7 regulatory challenges facing blockchain
When the subject of blockchain is addressed, it is usually to hail it as a technology that will overhaul entire industries. "It is a revolution because blockchains can record identities, financial transactions and all kinds of legal operations", says tech guru Chris Skinner. Nonetheless, the technology and its applications are still subject to study, and remain in a very nascent stage, particularly in the banking sector where regulators are charged with coordinating and guaranteeing industry stability.
With this in mind, BBVA Research has prepared a report entitled "Blockchain in Financial Services: Regulatory Landscape and Future Challenges for its Commercial Application", in which Javier Sebastián, Digital Regulation Manager at BBVA, evaluates the regulatory challenges that the technology still needs to overcome before it can be used in the world of financial services.
1.- Legal framework regarding the legal nature of blockchains and shared distributed ledgers. This includes territoriality (issues of jurisdiction and applicable law) and liability should something go wrong. By definition, shared distributed ledgers (or DLT) have no specific location. In terms of jurisdiction and applicable law, territoriality constitutes a problem, as each network node may be subject to different legal requirements, and there is no "central administration" responsible for each distributed ledger, the nationality of which might act as an "anchor" in terms of regulation. Following this same reasoning, liability also represents a concern, as there may be no party ultimately responsible for the functioning of distributed ledgers and the information contained therein.
2.- Legal framework for recognition of blockchains as immutable and tamper-proof nodes, ensuring the veracity of information contained therein. A legal framework is required for using blockchains as unique and trusted sources of identity. Before this is possible, standardized regulation is necessary on data protection and authenticating the identity of legal persons.
While there is wide consensus among the cryptographic and IT community regarding the practical immutability of blocks in a well-defined blockchain, either because it is technically impossible to modify blocks in "work test" systems or other kinds of controls linked to consensus mechanisms, there is as yet no legal recognition of this aspect of blockchains, and therefore it could not be wielded as a legal argument in court.
At present no tribunal has issued any ruling recognizing blockchains as tamper-proof and immutable guarantees of veracity.
3.- Regulation regarding interpretation of the "right to be forgotten", as the "tamper-proof" characteristic of blockchains “clashes” with said right, granted under European regulation to protect personal data. The fact that a blockchain is immutable may represent a problem, as it might conflict with other rights recognized by politicians, governments and/or regulators. One example is the "right to be forgotten" granted to each citizen under European regulation, which allows any European citizen the right to have information stored in external databases, either on paper or in electronic format, deleted should they so wish.
The only solution to reconcile such rights with the very nature of blockchains may be to replace the right to have information "deleted" with a right to "prohibit the use" of personal information by third parties. This could be achieved by a combination of automatic data encrypting when certain conditions are in place (which could mean use of smart contracts) or alternative solutions to prevent said information being accessed when an individual decides to exercise their right.
4.- Legal framework regarding the legal validity of documents stored in blockchains as evidence of possession or existence. Similar to the recognition of blockchains as unique immutable sources of veracity, a second level of recognition is required before blockchains can be used in certain businesses. This regards not only recognition that the information cannot be modified, but also recognition that inclusion in a blockchain of a deed declaring ownership or the existence of an asset represents genuine proof of ownership or the real existence of said asset.
However, assuming that the verification process regarding the property/existence prior to inclusion of the document in the blockchain is sufficiently sound, and we are confident of the efficacy of the cryptographic mechanisms used in blockchain technology, then recognition of blockchains as immutable sources of trust implies that documents located in blockchains really can be used as proof of existence or ownership. However, it is another matter whether the courts of a given country might accept this. Again, there is no jurisprudence for us to fall back on.
5.- Legal framework regarding the legal validity of financial instruments issued in blockchains. When blockchains are used as a platform to define "native" financial instruments, such as bonds or derivatives, recognition is required of the legal validity of said financial instruments by regulators and supervisors. Obviously, one key financial instrument that could be issued in blockchains is money. Native money issued in blockchains could have serious implications for monetary policy and macroeconomics, and warrants a deeper analysis that goes beyond the remit of this document.
6.- Legal framework for smart contracts generally speaking, and for international trade in particular, including applicability in the real world, territoriality and liability. The issues mentioned in point 1 regarding territoriality and liability are likewise applicable to smart contracts, but require a series of additional considerations:
As far as jurisdictional issues are concerned, there is not only the issue of whether the distributed ledger itself has a specific location, but also the issue of signatories to the contract being subject to different laws under their respective jurisdictions. Regarding liabilities, numerous parties are involved in smart contracts: not only the parties to the contract, but also the creator of the same (usually some kind of encoder) and the custodian of the contract (ideally there would be no need for the latter party). As well as the obvious possibility of one of the contracting parties breaching the contract, there is a chance that the contract itself may be flawed, either due to coding errors or design errors. Thus, when a smart contract fails to work as expected, which party would be liable?
7.- Regulation on the use of blockchains as a valid regulatory registry for the Internet of Things. It has been said that blockchains could be particularly useful for the Internet of Things. In the Internet of Things all connected devices have an identity. It would therefore be truly useful to establish a shared registry storing the "identity" and details of each connected thing, while allowing them to conduct transactions between each other, including M2M (machine-to-machine) payments.
The idea of having one or several "shared distributed ledgers" for the Internet of Things seems to be gaining traction, and would require a legal framework recognizing distributed ledgers as valid regulatory registries. All of the above challenges regarding territoriality, liability and the applicability of smart contracts are, of course, also pertinent to any blockchain associated with the functioning of the Internet of things.
Javier Sebastián
Javier Sebastián Cermeño, Digital Regulation Manager at BBVA, identifies and evaluates digital trends and their impact on financial services. His work focuses primarily on new business models and regulatory requirements. LinkedIn