July 01, 2019

Compliance Implications of Recent DLT and Blockchain Related Developments for Financial Institutions

Eric Ubias

Facebook’s announcement that it will seek to roll out a cryptocurrency called Libra signals the advent of cryptocurrency’s ascent into the mainstream. It marks a tipping point as access to Libra would expose many of the company’s massive global userbase to cryptocurrencies for the first time. That said, Big Tech is not the only leader in the space. Financial institutions are also drivers of innovation for the distributed ledger and blockchain technologies that underlie cryptocurrencies like Libra. Financial institutions have invested significant resources in the research and investigation of potential use cases, launched proof-of-concept pilot programs, and collaborated with others. They are already subject to a comprehensive framework of laws and regulations under the Bank Secrecy Act and supervisory regimes. Consumer-facing, retail services trigger additional consumer protection compliance requirements and disclosures. Additionally, the domestic retail payment infrastructure is relatively quick and efficient for low value high volume payments compared to blockchain solutions due to scalability and throughput limitations on the volume of transactions of the technology, but that is changing as the technology improves. As such, financial institutions exploring blockchain solutions have thus far generally focused on back-office processes, treasury services, liquidity management, clearing and settlement, wholesale payments, and identification management for know your customer (KYC) purposes that may not grab the headlines. Nevertheless, financial institutions are poised to take advantage of the maturation of the regulatory environment in the space.

Blockchain Background

Primers on distributed ledger technology (DLT) and blockchain technology abound and are not covered here. Still, there are four technical points that are pertinent to this discussion:

  • First, the terms distributed ledger technology (DLT) and blockchain technology are frequently used interchangeably. However, blockchain is a specific type of DLT characterized by a single, global ledger shared across a distributed public or private network. DLT encompasses a broader class of distributed database implementations that may not have a single, global ledger. These technical distinctions have become less relevant with data privacy-focused blockchain platforms like Quorum that have a single, global ledger, but where only a subset of transactions on the ledger are visible to any network participant. For simplicity, in this article, blockchain will be used throughout.
  • Second, public blockchains such as Bitcoin or Ethereum are described as “permissionless” because control of the network is decentralized and accessible to anyone. Private blockchains are described as “permissioned” because the system is controlled by one entity or a consortium of network participants that restrict access to the blockchain. Financial institutions have focused on developing private blockchain solutions, which they control or participate in the governance of, such as in a blockchain consortia. Private blockchain implementations also allow financial institutions greater customization capabilities to address regulatory and auditing requirements as well as privacy and confidentially considerations.
  • Third, a fundamental difference between blockchain and a more traditional database server model is that blockchain anticipates and accounts for updates to the blockchain ledger from unreliable or untrustworthy sources within the network through a consensus mechanism. This core feature adds complexity but is a key part of blockchain’s built-in value proposition. Blockchain at present and for the foreseeable future will likely lag behind server database models (cloud-based or otherwise) in metrics such as speed, efficiency, capacity and capabilities in the service of its consensus mechanism.
  • Fourth, blockchain’s differences should dictate the type of use cases where a blockchain solution might be more viable than traditional database models. These use cases include instances where: (1) more than one entity requires access to the blockchain ledger; (2) there are potential trust issues as to who controls the data; and (3) there is a need for robust data integrity protections and a tamperproof auditable trail for all changes to the data.

Compliance Considerations for Financial Institutions

The maturation of the regulatory environment has created greater certainty and provided an opening for the growth of virtual currencies, digital assets, and security tokens within blockchain ecosystems. With a panoply of new entrants and disruptive technology, legal practitioners in this space need to stay abreast of these developments. The following are a few key areas that may impact a financial institution’s involvement with blockchain ecosystems.

AML/KYC

The Financial Action Task Force (FATF), which is an independent intergovernmental body that sets global standards for anti-money laundering and counter-terrorist financing (AML/CTF) provided guidance on virtual assets and virtual asset providers on June 21, 2019. The FATF’s position is that virtual service providers should face the full set of AML/CTF obligations as financial institutions including application of the Travel Rule. The Travel Rule requires financial institutions to collect specific information to help law enforcement determine the source of the transmittal of funds and its recipients. Banks in the United States have operated under the Travel Rule since it was first promulgated by the U.S. Department of Treasury Financial Crimes Enforcement Network (FinCEN) in 1996. See 31 CFR § 103.33(a). However, while Bitcoin emerged in 2009, FinCEN did not provide guidance on the treatment for activities involving virtual currencies like Bitcoin under the Bank Secrecy Act and FinCEN regulations until 2013. In the 2013 guidance, FinCEN described “virtual currency” as a medium of exchange that can operate like currency but that does not have all the attributes of “real” currency, as defined in 31 CFR § 1010.100(m), including legal tender status. FinCEN has described CVCs as a type of virtual currency that either has an equivalent value as currency, or acts as a substitute for currency, and is therefore a type of “value that substitutes for currency” as defined in its money transmitter regulations. 31 CFR § 1010.100(ff)(5)(i)(A). More recently in May 9, 2019, FinCEN issued guidance on the Application of FinCEN’s Regulations to Certain Business Models involving Convertible Virtual Currencies. FinCEN also issued an Advisory on Illicit Activity Involving Convertible Virtual Currency that same day. FinCEN stated that both were intended to assist financial institutions to meet their BSA obligations with respect to virtual currencies and convertible virtual currencies (CVC).


Overlapping Regulatory Frameworks

Financial institutions and the broader blockchain community are still dealing with uncertainty regarding the regulatory requirements for their projects. For instance, financial institutions involved in the issuance of tokens must navigate the U.S. Securities Exchange Commission’s (SEC) policing of the issuance of tokens and cryptocurrencies. Notably, SEC staff recently issued a no-action related to the issuance of token on a private blockchain platform. TurnKey Jet, Inc., SEC No-Action Letter (April 3, 2019). TurnKey provides an interstate air charter services and wished to issue tokens that could be redeemed for air charter services. The SEC Division of Corporation Finance concluded it would not recommend an enforcement action by the SEC for violations of registration requirements of the federal securities laws. The SEC staff noted that TurnKey had: (1) a fully operational blockchain platform with tokens that were immediately usable; (2) tokens that were effectively pegged at one USD and were not marketed for a potential increase in value for the life of the program; and (3) restrictions that limited the use of tokens solely for internal use on the private blockchain platform.

This informal guidance is of limited value for those involved with the issuance of tokens on public blockchains that can be traded on digital asset exchanges. However, it is relevant for financial institutions like JP Morgan and UBS. In February of this year, JP Morgan announced that it would create a digital coin for the transfer of payments between institutional clients. Notably, JP Morgan will be issuing the coins on a private blockchain platform pegged on a one-for-one basis with USDs for clients with designated accounts with the bank. Separately, UBS is leading a consortium of global financial institutions in the issuance of a tokenized form of fiat currencies for wholesale payments. The token is fully backed by cash held in accounts at central banks. The platform is a private, permissioned blockchain based on Ethereum and the token is called Utility Settlement Coin (USC). The goal is for the USC to facilitate and streamline wholesale payments by processing interbank transactions and reducing reliance on intermediaries such as clearinghouses.


Auditing of Financial Statements Involving Blockchain/Accounting Issues

One of the touted benefits of blockchain is that an immutable blockchain ledger will improve the traceability and indeed auditability of transactions. However, the ease with which recorded transactional data can be collected from the blockchain should be distinguished from the reliability, accuracy, and objectivity of such data. Providing reasonable assurance about the accuracy and reliability of financial statements and internal controls over financial reporting require more than simply being able to verify the occurrence of a transaction on a blockchain ledger. There still may be questions over value or ownership or even over the reliability of the blockchain itself. These issues are being tackled by the American Institute of CPAs (AICPA), who on June 20, 2019 issued a much-anticipated proposal to update the auditing standards for audit evidence to address emerging technologies. See AICPA’s Proposed Statement on Audit Standards (SAS), Audit Evidence.

Notably, neither the U.S. Generally Accepted Accounting Principles (GAAP) nor the International Financial Reporting Standards (IFRS) currently directly address accounting standards for the broad category of digital assets and liabilities. For accounting purposes, although a diversity of practice still exists, the prevailing view is to treat digital assets reflected on blockchain ledgers as intangible assets, inventory, or investments depending on specific facts and circumstances. Although there has been no standard setting by the Financial Accounting Standards Board, the International Financial Reporting Interpretations Committee (IFRIC) issued an important agenda decision in June 2019 regarding a subset of these digital assets. The Committee considered the accounting treatment under the IFRS for holdings of cryptocurrencies that had the following characteristics:

  • a digital or virtual currency recorded on a distributed ledger that uses cryptography for security.
  • not issued by a jurisdictional authority or other party.
  • does not give rise to a contract between the holder and another party.

While the IFRIC declined to add the issue to its standard-setting agenda, it provides a persuasive interpretation for accounting treatment of cryptocurrencies for entities subject to GAAP and an authoritative one for those subject to IFRS.

Third-Party Relationships

The Office of the Comptroller of the Currency (OCC) requires national banks and federal savings associations (“banks”) engaging in activities with third parties to do so in a safe and sound manner. As such, banks developing blockchain solutions need to ensure that their third-party risk management processes are commensurate with the risk and complexity of the third-party relationships that they enter into with other entities involved with these blockchain projects. In addition to performing the appropriate level of due diligence, written services agreement involving third-party relationship should account for the potential need to accommodate OCC examination oversight and the examination of third-party information systems if needed.

The OCC defines “third parties” broadly, which can include software developers, fintech companies, or even other participants in a private blockchain consortia. The OCC’s Bulletin 2013-29 (Oct. 30, 2013) guidance emphasized that critical activities involve significant bank functions obligating a bank to implement more comprehensive and rigorous oversight. This is of particular importance to banks developing blockchain solutions as the OCC identified payments, clearing, settlement, and custody as examples of critical activities include. As these are exactly the type of banking functions that blockchain solutions address, banks may need to reassess their compliance approach for third party relationships on these projects. Additionally, the OCC issued supplemental guidance with frequently asked questions in Bulletin 2017-21-29 (June 7, 2017). The guidance covers how banks should accommodate new fintech companies that do not have all of the in-depth information. It is worth noting that this same rationale would apply to the broader nascent community of developers and vendors.


Conclusion

We are at an inflection point where the continued existence and vitality of blockchain ecosystems has finally garnered widespread acceptance. Where even the staid SWIFT network has reported it will soon allow blockchain-based trade platforms to initiate payments over its global payments innovation platform (GPI). Where even global central banks are being forced to act. Earlier this year the Bank of International Settlements (BIS) published a report of its 2018 survey of 63 central banks from advanced and emerging market economies on the prospects of a central bank digital currency. BIS Papers No. 101, Proceeding with caution – a survey on central bank digital currency (January 2019). At that time, over 85% viewed the issuance of a central bank digital currency as very unlikely or somewhat unlikely in the short term (up to three years). Only two emerging market economy central banks were even considering issuing a digital currency in that timeframe. That said, this January 2019 survey report is already dated. In a recent interview with the Financial Times Agustin Carstens, the head of the BIS said that central banks may have to issue their own digital currencies sooner than expected and that BIS is working to work them. Claire Jones, BIS backs central bank plans to create digital currencies, Australia Financial Review, (July 1, 2019). We are living at a time where the pace of change continues to accelerate. As such, financial institution and the legal practitioners who serve them will need to be agile and adapt to an environment where constant change is the new normal.
 

Eric Ubias

Managing Partner, Ubias Law PLLC

Eric Ubias is managing partner of Ubias Law PLLC.  Eric can be reached at 202.818.8581 or by email at eric.ubias@ubiaslaw.com.