Blockchain is here to stay, but what regulatory and legal hurdles does it now face?
At the start of April, the UK’s Financial Conduct Authority (FCA) announced it is looking for feedback by 17 July 2017 on the potential for future development of distributed ledger technology (DLT)/blockchain in the markets it regulates.
Here, intellectual property and technology lawyer at DLA Piper John D. McGonagle speculates on what the rise of blockchain technology might mean for the future of banking, the feedback which the FCA may receive from interested stakeholders, and some of the regulatory and legal hurdles which blockchain technology may need to negotiate in the near future.
The FCA is requesting examples of blockchain technology “providing direct and tangible benefits to consumers”. Such examples can be found in the healthcare industry – where drug packages can be authenticated and time stamped at each intermediate delivery point, reducing counterfeiting, price manipulation and the possibility of delivery of expired drugs – and in the real estate industry, where the Government of Honduras is investigating placing records of land ownership on a blockchain in order to authenticate title certificates and reduce ownership disputes.
With near instantaneous and simultaneous access to distributed databases that store public records it is clear that government agencies could benefit considerably from blockchain technology. Indeed, Ukraine has recently announced that it is partnering with global technology company the Bitfury Group to put a wide range of government data on a blockchain platform. So blockchain is here to stay, but what regulatory and legal hurdles does it now face?
One of the key USPs of a blockchain is that once data is stored it cannot be altered (at least, not easily), and this clearly has implications for data privacy, particularly where the relevant data is personal data or metadata sufficient to reveal someone’s personal details. This unique transparency of transactions on the blockchain is not easily compatible with the privacy needs of the banking sector: the use of crypto-addresses for identity may be problematic as no bank likes providing its competitors with precise information about its transactions and the banking secrecy must be kept by law.
The FCA also notes that the General Data Protection Regulation (GDPR) is the new legal framework of data protection requirements, due to apply in the UK from 25 May 2018. The FCA suggests that firms need to consider the ICO’s guidance and their data protection obligations carefully, particularly when a blockchain is used to store, share and process client data.
For highly regulated financial institutions needing to demonstrate appropriate outsourcing arrangements, it may prove difficult to demonstrate that blockchain technology will perform to acceptable standards. The willingness of blockchain technology vendors to commit to performance assurances is likely to depend on their service delivery model, and their risk/reward profile (including their willingness to accept significant liability for multiple customers at the same time). Vendors may seek to offer the technology and service on an almost “as is” basis, with limited service levels, and excluding warranties regarding performance or functionality of the services.
The risk to customers of a systemic issue with trading related infrastructure such as blockchain could be material if trades are not settled or are settled incorrectly. The allocation and attribution of risk and liability in relation to a malfunctioning blockchain service must be thought through carefully, not just at the vendor-customer level, but as between all relevant participants, in particular the parties (perhaps counter-parties for a trade) affected by the issues.
And what about decentralised autonomous organisations (DAOs)? These are essentially online, digital entities that operate through the implementation of pre-coded rules and need minimal to zero input into their operation and they are used to execute smart contracts, recording activity on a blockchain. The FCA acknowledges that there are “unresolved questions around the governance structure [of such arrangements] in the UK context”. Modern legal systems are designed to allow organisations, as well as actual people, to participate. Most legal systems do this by giving organisations some of the legal powers that real people have — e.g. the power to enter into legal contracts, to sue, and to be sued. But what legal status will attach to a DAO? Are they simple corporations, partnerships, legal entities, legal contracts or something else? Since the DAOs “management” is conducted automatically, legal systems would have to decide who is responsible if laws are broken. What, if, any, is the liability of DAOs and their creators? Who or what is claimed against in the case of a legal dispute?
The FCA paper acknowledges that there are plenty of other legal questions will be for the courts, other regulators, or legislators to decide upon, rather than being part of its remit. For example conflict of laws issues regarding contracts executed on a DLT platform across multiple jurisdictions simultaneously. In a conventional banking transaction, if the bank is at fault then irrespective of the transacting mechanism or location, the bank can be sued and the applicable jurisdiction will most likely be contractually governed. However, in a decentralised environment, it may be difficult to identify the appropriate set of rules to apply.
There may also be enforceability questions around the use of “smart contracts” which will only be resolved in court. Smart contracts are automatically executed upon certain specified criteria coded into the contract being met. Execution over the blockchain network eliminates the need for intermediary parties to confirm the transaction, leading to self-executing contractual provisions. Since smart contracts are prewritten computer codes, their use may present enforceability questions if attempting to analyse them within the traditional contractual concepts such as offer and acceptance, certainty, and consideration (price).
These are just a handful of the questions which will be taken into consideration once the FCA receives feedback on a whole host of issues concerning the wide introduction of blockchain. While there are uncertainties surrounding both the practical and legal implications of the technology, what is certain is that it is likely to be here for good, and has the potential to irrevocably transform the way we bank.