Blockchain regulation - it is when, not if

Main visual : Blockchain regulation - it is when, not if

In certain areas in the blockchain community, there has been strong resistance so far to external regulation of blockchain and other Digital Ledger Technologies (DLTs). But that’s changing and regulators now are ready to act.

In my last blog, I wrote how we are crossing a threshold in blockchain and Distributed Ledger Technologies (DLTs). We are – right now – moving beyond the hype-laden, over-complicated social utopian visions of the early days, with the emergence of more pragmatic, enterprise-driven use cases, where optimization of processes is the objective and viable justification.

Here I want to focus on the legal and regulatory implications of this transition: in particular how regulators and governments are under increasing pressure to update the regulatory environment.

Clearly blockchain, distributed ledgers - and the smart contracts these technologies enable - raise significant legal questions and, to date, there are few laws or regulations to govern them.

For example, in 2018, the Gibraltar Financial Services Commission (GFSC) became one of the first regulators to introduce a DLT regulatory framework, hoping to attract firms to the jurisdiction and to develop an innovative financial technology environment. But DLT has not - yet - become the subject of either UK, Japan, US, China or EU end-to-end regulation.

In the UK, the Financial Conduct Authority (FCA) has conducted a consultation exercise, which concluded that “…overall the FCA is open to all forms of deployment of DLT… provided the operational risks are properly identified and mitigated”, and undertook to keep the situation under review.

With the emerging shoots of national regulation, the European Securities and Markets Authority (ESMA) has started taking a closer look. It published a report in February 2019 which states: “ESMA has identified a number of gaps and issues in the existing regulatory framework when applied to crypto-assets”. This statement, with its emphasis on assets, also reflects the reality that the regulation that currently exists tends to focus on the underpinning assets, rather than the ledger itself.

As in Gibraltar, there have been some isolated approaches, but Fujitsu anticipates that in 2019 we will see increased demand for regulation and standardization changes. This is a direct result of enterprise use cases driving relevance into blockchain and DLTs, plus the need to interconnect and integrate the different chains, for which standards and protocols are essential.

It is because large businesses are now shouting for regulation that governments and authorities are taking note and change is happening.

We expect there will continue to be some players within cryptocurrency communities who claim their models are self-regulating and therefore there is no need for government intervention. But negative publicity from scandals, inadequate security over assets and even plain and simple fraud have drained patience with the claimed self-regulating nature of the public blockchains.

This is why I am yet to be convinced that self-regulation is a viable, long-term option – and I believe many others feel the same way.

Increased attention from regulators and governments is not necessarily a bad thing. It will take wider interests into account while forcing enterprises and society at large to think of blockchain and Distributed Ledger Technology in terms of corporate social responsibility, compliance and ethical behavior. These are positive directions for the future.

Managing ID

One noteworthy aspect of our transitory phase is that 2019 will see the emergence of new features for blockchain platforms that make it possible to share and manage data and identity in a much more controlled way, while complying with laws and regulations such as GDPR.

ID is a thorny issue in blockchain and DLT. Permissionless blockchains – where participants can be anonymous – are mind-blowingly interesting and disruptive for the entire economic and social fabric, but potentially pose all kinds of regulatory mayhem.

This is not only a consequence of regulators and compliancy requirements, but also a direct consequence of how business operates. Organizations need to know who they are working with, because of potential liabilities. In the financial sector this is highly visible in AML (Anti-Money Laundering) and KYC (Know Your Customer) obligations.

Compliancy, operational risk, claims, knowing your customer and regulatory requirements are today an essential component of the economic and financial fabric, hence the current focus on permissioned blockchains and DLT, which Fujitsu regards as the most effective options for building viable, compliant use cases.

To achieve this, one key element involves demonstrating ‘zero-knowledge proof’ (ZKP) – that is, the ability to prove that you possess key knowledge, without actually revealing the information itself. Having more stable mechanisms and standards to manage digital identity, the flow of information or the proof of existence of information are all critical enablers for extending applications to new areas.

Smart contracts need a regulatory framework

I have already argued that current ‘smart contracts’ are not really that smart, but the application of advanced analytics and AI will soon start to change that. Smart contracts certainly have the potential to reduce operational risk in contracts with multiple participants.

However, that won’t happen until the hurdle of international legal and compliance frameworks has been cleared. This will mean that the adoption of smart contracts in business models and processes, and the interaction between them and classic contracts (for example, arbitration), ceases to be the showstopper it is today.

On the one hand, enterprise adoption of any technology will always be driven by potential benefits, and on the other, the ability to execute. Dollar-quantifiable, benefit-driven use cases such as invoice fraud reduction are now here.

The pragmatic factors which are encouraging enterprise adoption of blockchain and DLT are the availability of blockchain-as-a-service platforms and proof of business rapid prototyping frameworks. These make adoption faster, more reliable and therefore less intimidating.

They also do away with the danger of creating siloed islands of technology – something the IT industry is unfortunately rather good at doing – in which DLT and blockchain technologies are supplementary platforms, rather than end-to-end solutions in business ecosystems.

Blockchain and DLTs are not, of course, the only options to achieve the optimization of business processes. It is our duty to always point a customer to the best solutions.

Sometimes, however, blockchain and DLTs so enable radical new advantages that just can’t be achieved by any other means. In cases like these, it’s a no-brainer that now is the time for enterprises to embrace both the challenge and the opportunity on offer.