Research Into Inter-Governmental Standards for … Into Inter... · Research Into...
Transcript of Research Into Inter-Governmental Standards for … Into Inter... · Research Into...
Z/Yen Group Limited
Risk Reward Managers
90 Basinghall Street
London EC2V 5AY
United Kingdom
tel: +44 (20) 7562-9562 www.zyen.com
Research Into Inter-Governmental Standards for
Mutual Distributed Ledgers
PRELIMINARY FINDINGS
22 September 2016, London
@longfinance
Your Hosts
Professor Michael Mainelli
Chairman of Z/Yen Ltd.
Simon Mills MSc MPA
Research Associate Z/Yen Ltd.
Agenda
14:00 – 14:05
14:05 – 14:15
14:15 – 14:35
14:35 – 14:55
14:55 – 15:00
Welcome and aims of workshop
Overview of MDL technology
Introduction to the research
Potential risks for users of MDLs
Fitting MDLs into existing regulatory and
standards frameworks
Developing new standards for MDLs
Conclusions
Round table discussion
Next steps
Close
♦ Please submit questions at any time
using the webinar submission
♦ We will be answering your questions
after the presentation
♦ There will be a series of multiple choice
polls during the the webinar
Please submit your questions
♦ Special – City of London’s leading commercial think-tank
♦ Services – projects, strategy, expertise on demand,
coaching, research, analytics, modern systems
♦ Sectors – technology, finance, voluntary, professional
services, outsourcing
Independent Publisher Book Awards Finance, Investment &
Economics Gold Prize 2012 for The Price of Fish
British Computer Society IT Director of the Year 2004 for
PropheZy and VizZy
DTI Smart Award 2003 for PropheZy
Sunday Times Book of the Week, Clean Business Cuisine
£1.9M Foresight Challenge Award for Financial £aboratory
visualising financial risk 1997
Z/Yen
Some Of Our MDL Research
♦ 1976 – Diffie-Hellman, Merkle, RSA
♦ 1990 – Mondex, Digicash, Flooz
♦ 1993 – Encrypted Open Books
♦ 1995 – Z/Yen Stacks & Sleeves
♦ 1996 – Ricardo payment system
♦ 1998 – Wei-Dai b-money, Bitgold
♦ 1999 – LOCKSS & CLOCKSS
♦ 2000 – Gnutella
♦ 2004 – Ripple
♦ 2007 – Estonia
♦ 2009 – Bitcoin
♦ 2012 – Term ‘blockchain’ used
♦ 2013 – Silk Road, FBI, Alderney
coin
♦ 2014 – Regulators – Jersey &
Alderney, Isle of Man, FATF, ECB,
State of New York
Mutual Distributed Ledger Timeline
♦ 2015 – IBM-Samsung, Bank of
England research agenda, UK budget
for cryptocurrency standards,
Barclays, UBS, BNY Mellon, Goldman
Sachs, USAA, NASDAQ, Honduras
land registry, Channel Islands
Standards for MDLs, Fine (sic) Sign of
having arrived – Ripple $700,000, Sign
of the Tines – Bitcoin forking hell,
Economist Special, FT Special
♦ 2016 – UK government, Blythe
Masters DAH, R3, SafeShare
Insurance, XLRAS, …
♦ ledger – a record of transactions
♦ distributed – divided among several or many, in multiple
locations
♦ mutual – shared in common, or owned by a community
♦ mutual distributed ledger (MDL) - a record of
transactions shared in common and stored in multiple
locations
♦ mutual distributed ledger technology – a technology that
provides an immutable record of transactions shared in
common and stored in multiple locations
♦ blockchain - “a transaction database shared by all nodes
participating in a system based on the Bitcoin protocol”
Terminology Evolving
Ledgerage
Area Possible Applications Financial instruments, records, models
Currency, private and public equities, certificates of deposit, bonds, derivatives, insurance policies, voting rights associated with financial instruments, commodities, derivatives, trading records, credit data, collateral management, client monies segregation, mortgage or loan records, crowd-funding, P2P lending, microfinance, (micro)charity donations, account portability, airmiles & corporate tokens, etc.
Public records Land and property titles, vehicle registries, shipping registries, satellite registries, business license, business ownership/incorporation/dissolution records, regulatory records, criminal records, passport, birth/death certificates, voting ID, health and safety inspections, tax returns, building and other types of permits, court records, government/listed companies/civil society, accounts and annual reports, etc.
Private records Contracts, ID, signature, will, trust, escrow, any other type of classifiable personal data (e.g. physical details, date of birth, taste) etc.
Semi-private/semi-public records
High school/university degrees and professional qualifications, grades, certifications, human resources records, medical records, accounting records, business transaction records, locational data, delivery records, genome and DNA, arbitration, genealogy trees, clinical trials, etc.
Keys accounts, home, hotel, office, car, locker, deposit box, mail box, Internet of Things, etc. Intellectual property
Copyrights, licenses, patents, digital rights management of music, rights management of intellectual property such as patents or trademarks, proof of authenticity or authorship, etc.
Other records Cultural, historical events, documentary (e.g. video, photos, audio), (big) data (weather, temperatures, traffic), SIM cards, archives, geostamping, etc.
? Validate – “a trust model for timestamping”
Safeguard – “a set of rules for updating
state via blocks”
Preserve – “a shared state”
Reducing Natural Monopolies
No
Trusted
Third
Parties
Single
Trusted
Third
Party
Efficient
Inefficient
Master Node
Supervisor Nodes
Majority Nodes
Collective Nodes
Free for All Nodes
Bitcoin Ethereum
Ripple
Central Database
‘Woven’ Broadcasting
Mistrust Costs Coins
Paper
INSERT OTHER
Host details Property details Peroid of cover Policy
cancelled
Reason for cancellation
Premiu
m IPT
From To
First Name
Surname
Unique Refere
nce Address Poscode Address Postcod
e Date Time Date Time 9.50%
John Smith VR000
1 123 Bank
Street EC2V 5AY 54 Woodhill
Lane W17 RQ No £2.00 £0.19
Select £-
Application:
Sharing Economy Broker and Underwriter
Real World Economics Matter
Factor Bitcoin Ethereum Custom
Speed – transactions per second
7 tps 20 to 30 tps >10,000 tps per single transmitter; unlimited transmitters
Storage Fixed Fixed Fixed or Variable
$/transaction $0.10 to $2.50 $0.20 to $5.00 <$0.000001
Validation time circa 10 minutes circa 15 seconds <0.0001 second
♦ Commissioned by the States of Alderney in
May 2016
♦ Aims to look at how standards can be
developed for mutual distributed ledgers.
♦ Interviews conducted with more than 60
practitioners and other stakeholders,
supplemented by a workshop, a webinar and
desktop research
Background to the Study
♦ Understand the potential risks associated with the use
of MDLs
♦ Examine how MDLs could fit within a regulatory
framework
♦ Identify the aspects of MDL technology that would
benefit from the development of standards
♦ Determine the sectors and services which would most
benefit from the application of MDL standards
♦ Assess the development paths that could be used to
create standards
Aims of the Research
♦ New technologies can expose organisations to new
risks
♦ Regulators have responsibility for protecting
consumers and overseeing the integrity of markets
♦ Regulators can respond by developing new
regulations or encouraging the adoption of voluntary
standards
Risks
Risky Business
POLL#1 What risks do you anticipate for organisations seeking to adopt
MDLs and blockchain technology?
Governance (who will be authorized make changes?)
Liability and Responsibility (How to deal with indemnity and
joint liability?)
Compliance (Managing MDLs shared across different
jurisdictions?)
Security?
Something else?
Potential Risks Associated with MDLs
Issue Description Significance Governance Due to the persistence of data in MDLs, correcting errors may be difficult
unless a single entity is authorized to promote changes across all nodes.
Requiring the need for trusted third parties- thus potentially negating one
of the principle benefits of MDL technology
High
Liability & Responsibility Joint liability and indemnity for mistakes should be carefully considered
when relying on shared information in high risk areas such as Know-Your-
Customer, Anti-Money-Laundering, Sanctions Screening, and Ultimate
Beneficial Ownership
High
Compliance The legality and enforceability of the records or code kept on MDLs as well
as differences in privacy, financial and company laws across jurisdictions
may make compliance more complex
Medium
Security Malicious access to a public MDL, for example using a stolen key, would
enable a hacker to gain access, not only to the information stored at the
point of attack, but to the full breadth of information recorded on the
ledgers.
Medium
Transparency &
Reporting
MDLs could add complexity to risk management and oversight in securities
markets if data is encrypted.
Low
Interoperability There are currently no interoperability standards for MDL, thus there are
potential barriers for trade unless this is resolved. However,
interoperability will be a commercial imperative and is likely to be solved
by market forces.
Low
Taxonomies The “Magic Beans Effect”- Uncertainty around technology labelled as
“based on MDL or Blockchain technology” by developers.
Low
Performance What are its characteristics? Is it fit for purpose with respect to speed,
reliability, security, transparency etc?
Low
Competitiveness and Regulation
♦ Regulations must be stringent enough to protect
markets and consumers, but not so stringent as to
stifle innovation and force business to move to less
draconian jurisdictions
♦ Regulators must avoid a race to the bottom
Legally Speaking?
POLL#2 Is new legislation required for MDL Technology?
Yes - the technology will bring new risks not
covered by existing regulations
No – existing regulations are flexible enough
to cope
Legal Frameworks
♦ Existing legislation should be flexible enough
to cover the adoption of MDL technology
♦ Attempts to regulate cryto-currencies (e.g.
New York’s BitLicence) produce a high
compliance cost and may drive businesses
elsewhere.
♦ There are exceptions (e.g. insurance in the
US)
Will Big Brother Be Watching Us?
POLL#3 Could MDLs represent a threat to civil liberties?
Yes – without policy discussion record keeping on citizens
could lead to a panopticon society.
No – this is not realistic and raising the prospect with policy
makers could lead to unnecessary curbs on developers.
Standards Frameworks
A standard provides requirements, specifications, guidelines or
characteristics that can be used consistently to ensure that
materials, products, processes and services are fit for their
purpose.
Open, Closed, Mandatory, Voluntary
♦ Open standards are publicly available and (may) have been
designed through an open process
♦ Closed, proprietary or de facto standards evolve from a product line
or specific vendor (e.g. Microsoft, IBM or Oracle)
♦ Mandatory standards require compliance because of a government
statute or regulation.
♦ Voluntary standards can be established by private-sector or NGO
bodies and are available for use by any person or organization,
private or public. A voluntary standard may become mandatory as a
result of its use or adoption by a regulatory authority
Categories of Standard
Security
♦ Thematic - dealing with
common issues faced by
all organisations
♦ Sector Specific - dealing
with issues which are of
particular concern to
specific industries.
♦ Technical - dealing with
detailed technology
specifications.
Where to Apply Standards?
POLL#4 Which type of standards would most effective in
managing risks for MDLs?
Technical standards
Thematic standards
Sectoral standards
Where are the Gaps?
MDLs (general) Finance Internet of Things Technical SQL (ANSI, ISO)
XML
ISO/IEC 20800 – series metadata
standards
ACORD Standards for Insurance
Documentation
SWIFT Information Transmission
Standards
ISO 20022 – Financial industry
messages
ADEPT
Governance/
Process
ISO/IEC 20000 – IT Service
management
COBIT 5 – Framework for IT
management
BS11000 – Collaborative Business
Relationships
BS 8453 – Compliance Framework for
Financial Services
ISO 31000 – Risk Management
Standard
ISO 9001 – Quality Management
SAS 70 – Auditing of Financial
Controls
ISO 22301 – Business Continuity
NFPA 1600 – Disaster Recovery
CIIA Internal Audit Code
G20/OECD Principles of Corporate
Governance
ISO 10002 – Complaints
ISO 31000 – Risk Management Standard
ISO 9001 – Quality Management
ISO 14000 – Environmental Management
Customer Service Excellence Standard (UK)
AS ISO 10002-2006 — Customer Complaints
Legal
• NYSDFS “Bitlicence”
FATF Recommendations on AML &
KYC
EJML Steering Group Guidance on
AML & KYC
CAMS
MIFD
CE mark
2010/30/EU – Energy Labelling Directive
Directive 2006/95/EC –Equipment Safety
OHSAS 18001 ANSI/AIHA Z10-2005, CSA
Z1000-06, UNIE 81900, AS/NZS 4801:2001 –
Occupational Health and Safety Standards
IEC 61508:2001 – Functional Safety of
Electronic/ Programmable Systems
EN 62061:2005, Safety Related Systems
Technical Standards
♦ Technical standards will be emergent
♦ Emergent standards may be formalised at a later stage
♦ Move too early and innovation will be stifled and
smaller developers may be driven out of the market
“Dinosaurs love technical standards, they keep small
mammals out of their walled gardens” Interviewee
Thematic Standards
♦ Existing standards such as ISO 9000 or ISO 31000 are
flexible enough to be adapted for use with MDL technology
♦ Some concerns with respect to cross-jurisdictional data
privacy however, there are (blockchain) technological
solutions and standards such as EU-US Privacy Shield
♦ There may be an opportunity to develop a carbon intensity
standard for crypto-currencies
Where are standards needed?
POLL#5 Which would be the most useful thematic standards? (Pick 3)
Identity
Governance
Responsibility and liability
Compliance
Taxonomies and Performance
Sectoral Standards
♦ The Public Sector - civil liberties risks with respect to governance
and the type and range of data held on blockchains
♦ The Internet of things - liability, responsibility and security are key
issues which would benefit from a standards framework for
managing risks in this space
♦ Commercial transactions - it is essential that the use of MDLs in
commercial transactions does not undermine confidence in the
integrity of markets. A standards framework would be especially
helpful in the following risk areas;
Identity
Governance
Liability and responsibility
Developing world class standards
♦ Open and transparent development process
♦ Well defined objectives
♦ Detailed certification specifications
♦ Detailed accreditation specifications
Path #1 The ISO
Respected
Clear certification and accreditation paths.
Lack of control by regulators
Can be hijacked by large organisations
Path #2 PAS
Commissioned by industry or regulator
Developed by national standards body in
consultation with relevant stakeholders.
Less onerous than full ISO standards.
If a PAS proves popular it can be
developed into an ISO standard.
Path #3 Open Process
Based on the Internet Engineering Task
Force (IETF) Request for Comment (RFC)
series.
Provides a product that is tailored to
industry needs.
Requires the development of robust
certification and accreditation processes
♦ Existing regulations are sufficient to oversee the activities which are
likely to benefit from MDL Technology
♦ Technical standards are not desirable at this stage of the development of
MDL Technology
♦ There is scope to develop a carbon standard for cryptocurrencies
♦ Policy discussions may be required to determine the civil liberties
implications associated with the use of MDLs in the public realm
♦ Sector specific standards are desirable particularly around identity,
governance and liability and responsibility
♦ There are a number of routes that can be taken to develop sector
specific standards however, standards benefit from on the establishment
of a robust verification and certification process
Conclusions