Late in 2017, the UK Financial Conduct Authority published a Feedback Statement on its Discussion Paper (DP 17/03) on distributed ledger technology (DLT), otherwise known as blockchain. The Feedback Statement outlines the FCA’s assessment of the possible impact of, and its primary regulatory concerns with, the adoption of DLT in the financial services sector. It focuses on the following areas:
- Operational risk;
- Digital currencies;
- Digital assets and smart contracts;
- Initial coin offerings (ICOs);
- Regulatory reporting;
- Financial crime; and
- the General Data Protection Regulation (GDPR),
Those hoping for regulatory certainty on areas like ICOs will be a little disappointed. The key message in the Feedback Statement is that the FCA does not propose to make any regulatory changes in relation to DLT at this time, and will continue to monitor progress, adoption and impact of DLT in the market to assess if any such changes are required in the future.
That said, the FCA recognises the potential benefits of DLT and has stressed its commitment to supporting technological development in the financial services sector, which will be of some comfort to those currently investing in this area.
The highlights from each area covered by the Financial Statement are as follows:
The FCA is clear that the use of permissioned and permissionless DLT could have a positive effect on the operational soundness of financial institutions. (For a brief description of the different types of DLT, see our introductory note here – this is clearly a significant distinction in the FCA’s eyes.) Its view is that, while permissionless systems are likely to be more ‘risky’ than permissioned ones, the use of DLT generally is compatible with the existing regulatory regime, and will not always amount to a regulated outsourcing. As such, the regulatory outsourcing requirements should not necessarily inhibit the adoption of DLT by regulated firms.
However, the FCA stresses that regulated entities must focus on mitigating operational risks when adopting any new environment. As such, those businesses must ensure that appropriate due diligence is carried out prior to the adoption of any DLT solution in order to help identify and manage operational risks, and that necessary systems and controls are implemented to ensure continued compliance with regulatory operational risk requirements.
While digital currencies are not currently regulated by the FCA per se, the FCA highlights that such currencies often act as an underlying asset in financial instruments which are subject to regulation (such as in collective investment schemes, CFDs and ETFs). The FCA is particularly concerned with the rise in numbers of CFDs in which a digital currency forms the underlying asset, as it has the potential to expose retail customers to a highly volatile asset class. It is likely that this will be a continued area of focus for the FCA in 2018.
The FCA highlights the money laundering risks of digital currencies, and states that it is in the process of investigating new technology solutions to improve AML processes.
Digital assets and smart contracts
The FCA sees potential benefits from the adoption of DLT in securities markets, such as efficiencies to back-office, reporting and data management functions.
However, before DLT can be more widely adopted, the FCA considers that legal clarity is required with regard to the legal status of digital assets and the enforceability of smart contracts.
The FCA does not envisage making any amendments to securities markets regulation as a result of DLT, but will monitor this area closely to assess if changes might be needed in the future.
The FCA has reasserted its position given in a consumer alert on ICOs in September 2017 that ICOs represent speculative, high-risk investments. Given the increased number of ICOs in recent months, the FCA plans to continue to collect information and evidence on this growing market in order to determine if further regulatory intervention is required.
For those unsure of the regulatory position with regard to ICOs, the FCA has set out (in an Annex to the Feedback Statement) a helpful analysis of the regulatory considerations that should be considered in each case. Primarily, those involved in an ICO must be aware that digital tokens may constitute a transferable security and so may fall within the ambit of the rules on financial promotion, the prospectus regime, and/or the regulatory perimeter. For further material on ICOs, see our Blockchain Insights page.
The Feedback Statement notes that the FCA has been engaging with entities proposing to conduct ICOs through its regulatory Sandbox initiative. To the extent that those entities progress ICOs in the near term, it would be worth noting that they will have potentially had closer and more involved dialogue with the FCA than other issuers. However, the Feedback Statement stresses that firms remain responsible for compliance with the FCA’s regulatory regime and should obtain independent legal advice before engaging in activities relating to ICOs.
The adoption of DLT in the context of regulatory reporting is a key focus for the FCA. It has supported regulatory solutions in its Sandbox and is involved in projects helping to develop RegTech solutions.
The FCA does not see DLT as the only (or primary) RegTech opportunity, but will continue to explore its application to regulatory solutions as part of the FCA’s wider activities and initiatives in this area.
The FCA is clear that a firm’s adoption of DLT does not independently increase its financial crime risk, and should not prevent that firm from accessing other banking services.
The FCA also identifies the potential of DLT to help regulated firms to detect and prevent financial crime more efficiently and effectively, and cooperate with other firms and regulators in a more collaborative approach to addressing financial crime. It believes that the regulatory regime may need to adapt to the improved technology in this field in the longer-term, particularly with regard to anti money laundering regulations.
This seems like another area of focus where we can expect further activity in the medium term.
Positively, the FCA does not consider that there are any incompatibilities between requirements under the GDPR and regulatory obligations set out in the FCA’s Handbook.
The FCA has stated that it will continue to work closely with the Information Commissioner’s Office, but encourages firms to follow the data protection regulator’s guidance rather than seek data protection guidance from the FCA.
The FCA’s ‘technology neutral’ approach to regulation is likely to be welcomed by those looking to exploit DLT in the Financial Services sector. However, the current guidance, which requires any use or application of DLT to be assessed on a case-by-case basis, does little to help operators understand the regulatory framework with which they may (or may not) need to comply. In that sense, this Feedback Statement doesn’t add much to the approach that most have been adopting in any case.
It seems as though the market will need to mature, and further use cases develop, before the FCA is prepared to offer any firm guidance or regulation. That said, there are clearly some key areas of focus, notably RegTech and financial crime, where further guidance is likely to be forthcoming.