What is the ISSA DLT working group currently working on? What trends are you seeing in the market?
Glen Fernandes: We have just released a whitepaper on crypto assets, which discusses how the industry could move from theory to practice on crypto assets and DLT. The paper is a result of in-depth discussions and workshops over the last eight months with our members which include global central securities depositories (CSDs), custodians, fintechs and other financial market infrastructures (FMIs). It helps set the picture on the best practices and considerations on issuing, settling, safekeeping and servicing crypto assets including securities tokens. We wanted to also highlight the challenges in terms of interoperability and the elements of law and regulation that need further clarification.
What advantages do crypto assets offer over traditional securities?
Fernandes: Crypto assets are held in a digital form on a database that is distributed across participants, whereas traditional securities are held digitally in centralised databases and in book-keeping form. Distributed ledgers by nature allow for a more distributed governance compared to what currently exists. On one side, this brings the convenience and transparency of directly interacting with counterparties and naturally pushes for efficiencies and harmonisation of data standards. On the flip side, it brings challenges, amongst others in terms of how can such governance be regulated and how can market participants be held accountable within this new kind of governance structure. It also introduces a number of risks. The industry needs to understand how they can extract the benefits while still having the same level of safety and efficiency that exists today in capital markets.
What kind of risks are associated with using crypto assets?
Fernandes: If you look at the safekeeping of assets today in traditional form, the assets are first issued in the CSD, then held via the custodian and the custodian and CSD ensures that there is asset protection. In the case of crypto assets, you have the possibility of holding the assets directly on the ledger through private keys. However, self-custody of private keys also introduces a risk, where they can be stolen and then assets transferred to a different address. This is similar to the risk of losing bearer instruments in capital markets. There needs to be an industry solution that can be acceptable to institutional investors from a custody perspective. Similarly, you also have other risks around the issuance and settlement of crypto assets. These risks are similar to risks in capital markets that have been mitigated by FMIs like CSDs, by custodians and intermediaries. They are different in form but essentially same in substance.
Urs Sauer: The risks we have today will not magically disappear. Know your customer (KYC) and anti-money laundering (AML) will all still have to be done no matter what technology is behind it. The promise that it holds is certainly more efficiency and reduced reconciliation, as well as reduced risks if services are provided in a regulated environment. We have seen the non-regulated part dealing with cybersecurity and break-ins with little end-investor protection.
What are the legal and regulatory implications of developing services and platforms for the issuance and trading of crypto assets?
Sauer: There are quite a few things that need to be looked at, for example, internationally the regulations are not standardised. Certain jurisdictions are further ahead or further behind. This starts at the very basics, such as the definition of a securities token, if you have different definitions you will have different regulatory approaches—this part remains one of the main headaches. You have to look at regulation jurisdiction by jurisdiction—there is not a separate regulatory approach just for crypto assets or securities tokens, the whole handling has to fit in with the regulatory environment, which in itself brings challenges.
Fernandes: There are areas that need to be clarified, the first one is what are the legal qualifications of a crypto asset, for example, does a token qualify as a security under specific jurisdiction. This also has implications on the qualification of service providers, for example, in the EU if you are dealing with the Markets in Financial Instruments Directive transferable securities you would need to have the relevant qualifications to custody a crypto asset or transfer crypto asset or if you wanted to settle it with legal finality, you would need to have the relevant qualifications to be a CSD. So implications around the qualification of the asset determines the licensing needs of the service providers.
Clarity is also needed around how legal title is achieved through the holding of private keys—do they actually give you ownership and entitlement to the asset? There are a number of areas from a regulatory perspective that need to be clarified such as qualification as property, tax treatment, asset protection, compliance around AML and KYC is also important.
Are regulators currently reviewing existing securities laws and regulations to ensure they remain suitable for the crypto asset markets? What should their concerns be and how can they move forward without jeopardising innovation?
Fernandes: Indeed a number of regulators are reviewing existing securities laws and regulations to ensure that they are suitable to support the development of DLT based ecosystems and securities tokens in particular. Many have already provided guidance of the taxonomy and possible treatment of tokens. Some have even provided frameworks or provided clarifications on existing laws and regulations with respect to DLT and crypto-assets.
Regulators are actively working to create balance and ensure investor protection and market stability while at the same time not stifling innovation. The way in which regulators are looking at it is very pragmatic, they seem to be taking a substance over form approach, which should ensure we have technology-neutral regulation.
Moreover, many regulators are also using the principle of “same activity, same risk, same regulation”. So if a crypto asset token behaves like security and provides the same entitlements we should expect such assets would be regulated in the same way as securities and participants providing the same service on these assets as other regulated service providers would need to obtain the same regulatory qualifications. This will avoid the market being in a situation where essentially the same asset or service is regulated in two different ways, one more robust than the other.
How is the servicing of crypto assets different from traditional securities? And how will the role of the asset servicer change?
Sauer: Asset servicing will need to be provided to the customers similarly to today’s environment. Forks in a crypto asset environment need to be looked at as they can not be equated one-to-one to a corporate action, or a regular asset servicing issue because it might involve IT upgrades and IT changes where a provider would need the option to not implement the necessary updates.
In the asset servicing corporate actions side, there is a great promise that everyone sits on the same information that is shared. If this is the case, the efficiency on how you process it will be tremendous because there will be no more reconciliation, no more handling of items, everyone has the same information. There is also the smart contract set up which will enhance it further and bring the rise to control and responsibility factors.
Fernandes: That point is very important because there is an implication in terms of what roles we can expect within the digital asset world and a number of those roles might be typically similar to what you see today and existing service providers such as custodian banks or CSDs, and given the experience in the securities services market would be well-placed to play those roles, although they will possibly need to adapt. However, you might also have new roles that emerge for example a verification agent for smart contracts and you have to consider the accountability of those roles and the new risks they introduce or mitigate.
How do firms ensure the safekeeping of crypto assets? What services are currently available? And what risks would safekeeping services entail?
Fernandes: When we talk about safe keeping, there is a differentiation that needs to be made between the safekeeping of crypto assets that are held on public blockchains and where investors can directly hold and transact these assets, versus safekeeping that exists on private permission blockchains where a consortium of banks are trying to create a private blockchain ecosystem. For example, if you are accessing assets on a public blockchain through the internet, there is a high chance of private keys being stolen. Private key safekeeping becomes less relevant on private permissioned blockchains as other security, control and service measures can be used to mitigate the risk.
The second part is to think about what it means from a service provider point of view. For example, if I was holding a crypto asset on a public blockchain and I asked a custodian to safe keep my private key, they wouldn’t be able to guarantee that my assets would be safe because somebody could copy the private key from me and then steal the asset and the custodian would have no control over that. The typical custody model would see the transfer of the assets to a custodian address and the custodian would then have the ability to control/protect the asset and provide transaction services to the underlying clients.
Sauer: In the current environment, I don’t think we have an institutional-grade asset servicing safekeeping service, and that’s what is hindering a lot of development. The industry is aiming for an institutional-grade asset servicing safekeeping service. The industry has suggested that crypto-assets are here to stay and we need to deal with them and bring institutional-grade reliability to it. There are a few projects on the way that holds the promise that they will deliver. It will take a lot of time for the current infrastructure to disappear, there are a lot of services that the current infrastructure provides so the current set up is not there yet. By the end of 2020, I would expect to see a few clear pointers on what works and what doesn’t work on an institutional-grade level.
What work is currently being done to devise market standards and other tools that will enable crypto asset service providers and platforms to interoperate with each other?
Sauer: We have an ISO working group that is working on it, we have 20022 data standards that holds the promise that the demand for data is clearly structured. The ISO/TC 307 ‘Blockchain and DLT’ was set up in 2016. However, the working group doesn’t believe this work is sufficient. If we don’t see more work with this, the industry might see some distributed ledger technologies that cannot talk to each other.
Fernandes: There are two levels with interoperability, the first is a technology level because you have a number of these providers that have come up, but there isn’t one standard across the market.
There are some standards being set but there is much more that needs to be done. The second is standards from a business perspective, in terms of business definitions.
