Financial Technology and Blockchain

The buzz around the potential benefits of distributed ledger technology, commonly known as blockchain, has reached a fever pitch.  Global financial institutions and start-up companies have invested millions in developing new platforms. Distributed ledger technology may soon improve capital markets operations, reduce settlement risk and perform certain compliance obligations.  But, before the revolution begins, market participants should understand the technology’s inherent limitations.  Derivations recently published an article highlighting blockchain’s counterparty credit risk concerns, cybersecurity flaws and legal uncertainties.  As discussed in the article, blockchain is buzzworthy, but it will not kill the biggest risk categories.  Our article appears in the April – June 2017 issue of Risk & Compliance Magazine, a publication of Financier Worldwide.  Please click on the link to read the article: Blockchain Buzzkill: A Closer Look at Distributed Ledger Technology

On January 12, 2017, the Commodity Futures Trading Commission (CFTC) proposed to amend its recordkeeping requirements set forth in Regulation 1.31.  The CFTC’s proposed amendments are intended to implement advances in information technology and adopt technologically neutral rules that anticipate developments such as blockchain or distributed ledger technology.  CFTC Regulation 1.31 currently requires that “all books and records … be kept in their original form (for paper records) or native file format (for electronic records) for a period of five years from the date thereof and shall be readily accessible during the first two years of the five-year period.”

In this age where terabytes of storage easily fit in one’s pocket, our rules should not refer to microfiche or require paper records.” – CFTC Chairman Massad

The CFTC’s proposed amendments would modernize recordkeeping requirements by making Regulation 1.31 principles-based. The CFTC would accomplish this by replacing references to “books and records” with “regulatory records” and clarifying that regulatory record means all books and records …, including any record of any correction or other amendment to such books and records; provided that, with respect to such books and records stored electronically, regulatory records shall also include all data produced and stored electronically that describes, directly or indirectly, the characteristics of such books and records, including, without limitation, data that describes how, when, and, if relevant, by whom such electronically stored information was collected, created, accessed, modified or formatted (i.e. data about data or “metadata”).  According to the CFTC, the ability to access a trader’s metadata is integral to its inspection and investigative functions. Finally, given the new principles-based definition of regulatory records, the CFTC proposed to remove the existing requirement to preserve records exclusively in a non-rewritable, non-erasable format (i.e. “write once, read many”, or “WORM” format) and delete the technologically-ancient definitions of “native file format”, “micrographic media”, and “electronic storage media.”  End users and buy-side firms have found compliance with the CFTC’s WORM requirement to be burdensome.  Eliminating the need to store records in a dated WORM format should result in substantial cost savings.

The CFTC’s proposal would not change recordkeeping time periods and would also retain requirements to establish written policies and procedures for recordkeeping obligations, including appropriate training of officers and personnel responsible for ensuring compliance with recordkeeping rules. However, the amendments would modernize recordkeeping and storage obligations and pave the first step in a regulatory path forward for market participants to realize one of the benefits of blockchain technology.  The CFTC proposed amendments would also further align Regulation 1.31 with the SEC’s technology neutral recordkeeping obligations for broker-dealers under SEC Rule 17a-4 and investment advisors under SEC Rule 204-2(g).  In sum, the CFTC’s proposed amendments should reduce compliance burden, provide for more regulatory consistency and help facilitate the development of blockchain and other innovations in financial technology.

Please click here for the most recent issue of the Information Law Journal, featuring an article in which we examine the drafting of risk factors related to distributed ledger technology (aka blockchain) in securities offerings and filings.  The Information Law Journal is a quarterly publication of the American Bar Association’s Section of Science & Technology Law Information Security and Electronic Discovery Digital Evidence committees.

In his speech on November 3, 2016 at Chatham House in London, Financial Stability Board (FSB), Secretary General, Svein Andresen noted the “hype” that surrounds financial technology, or fintech, and urged global regulators to actively monitor and act on risks as they emerge.

Much hype surrounds the development of fintech and for regulators it is essential to understand what developments are going to change the way financial markets operate and those that won’t.”                            –FSB Secretary General Andresen

Secretary General Andresen highlighted the FSB’s progress in considering the implications of distributed ledger technology by working jointly with the FSB’s Committee on Payments and Markets Infrastructure, as well as the impact of peer-to-peer lending and machine learning applications.  At the national level, the FSB has examined innovation facilitators – sandboxes, hubs and accelerators to better understand the risks of new financial technology.

Based on the FSB’s investigation into blockchain and other financial technologies, the FSB has identified three elemental promises common to a broad range of fintech innovations: (i) greater access to and convenience of financial services, (ii) greater efficiency of financial services and (iii) a to push toward a more decentralized financial system, in which fintech firms may be disintermediating traditional financial institutions.  The FSB believes that these elements could have financial stability implications.  However, Secretary General Andersen is not presently concerned that new financial technologies increase systemic risk.  For now, the FSB recommends that global regulators continue to monitor potential risks and assess developments in fintech.

FSB Secretary General Andresen’s complete speech at Chatham House in London is available here.

On November 3, 2016, Comptroller of the Currency Thomas J. Curry spoke at Chatham House in London about responsible innovation and Office of the Comptroller of the Currency (OCC) efforts to address financial technology. Comptroller Curry began his speech by noting the rapid growth of the “fintech” sector and how banks, like taxis, could face an “Uber moment” if banks fail to embrace changes in technology and demographics.

If Uber turned your smartphone into a taxi dispatch, fintech is turning your phone into a financial advisor, a loan officer, a money transmitter, and an automated teller.” -Comptroller Curry

But, as noted by Comptroller Curry, banks are different than taxis. Banks provide critical financial infrastructural and are systematically important in ways that taxis are not.  Banks are responding to the technological revolution by creating innovation laboratories of their own, investing in promising applications (like distributed ledger technology) and collaborating with fintech startups.  In response to the growing intersection of banks and technology, in March 2016, the OCC published its views on Supporting Responsible Innovation in the Federal Banking System and recently developed its Responsible Innovation Framework.  Comptroller Curry’s speech in London provided two key updates on the OCC’s efforts to encourage responsible innovation.

Comptroller Curry made it clear that he doesn’t support regulatory “safe spaces” that would allow companies to try out new financial products and services without risk of penalty.  Instead, companies should seek guidance from regulators when developing a pilot to test new products.  Comptroller Curry mentioned that the OCC’s new Office of Innovation may assist companies in creating responsible pilots by acting as the central point of contact and clearing house for requests.

Unfortunately, Comptroller Curry did not provide much new information about the OCC’s proposed new limited-purpose charter intended to facilitate financial technology.  He did state that, if the OCC decides to grant a “fintech” charter, any institutions under such charter will be held to the same high standards of safety, soundness, and fairness as other federally chartered institutions.  While this would appear to discourage the innovation that the OCC hopes to facilitate, it does put the “taxis” trying to disrupt financial services on the same regulatory field as banks responding to the technological revolution.

The complete text of Comptroller Curry’s speech at Chatham House in London is available here.

On October 26, 2016, the Office of the Comptroller of the Currency (OCC) announced it would establish a framework for “responsible innovation.”  The agency plans to establish an Office of Innovation to implement this framework, with the goal of improving its ability to identify, understand, and respond to financial innovation affecting the federal banking system.  The full recommendations are available here.

The move follows similar initiatives by international regulators, such as those in the UK, Singapore, Hong Kong and Australia to provide a framework, or even a safe-harbor “regulatory sandbox” for financial technology firms and banks implementing new technologies to test innovative products and services, such as distributed ledger technology (blockchain), digital currencies, streamlined payment transfers or marketplace lending.

The OCC supports responsible innovation that enhances the safety and soundness of the federal banking system, treats customers fairly, and promotes financial inclusion.

– Comptroller of the Currency Thomas J. Curry

The Office of Innovation would have staff located in Washington D.C., New York and San Francisco. Although the framework does not provide a full-blown “safe space” or “regulatory sandbox” that would provide a safe harbor from consumer protection requirements, it does contemplate a voluntary pilot program that would facilitate adoption of new solutions and the enhancement of risk management by permitting testing and discovery with agency involvement before a full-scale commitment and rollout of technologies.  In addition, the framework’s objectives include:

  • establishing an outreach and technical assistance program for banks and nonbanks,
  • conducting awareness and training activities for OCC staff,
  • encouraging coordination and facilitation,
  • establishing an innovation research function, and
  • promoting interagency collaboration.

The OCC expects the new office to begin operations in first quarter 2017. The OCC refrained from making a decision on whether to provide special purpose national bank charters for non-bank financial technology companies, a prospect which it continues to evaluate. The agency plans to publish a paper later in 2016 seeking comment on possible limited-purpose charters targeted toward non-bank fintech firms.


On October 7, 2016, Federal Reserve Board (Fed) Governor Lael Brainard spoke at the Institute of International Finance Annual Meeting Panel in Washington, DC about the potential for distributed ledger technology, or blockchain, to transform important back office systems. Governor Brainard’s October 7, 2016 speech follows up on her April 14, 2016 speech on “The Use of Distributed Ledger Technologies in Payment, Clearing, and Settlement” where the Fed first spoke about blockchain’s benefits and the need for regulatory safeguards.  Governor Brainard’s recent speech again noted blockchain’s well publicized potential to improve payment, clearing and settlement systems for trade finance, securities markets and commodities and derivatives trading.  Additionally, Governor Brainard also discussed the emergence of distributed ledger protocols couples with self-executing contractual clauses, to create so-called “smart contracts.”  When speaking about smart contracts, Governor Brainard said:

“Although the idea of automating certain aspects of contracts is not new, and banks do some of this today, the potential introduction of smart contracts does raise several issues for consideration. For example, what is the legal status of a smart contract, which is written in code? Would consumers and businesses rely on smart contracts to perform certain services traditionally done by their banks or other intermediaries? Could the widespread automated interaction of multiple counterparties lead to any unwanted dynamics for financial markets? These and other considerations will be important factors in determining the extent of the application of smart contracts.”

Fed Governor Brainard reiterated the possible benefits and regulatory challenges presented by blockchain, smart contracts and other financial technologies. Governor Brainard announced that the Fed will study the need for 21st century financial services oversight and that the Fed expects to publish a research paper later this year to summarize its findings.  As part of the Fed’s study, the Fed will “continue to deepen their engagement with a range of financial institutions, technologists, multi-stakeholder consortia, and academic experts to refine our understanding of financial technologies.”

Considering Blockchain and FinTech Regulation

The Fed’s support for the adoption of distributed ledger technology is encouraging and their continued focus on better payment, clearing and settlement systems is critical. The Fed should continue to work closely with Office of the Comptroller of the Currency (OCC) to maintain consistency with the OCC’s financial technology initiatives to consider any regulation that may impact the development of blockchain, smart contracts or other financial technologies.  When studying financial technology, the Fed and OCC may enjoy listening to Commodity Futures Trading Commission (CFTC) Commissioner Christopher Giancarlo’s podcast and reading Commission Giancarlo’s May 10, 2016, speech on “Blockchain: A Regulatory Use Case” as well as his March 29, 2016 speech, “Regulators and the Blockchain: First, Do No Harm.”  Because, when considering the safeguards for blockchain, smart contracts and other financial technologies, Commissioner Giancarlo is correct, “21st century markets need 21st century regulation.”

On September 13, 2016, the New York Department of Financial Services (DFS) proposed new cybersecurity regulations (Proposed Regulations) that would require banks and other financial institutions to adopt minimum cybersecurity standards. In some ways the proposed regulations are consistent with the Federal Financial Institutions Examination Council (FFIEC) cybersecurity awareness guidelines and FFEIC’s Information Technology (IT) Examination Handbook (IT Handbook) resources.  However, DFS’s Proposed Regulations would go beyond current FFIEC standards and would be the first in-the-nation to require a prescriptive cybersecurity program for financial institutions.  New York banks regulated by the federal banking agencies will need to review their existing cybersecurity programs to confirm such programs comply, but many insurance companies and other financial institutions licensed and regulated by the DFS may be challenged to comply by the proposed January 1, 2017 effective date.   A link to Proposed Regulations is available here.

While there will be a 180 day compliance transition period from the January 1, 2017 effective date, in-scope entities should promptly begin reviewing their existing cybersecurity policies, procedures and compliance programs to determine if there are any gaps.  Some entities, particularly smaller financial institutions may find the compliance deadline aggressive.  However, given the economic harm caused by cyberattacks and New York’s status as a financial center, other state and local regulators are quite likely to follow New York’s lead and require banks and financial institutions to adopt similar cybersecurity programs.

This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible.  – Governor Cuomo

The Proposed Regulations follow DFS’s February 2015 Report on Cybersecurity in the Insurance Sector which found that 23% of New York insurance companies had been the target of “phishing” or other email scams and DFS’s May 2014 Report on Cybersecurity in the Banking Sector which found that 21% of banks had experienced phishing attacks, so DFS’s proposal is aimed at targeting an understandably concerning issue. What follows is an in-depth summary of the regulations and a comparison with FFIEC standards, along with recommended considerations for entities that may be caught.

Continue Reading New York Proposes First-in-the-Nation Cybersecurity Requirements

If your inbox is anything like ours, you might receive 3-5 news aggregation emails a day, providing updates on new developments in capital markets, and particularly in the securities and derivatives spaces. It seems that lately each news list is almost certain to contain at least one article about “blockchain”, if not more. Market participants are actively exploring its potential for disrupting traditional settlement, clearing, reporting and recordkeeping functions in capital markets.

If you are interested in learning more about blockchain (i.e. distributed ledger technology) and are wondering what regulatory and legal implications this new technology might have, we encourage you to read our recent publication on distributed ledger technology and possible regulatory responses. In short, expect a patchwork of different bodies of law to apply to this technology as it develops and depending on its intended use.

On July 21, 2016, Senators Sherrod Brown (D-OH) and Jeffrey A. Merkley (D-OR), members of the Senate Committee on Banking, Housing and Urban Affairs, sent a letter to the heads of several banking regulators (the Federal Reserve, FDIC, OCC, NCUA) and the Consumer Financial Protection Bureau requesting a comprehensive suite of information on the regulatory approach these agencies take regarding financial technology.

In part, the Senators request information related to the following areas:

  • what these agencies have done to study financial technology, including distributed ledger technology (i.e. blockchain),
  • what role the agencies have in regulating or supervising fintech firms, and what considerations should be given to enabling non-bank fintechs the ability to obtain a full or limited federal banking charter,
  • detailing how agency guidance related to third-party vendors (including the OCC’s Risk Management Guidance on Third Party Relationships) applies to fintechs,
  • the ability of the agencies to enforce consumer protection and fair lending laws in the fintech space, and
  • any interagency and international coordination that the agencies have taken with respect to regulating financial technology.

For any firms involved in the fintech space, the letter is a stark reminder that although financial technology is applying innovative, disruptive technologies and methods to many functions that were traditionally housed in brick-and-mortar banks and lenders, both Congress and regulatory agencies will be looking to evaluate whether financial technology firms are complying with laws that govern banking and lending; and, to the extent those firms are not, politicians and regulators will almost certainly query whether existing banking and lending law should be extended to apply to fintech as well in order to close any perceived “gaps”.