There have been many articles, papers, books, seminars, roundtables and conferences around the potential for blockchain and distributed ledger technology (DLT), and announcing trials or tests of new applications for blockchain technologies, especially in the financial services industry. Regulators, recognizing the potential for these applications (as one put it in a metaphor from an older revolutionary technology) to pick up steam, have been remarkably open and supportive, but there's been much talk of trialing these technologies in a regulatory sandbox.

In the U.S., the Financial Industry Regulatory Authority (FINRA) recently published a report, Distributed Ledger Implications for the Securities Industry, which, while structured as only a request for comments, gives a clear picture of the myriad of questions that regulators will want to have worked out before such infant technologies can be allowed to leave their sandboxes.

FINRA regulates broker-dealers and marketplaces in the U.S., in a role similar to the Investment Industry Regulatory Organization of Canada (IIROC). IIROC and the Canadian Securities Administrators have also been studying and speaking about the benefits, risks and overall implications of blockchain. The FINRA report provides a nitty-gritty detailed review of how blockchain technology may impact existing securities regulations affecting dealers and marketplaces, and vice-versa, providing some guidance for Canadian readers as well.

The FINRA report starts with an overview of DLT, in particular the difference between an open "trustless" public network (such as that used for bitcoins) and private permissioned networks. It highlights the distinction between digital assets created on a network, such as cryptosecurities, and digital representations of traditional assets stored off-line (tokenized assets).

After briefly surveying examples of applications within the equity, debt and derivatives markets where market participants are currently using or testing DLT applications, the FINRA report gets into a more detailed examination of questions that it says "market participants may want to consider" in implementing DLT. The following is only a sample of the many interesting questions raised by FINRA.


The FINRA report expresses potential concerns about the vulnerability and ineffective management of an open public network. The report focuses more upon private DLT networks with known and trusted parties and asks how the governance structure for a private DLT network would be determined and how interests of end-users who are not participants will be represented. In addition to querying responsibility for day-to-day operation, FINRA asks questions about familiar regulatory concerns: who would be responsible for the business continuity plan, addressing conflicts of interest, and how would errors or omissions on the blockchain be rectified?


In addition to customary technical questions about network participant access, transaction validation and asset representation, the FINRA report also asks about legal issues such as an "off-boarding process" and exclusion criteria for non-compliant participants or those who violate securities laws. What type of access will be provided to regulators? If traditional assets are tokenized on the network, how would loss or theft of the traditional off-chain asset be handled? In the event of fraud, who covers the cost? This is not necessarily fraud on the DLT system itself, but potentially fraudulent transactions injected through a participant that falls victim to a cyber-attack or through a compromised cryptographic private key.


In addition to the general considerations for implementing and using any DLT network, there are some regulatory considerations specific to the securities industry relating to how those regulated entities will deal with DLT transactions.

Customer Funds and Securities

Where customers' securities and funds are received, delivered and held in a DLT network, how does this interact with rules for handling those customer funds and securities? Who is the custodian? Would holding private keys to customers' cryptosecurities mean that an introducing broker may be deemed to be holding customer assets? How does control of private keys interact with investor protection entities, such as the Securities Investor Protection Corporation or Canadian Investor Protection Fund, in the event of entity failure?

Regulatory Capital

How will cryptosecurities, digital currency or other tokenized assets be treated in dealers' minimum net free capital computations? Does the DLT network itself affect the market risk or liquidity of the digital asset?

Books and Records

Many of the benefits foreseen for DLT networks involve greater reliability, efficiency and robustness of relevant records, but the details of any particular DLT network would need to be considered before reliance can be assured. How is access to the data controlled? How are multiple nodes on a DLT network treated for records location purposes?

Clearance and Settlement

With blockchain technology, it's possible that the order, execution and settlement process may become effectively interwoven and immediate, rather than sequential steps in a process. This raises questions as to which entities are playing what roles. Would dealers become clearing agencies? How will this effect introducing broker/carrying broker roles and responsibilities?

Anti-Money Laundering and Customer Identification

Some are exploring setting up a centralized identity management function, where verified identities are available to all parties on the DLT network. How would this balance customer privacy with regulatory duties to verify identity? Would a centralized identity management facility outsourced by a dealer be adequate to fill these obligations? How is customer information updated for changes? How is the process supervised and tested?

Trade and Order Reporting

If dealers use DLT networks to facilitate over-the-counter transactions, how does this interact with marketplace rules? What if dealers tokenize listed stocks and engage in over-the-counter trading of them on a DLT network? What if an issuer maintains its own DLT network to facilitate trading of a distinct class of its own digital shares?


The FINRA report doesn't provide specific guidance for many questions, but it does represent something of a practical checklist of issues that will need to be addressed by regulated securities businesses considering implementing DLT networks more broadly in seeking to move beyond their trial sandbox.

While the questions and specific rules in the FINRA report are naturally U.S. focused, many of the same principles and similar rules relate to securities regulation in Canada as well. It's instructive for interested participants in the Canadian securities industry to consider the questions raised by FINRA, and will be equally instructive to review the comments it will receive.