Blockchain: mind the gap

Blockchain technology is far from mature and there is a danger that regulation could crush innovation and competition. Professor Michael Mainelli and Simon Mills* argue that a more measured approach to the technology would be to develop voluntary standards.

The applications developed by financial technology companies may streamline processes, create new products and enhance the efficiency of transactions. But you cannot set yourself up as a doctor, practise law, or claim to be an accountant unless you are licensed to operate by a professional body.

Make no mistake, the computer scientists developing cryptocurrencies and distributed autonomous organisations, the innovators behind developments in the shared economy and crowd-sourcing applications are brilliant. They have complete command of their code and a numinous vision of how the world could be. However, few of them have practical experience of running a business and fewer still have any understanding of financial services, how it is regulated, its global interconnectivity and the consequences of critical systems ‘catching fire’.

The unregulated nature of the financial technology sector is a current source of strength. Innovation and competition run at an accelerated pace, resulting in new products and services that have the potential to transform the financial services sector. One area of innovation in the banking sector is mutual distributed ledger (MDL, or blockchain) technology.

MDLs have the potential to replace any process which requires the use of a database by multiple parties. MDLs have a number of advantages over databases as, unlike databases, they are:

■ Permanent – once entered into the ledger, records cannot be altered

■ Persistent – their distributed, unalterable nature means that the loss of a complete database is almost impossible

■ Pervasive – everyone has access and they can reach deep into replacing much inter-organisational messaging

In simple terms, MDLs are just databases but their power comes from allowing multiple organisations to work together smoothly and share trust and power. They reduce the likelihood of natural monopolies over information.

MDLs are not new. Z/Yen pioneered an early form of MDL in the mid-1990s and there are many other examples such as Ripple (2004) or the Estonian Government (2007). However, while such a technology has important implications, adoption has been slow. The rise of cryptocurrencies such as Bitcoin (2009), which rely on MDLs, has spurred renewed interest. MDLs have shown their endurance in the harsh environment of cryptocurrencies. These currencies have problematic technical issues such as their ‘mining’ algorithms that, while mathematically intriguing, court controversy and consume enormous amounts of energy. There are also economic issues including the shakiness of currencies unbacked by fiat taxation or a commodity and social issues such as their role in facilitating illicit trades. There have been notable thefts of cryptocurrencies from wallets and exchanges, but their MDLs, their boring, underlying ledgers, have held up well.

Major players in the banking sector have been quick to grasp the potential of MDLs to transform the transaction model of everything from cash micropayments to complex derivatives trades, revolutionising the infrastructure that underpins markets today. The instinctive banking response before cryptocurrencies was that MDLs must be complex and insecure because they run on multiple machines. The current response is to rush to proof of concept demonstrators and join large consortia, such as R3 (a consortium partnership of more than 50 financial institutions), but halt before implementation. Caution has been urged by the European Securities and Markets Authority and Swift. Working products have yet to be launched, unlike the insurance sector where a few MDL-based services are already in daily use.

There are a number of core banking risks associated with MDLs:

■ Performance and taxonomies. Established technologies fit neatly into categories and their performance criteria are well known. The terminology for MDLs is fluid, blockchain as a term dates to 2012, ‘permissioned versus un-permissioned’ ledgers to 2015. This is a natural state for newly adopted technology, but how is a bank or a regulator to react to a financial technology firm that approaches them and says its work is based on a MDL or blockchain? How secure is it, what is its validation mechanism, how fast is it, what is its energy consumption, what are its throughput rates, how public is it, how opaque? More work needs to be done on helping people develop common language to understand what they are talking about

■ Compliance. Legal issues, such as the legality and enforceability of the records or code kept on MDLs, or the inclusion of personal data on the blockchain need to be carefully considered. Differences in financial and company laws across jurisdictions mean that supervising an MDL ‘network’ might be considerably more complex than supervising central market infrastructures. Different nodes might be established in different jurisdictions and subject to different privacy, insolvency and other requirements

■ Liability and responsibility. Protecting the participants in a MDL from joint liability is one important consideration, as is indemnity for mistakes, relying on joint information and information sharing structures for areas such as know your customer, anti-money laundering, sanctions screening and ultimate beneficial ownership. Determining roles, responsibilities and authority for the management of MDL processes is an important risk management consideration

■ Security. Malicious access to a public MDL, for example using a stolen key, would enable a hacker to gain access not only to the information stored at the point of attack, but also to the full breadth of information recorded on the ledgers. There are numerous configurations of public, private, permissioned, un-permissioned, transparent, opaque, read, write and multiple MDL key structures. Most of the practical work under way appears to be private permissioned opaque structures with keys controlling read and write access. However, these structures reduce the incentives for community participants to keep the entire ledger as they are unable to access most of it. This in turn creates opportunities for community managers with reduced abilities to exploit natural monopolies

■ Governance. MDLs, as with any technology, need to evolve. Evolution is more difficult because of their ‘permanence’. Due to the persistence of data in MDLs, correcting transaction or data errors may be difficult unless a single entity is authorised to promote changes across all nodes. This ‘inability to evolve’ has already resulted in upgrade problems at Bitcoin. Also, in order to reverse a hack, Ethereum resorted to ‘tyranny of the majority’ to overturn its own ‘smart contract rules’. While Bitcoin has virtually no governance structure and Ethereum has tried a ‘light’ foundation structure, most commercial MDLs will require stronger governance structures

■ Transparency and reporting. MDLs could add complexity to risk management and oversight in securities markets. While the use of MDLs should in principle enhance transparency and the traceability of transactions, particularly in securities markets, the encryption of the information could make it harder to disentangle and process the identity of buyers and sellers. XML data standards, helping to ensure consistency of data structures and interpretation across MDLs, as well as standing data standards for codes and indices are not just MDL issues, but the increased inter-working of mutual processes heightens their importance

■ Interoperability. This probably has been the most commonly stated objective of MDL standards but, in truth, has been the least important issue of the above. MDLs are, in most respects, flat files. Interoperability for a competent programmer is straightforward. That said, by interoperability many people implicitly include the XML consistency issues above

The knee-jerk response of governments to perceived risk is to legislate. However, as MDL technology is far from mature, early imposition of regulations might crush innovation and competition. A more measured approach would be to develop requirements, specifications, guidelines and characteristics that can be used consistently to ensure that the properties of the processes and services provided by MDLs are predictable and fit for their purpose. In other words, to develop voluntary standards markets.

Standards enable and constrain at the same time. Standards require collective action and the outcome of these collective initiatives often provides private benefits. Given the known winner takes all and lock-in problems associated with proprietary standards, what economic and legal frameworks would be most appropriate for MDL developers and users?

The simplest follows a well-trodden path, initially forged by the City of London’s medieval livery companies. Develop a common standard, not owned by anyone, but enforced by competitive inspection. Technical and de-facto standards will emerge relatively easily, because MDLs work only via connectivity. Open standards, similar to the requests for comments issued by the Internet Engineering Taskforce (an open international community of network designers, operators, vendors and researchers concerned with the evolution of internet architecture), which set standards for internet developers will likely arise as developers share application programming interfaces (APIs) to build systems.

The final route, perhaps obviating regulation, is via voluntary standards markets, as used widely in shipping, aviation and food industries. In this model, national accreditation bodies license certification bodies to inspect and certify against an independently-developed standard. Companies seeking to prove compliance with the standard can choose from a selection of competitive certification bodies that will provide a commercial audit. This is a robust model that has already gained some traction in the financial services sector. For example, the International Organisation for Standardisation’s (ISO’s) Committee 68, which is responsible for standardisation in the field of banking, securities and other financial services, has published more than 50 international standards and has a further 21 under development. Given the complex regulatory environment in which financial services operate, ensuring MDLs fit within the existing standards framework is challenging, although iterative ‘standards for standards’ such as PAS 99 or ISO 9000, may offer scope for expansion.

In conclusion, if MDLs begin to meet their hyped potential, they will need a rich set of standards to ensure that they are fit for purpose and fulfilling their purpose. For the banking sector, the real and perceived risks associated with using MDLs must be addressed. The most effective way of managing these risks is to bring standardisation to the technology driving the applications, to the professionals implementing it and to the governance of the processes themselves. This may be a bitter pill to swallow for the free-thinking evangelists of the financial technology revolution, but MDLs are strong medicine and we must avoid side effects.

* Professor Michael Mainelli is executive chairman of Z/Yen Group and Principal Advisor to Long Finance. His latest book, The Price of Fish: A New Approach to Wicked Economics and Better Decisions, written with Ian Harris, won the 2012 Independent Publisher Book Awards Finance, Investment and Economics Gold Prize. Simon Mills is an associate at Z/Yen Group