On July 13, 2017, the Financial Industry Regulatory Authority, Inc. (FINRA) held a Blockchain Symposium (the Symposium) in which representatives from a number of US regulators discussed the work they have undertaken to assess the use of distributed ledger technology (DLT) in the financial services industry, and the regulatory considerations associated with potential uses of DLT. The Symposium follows FINRA’s publication of a report earlier this year discussing the implications of DLT for the securities industry and soliciting comments from market participants.1 The regulators participating in the Regulator Forum at the Symposium included FINRA, the Office of the Comptroller of the Currency (OCC), the US Commodity Futures Trading Commission (CFTC), the Federal Reserve Board (the Federal Reserve) and the US Securities and Exchange Commission (SEC). This Legal Alert provides a brief overview of DLT, some of its proposed uses in the financial services industry, the efforts undertaken by regulators to assess the use of DLT, and the regulatory considerations associated with the use of this technology.
Overview of DLT
DLT, which is also known as blockchain technology or distributed database technology, has attracted significant interest and funding in the financial services industry in recent years. DLT involves a distributed database maintained over a network of computers connected on a peer-to-peer basis, such that network participants can share and retain identical, cryptographically secured records in a decentralized manner. The operation of DLT may involve the use of a public or private network potentially containing digitally represented assets, where the participants on the network conduct and verify transactions, and record related data on the network in an encrypted format. There are varying views in the financial services industry on the magnitude of disruption DLT may cause. Some have argued that DLT has the potential to revolutionize the operations of the financial services industry, while others have debated that any changes resulting from the use of DLT in the financial services industry are likely to be incremental and may take many years to develop. However, most agree that the technology has the potential to bring additional efficiencies and increased transparency to the industry while also presenting some novel risks such as those related to data security and privacy.
Efforts Undertaken by Regulators to Assess the Use of DLT
According to the panelists participating in the Symposium, the general response from US regulators with respect to DLT has been to organize internal working groups tasked with (i) studying the new technology and its implications, and (ii) maintaining a robust dialogue with financial services industry representatives and technology developers to enhance mutual understanding of the potential use of the technology and the regulatory obligations flowing from its use.
The panelists specifically described the regulators’ efforts in this regard as follows:
- OCC. Bethany Dugan, Deputy Comptroller for Operational Risk, explained that the OCC has organized an Office of Innovation with five specific responsibilities: (i) maintaining a dialogue regarding DLT with the financial services industry, technology developers and other OCC staff; (ii) offering regulatory guidance to OCC-regulated banks, and explaining to technology developers the implications arising out of the regulatory obligations of the OCC-regulated banks they serve; (iii) organizing awareness and training activities, both inside and outside of the OCC; (iv) researching new technology and products with a view to providing OCC staff with technical knowledge of the risks, benefits and implications associated with them; and (v) facilitating interagency collaboration with regulators such as FINRA, the Federal Deposit Insurance Corporation, the CFTC, the SEC, and international counterparts in the United Kingdom and Europe.
- CFTC. The CFTC was represented by Jeffrey Bandman, a former staffer who left the CFTC in June of this year. While he was at the CFTC as a FinTech Advisor, Mr. Bandman founded LabCFTC, an internal working group at the CFTC that has two primary objectives: (i) engaging with and providing regulatory certainty to regulated entities so that they understand the regulatory expectations relating to their use of DLT; and (ii) considering and developing regulatory guidance as necessary to eliminate unnecessary friction between firms’ use of DLT and the CFTC regulatory scheme.
- Federal Reserve. Kathy Wang, Senior Analyst in Financial Market Infrastructure Risk and Policy, said that the Federal Reserve convened a team of researchers, economists, information technology specialists, lawyers and policy analysts to study DLT and its implications for payments, clearing and settlement, and to coordinate outreach to the financial services industry and other parties to understand their perspectives. The Federal Reserve also published a white paper setting forth the results of its study to date.2
- SEC. Ryan VanGrack, Special Counsel and Advisor to the Director of the Enforcement Division, leads the SEC’s FinTech working group, which is tasked with a number of responsibilities with respect to DLT including understanding the technology and its risks, engaging with regulated entities and other interested parties, and developing a strategy that fosters responsible innovation. To achieve these objectives, the FinTech working group has held a number of outreach sessions designed to involve stakeholders in the process of striking the correct balance between innovation, maintaining the integrity and safety of the financial markets, and protecting investors. While Mr. VanGrack acknowledged regulators have a responsibility to evaluate their rules and guidance to ensure they properly address new technology and do not stifle innovation, he also noted that regulated entities are still subject to compliance with the securities laws as they make use of new technology.
Balancing the Transformative Potential of DLT with Operational Risk and Regulatory and Legal Considerations
All of the panelists acknowledged the significant opportunities for efficiency and transparency that would result from widespread adoption of DLT, and highlighted the following as examples of DLT’s transformative potential:
- Making high-quality databases available to regulators in real time with constantly updated and standardized records, enabling regulators to fulfill their investor and market protection mandates more quickly and thoroughly;
- Significantly shortened and more efficient payment, clearing and settlement cycles;
- Heightened transparency and significant reductions in administrative and back-office costs and burdens; and
- Transferability of know-your-customer information between accounts and firms, and efficiencies in onboarding new customers.
Despite the transformative potential of DLT, panelists also noted the operational risks and regulatory and legal considerations that would need to be properly addressed before they would permit their regulated entities to make significant use of DLT. For example, Mr. Bandman explained that before the derivatives market infrastructure relies on DLT, the CFTC would require some form of centralized management with appropriate permissions for access to sensitive information. Furthermore, Mr. Bandman explained that any lack of consistency in data would be a challenge for regulators, as would not having personnel skilled in analyzing and understanding the new data they are receiving, and recognizing problems in such data. Finally, Ms. Dugan noted potential issues under state contract law with respect to the ownership of data, and under federal, state and foreign privacy and cybersecurity laws with respect to personally identifiable information.
Take-Aways from the Symposium
Overall, the panelists were enthusiastic about the potential of DLT, but emphasized that the road to widespread adoption is a two-way street that will require both industry compliance with existing rules and regulator flexibility to minimize unnecessary friction between existing regulatory regimes and the new technology. The panelists also closed by noting that they are technology neutral and outcome focused (i.e., they are not going to require firms or developers to use or create any particular technology, but instead will focus on meeting goals of efficiency and transparency, and mitigating operational, regulatory and legal risk).