The continued development of Fintech is changing the way that banks and other financial institutions do business with each other and their clients. Hong Kong’s continued leadership as a financial hub is contingent upon Hong Kong also fostering the healthy development of its fintech ecosystem.
The release on 11 November 2016 of the Hong Kong Applied Science and Technology Research Institute’s White Paper (the “White Paper”) on Distributed Ledger Technology (“DLT”) is the latest of such developments. The White Paper forms part of a broader project commissioned by the Fintech Facilitation Office of the Hong Kong Monetary Authority (“HKMA”) to investigate and research the technology, its potential applications, and risks. The HKMA’s other initiatives include the Fintech Supervisory Sandbox, Fintech Innovation Hub and a recent HKMA-led Fintech Day at Hong Kong Fintech Week.
The purpose of this client alert is to update industry participants on Hong Kong developments in DLT, its potential application and legal risks that may arise in their use.
What is DLT?
As the White Paper explains, DLT, until recently known as “blockchain”, “is technology that supports networks of databases that enable participants to create, disseminate and store information in a secure and efficient manner … what makes DLT special is that these networks of databases can operate smoothly without necessarily being controlled and administered by a central party”. The blockchain comes from the culmination of individual “blocks” of information which are added to the “chain” every time a new piece of information is created. The key benefits of blockchain are transparency and immutability of information.
The White Paper discusses the wide variety of potential applications that DLT can have, not just within banking and payment services but also, cryptocurrencies, post-trade settlements, record checking and management, and cross-border transactions. Each one of these applications can serve to severely disrupt the Hong Kong banking and transaction status quo.
DLT has vast potential. The question remains though, how do we transit from where we are now to a commercial ecosystem readily accepting of DLT?
DLT is certainly no panacea. There are currently major impediments to rapid change.
- In an age where regulated institutions’ use of technology is open to scrutiny by financial and privacy regulators, those offering technologies outside of well worn specifications are regarded with some suspicion, and seemingly every element of financial processes (from customer acquisition to movement of funds) is subject to highly specific regulation. A potentially game-changing technology such as DLT may face more detractors than enthusiasts. The technology behind DLT is more different from what went before than Cloud computing, yet the Cloud was (and remains) resisted by many in financial services. In Hong Kong cryptocurrencies are currently shunned by HKMA as being merely a “commodity” and not worthy of regulation.
- There is a natural desire of incumbents in financial institutions (such as clearing and note issuing banks; international payment gateways; niche security providers and even regulators themselves) to retain a (commanding) role in payment and transactional mechanisms for the future. The hybrid position of “permissioned DLT” (non-public blockchain), in which existing banking institutions retain a regulatory role, only distributing the ledger between licensed participants, and retaining the role of policeman to themselves may currently satisfy these participants (at the expense of the truly revolutionary potential aspects of DLT).
- There are very real concerns about security, not so much as to DLT itself, which is highly secure (and in its public unpermissioned form potentially entirely transparent) but in relation to the new software and service providers which have rapidly evolved to support it. Such software may not be highly secure, and as repeated examples (such as the Bitfinex Bitcoin theft and the DAO data breach of the Ethereum Blockchain)have shown, great care is needed before equating the inclusion of a DLT function with a system’s end to end impenetrability.
- There may be concerns that the algorithms behind blockchain will one day be susceptible to being hacked, and quickly enough to permit theft. In such circumstances, if DLT underpinned entire payment systems, this could prove catastrophic. The same may, of course, be said about existing communication and banking systems.
- Consumer behaviours have yet to reach a tipping point. Age demographics in mature economies such as Hong Kong and Singapore militate against individuals exposing their often substantial assets to new technologies. Millennials and the unbanked are less discerning and are open to new financial services they can access from their phones.
Arguably the law has not yet fully caught up with jurisdictional and data protection issues raised by the Internet. Adoption of DLT, particularly unpermissioned DLT networks, raises a number of core issues which must be addressed before DLT is unleashed, particularly in the consumer context.
This is a problem in that personal data would be disseminated very widely (to all nodes in an unpermissioned DLT network), and this would require informed consent of the data subjects to be obtained. Also, given the changing and potentially anonymous nature of the nodes, enforcement of transgressions of applicable data principles (which vary from jurisdiction to jurisdiction and so may not be universally accepted by DLT participants) would currently seem impossible.
For the same reasons (geographic spread and anonymity) as raised in relation to data privacy, parties to transactions wishing to pursue legal proceedings against other participants in the DLT network may have significant barriers to (1) identifying the correct party to sue and (2) establishing jurisdiction in the courts of a particular law district.
Enforceability of contracts consisting of software code
DLT can be incorporated into contracts to make them (wholly or, more likely partially) self-executing. We have highlighted some issues relating to smart contracts in our earlier client update “10 things you need to know about smart contracts”. There is currently a level of uncertainty as to whether individual jurisdictions’ laws will recognise a contract which consist of software, or a mixture of conventional writing and software combined.
Quite apart from the question of legal enforceability is the question of what is the applicable law for the DLT arrangement. There are well established rules of private international law, aimed at establishing the laws to govern contracts, but as yet private international law may be inadequate to answer fully the challenges represented by DLT.
A case study - Mortgage backed securities
Besides its application to smart contracts, the White Paper also considered the applicability of blockchain to mortgage loan applications, trade finance and digital identity management. A common thread being the efficiency saving, lower risk of manual errors and instant distribution of shared information.
Specifically in relation to mortgage backed securities, the use case looked at three scenarios where blockchain would assist in mortgage backed scenarios. It demonstrated that blockchain has the potential to allow issuers to (1) model the mortgage backed securities without holding them; (2) model the mortgage backed security out of the individual cash flows; and (3) create smart contracts which match lenders to a model and automatically match the cash flows to investors directly on the other end. It is clear from the White Paper that, in this sub-sector at least, the potential gains of using DLT (in terms of saving time and labour) are substantial, and thinking is quite far advanced.