is met, the GFSC may apply existing regulatory provisions from other frameworks, and may have regard to any similarities which exist with other business models and products. The DLT framework will only apply to activities that are not already the subject of regulation under another framework, with these activities continuing to be regulated by such existing frameworks.
The UK
There is no regulation of DLT itself in the UK at present,
although certain activities related to DLT may fall under the scope
of existing regulation, such as contracts for differences (CFDs)
based on cryptocurrencies. UK regulators have been actively
engaging in discussions on DLT and its potential advantages and
disadvantages and last November the Financial Conduct Authority
(FCA) issued a consumer warning about the risks of investing
in cryptocurrency CFDs.
In April 2017, the FCA published a discussion paper (DP17/3) on DLT in which it
considered the potential benefits and risks associated with its use
in the financial services. In its feedback statement (FS17/4), the FCA
re-iterated its 'technology-neutral' approach and noted
that there were no substantial barriers to adopting DLT technology
under the current regulatory framework. Although no changes to the
FCA's Handbook of Rules and Guidance were proposed at the time,
the FCA did note its commitment to keeping the position under
review and to maintaining an open dialogue with interested
parties.
In February 2018, the House of Common's Treasury Select
Committee launched an inquiry into digital currencies in which it
will examine the potential impact of DLT on financial institutions.
One of the objectives of the inquiry is to consider the regulatory
response of the Government, the FCA and the Bank of England to
digital currencies and anti-money laundering legislation, and to
look at how regulation in this area could provide adequate
protection for consumers and businesses whilst still encouraging
innovation.
The inquiry follows the recent volatility experienced by Bitcoin,
Ethereum and Ripple in which huge fluctuations in price have
triggered calls globally for a wider regulatory review.
The EU
As in the UK, DLT is not currently the subject of specific
regulation at an EU level. The European Securities and Markets
Authority (ESMA) did however publish a report in February 2018 on DLT applied to
securities markets in which it considered the need for regulatory
action to facilitate the benefits of DLT or, where necessary, to
mitigate against its risks.
In summing up its findings, ESMA adopts a similar approach to that
taken by the FCA and does not believe that there are any major
impediments in the EU regulatory framework preventing the emergence
of DLT in the short term. Given the evolving nature of DLT and the
limited examples of its practical applications to date outside of
cryptocurrencies, ESMA are of the view that it is premature to
anticipate the regulatory response which will be required.
The ESMA report acknowledges that DLT is likely have implications
beyond financial regulation, with issues of corporate, insolvency
and competition law all requiring further consideration. While no
regulation is currently anticipated, ESMA are continuing to monitor
the market with a view to assessing whether a regulatory response
may be required in the future.
Future developments
While Gibraltar is the only jurisdiction to date to have
implemented a general regulatory framework for DLT as a technology,
it is clear that other jurisdictions are considering their own
regulations either for the general use of DLT in the financial
sector or for specific applications of the technology, such a
cryptocurrencies.
Malta is currently consulting on a framework for the
certification of DLT platforms in which three new pieces of
legislation will be introduced. Estonia, who last year mooted the
idea of issuing their own virtual currency in the form of the
'Estcoin', already apply additional requirements in
relation to Bitcoin trading and are likely to revisit the topic of
regulation.
Within the last fortnight, Autorité des marchés
financiers, the stock market regulator in France, released a statement confirming its view that online
platforms which offer cryptocurrency derivatives fall within the
scope of Markets in Financial Instruments Directive II (MiFID II)
and the European Market Infrastructure Regulation (EMIR) and such
platforms must therefore comply with the authorisation, conduct of
business rules, and the trade reporting obligations.
In a separate development, Austria's finance ministry announced it intends to extend regulation
beyond cryptocurrency derivatives to cover cryptocurrencies
themselves, using as a model its existing rules for the trading of
gold and derivatives.
With the Treasury Committee re-opening the debate in the UK and
ESMA committing itself to reviewing the need for EU regulation on
an ongoing basis, the question of whether and how to regulate DLT
is far from settled.
Article contributor: Abby Doig, solicitor,
abby.doig@shepwedd.com
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.