Blockchain, Regulation, and Privacy
Source: International Banker
What is Blockchain?
Blockchain technology and its many applications are transforming the financial system. A blockchain is a decentralized, digital and transparent general ledger of all transactions. Virtual currencies, such as the infamous bitcoin, make use of this distributed-ledger technology and operate on a peer-to-peer basis across a network of computers—hence making it decentralized. In addition, this process automatically notarizes each transaction across a vast network of resources, making it practically incorruptible.
Why is blockchain important?
With each transaction being recorded across a network of participating computers, the individual records of each transaction cannot be altered retroactively, as it’s not practical for there to be an alteration of all the subsequent blocks and for the collusion of the network to occur. Thus, blockchain-based systems are far more advanced than current transaction record-keeping processes, which rely on the comparatively vulnerable siloed-ledger approach, thereby making blockchain a powerful new approach for financial systems to take advantage of.
Blockchain-based ledgers are transparent and digital, reduce fraud, lower transaction fees, maintain transactional integrity and simplify non-repudiation. Of course, blockchain’s applications aren’t restricted to the financial sector but do offer compelling and convincing use cases for the industry.
How is blockchain being used?
There is a multitude of applications of blockchain across various industries; here are a few:
- Crypto-currencies: Bitcoin, BlackCoin, Dash (full list here)
- Smart contracts: Invoices that pay themselves when shipments arrive,
- Share certificates: Send owners dividends if profits reach a threshold,
- Payment systems: Enable seamless and secure digital transfer of funds,
- Remove the need for TSPs (trust service providers), and thereby enable non-repudiation,
- Reduce capital disputes by providing a transparent transaction ledger,
- Reduce risk and financial Fraud by reducing the number of points of entry and exit,
- Automate business processes, such as: business incorporation, collecting taxes and conducting conveyances,
- Cloud storage: Distributed storage, such as Storj and Sia,
- Online voting: Decentralized online voting, such as Tezos,
- Insurance: Peer-to-peer, parametric and micro-insurance,
- Sharing economy: Seamless and direct peer-to-peer collaboration,
- Medical records: Increased secure interoperability of patient records,
- Authenticity: Verification of the origin of digital art (and digital goods in general),
- IoT: Enable seamless peer-to-peer collaboration between IoT (Internet of Things) devices.
Although there has been significant volatility in certain crypto-currencies (such as bitcoin), blockchain technology is not hot air or hype. Its impact in the digital world is substantial and will continue to infiltrate various industries. Even for crypto-currencies, the sheer number of exchanges, and the volume of daily transactions being processed, shows no slowdown.
We are also seeing a steady rise in job creation and capital investment within blockchain- and crypto-currency-related companies.
Retail & Financial adoption
Some major retailers, both domestically and internationally, have already started accepting crypto-currencies as a form of payment at checkout. Some of those retailers include Overstock, Expedia, Shopify, Microsoft, and DISH Network. Internationally, Ulmart, the largest online retailer in Russia, has committed to accepting crypto-currencies.
- Financial institutions and identity-management companies have been quick to explore the implementation of blockchain technology into applications for identity verification and to protect against anti-money-laundering practices.
- The global payment-relay network, SWIFT, recently piloted DLT (distributed ledger technology) to simplify international transactions and stated that the results were very good. “SWIFT’s press release about the now published report on the bank-to-bank project notes that the PoC (proof of concept) intended to figure out how a combination of DLT and SWIFT assets could meet ‘industry-level governance, security and data privacy requirements’, as well as show benefits for its use over other applications.”
- Banks could reduce cross-border payments and costs associated with securities trading and regulatory compliance by $15 to 20 billion per year by 2022 (as outlined in a whitepaper by Santander Innoventures and Oliver Wyman and Anthemis Group).
- Within the R3 consortium, 15 participating banks are evaluating whether blockchain can be used to replace traditional letters of credit.
- Citigroup recently announced they are seeking to hire professionals experienced in bitcoin to help beef up their AML (anti-money laundering) program. “A number of organizations provide such bitcoin certification, including the Cryptocurrency Certification Consortium, which offers a BPC to those who complete a two-year course and a 20-minute test.”
Regulatory landscape, blockchain, and privacy
Blockchain and crypto-currency have drawn a healthy debate on whether the anonymous nature of the transactions makes money laundering easier or harder. Some of the early adopters of bitcoin were synonymously criminals making dealings in the black market, using the network to wipe dirty cash off the books into untraceable virtual currency, which they could more easily access in various countries. Fears of criminals taking advantage of blockchain-based networks still exist, but practical and positive applications of using blockchain to fight against money laundering have grown in popularity amongst banks. This approach applies a secure and digital identity-management overlay on top of blockchain-based crypto-currencies to produce a traceable digital trail (in sharp contrast to the current popular and non-traceable fiat paper trail) as a reliable way to track transactions.
In the context of know-your-customer (KYC) and identity tracking, the same is true. The latest practical implementations debunk the prior notions that crypto-currencies always anonymize user identities, and in the process protect criminal identities from being traced. Many are now seeing blockchain as an opportunity to leverage the network to improve a financial institution’s ability to securely and privately identify users and comply with KYC requirements. The adoption of digital wallets by retailers will create a new barrier for users that do not opt-in to verify their accounts. Some new companies are creating blockchain-based, identity-verification solutions that allow consumers to authorize the use of their identities in real-time.
FinCEN (Financial Crimes Enforcement Network) published guidance on the “Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies”, which defines convertible virtual currency as any virtual currency, or “medium of exchange”, that either has an equivalent value in real currency or acts as a substitute for real currency. The Bank Secrecy Act (BSA), which regulates financial institutions with various subcategories, grants regulators the power to craft new or more specific subcategories and definitions, as done here by FinCEN.
The BSA is focused on what “activities” persons and/or businesses perform such as banking, funds transfer, etc., and not necessarily on which “technologies” are being used to perform those activities. The majority of these activities are defined in regards to exchanging, storing or otherwise dealing with “currency”. However, “currency” as defined by the BSA is “the coin and paper money of the United States or any other country”. So no crypto-currency activity, such as bitcoin, would fit within this definition of “currency” as the medium.
The “money transmitter” subcategory of “financial institution” has a broader definition extending to money transmission involving “currency or other value that substitutes for currency”. The newly defined convertible virtual currency falls into that category. Rather than crafting a newly regulated activity or technology-based regulation, FinCEN simply clarified why activities performed using bitcoin or any other currency substitute may fit within the existing definition of “money transmitters”. This falls into the even broader category of “money service business” (MSB) and, in turn, is one of the several sub-categories of “financial institution”. Because of this nesting game of word definitions in the FinCEN guidance, a virtual-currency business could be classified as a “money transmitter”.
The guidance also defines three categories of persons: administrators, exchangers and users, and explains why only administrators and exchangers qualify as “money transmitters” and therefore must comply with the BSA. Under FinCEN’s regulations: An exchanger that accepts and transmits a convertible crypto-currency or buys or sells convertible crypto-currencies is a money transmitter. The definition does not include individuals buying or selling crypto-currencies as a personal investment or for other personal purposes. “Accepts and transmits” means you take crypto-currencies from one customer and send it to another person or persons on their behalf. You have to do both, accept and transmit, so if you are only accepting crypto-currencies from someone or only sending crypto-currencies to someone (possibly in return for a good or service), then you are not a money transmitter. You are a money transmitter if you are an exchanger who buys and sells (such as a brokerage or exchange service for customers). If classified as an exchanger, the business must register with FinCEN as an MSB, have a risk-based know-your-customer and anti-money-laundering (AML) program, and file suspicious activity reports (SARs).
The recent upswing in KYC requirements for new and existing crypto-currency wallet owners internationally suggests that such standardization could be crucial for ensuring the proper functioning of the crypto-currency industry as it nears sovereign recognition. The blockchain protocol could be revised to limit transactions to KYC-verified wallets only. All transactions could be traced back to an identified e-wallet. Moreover, AML-risk analysis, alert and report-generating mechanisms could be integrated within the crypto-system, instead of monitoring only the entry and exit points.
Privacy regulations, specifically GDPR (General Data Protection Regulation), are at odds with key principles of blockchain, namely the “right to be forgotten” protection GDPR provides. This could severely impact crypto-currencies’ survival in Europe. The “right to be forgotten” enables users to request permanent deletion of their data from services they use. Blockchain’s immutability (a key aspect of the protocol) prevents such an action from taking place. GDPR also mandates that organizations remove any historical user data if that user is no longer their customer, yet again contradicting blockchain. The tug of war between blockchain advocates and GDPR proponents is an ongoing battle, and there are projects underway to reconcile the two.
Impact on Financial Regulations: Conclusion
The regulatory landscape surrounding crypto-currencies is adapting slowly to the increasing demand. In parallel, blockchain protocol may need to move quickly to allow for KYC-verifiable e-wallets. On one hand, we see a lot of uncertainty from regulators around virtual currencies, so it is justifiably still the Wild Wild West. On the other hand, it seems the benefits to certain existing regulations are clear and could be transformational, especially with regards to the BSA requirements. So it’s important to pay attention to changes on both sides, and to be educated about regulatory requirements that might apply to individuals and businesses.
The role blockchain and crypto-currencies (as one application of blockchain) play in the financial industry is just in its infancy. While recent privacy-driven regulations such as GDPR are at odds with the principles of blockchain, regulation will slowly but surely adapt to the ever-changing flow and popularity of blockchain applications.