In my previous blog for the Institute, I outlined the basics of blockchain. With this understanding in place, I want to use my second blog on the topic to look at the many ways that blockchain might be used going forward, as well as the associated risks.
How big is the potential impact of blockchain?
- Blockchain was born alongside cryptocurrency, the most famous of which is Bitcoin.
- However, the opportunities for this technology are endless and extend far beyond cryptocurrency. Blockchain has the potential to step into any area where traditional methods of tracking information, due diligence or auditing have proven to need intermediaries or professional services at high cost. For example, the banking and financial services sector, M&A due diligence, medical records, HR databases or implementation of smart contracts.
- The OECD has recently advocated for this technology as a measure for supply chain due diligence and audit purposes.
- Campaigners suggest blockchain could be integrated into a ‘system of intelligence’ where AI and the internet of things combine to perform solutions for industry. Such systems could verify captured data, query the historic immutable data and provide insightful analysis.
Consider a scenario where every asset within the UK was securely recorded in a shared ledger that is entirely transparent and immutable, and which would arguably secure the basic aims of the UK Corporate Governance Code and Disclosure and Transparency Rules. Such a use of blockchain could have the potential to end surprise profit warnings and prevent future financial disasters. On the other hand, some might argue that the knock-on effects of such a system could potentially be damaging. For instance, might this way of operating undermine competitiveness with competing markets that do not use the technology? These are the kind of questions that need serious consideration as blockchain becomes more widely used.
Inventors of the internet and World Wide Web may not have visualised a dark web. Similarly, blockchains mysterious inventor, Satoshi Nakomoto, may not have envisaged the following risks:
- Money laundering All financial crimes need to obscure the source of gain or hide the proceeds. Mixers and tumblers (like Wasabi Wallet) make it more difficult to trace the path of funds. By pooling cryptofunds from multiple users, and giving each one back an amount from the pool equal to what they initially put in, minus a service fee, it is more difficult (and time consuming) to trace the path to the culprits. Further, improving the speed of transactions would make it easier to transfer illicit cryptofunds automatically through numerous accounts within microseconds, raising further challenges for law enforcers.
- Scams According to one leading blockchain analysis report, scams in 2019 accounted for over US$ 8 billion in transactions mostly through exchanges, such as Binance and Huobi, and involving over 300,000 accounts. This despite both exchanges being subject to KYC regulation. Ponzi-type scams are also rife, for example ‘Plus Token’ which has been blamed for causing the fall in Bitcoin prices in 2019 as stolen funds were sold via Bitcoin OTCs.
- Security All technologies possess vulnerability. Smart contracts and exchanges which use a blockchain network to operate are subject to risk of security glitches or error. If a security flaw exists on the blockchain network where a smart contract operates, or security practices on exchanges are weak, hackers may be able to steal money without being detected.
- Criminal Motivations As with other technologies, criminals target blockchain applications using social engineering, malware and other exploitative measures.
- Reputation Risk Without specialised advice or a clear legal and regulatory framework, there is always the possibility that blocks may not be compliant with data protection laws and, where financial losses occur, allocation of unclear liabilities may lead to unforeseen reputational risks.
Despite these known inherent risks and threats, blockchain technology is still widely used.
Are regulators doing enough?
- Bearing in mind the potential impact of failure of this technology, many may expect regulators to be taking a proactive approach in its regulation.
- However, the approach taken by most regulators is not to regulate the technology directly but rather its application. For instance, where blockchain deals with cryptoassets which provides rights or obligations in a regulated asset in itself, such as a financial instrument under MiFID II (i.e. a ‘security token’) or regulated under the Electronic Money Regulations (an ‘E-money token’), this is within remit. Cryptocurrencies are generally considered to be ‘exchange tokens’, or, possibly, ‘utility tokens’ and outwith the regulator remit. This is the FCA approach.
- Offshore regulators, such as the Guernsey Financial Services Commission, assess such technologies on a case-by-case basis but ‘would be cautious about approving applications for [initial coin offerings] ICOs …. [and] the establishment of a digital currency exchange’. Bearing in mind the risks associated with Binance and Huobi, this may be a sensible approach.
- Organisations undertaking unregulated blockchain activities may come under regulatory supervision indirectly under other regulatory regimes such as AML, SMCR, and general Principles for Business Rules (PRIN) (or equivalent).
- The Basel Committee has recently issued a discussion paper and re-emphasised previous guidance for banks conducting business with cryptoassets to take steps to mitigate inherent key risks through due diligence, appropriate governance, anti-money laundering and manage exposure for significant losses.
- Where cryptoassets may be unregulated and therefore not covered by financial services compensations schemes (if present), consumers may also not have recourse to a Financial Ombudsman Service (if present).
Perhaps regulators should be providing guidance where the application of the technology demonstrates a clear benefit with acceptable risk, such as suggested by the OECD in third party risk management and AML due diligence exercises?
There has been much written on blockchain since its inception. The applications of it continue to create interest and expectation but, like any technology, there are inherent risks which may not be within everyone’s risk appetite. Whether it will fulfil its ultimate vision to remove all intermediaries is perhaps a moot question, but it seems doubtful.
Perhaps the final thoughts should be that we should all continue to be wary and, as one observer suggested to regulators, ‘become experts in this technology in order to start fighting money laundering’.
Paul is an Associate member of The Chartered Governance Institute UK & Ireland.