CBoxx Briefing Paper – The Decentralised Financial Passport

This CBoxx Briefing Paper is for innovators at UK financial institutions. It takes the idea of a Decentralised Financial Passport to illustrate the concepts, opportunities and challenges around decentralised identity, then presents a roadmap for industry adoption.

Download CBoxx Briefing Paper – The Decentralised Financial Passport UKFS

Regulated financial institutions must, by law, operate expensive, time-consuming customer due diligence processes (KYC, KYB etc) to continuously understand who their customers are. Those customers are increasingly managing their finances from smartphones and soon they will be doing that without passwords, pin numbers, memorable questions or ever having to rekey their identity data. There will be no need to rely on paper credentials or overshare personal information; this will be liberating for both customers and financial institutions.

The Decentralised Financial Passport concept relies on decentralised identity technology and the open standards that are fast becoming real world infrastructure. This new global identity layer enables reputable institutions to issue portable digital identity credentials that are controlled by their customers. This streamlines onboarding, reduces complexity, reduces costs and vastly improves data security. New revenue streams and business models will emerge.

Download CBoxx Briefing Paper – The Decentralised Financial Passport UKFS


Blockchain Primer Paper on Decentralised Identity

The rise of decentralisation ushered in by blockchain technology and the personal computing power of the smartphone has offered up a practical new way to manage Digital Identity that is appealing to nearly everyone and has enormous potential everywhere; from financial services to global supply chains to the humanitarian sector.

Self Sovereign Identity turns our ideas about how digital identity is managed on their head and perhaps promises to solve many of the problems we face today related to data security, data protection and the rapidly increasing burden of corporate risk.

This new primer paper from CBoxx draws together the main concepts, key players and initiatives, interesting use cases, progress on open standards and some of the latest thought leadership in the area, as of September 2017 …

CBoxx Identity Matters Primer Paper v04

Six Key Points from FCA Distributed Ledger paper DP17/3

DP17/3 strikes me as an important paper that demonstrates the FCA’s very strong understanding of Distributed Ledger Technology gained first hand through their Regulatory Sandbox program. The paper appears to be driven by their realisation that they may need to regulate DLT because it represents a potential technology shift for financial services market comparable in impact to the dematerialisation of securities from paper to electronic form.

Discussion paper FCA Discussion Paper DP17/3 on Distributed Ledger Technology was released on 10th April by the FCA (the UK financial services and markets regulator)  with a view to …

“… launching a discussion to start a dialogue on the potential for future development of distributed ledger technology (DLT) in the markets we regulate.”

Here is a quick summary of the key points that I’ve taken from the paper but I think it warrants a full read by anyone involved and interested in DLT and UK financial services (I’m not going into the ‘DLT’ vs ‘Blockchain’ terminology/classification debate here):

(1) I’ve heard many people say that the FCA will not regulate DLT because they regulate business, not technology. However, this paper clearly explains that while the FCA ‘technology neutral’ approach currently does hold true with respect to DLT, they could change their mind about that. This paper is a step towards making that decision.  The FCA see parallels with the move from paper-based to dematerialised securities that forced a rethink of previous regulatory conventions.

(2) The FCA can see a wide range of very valid and exciting financial services FinTech and RegTech use cases for DLT. These include, amongst others cited: reduction in financial crime, reengineering reinsurance markets, regulatory reporting and perhaps even a wholesale rethink of Asset Management through some disintermediation ultimately leading to lower costs and transparency for consumers . In general “If DLT can offer a more resilient system than currently available, it may help deliver on our statutory objectives.”

(3) Common Business Standards may be necessary to realise the benefit of DLT. This is fairly obvious to those who have been working in financial services for a while. DLT is a technology, a ‘protocol’, but not a standard for business processes and market practice. In that respect it is often likened to the emergence of TCP/IP that underpins the Internet and enable todays online world. DLT/Blockchain networks have potential to bring forth the true “Internet of Value”. The FCA paper mentions that for insurance markets “Clear DLT standards for the management of contracts and risk data could significantly improve market functioning.” I would suggest that principle applies to all regulated financial services markets. Multiple regulated DLTs are looking likely to emerge and to be truly effective they need to be able to communicate with each other (interoperate) using common business standards.

(4) The allocation of responsibilities is crucial. Governance of decentralised networks is generally not clear and the FCA have taken particular note of the cautionary tale of The DAO where governance of an Ethereum powered venture capital fund worth roughly 150M USD collected from about 11,000 investors globally was entirely automated through smart contract code. A subtle flaw in that code allowed someone to anonymously drain about a third of The DAO fund away into their own private accounts. While the Ethereum Foundation eventually and very contentiously sorted it out through a hard fork (i.e. a rewind) of the network – should they have done that? Was it really their responsibility? If a regulator insists on getting involved here, you could speculate that DLT developers (and their code) in financial services could one day need to become regulated professionals in the same way that UK financial advisers are? FCA Approved Developers!

(5) The FCA is considering whether Initial Coin Offerings (ICOs) need to be regulated. ICOs are a newly emerged alternative to venture capital or crowd funding for startups. ICOs are not currently regulated so if you take part in one, there are no real rules, no official code of conduct and no recourse – it’s all very much at your own risk. The FCA notes that “depending on how they are structured, they may, therefore, fall into the regulatory perimeter”.

(6) The General Data Protection Regulation (GDPR) will apply in the UK from 25th May 2018. This will be a much stricter data protection regime (with far bigger penalties for being in breach) than the current data protection regime. One particular point is the ‘right to be forgotten’ that seems to run very contrary to the DLT principle of the immutable ledger. So the FCA have issued a warning here for “firms to consider their data protection obligations carefully when DLT is used to store, share and process client data”. For DLT aficionados there is also the acronym clash of ICO “Initial Coin Offering” and ICO “Information Commissioner’s Office” to navigate!

The FCA have got a Sandbox but they definitely don’t have their heads stuck in the sand (sorry, irresistible). They are actively engaging with the technologies and the industry – “We also look forward to hosting and attending events on DLT”.  In my opinion this is vital for driving adoption of DLT within financial services and the consequent consumer benefits.  

FCA paper DP17/3 requests responses to 17 questions by 17th July 2017 (several seventeens, is that significant!). The FCA are expecting to see “more movement from ‘Proof of Concept’ to ‘real-world’ deployments” from later in 2017 and so as an industry I think we need to pay close attention to this paper and respond thoughtfully.