Z/Yen Group Limited

Risk Reward Managers

90 Basinghall Street

London EC2V 5AY

United Kingdom

tel: +44 (20) 7562-9562 www.zyen.com

Research Into Inter-Governmental Standards for

Mutual Distributed Ledgers

PRELIMINARY FINDINGS

22 September 2016, London

@longfinance

Your Hosts

Professor Michael Mainelli

Chairman of Z/Yen Ltd.

Simon Mills MSc MPA

Research Associate Z/Yen Ltd.

Agenda

14:00 – 14:05

14:05 – 14:15

14:15 – 14:35

14:35 – 14:55

14:55 – 15:00

Welcome and aims of workshop

Overview of MDL technology

Introduction to the research

Potential risks for users of MDLs

Fitting MDLs into existing regulatory and

standards frameworks

Developing new standards for MDLs

Conclusions

Round table discussion

Next steps

Close

♦ Please submit questions at any time

using the webinar submission

♦ We will be answering your questions

after the presentation

♦ There will be a series of multiple choice

polls during the the webinar

simon_mills@zyen.com

Please submit your questions

♦ Special – City of London’s leading commercial think-tank

♦ Services – projects, strategy, expertise on demand,

coaching, research, analytics, modern systems

♦ Sectors – technology, finance, voluntary, professional

services, outsourcing

Independent Publisher Book Awards Finance, Investment &

Economics Gold Prize 2012 for The Price of Fish

British Computer Society IT Director of the Year 2004 for

PropheZy and VizZy

DTI Smart Award 2003 for PropheZy

Sunday Times Book of the Week, Clean Business Cuisine

£1.9M Foresight Challenge Award for Financial £aboratory

visualising financial risk 1997

Z/Yen

Some Of Our MDL Research

♦ 1976 – Diffie-Hellman, Merkle, RSA

♦ 1990 – Mondex, Digicash, Flooz

♦ 1993 – Encrypted Open Books

♦ 1995 – Z/Yen Stacks & Sleeves

♦ 1996 – Ricardo payment system

♦ 1998 – Wei-Dai b-money, Bitgold

♦ 1999 – LOCKSS & CLOCKSS

♦ 2000 – Gnutella

♦ 2004 – Ripple

♦ 2007 – Estonia

♦ 2009 – Bitcoin

♦ 2012 – Term ‘blockchain’ used

♦ 2013 – Silk Road, FBI, Alderney

coin

♦ 2014 – Regulators – Jersey &

Alderney, Isle of Man, FATF, ECB,

State of New York

Mutual Distributed Ledger Timeline

♦ 2015 – IBM-Samsung, Bank of

England research agenda, UK budget

for cryptocurrency standards,

Barclays, UBS, BNY Mellon, Goldman

Sachs, USAA, NASDAQ, Honduras

land registry, Channel Islands

Standards for MDLs, Fine (sic) Sign of

having arrived – Ripple $700,000, Sign

of the Tines – Bitcoin forking hell,

Economist Special, FT Special

♦ 2016 – UK government, Blythe

Masters DAH, R3, SafeShare

Insurance, XLRAS, …

♦ ledger – a record of transactions

♦ distributed – divided among several or many, in multiple

locations

♦ mutual – shared in common, or owned by a community

♦ mutual distributed ledger (MDL) - a record of

transactions shared in common and stored in multiple

locations

♦ mutual distributed ledger technology – a technology that

provides an immutable record of transactions shared in

common and stored in multiple locations

♦ blockchain - “a transaction database shared by all nodes

participating in a system based on the Bitcoin protocol”

Terminology Evolving

Ledgerage

Area Possible Applications Financial instruments, records, models

Currency, private and public equities, certificates of deposit, bonds, derivatives, insurance policies, voting rights associated with financial instruments, commodities, derivatives, trading records, credit data, collateral management, client monies segregation, mortgage or loan records, crowd-funding, P2P lending, microfinance, (micro)charity donations, account portability, airmiles & corporate tokens, etc.

Public records Land and property titles, vehicle registries, shipping registries, satellite registries, business license, business ownership/incorporation/dissolution records, regulatory records, criminal records, passport, birth/death certificates, voting ID, health and safety inspections, tax returns, building and other types of permits, court records, government/listed companies/civil society, accounts and annual reports, etc.

Private records Contracts, ID, signature, will, trust, escrow, any other type of classifiable personal data (e.g. physical details, date of birth, taste) etc.

Semi-private/semi-public records

High school/university degrees and professional qualifications, grades, certifications, human resources records, medical records, accounting records, business transaction records, locational data, delivery records, genome and DNA, arbitration, genealogy trees, clinical trials, etc.

Keys accounts, home, hotel, office, car, locker, deposit box, mail box, Internet of Things, etc. Intellectual property

Copyrights, licenses, patents, digital rights management of music, rights management of intellectual property such as patents or trademarks, proof of authenticity or authorship, etc.

Other records Cultural, historical events, documentary (e.g. video, photos, audio), (big) data (weather, temperatures, traffic), SIM cards, archives, geostamping, etc.

? Validate – “a trust model for timestamping”

Safeguard – “a set of rules for updating

state via blocks”

Preserve – “a shared state”

Reducing Natural Monopolies

No

Trusted

Third

Parties

Single

Trusted

Third

Party

Efficient

Inefficient

Master Node

Supervisor Nodes

Majority Nodes

Collective Nodes

Free for All Nodes

Bitcoin Ethereum

Ripple

Central Database

‘Woven’ Broadcasting

Mistrust Costs Coins

Paper

Application:

MetroGnomo – Timestamping & Datalogging

Application:

GeoGnomo – Geostamping

Application:

Clinical Trials

INSERT OTHER

Host details Property details Peroid of cover Policy

cancelled

Reason for cancellation

Premiu

m IPT

From To

First Name

Surname

Unique Refere

nce Address Poscode Address Postcod

e Date Time Date Time 9.50%

John Smith VR000

1 123 Bank

Street EC2V 5AY 54 Woodhill

Lane W17 RQ No £2.00 £0.19

Select £-

Application:

Sharing Economy Broker and Underwriter

Real Work Needs Identity

Real World Emphasises XML Standards

Real World Economics Matter

Factor Bitcoin Ethereum Custom

Speed – transactions per second

7 tps 20 to 30 tps >10,000 tps per single transmitter; unlimited transmitters

Storage Fixed Fixed Fixed or Variable

$/transaction $0.10 to $2.50 $0.20 to $5.00 <$0.000001

Validation time circa 10 minutes circa 15 seconds <0.0001 second

♦ Commissioned by the States of Alderney in

May 2016

♦ Aims to look at how standards can be

developed for mutual distributed ledgers.

♦ Interviews conducted with more than 60

practitioners and other stakeholders,

supplemented by a workshop, a webinar and

desktop research

Background to the Study

♦ Understand the potential risks associated with the use

of MDLs

♦ Examine how MDLs could fit within a regulatory

framework

♦ Identify the aspects of MDL technology that would

benefit from the development of standards

♦ Determine the sectors and services which would most

benefit from the application of MDL standards

♦ Assess the development paths that could be used to

create standards

Aims of the Research

♦ New technologies can expose organisations to new

risks

♦ Regulators have responsibility for protecting

consumers and overseeing the integrity of markets

♦ Regulators can respond by developing new

regulations or encouraging the adoption of voluntary

standards

Risks

Risky Business

POLL#1 What risks do you anticipate for organisations seeking to adopt

MDLs and blockchain technology?

Governance (who will be authorized make changes?)

Liability and Responsibility (How to deal with indemnity and

joint liability?)

Compliance (Managing MDLs shared across different

jurisdictions?)

Security?

Something else?

Potential Risks Associated with MDLs

Issue Description Significance Governance Due to the persistence of data in MDLs, correcting errors may be difficult

unless a single entity is authorized to promote changes across all nodes.

Requiring the need for trusted third parties- thus potentially negating one

of the principle benefits of MDL technology

High

Liability & Responsibility Joint liability and indemnity for mistakes should be carefully considered

when relying on shared information in high risk areas such as Know-Your-

Customer, Anti-Money-Laundering, Sanctions Screening, and Ultimate

Beneficial Ownership

High

Compliance The legality and enforceability of the records or code kept on MDLs as well

as differences in privacy, financial and company laws across jurisdictions

may make compliance more complex

Medium

Security Malicious access to a public MDL, for example using a stolen key, would

enable a hacker to gain access, not only to the information stored at the

point of attack, but to the full breadth of information recorded on the

ledgers.

Medium

Transparency &

Reporting

MDLs could add complexity to risk management and oversight in securities

markets if data is encrypted.

Low

Interoperability There are currently no interoperability standards for MDL, thus there are

potential barriers for trade unless this is resolved. However,

interoperability will be a commercial imperative and is likely to be solved

by market forces.

Low

Taxonomies The “Magic Beans Effect”- Uncertainty around technology labelled as

“based on MDL or Blockchain technology” by developers.

Low

Performance What are its characteristics? Is it fit for purpose with respect to speed,

reliability, security, transparency etc?

Low

Competitiveness and Regulation

♦ Regulations must be stringent enough to protect

markets and consumers, but not so stringent as to

stifle innovation and force business to move to less

draconian jurisdictions

♦ Regulators must avoid a race to the bottom

Legally Speaking?

POLL#2 Is new legislation required for MDL Technology?

Yes - the technology will bring new risks not

covered by existing regulations

No – existing regulations are flexible enough

to cope

Legal Frameworks

♦ Existing legislation should be flexible enough

to cover the adoption of MDL technology

♦ Attempts to regulate cryto-currencies (e.g.

New York’s BitLicence) produce a high

compliance cost and may drive businesses

elsewhere.

♦ There are exceptions (e.g. insurance in the

US)

Will Big Brother Be Watching Us?

POLL#3 Could MDLs represent a threat to civil liberties?

Yes – without policy discussion record keeping on citizens

could lead to a panopticon society.

No – this is not realistic and raising the prospect with policy

makers could lead to unnecessary curbs on developers.

Standards Frameworks

A standard provides requirements, specifications, guidelines or

characteristics that can be used consistently to ensure that

materials, products, processes and services are fit for their

purpose.

Open, Closed, Mandatory, Voluntary

♦ Open standards are publicly available and (may) have been

designed through an open process

♦ Closed, proprietary or de facto standards evolve from a product line

or specific vendor (e.g. Microsoft, IBM or Oracle)

♦ Mandatory standards require compliance because of a government

statute or regulation.

♦ Voluntary standards can be established by private-sector or NGO

bodies and are available for use by any person or organization,

private or public. A voluntary standard may become mandatory as a

result of its use or adoption by a regulatory authority

Categories of Standard

Security

♦ Thematic - dealing with

common issues faced by

all organisations

♦ Sector Specific - dealing

with issues which are of

particular concern to

specific industries.

♦ Technical - dealing with

detailed technology

specifications.

Where to Apply Standards?

POLL#4 Which type of standards would most effective in

managing risks for MDLs?

Technical standards

Thematic standards

Sectoral standards

Where are the Gaps?

MDLs (general) Finance Internet of Things Technical SQL (ANSI, ISO)

XML

ISO/IEC 20800 – series metadata

standards

ACORD Standards for Insurance

Documentation

SWIFT Information Transmission

Standards

ISO 20022 – Financial industry

messages

ADEPT

Governance/

Process

ISO/IEC 20000 – IT Service

management

COBIT 5 – Framework for IT

management

BS11000 – Collaborative Business

Relationships

BS 8453 – Compliance Framework for

Financial Services

ISO 31000 – Risk Management

Standard

ISO 9001 – Quality Management

SAS 70 – Auditing of Financial

Controls

ISO 22301 – Business Continuity

NFPA 1600 – Disaster Recovery

CIIA Internal Audit Code

G20/OECD Principles of Corporate

Governance

ISO 10002 – Complaints

ISO 31000 – Risk Management Standard

ISO 9001 – Quality Management

ISO 14000 – Environmental Management

Customer Service Excellence Standard (UK)

AS ISO 10002-2006 — Customer Complaints

Legal

• NYSDFS “Bitlicence”

FATF Recommendations on AML &

KYC

EJML Steering Group Guidance on

AML & KYC

CAMS

MIFD

CE mark

2010/30/EU – Energy Labelling Directive

Directive 2006/95/EC –Equipment Safety

OHSAS 18001 ANSI/AIHA Z10-2005, CSA

Z1000-06, UNIE 81900, AS/NZS 4801:2001 –

Occupational Health and Safety Standards

IEC 61508:2001 – Functional Safety of

Electronic/ Programmable Systems

EN 62061:2005, Safety Related Systems

Technical Standards

♦ Technical standards will be emergent

♦ Emergent standards may be formalised at a later stage

♦ Move too early and innovation will be stifled and

smaller developers may be driven out of the market

“Dinosaurs love technical standards, they keep small

mammals out of their walled gardens” Interviewee

Thematic Standards

♦ Existing standards such as ISO 9000 or ISO 31000 are

flexible enough to be adapted for use with MDL technology

♦ Some concerns with respect to cross-jurisdictional data

privacy however, there are (blockchain) technological

solutions and standards such as EU-US Privacy Shield

♦ There may be an opportunity to develop a carbon intensity

standard for crypto-currencies

Where are standards needed?

POLL#5 Which would be the most useful thematic standards? (Pick 3)

Identity

Governance

Responsibility and liability

Compliance

Taxonomies and Performance

Sectoral Standards

♦ The Public Sector - civil liberties risks with respect to governance

and the type and range of data held on blockchains

♦ The Internet of things - liability, responsibility and security are key

issues which would benefit from a standards framework for

managing risks in this space

♦ Commercial transactions - it is essential that the use of MDLs in

commercial transactions does not undermine confidence in the

integrity of markets. A standards framework would be especially

helpful in the following risk areas;

Identity

Governance

Liability and responsibility

Developing world class standards

♦ Open and transparent development process

♦ Well defined objectives

♦ Detailed certification specifications

♦ Detailed accreditation specifications

Path #1 The ISO

Respected

Clear certification and accreditation paths.

Lack of control by regulators

Can be hijacked by large organisations

Path #2 PAS

Commissioned by industry or regulator

Developed by national standards body in

consultation with relevant stakeholders.

Less onerous than full ISO standards.

If a PAS proves popular it can be

developed into an ISO standard.

Path #3 Open Process

Based on the Internet Engineering Task

Force (IETF) Request for Comment (RFC)

series.

Provides a product that is tailored to

industry needs.

Requires the development of robust

certification and accreditation processes

Development Paths

POLL#6 Which development path is the most promising?

ISO

PAS

Open Standard

♦ Existing regulations are sufficient to oversee the activities which are

likely to benefit from MDL Technology

♦ Technical standards are not desirable at this stage of the development of

MDL Technology

♦ There is scope to develop a carbon standard for cryptocurrencies

♦ Policy discussions may be required to determine the civil liberties

implications associated with the use of MDLs in the public realm

♦ Sector specific standards are desirable particularly around identity,

governance and liability and responsibility

♦ There are a number of routes that can be taken to develop sector

specific standards however, standards benefit from on the establishment

of a robust verification and certification process

Conclusions

Discussion

?

Thank you!

“Get a big picture grip on the details.”

Chao Kli Ning