Six Key Points from FCA Distributed Ledger paper DP17/3

DP17/3 strikes me as an important paper that demonstrates the FCA’s very strong understanding of Distributed Ledger Technology gained first hand through their Regulatory Sandbox program. The paper appears to be driven by their realisation that they may need to regulate DLT because it represents a potential technology shift for financial services market comparable in impact to the dematerialisation of securities from paper to electronic form.

Discussion paper FCA Discussion Paper DP17/3 on Distributed Ledger Technology was released on 10th April by the FCA (the UK financial services and markets regulator)  with a view to …

“… launching a discussion to start a dialogue on the potential for future development of distributed ledger technology (DLT) in the markets we regulate.”

Here is a quick summary of the key points that I’ve taken from the paper but I think it warrants a full read by anyone involved and interested in DLT and UK financial services (I’m not going into the ‘DLT’ vs ‘Blockchain’ terminology/classification debate here):

(1) I’ve heard many people say that the FCA will not regulate DLT because they regulate business, not technology. However, this paper clearly explains that while the FCA ‘technology neutral’ approach currently does hold true with respect to DLT, they could change their mind about that. This paper is a step towards making that decision.  The FCA see parallels with the move from paper-based to dematerialised securities that forced a rethink of previous regulatory conventions.

(2) The FCA can see a wide range of very valid and exciting financial services FinTech and RegTech use cases for DLT. These include, amongst others cited: reduction in financial crime, reengineering reinsurance markets, regulatory reporting and perhaps even a wholesale rethink of Asset Management through some disintermediation ultimately leading to lower costs and transparency for consumers . In general “If DLT can offer a more resilient system than currently available, it may help deliver on our statutory objectives.”

(3) Common Business Standards may be necessary to realise the benefit of DLT. This is fairly obvious to those who have been working in financial services for a while. DLT is a technology, a ‘protocol’, but not a standard for business processes and market practice. In that respect it is often likened to the emergence of TCP/IP that underpins the Internet and enable todays online world. DLT/Blockchain networks have potential to bring forth the true “Internet of Value”. The FCA paper mentions that for insurance markets “Clear DLT standards for the management of contracts and risk data could significantly improve market functioning.” I would suggest that principle applies to all regulated financial services markets. Multiple regulated DLTs are looking likely to emerge and to be truly effective they need to be able to communicate with each other (interoperate) using common business standards.

(4) The allocation of responsibilities is crucial. Governance of decentralised networks is generally not clear and the FCA have taken particular note of the cautionary tale of The DAO where governance of an Ethereum powered venture capital fund worth roughly 150M USD collected from about 11,000 investors globally was entirely automated through smart contract code. A subtle flaw in that code allowed someone to anonymously drain about a third of The DAO fund away into their own private accounts. While the Ethereum Foundation eventually and very contentiously sorted it out through a hard fork (i.e. a rewind) of the network – should they have done that? Was it really their responsibility? If a regulator insists on getting involved here, you could speculate that DLT developers (and their code) in financial services could one day need to become regulated professionals in the same way that UK financial advisers are? FCA Approved Developers!

(5) The FCA is considering whether Initial Coin Offerings (ICOs) need to be regulated. ICOs are a newly emerged alternative to venture capital or crowd funding for startups. ICOs are not currently regulated so if you take part in one, there are no real rules, no official code of conduct and no recourse – it’s all very much at your own risk. The FCA notes that “depending on how they are structured, they may, therefore, fall into the regulatory perimeter”.

(6) The General Data Protection Regulation (GDPR) will apply in the UK from 25th May 2018. This will be a much stricter data protection regime (with far bigger penalties for being in breach) than the current data protection regime. One particular point is the ‘right to be forgotten’ that seems to run very contrary to the DLT principle of the immutable ledger. So the FCA have issued a warning here for “firms to consider their data protection obligations carefully when DLT is used to store, share and process client data”. For DLT aficionados there is also the acronym clash of ICO “Initial Coin Offering” and ICO “Information Commissioner’s Office” to navigate!

The FCA have got a Sandbox but they definitely don’t have their heads stuck in the sand (sorry, irresistible). They are actively engaging with the technologies and the industry – “We also look forward to hosting and attending events on DLT”.  In my opinion this is vital for driving adoption of DLT within financial services and the consequent consumer benefits.  

FCA paper DP17/3 requests responses to 17 questions by 17th July 2017 (several seventeens, is that significant!). The FCA are expecting to see “more movement from ‘Proof of Concept’ to ‘real-world’ deployments” from later in 2017 and so as an industry I think we need to pay close attention to this paper and respond thoughtfully.