Introduction

Over the past few years, the potential to use distributed ledgers and blockchain technology has attracted increasing interest from banks and other financial institutions.

From investments in blockchain start-up companies and consortia to the establishment of innovation labs and the trial use of blockchain technology, banks are alive to technology's potential to cut costs and streamline processes in a wide range of areas.

However, as companies move from research and development to initial deployment, two of the key questions are: what are the legal and regulatory implications, and what approach will regulators across the globe take to its use in the banking industry?

What is a blockchain?

In its simplest form, a 'blockchain' is a ledger or database of the assets held and transactions entered into by members of the same blockchain network, which is then shared or distributed among those members.

Blockchains are:

  • public or closed – they can be public (open for all to inspect and controlled by no one) or they can operate privately within a closed community of participants (eg, within a virtual private network); and
  • distributed – they operate on a distributed basis (ie, the record or ledger of all transactions is replicated in full on each participant's computer). As such, they are highly transparent because each participant has a complete, traceable record of every transaction recorded on the blockchain.

Correspondence between the respective copies of the ledger provides the requisite trust between participants, even if they are strangers. It is the system itself, rather than a central authority or third party with which the parties interact, that is the basis of that trust.

Regulators' approach to date

As banks move from research and development to deployment, attention has turned to an analysis of how, or if, the potential use cases for the technology will fit within the existing regulatory and legal framework within which banks operate and whether new regulation will be required to accommodate it.

To date, the responses of regulators globally to blockchain technology have been somewhat fragmented and are (generally speaking) at quite an early stage. Banks may therefore continue for some time to face a lack of certainty and consistency in terms of the regulatory treatment of blockchain technology.

However, many regulators have expressed both interest in its potential and a desire to interact with banks and the technology companies on the regulatory implications of the technology. Similarly, many technology companies and financial institutions have been working on the adoption of voluntary guidelines and self-regulation to promote best practice.(1)

There has also been some regulatory activity in the cryptocurrency space.(2)

Regulators' future approach to use of technology in financial services industry

While to date there has been little formal feedback or regulatory guidance on the use of blockchain technology by banks and other financial institutions, there are a number of key questions that law and policy makers must consider in developing their regulatory responses to blockchain technology. These include the following:

  • What exactly should be regulated?
  • Which activities related to the operation of blockchain technology should be regulated? Should they be regulated only where they relate to the delivery of financial services in respect of regulated instruments or products (eg, like shares)?
  • Should the categories of regulated instruments be extended to include, for example, digital currencies?
  • Where regulation is applied, who should be subject to it and responsible for compliance with the relevant obligations?
  • How should regulatory responses be pitched in order to avoid stifling innovation?
  • How will banks manage the records they have stored on the blockchain to the satisfaction of the regulator?

Some of the key areas of concern from a regulatory perspective include the application of consumer protection measures and crime prevention legislation, particularly in the anti-money laundering and anti-bribery and corruption arenas.

Consumer protection measures

Legislatures in many countries acted to regulate in favour of consumer protection when it became clear that business-to-consumer (B2C) contracting (and other commercial interactions with consumers) would become a significant feature of the Internet. Prescribed requirements for website terms and conditions for online sales, online privacy policies, cookie use transparency and distance selling consumer cancellation rights are all examples of legislative initiatives implemented in a number of jurisdictions to protect consumers.

If blockchain technology and, more specifically, smart contracts (which are an increasingly common feature of use cases looking at the technology) are likely to become ubiquitous on a B2C basis, it would be unsurprising if legislatures were similarly to act to implement or extend specific consumer protection measures in relation to them.

The legal systems of many developed economies already include laws that provide for a range of consumer protection measures giving consumers enhanced redress in relation to the provision of goods and services. Depending on the jurisdiction and what is being supplied, these might include:

  • rights in respect of the provision of pre-contractual information;
  • cooling-off periods (ie, the right of a consumer to get out of a contract for a short period after having entered into it);
  • standards of performance (eg, warranties); and
  • other rights that must be included in the terms and conditions of a consumer contract (eg, rights to require re-supply or repair of defective content and refund rights).

In addition, in many jurisdictions the regulatory or licensing requirements specific to the banking industry prescribe contractual provisions that must be included in consumer contracts. It may be difficult for banks to demonstrate that an encoded smart contract includes such information and encoding such information may not satisfy applicable transparency obligations.

Moreover, banks will need to consider whether operating a smart contracting form could, in and of itself, prevent a consumer from being able to exercise consumer rights.

Accordingly, it will be necessary for banks to take appropriate legal advice on a jurisdiction-by-jurisdiction basis before deploying blockchain technology and smart contracts.

Prevention of crime

It remains unclear how anti-money laundering and know-your-customer regulatory obligations may be credibly performed in the context of a pseudonymised blockchain transaction, where the ability to identify the other participants can be obscured. Regulatory advice on a jurisdiction-by-jurisdiction basis will be required to ascertain:

  • whether private blockchains (within closed communities of identified counterparties) might deliver sufficient information to enable a regulated bank or financial institution to discharge its anti-money laundering and know-your-customer obligations; and
  • how such obligations could be performed in the context of blockchain solutions and smart contracting more generally.

Compliance with anti-bribery and corruption legislation generally requires a business to have an understanding of (and an ability to control) its supply chain participants. That may be impossible if the counterparty is not identifiable. Legal advice will be necessary to determine whether private blockchains within closed communities of identified counterparties might enable a bank to assert control over, and have sufficient transparency in respect of, its supply chain.

Comment

Banks and other financial institutions are commonly subject to governance, systems and controls obligations (eg, securing systems, managing risks and reducing the risk of financial crime). Firms' directors and senior managers should be aware that while it may be attractive to develop new business models, improperly delegating tasks to blockchain solutions and smart contracting systems without adequate risk management systems in place may carry significant risks. It is critical that existing, new and emerging risks associated with innovative financial technology are identified and managed effectively to achieve resilience, security and reliability (eg, through robust design and testing procedures).

With increasing deployment of the technology anticipated within the next couple of years, it is likely that more formal regulatory guidance will be issued. In the interim, any bank contemplating using blockchain technology will need to seek appropriate regulatory advice before doing so.

For further information on this topic please contact Alan Bainbridge, Imogen Garner or Victoria Birch at Norton Rose Fulbright LLP's London office by telephone (+44 20 7283 6000) or email (alan.bainbridge@nortonrosefulbright.com, imogen.garner@nortonrosefulbright.com or victoria.birch@nortonrosefulbright.com). Alternatively, please contact Kathleen A Scott at Norton Rose Fulbright US LLP's New York office by telephone (+1 212 318 3000) or email (kathleen.scott@nortonrosefulbright.com). The Norton Rose Fulbright LLP website can be accessed at www.nortonrosefulbright.com.

Endnotes

(1) The UK Financial Conduct Authority has expressed a desire to explore the technology's use in financial services beyond the domain of virtual currencies, while the Bank of England has said that the application of distributed ledger technology could have "far-reaching implications" for the operation of financial services (Bank of England: Quarterly Bulletin 2014 Q3: Innovations in payment technologies and the emergence of digital currencies). Similarly, the European Securities and Markets Authority has established the Financial Innovation Standing Committee to seek a harmonised approach among European national supervisory authorities to the supervision and regulation of innovative products (further details can be found here).

(2) The New York State Department of Financial Services is regulating businesses that engage in "virtual currency business activity", which includes receiving virtual currency for transmission or transmitting virtual currency (subject to limited exceptions); storing, holding or maintaining custody or control of virtual currency on behalf of others; and buying and selling virtual currency as customer business (further details can be found here). Further, the European Parliament Committee on Economic and Monetary Affairs has published a draft report on virtual currencies, which includes a motion for a European Parliament resolution on virtual currencies and welcomes the European Commission's proposals for including virtual currency exchange platforms in the Fourth Anti-money Laundering Directive (further information can be found here).

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.