On July 13, FINRA held a Blockchain Symposium to assess the use of distributed ledger technology (DLT) in the financial industry, including the maintenance of shareholder and corporate records. DLT is commonly referred to as blockchain. The symposium included participation by the Office of the Comptroller of Currency, the US Commodity Futures Trading Commission (CFTC), the Federal Reserve Board, and the SEC.
FINRA also published a report earlier in the year discussing the implications of DLT for the securities industry. Delaware, Nevada and Arizona have already passed statutes allowing for the use of DLT for corporate and shareholder records.
Blockchain is an openly distributed database that is used to continuously maintain a list of records, called blocks. Each new block is linked to prior blocks in such a way that data cannot be retroactively changed in a prior block without changing all blocks, which is virtually impossible. A DLT ledger is shared among a network of participants, instead of relying on a single central ledger.
Ultimately the blockchain technology could be used to maintain shareholder records in a secure, immediate form as well as to process capital markets trades instantaneously. It is thought that stock ledgers and any transfers would be updated instantaneously, effectively allowing for T+0 settlement of trades without the need for intermediaries. A change of this magnitude is many years away, as effective regulation and consideration on market impacts will take time.
The technology is already being utilized, most notably by the cryptocurrency industry. At least one industry leader, Overstock CEO Patrick Byrne’s t0, has created a system that could form the basis for widely used blockchain technology that disrupts the capital market trading systems. Blockchain remains widely unregulated and without consensus from top financial regulators, any change to capital market structures will face roadblocks.
FINRA Report on Distributed Ledger Technology and Implications of Blockchain for the Securities Industry
The symposium followed FINRA’s January report on DLT and its implications for the securities industry. In recent years, more than $1 billion has been invested by various market participants to explore the use of DLT in the financial services industry. Although the level and speed of disruption to current systems remains debated, it is universally agreed that DLT will be utilized in the securities industry. DLT has the potential to completely change business models and practices and as such, regulators realize the necessity to be actively engaged to prepare for the new regime. On a positive note, FINRA views DLT as having the potential to provide investors with greater access to services and transparency and to provide firms with increased operational efficiencies and enhanced risk management.
Many aspects of FINRA’s rules and areas of responsibilities can be impacted by DLT, including, for example, clearing arrangements (it is thought that DLT can eliminate middle-market participants involved in the clearing process), recordkeeping requirements, and trade and order reporting and processing. In addition, FINRA rules such as those related to financial condition, verification of assets, anti-money laundering, know-your-customer, supervision and surveillance, fees and commissions, payment to unregistered persons, customer confirmations, materiality impact on business operations, and business continuity plans also may to be impacted depending on the nature of the DLT application.
DLT is already being used in the securities markets in the form of initial cryptocurrency offerings (ICO’s) and in states that have passed corporate statutes allowing for the use of the technology to maintain corporate and shareholder records. On July 25, the SEC issued a report on an investigation related to an ICO by the DAO and statements by the Divisions of Corporation Finance and Enforcement related to the investigative report. The SEC concluded that the fundamental tenets related to the definition of a security apply and that cryptocurrencies and tokens that fall within that definition are securities, subject to SEC regulations, regardless of the title or form they may take.
FINRA’s report on DLT is broken down into three sections, including: (i) overview of distributed ledger technology; (ii) DLT securities industry applications and potential impact; and (iii) factors to consider when implementing DLT. FINRA also discussed regulatory requirements and potential changes related to DLT.
Overview of Distributed Ledger Technology
DLT involves a distributed database maintained over a network of computers where information can be added by the network participants. Each added layer of information or data is referred to as a block. The network participants can share and retain identical cryptographically secured information and records. DLT uses either a public or private network. A public network is open and accessible to anyone that joins, without restrictions. All data stored on a public network is visible to anyone on the network, although it is encrypted. A public network has no central authority and relies solely on the network participants to verify transactions and record data on the network. Algorithm and computational technology is used to protect the integrity of the data.
A private network is limited to individuals and entities that are granted access by a network operator. Access can be tiered with different entities being allowed differing levels of authority to transact and view data. In the financial services industry, it is likely that networks will be private.
The transactions and data on the network usually represent an underlying asset that may be digital assets, such as cryptosecurities and cryptocurrencies, or a representation of a hard asset stored offline (a token representing an interest in a gold bar, for example). Assets on a DLT network are cryptographically secured using public and private key combinations. The public key combination allows access to the network itself, and the private key is for access to the asset itself and is held by the asset holder or its agent.
A transaction may be initiated by any party on the network that holds assets on that network. When a transaction is initiated, it is verified using a predetermined process that can be either consensus-based or proof-of-work based, although new verification processes are being explored. In layman’s terms, the verification process is based on computer computations. The settlement of the transaction occurs when verification is completed. Currently, this can occur immediately or take a few hours.
Once verified, a transaction is “cryptographically hashed” and forms a permanent record on the DLT network. Records are time-stamped and displayed sequentially to all parties with network access. Currently, historical records cannot be edited or changed, though technology is being developed to change that.
DLT Securities Industry Applications and Potential Impact
Currently, market participants are experimenting with several uses of DLT within the market infrastructure and ecosystem. DLT can be used in specific markets, such as debt, equity and derivatives, and in specific market functions, such as clearing. Many discrete applications exist for the use of DLT, including, for example, clearing arrangements, recordkeeping requirements, and trade and order reporting and processing. In addition, DLT can impact financial condition recordkeeping and reporting, verification of assets, anti-money laundering, know-your-customer, supervision and surveillance, fees and commissions, payment to unregistered persons, customer confirmations, materiality impact on business operations, and business continuity plans.
The most common current use of DLT is related to private company equities. DLT can be used to track transfers, maintain shareholder records and for capitalization tables. Nasdaq has utilized DLT technology to complete and record a private securities transaction using its Nasdaq Linq blockchain ledger technology. The Nasdaq platform allows private companies to use DLT to record and track trading of private securities.
DLT will eventually be used for public company equities, but the regulatory aspects are behind the technology. However, Overstock’s Patrick Byrne has created and launched a private platform to allow for public trading of securities using blockchain, called t0 Technologies. The platform only currently trades Overstock’s digital shares, but as an SEC-licensed alternative trading system (ATS), the foundation is in place for utilizing the platform to launch and trade public offerings of third-party securities.
The debt market also sees the benefit of DLT. The current average settlement time for the secondary trading of syndicated loans is approximately a month. The repurchase agreement marketplace is filled with inefficiencies, as is the trading market for corporate bonds. DLT could be used in all aspects of these markets. It is thought that DLT can also be used to automate the derivative marketplace and create greater transparency.
DLT technology is being worked on to create operational processes with the securities industry itself as well, including by creating central repositories of standardized reference data for various securities products, creating efficiencies for all participants. DLT can also centralize identity management functions on a global scale.
In addition to the centralization of data, DLT can be used to process transactions by using overlaid software. For example, “smart contracts” can be created that would automatically execute agreed-upon terms in a contract based on certain triggering events. Smart contracts can be used for escrow arrangements, collateral management and corporate actions such as dividends and splits. In addition to discrete areas, DLT can have market-wide impacts, as well. One area that is gaining traction is the clearing process. Overstock’s platform is called t0 as a play on the widely used T+2 (formerly T+3) time for settlement. t0 references the immediate clearing and settlement of trades using DLT technology. However, despite the technological abilities, FINRA notes that it is unclear what the ideal settlement time would be for various segments of the securities market. Some market participants advocate for a netting and end-of-day settlement rather than a real-time contemporaneous process.
Real-time settlements would also impact short trading and other hedging transactions, including by market makers. On the positive side, it is thought that real-time settlement will reduce market risk, free up collateral and create overall efficiencies. As FINRA notes, it is likely that considerations related to settlement times will differ based on asset type, volume of transactions, liquidity requirements, impact on market makers and current market efficiencies. Clearly DLT will increase market transparency. The basis of the technology is a series of blocks with a complete history available for view by network participants. Market participants and the investing public could be provided with access to relevant information on the network without the need to create a new reporting infrastructure. FINRA notes that regulators need to consider the benefits of such total transparency and the counter need to protect privacy, personally identifiable information and trading strategies. Also, consideration must be given to the need to ensure that material information available to a private network does not disadvantage the rest of the public.
DLT has the ability to alter or even eliminate the roles of intermediaries in the securities industry. The process of executing a trade as well as the subsequent settlement and clearing of such trade could be done directly between the issuing company and purchaser or third-party buyers and sellers. In addition, the need for market participants that effectuate transaction netting and maintenance of margin requirements could be reduced or eliminated.
The operational risks associated with the securities markets can be changed, including sharing information over a network of multiple entities, the use of private and public keys to obtain access to assets, the use of smart contracts and other automated operations. The very nature of DLT as a shared network creates cybersecurity risks and the need for robust countermeasures.
Factors to Consider When Implementing DLT
As discussed, DLT applications have already impacted the securities industry. Many financial institutions have already established in-house or third-party research teams to build and test DLT networks and applications. FINRA’s report provides a good high-level summary of the obvious factors to consider with implementing DLT technology in capital markets, including governance, operational structure and network security.
A basis of DLT technology is that it is an open network with no centralized governing power or operator. FINRA notes that although there are benefits to this system, there are also issues, such as how to handle a large volume of transactions effectively. As a result, closed networks have started where participants are pre-vetted trusted parties. In the capital markets, questions will need to be answered related to the operation of the network and who has responsibility for what aspects—for example, who would decide governance and internal controls and procedures, who would enforce these governance rules, who would be responsible for day-to-day operations including addressing system failures or technical issues, and how errors would be rectified and conflicts of interests addressed.
Any DLT Network will need to consider its operational structure, including a framework for: (i) network participant access and related onboarding and offboarding procedures; (ii) transaction validation; (iii) asset representation (such as shares of stock); and (iv) data and transparency requirements. A network will need to establish criteria and procedures for establishing and maintaining participating members and determining their level of access. Controls and procedures will need to address: (i) criteria for participants to gain access to the network; (ii) a vetting and onboarding process, including identity verification and user agreements; (iii) an offboarding process for both involuntary offboarding as a result of noncompliance and voluntary offboarding; (iv) monitoring and enforcement procedures for compliance with rules of conduct; (v) establishing various levels of access; and (vi) access for regulators.
Networks will need to determine a method for transaction validation. In the short history of blockchain, there have already been different methodologies. Validation could be consensus-based, single-node verifier or multiple-node verifier. Each method has pros and cons, and the specific algorithms and processes would need to be ferreted out.
On the topic of asset representation, networks will need to determine if the actual asset will be directly issued digitally (which only works for certain assets, such as intangibles, stock or agreements representing ownership interests) or issued traditionally and be tokenized on the network. If tokenized, further thought must be given to security, handling loss or theft of the underlying asset, fractionalization issues, handling changes such as reverse or forward stock splits or conversions, and new issuances as some examples.
Likewise, thought must be given to the handling of cash on the network, including the settlement of transactions. In that regard, could tokens become a form of cash and if so, how would they ultimately be converted into established government currencies? Ownership in almost any asset could also be tokenized (such as diamonds, gold, precious metals, art, etc.), creating issues of custodianship and security for the underlying asset. Intangible assets would be relatively easy to tokenize. Fungible assets would be easier than non-fungible assets, with unique assets being the most difficult.
A network will need controls and processes related to data transparency, including public or shared information versus private information.
In addition to the security of the underlying asset, there are security concerns with the network itself. The issue is more complex due to the decentralized nature of, and global access and participants to, the network. A DLT Network must have security for external and internal risks while maintaining the privacy of personal information for network participants.
Network participants will need to consider: (i) how DLT fits within their current recordkeeping framework, including maintenance and backup systems; (ii) cybersecurity issues, including hacking, phishing, malware and other forms of threats and program and testing requirements; (iii) updating written supervisory procedures and policy procedures; and (iv) business controls for identity and transaction verification and fraud prevention.
Broker-dealers are currently exploring issuing and trading securities, facilitating automated actions such as dividend payments and maintaining transaction records on a DLT network. These areas are regulated by both the SEC and FINRA. The FINRA report points out the potential for a “paradigm shift for several traditional processes in the securities industry through the development of new business models and new practices incorporating DLT” that requires regulatory attention.
Customer Funds and Securities
DLT will create new ways to hold customer funds and securities and thus custodial changes. Broker-dealers that hold funds and securities must generally comply with Exchange Act Rule 15c3-3, which generally requires the broker to maintain physical possession or control over the customer’s fully paid and excess margin securities. Where funds and securities are purely digital, such as cryptosecurities, consideration will need to be made over how they are accounted for and who has the obligation. In addition, certain activities and access levels could amount to “receiving, delivering, holding or controlling customer assets,” such as having access to a private key code for a customer.
Also potentially implicated in this area are Exchange Act Rule 15c3-1 related to net capital requirements, FINRA Rule 4160 on verification of assets and Exchange Act Rule 17a-13 related to quarterly security accounts.
Broker-Dealer Net Capital
Exchange Act Rule 15c3-1 requires a firm to maintain a minimum level of net capital at all times. The FINRA Rule 4100 series sets forth the rules and requirements for complying with net capital requirements, including calculations and which assets are allowable or non-allowable within those calculations. Regulations need to address how cryptosecurities, digital currency, and tokens in general will be accounted for, for purposes of net capital calculations.
Books and Records Requirements
Exchange Act Rules 17a-3 and 17a-4 and FINRA Rule 4511 regulate book and record requirements for broker-dealers. DLT allows books and records to be maintained on the network itself, though consideration must be made as to how this will comply with regulations, and what changes need to be made with the regulations to update for the new technology.
Clearance and Settlement
It is my view that DLT could have the biggest impact on clearance and settlement from a pure industry disruption viewpoint. FINRA notes, “Depending on how trade execution and settlement is ultimately structured, broker-dealers and other market participants may wish to consider whether any of their activities in the DLT environment meet the definition of a clearing agency and whether corresponding clearing agency registration requirements under Section 17A of the Exchange Act would be applicable.”
In addition, DLT could eliminate the distinction between introducing and clearing brokers and the corresponding carrying agreement rules.
Anti-Money Laundering and Customer Identification Programs
DLT allows for global and anonymous participation, and accordingly practices and regulations will need to address anti-money laundering (AML) and customer identification obligations (CIP). The Bank Secrecy Act of 1970 requires controls and procedures to detect and prevent money laundering. FINRA Rule 3310 addresses AML obligations.
In addition, FINRA Rule 2090, the Know Your Customer (KYC) rule, requires firms to “use reasonable diligence, in regard to the opening and maintenance of every account, to know (and retain) the essential facts concerning every customer and concerning the authority of each person acting on behalf of such customer.” Technology is already being explored to centralize identity management functions such that once a customer identity is verified, the information can be shared with all network participants. Obviously this would greatly streamline processes for broker-dealers and customers alike.
It is likely that DLT technology will surpass regulatory changes in the AML/CIP/KYC sectors. The FINRA report notes that the current rules allow a firm to outsource functions to third parties, but not overall responsibility. Accordingly, a firm could utilize DLT technology for these functions now if they can fashion internal controls and procedures that comply with the ultimate rule responsibilities.
Customer Data Privacy
Broker-dealers have an obligation to protect personal customer information (Regulation S-P). The rules also require that a firm provide an annual notice to customers related to the protection, and sharing, of their personal information. DLT by nature will include customer information and transaction histories that will be available to network participants. Regulations, as well as internal controls and procedures, will need to adapt to DLT technology.
Trade and Order Reporting Requirements
FINRA regulates the trading and order reporting requirements for the over-the-counter (OTC Markets) and requires certain reports to a centralized Securities Information Processor for listed securities. DLT may be soon be used for the facilitation of OTC Markets equity transactions. This may involve tokenizing existing securities and trading on a different network. FINRA Rule 6100 Series (Quoting and Trading in NMS Stock), Rule 6400 Series (Quoting and Trading on OTC Equity Securities), Rule 4550 Series (Alternative Trading Systems) and Rule 5000 Series governing offering and trading standards and practices would all be implicated.
Supervision and Surveillance
DLT networks will present new and unique challenges related to maintaining supervisory rules and procedures as well as surveillance systems themselves. This area includes the ability to review customer accounts and correct order errors. Like other areas of DLT technology, centralized systems available to all network participants are being developed that can perform some of these functions.
Fees and Commissions
Certain additional fees may be necessary for a DLT network, such as wallet management, key management and onboarding, whereby other areas may reduce fees as centralization brings economies. In addition, consideration must be given to the payment of fees to third parties that are not registered broker-dealers but that provide DLT outsource functions.
Customer Confirmations and Account Statements
Exchange Act Rule 10b-10 requires firms to provide customers with certain records, including trade confirmations and account statements. DLT technology will change the flow and availability of information.
Material Impact on Business Operations
NASD Rule 1017(a)(5) requires broker-dealers that undergo a material change in business operations to file a Continuing Membership Application (CMA) prior to implementing the material change. Many of the aspects of DLT technology may result in a material change, and broker-dealers need to consider the need to file 1017 applications.
Business Continuity Plans
FINRA Rule 4370 requires broker-dealers to maintain business continuity plans. Firms must consider the impact of DLT technology on their plans and update accordingly.