In the financial services sector, billions of dollars are being invested in distributed ledger technology, such as blockchain. This technology operates on a decentralised basis, with the ledger held on nodes (computers) within the network. Transactions are then validated in accordance with the rules of the blockchain and recorded on the ledger. Distributed ledger technology is currently being trialled in the financial services sector for things like trade finance, derivatives and securities settlement.
While blockchain is simply a type of technology, it is being used to facilitate activities that are otherwise regulated. It is therefore important to understand the regulatory impact of financial activities undertaken using distributed ledgers; particularly as there may no longer be a central entity involved in the provision of the financial activities due to the decentralised nature of blockchain. This is analogous to the challenge faced by internet regulators: how do you regulate without one party in control?
Global regulators are starting to respond to blockchain innovation, with the general consensus being that heavy-handed regulation won't work.
Most of the financial services uses being invested in are 'permissioned' blockchains, such as a stock exchange facilitating trades between parties and regulating entry into, and governance of, the blockchain. These permissioned blockchains may not require significant changes to the existing regulatory framework as they are likely to have an entity that controls the rules and entry to the blockchain that can be subject to regulation. Permissionless blockchains where there is no central entity will be more difficult from a regulatory perspective.
To address the decentralised nature of blockchain technology, a number of areas of New Zealand law may need to be reviewed, such as:
- The Reserve Bank recently consulted on proposed legislation relating to Financial Market Infrastructure regulation which would designate existing systemically important systems. However, the consultation did not contemplate the rules of those systems existing in a distributed ledger nor the possibility there may not be an operator
- The Financial Markets Conducts Act 2013 requires operators of financial products markets to be licenced. Such licencing may be a problem for 'permissionless' networks where there is no 'operator'. The definition of financial product may also need to be considered to determine if it is wide enough to capture all appropriate activities, such as those involving cryptocurrencies
- The FMA will need to consider its position on the use of distributed ledger technology if it receives an application for a licence from a 'permissioned' blockchain operating a securities market or P2P lending, because one aspect the FMA must consider in granting a licence is the technology
- In relation to anti-money laundering:
- on a 'permissioned' blockchain where there is a single entity governing access, this may not require regulatory amendment
- there are significant challenges in relation to 'permissionless' blockchains. New Zealand's anti-money laundering legislation imposes obligations on entities undertaking certain financial activities. It will often be difficult to identify the entity offering these financial activities to customers as most transactions will occur bilaterally. There will be no entity to enforce customer due diligence or suspicious transaction reporting against, and a number of transactions that the regime would traditionally capture would be excluded
- the scope of the financial activities currently listed in the anti- money laundering legislation also requires consideration. The legislation was not drafted with cryptocurrencies in mind and may not capture all activities that give rise to risk
- The Reserve Bank's outsourcing policy for registered banks may need to be amended as many requirements, such as contractual step-in rights, may not be possible if there isn't a single entity providing the services due to the distributed nature of the technology
- The blockchain operates on the buyer beware principle, which has long been modified by consumer protection laws in other contexts. Customers will often be transacting in environments where they are relying on the code, but will be unable to actually read and verify the effect of that code themselves. However, where you cannot ascertain the identity or jurisdiction of the other party (ie on a 'permissionless' blockchain) existing consumer protection laws will be of little value
- Consideration will need to be given to the application of common law rules relating to confidentiality and the Privacy Act 1993 given the volume of information that will be held on the blockchain.
It is important that regulators understand the technology and develop innovative responses to find a balance between protecting consumer confidence and enabling innovation.