On 15 December 2017 the FCA published Feedback Statement 17/4 (FS 17/4) on Discussion Paper 17/03 in relation to Distributed Ledger Technology. FS 17/4 is of particular interest to those who are already operating in the FinTech and RegTech space as well as to existing financial services firms monitoring developments in this area.
While, for the present, the FCA maintains its "technology neutral" approach, FS 17/4 shows that there is scope for the FCA to intervene and become more involved in future. Andy Peterkin, Nandini Sur and Fiona Lowrie summarise FS 17/4 and highlight certain aspects which will be relevant to our clients.
1. What is distributed ledger technology (DLT)?
DLT is part of the burgeoning new world of FinTech and RegTech. In its simplest terms, DLT is a means of recording transactions that is not centralised, but rather shared within a network. Thus, instead of having one "ledger" with information in a centralised location, with DLT all the participants within a transaction network (for example, a securities market) have their own identical copy of the ledger. In principle, this duplication of the ledger makes the falsification or corruption of the transaction record more difficult.
The most well-known example of the use of DLT is Bitcoin, the cryptocurrency. However, DLT has many more uses which are of potential relevance to financial services firms. In common with financial services authorities around the world the Financial Conduct Authority (FCA) is increasing its engagement with this fast-developing area.
2. What is the FCA's approach?
The FCA has historically maintained a 'technology neutral' approach, meaning that the FCA considers its remit not to regulate specific technologies or systems but rather, to concentrate on the outcomes of using specific technologies in the context of its focus on consumer protection, market integrity, and the promotion of competition.
With the rise of DLT, and its huge potential, the FCA decided to consider in detail this type of technology and its effect with industry stakeholders. Accordingly, in April 2017, the FCA published a discussion paper on DLT (DP 17/03) to stimulate a discussion on the regulatory implications of current and potential developments of DLT in the financial markets.
3. What was covered by the FS 17/4?
FS 17/4 summarises the feedback received from respondents to DP 17/03 and provides the FCA's views and its current proposed approach. FS 17/4 considers various uses of DLT, including facilitating regulatory reporting, enhancing transaction monitoring and underpinning the issuance, trading and clearing of financial instruments.
FS 17/4 focused on the following areas in the context of DLT:
- how DLT functions; including operational risk, network security and outsourcing;
- how DLT is used; including digital currency, initial coin offerings (ICO), smart contracts and regulatory reporting;
- the effect DLT may have on the level of financial crime; and
- the interaction between the wide use of DLT and data protection regulation.
FS 17/4 also refers to the FCA's experience with firms making use of the FCA's Regulatory Sandbox testing facility which allows businesses to test their latest FinTech products with real consumers. Of the 58 firms in the Regulatory Sandbox program, FS 17/4 notes that 22 have used DLT, thus highlighting the interest and demand in the technology.
4. Using DLT networks in the financial services sector
FS 17/4 considers both the potential benefits as well as risks of DLT. Benefits cited in FS 17/4 include enhanced resilience and transparency consistent time-stamping, digital signing of transactions and real-time processing. The consensus mechanism used in most DLT systems is designed to ensure that the ledger cannot be corrupted by one participant alone. Potential areas of concern highlighted include dependence on a public network, security issues, lack of governance, dispute and regulatory frameworks and potential anonymity of network participants.
That said, in the FCA's opinion, the use of both permissioned and permissionless DLT networks has the potential to enhance operational soundness. The FCA expects firms to mitigate all relevant operational risks appropriately in a DLT environment and to undertake appropriate due diligence before deciding to use particular DLT-based solutions.
FS 17/4 noted concerns raised by the industry about the incompatibility of permissionless networks with outsourcing rules and stated that only permissioned networks would be able to meet outsourcing requirements.
As mentioned above, in the FCA's view, the use of permissionless networks is not inherently incompatible with the UK regulatory regime. However, firms will need to assess each case to see whether using a DLT network amounts to outsourcing in the context of the FCA's regulatory requirements as set out in SYSC 8 and elsewhere within the FCA Handbook. The FCA does not consider that using a permissionless network always amounts to outsourcing. This is an area that clients will need to consider on a case by case basis with appropriate advice.
FS 17/4 emphasised that network security is of the utmost importance. While the distributed nature of the network leads to enhanced system and data resilience as well as record keeping and auditability, there are certain risks, for example coding errors and weaknesses in encryption. The FCA noted that where technology (and therefore security) is a core feature of the service, it expects firms to give full attention to operational risk management and to actively manage operational risks such as network and operational safety.
Specific uses for DLT in the financial services sector
Digital currency as (i) a means of exchanging value, and (ii) as an underlying investment
In terms of exchanging value, international payments and micropayments were cited as areas which would benefit the most from the use of digital currencies. However, digital currencies' price volatility in relation to fiat currency exchange rates is seen as a drawback. FS 17/4 noted that digital currency as an alternative or supplement to traditional payment mechanisms may, with sound risk management, enhance services and benefit consumers, however the FCA expects firms to adequately address the volatility risk.
Looking at the use of digital currencies as an underlying asset, FS 17/4 confirmed that while digital currencies are not themselves directly regulated, if they are the underlying reference asset in a financial derivative, transferable security or collective investment scheme, the activities of firms relating to these instruments may be subject to regulation. FS 17/4 also noted the potential vulnerability of such instruments to manipulation of the value of the underlying asset and that they are unlikely to be appropriate for most retail clients.
Initial coin offerings (ICOs)
Again, FS 17/4 highlighted how using DLT in relation to ICOs has the potential to make innovation more dynamic but concerns were also raised about the potential harm to investors. The FCA stressed that ICO investments are high-risk, not least because they are speculative in nature and may not be regulated.
The FCA confirmed that coins issued during an ICO are capable of falling within the FCA's regulatory perimeter as a specified investment, depending on how they are structured and the rights they give their holders. If this is the case, the ICO must be fully compliant with the regulatory regime. Otherwise, it must be "designed, promoted and governed in line with best practice" so that investors are properly informed. For further information on the increasing popularity of ICOs and the UK regulatory perspective, please refer to our briefing here.
Digital asset trading and smart contracts
DLT could viably be used in various infrastructure elements of digital asset trading, and smart contracts.
Potential service improvements that may be derived from DLT-based solutions echo those highlighted already, including better information, better valuations, more accurate data, and enhanced risk management and reporting. DLT may therefore bring several benefits to securities markets and the industry more widely, notably more efficient post-trade processes and enhanced reporting and data management capabilities (which would reduce costs). However, the FCA questioned whether DLT will be adopted more broadly, without there being a clearer position on the legal status of digital assets and enforceability of smart contracts.
FS 17/4 confirmed that, in the FCA's view, DLT has great potential in terms of regulatory reporting for example by enabling reports to be generated immediately and mitigating any operational risk of reconciling multiple interacting systems. In addition, consolidation across various local and international regulators would be easier in cases where data ought to be coherently reported to multiple parties who are interested in any one particular transaction. As a result, costs to both firms and regulators could be significantly reduced while the FCA benefits from improved access to data. However, the FCA noted that DLT is not the only technology that could improve regulatory reporting and that they are exploring other possibilities.
Potential impact on financial crime
FS 17/4 suggested that as DLT allows records to be more easily searchable and consist of better quality data, DLT systems could facilitate more effective monitoring and guarding against financial crime.
The FCA does not believe that using DLT necessarily increases the risk of financial crime. As long as firms appropriately assess and mitigate risks associated with the use of innovative technologies, FS 17/4 welcomed the application of DLT to enhance firms' efficiency and accuracy in detecting and preventing suspicious activity.
DP 17/03 noted the challenges firms face in managing their obligations in this area, and several respondents questioned whether data protection obligations would be compatible with using DLT. In particular, there could be a conflict between the data protection rules' provisions regarding "the right to be forgotten" and the perfection of data on a DLT network as used, for example, in blockchain technologies. However, in FS 17/4, the FCA confirmed that it has not identified any substantial incompatibilities and did not find that at present there was a need for further FCA guidance on this issue
While DLT is in its infancy, firms have started to consider seriously how such technology could be used within the business to improve efficiency in a regulatory climate where data management is paramount. Given FCA's regulatory philosophy of being 'technology-neutral', which it has retained in FS 17/4, the onus is on financial services firms who wish to utilise DLT to discover how to implement DLT within the regulatory landscape.
A further practical issue in relation to DLT technology relates to its sustainability. It is an extremely energy intensive technology. For example, a 2016 government report has noted that mining Bitcoin requires very large computing power and that in fact the energy requirements of Bitcoin may be comparable to the electricity usage of Ireland.
In addition, firms employing DLT will also have to consider how to apportion regulatory responsibility for the implementation of such technology. Thus, firms subject to the Senior Managers and Certification Regime will have to ensure individuals' responsibilities are clearly set out, especially given the shared nature of DLT systems.
This publication is a general summary of the law and should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, March 2018