How DLT will Change the Compliance Landscape in Financial Markets
The financial industry is highly regulated. There are several reasons why:
- Fraud risks are especially high when people work directly with money.
- Financial products and transactions are often complicated, which allows enterprising individuals to hide fraud and disguise it under common market risk.
- The financial industry is a gateway to laundering money obtained in other criminal activities.
It’s not surprising that financial and securities regulations are very severe in almost all jurisdictions. However, the existing compliance and KYC (Know Your Customer) / AML (Anti-Money Laundering) tools are not always efficient: as per KPMG, some banks spend up to US$500 million a year in an effort to improve their compliance processes. Nevertheless, “the number of fines and sanctions being imposed on banks is still increasing”.
These issues drive the search for better ways to handle fraud risks. Distributed ledger technology (DLT) is quickly getting recognition for the potential to do that.
This article takes a look at how DLT is changing the face of compliance in financial markets, the benefits it brings to the table – and what it will take for the market to fully enjoy it.
A Global Financial Regulatory Landscape Overview
All around the world, regulations that refer to “compliance” consist of sets of rules and checks that financial institutions are obliged to – well, comply with. The two main categories – especially relevant for today’s subject – are transaction reporting and customer identity verification (KYC/AML).
Financial transaction reporting explained
Transaction reporting refers to the obligation of financial institutions to record all the transactions they engage in and submit these reports to competent authorities as a means of controlling an institution’s activity. Usually, regulators don’t possess enough internal capacity to process all the reports from thousands of institutions. So there are two basic solutions, which are commonly used.
- Periodic audits by independent parties, which are used in transactions of a substantial size that involve less sophisticated investors and public interest.
- Storage of records by an issuer, which is mainly used for private transactions between financial institutions. Audits of reports are not required in that case: if suspicions arise, the records are subject to examination. This also involves periodic internal and transaction audits – examination of internal audit books and records of a company.
The latter solution cannot always be trusted and has to be periodically compared against transactions an institution engaged in, which are reported by financial market infrastructures, through which these transactions were concluded and settled. However, this may be problematic if an institution is engaged in numerous transactions with multiple participants, settled with different custodians in various jurisdictions. It raises the costs of an audit and reduces the potential for diversification of an institution’s cross-border activity.
Except for companies that buy and sell securities, there are also market infrastructure players that enable these transactions to happen. These include various custodians, such as CSDs, Central Counterparties, Regulated Markets, and others. Their role is crucial for transaction reporting, as they hold the responsibility for keeping books and records about securities ownership and transactions. In most cases they work well, but these providers can fail in cases of high load. For example, the case of Dole Foods payout revealed over 12 million phantom stocks. A clear example of a failure of an overloaded system.
On top of the state regulations, there are various contractual arrangements between market participants that also have to be honored and enforced, which come in a wide variety of forms. An example of such may be transfer restrictions in private companies represented by shares. They usually include:
- An obligation to offer shares to existing shareholders first in case of selling shares.
- An obligation to buy shares from every shareholder on a proportional basis in case of buying shares in a company.
- Requirement for a transfer to be approved by the Board of Directors.
Financial institutions that are responsible for share transfer, such as registrars or transfer agents, have to make sure that the transaction is compliant with all relevant contractual arrangements.
Why are KYC/AML laws important?
Another important requirement is the verification of clients’ identities, which is frequently breached by virtual assets service providers. It is especially challenging for innovative companies that provide digital services. The most difficult part is comparing a client’s documents against multiple lists to determine whether he or she is eligible for given financial services. In the last few years, multiple providers have emerged to streamline this process, but the price may reach dozens of dollars per client, which makes it unsuitable for institutions with millions of clients.
The purpose of KYC is to ensure that the clients don’t use financial institutions to launder an income from illegal activity or to finance such. However, AML rules are wider and also involve the monitoring and reporting of suspicious activity, and require verifying the source of funds when clients engage in transactions of significant size.
An important aspect of compliance is income and asset reporting by clients holding positions in securities who are entitled to profit or interest distributions. This is important inter alia for tax purposes as tax evasion is one of the most prevalent crimes that is combated by anti-money laundering policies. It is common among high net worth individuals to structure a personal foundation somewhere on the Cayman Islands exempted from most reporting requirements. Financial institutions often play the role of a tax agent for their clients to gain a competitive advantage by providing a more comprehensive service to their clients.
How financial compliance rules are currently enforced
All methods of ensuring compliance with these rules are divided into three groups:
- Preventive: strict authorization procedures prior to allowing an institution to provide financial services
- Ongoing: reporting, monitoring, and audit requirements
- Post-crime: penalties for the breach of law and measures to restore the damage made.
Preventive measures are preferable as they don’t allow the damage to be made in the first place. However, they also raise the entry barrier in the financial industry, thus harming competition and innovation. This is also the case for high ongoing requirements.
A compromise between protection against fraud and the promotion of competition and innovation is the great dilemma regulators face. It may be partially resolved by using distributed ledger technology as the infrastructure for transaction processing.
How does DLT change the compliance landscape?
The core idea of Distributed Ledger Technology (DLT) is to have obligations within a system enforced by cryptographic rules – and not people that are prone to error. For this reason, a protocol contains a set of compliance rules triggered automatically for every transaction. Furthermore, a ledger is shared and synchronized among multiple institutions. This enables two crucial innovations in the regulation of financial markets:
- Firstly, it allows for all of the aforementioned rules to be hard-coded into the infrastructure that handles transactions.
- Secondly, it enables easy monitoring and verification of every single transaction, as every transaction is recorded in a ledger that is shared between multiple institutions instead of siloed databases and paper records.
What does it mean in practice?
Any transaction can be managed on a single ledger or on several interoperable ledgers, shared among multiple institutions in multiple jurisdictions. This vastly facilitates the audit of these transactions and comparison with internal books and records.
Furthermore, it may even eliminate the need for a transaction audit. In this case, the internal company ledger should be built in a way that it automatically synchronizes with the external ledger and cannot simply be changed manually (or the history of these changes is recorded in an immutable manner).
It means that all contractual arrangements can be built into securities as they are issued, which means that every time a transaction in securities with “tag-along” and “drag-along” provisions is initiated, all other shareholders are automatically notified and become counterparties in the transaction, making fraud impossible.
Even a more powerful opportunity is the validation of every single transaction by regulators and/or auditors. It is likely that most distributed networks will be private in the future. The problem with private networks is that, unlike public ones, coordination of participants to conduct an unlawful transaction is possible. The way to combat this is the participation of regulators in the consensus in such a way that their signature is necessary to prove the validity of a transaction. This would further ensure the impossibility of unlawful transactions.
Moreover, there are additional opportunities in such networks, such as automated real-time taxation at the moment when dividends or interest payments are distributed, or a real-time audit, so that when transaction report is issued it is already audited, while auditors receive a transaction fee for validating transactions.
How DLT adoption will change the job of a regulator
Many measures will shift from ongoing and post-crime to preventive, not allowing unlawful transactions to happen. It is likely that the settlement of transactions through verified DLT-networks will become a requirement, as now, for example, it is obligatory to settle OTC derivative contracts through Central Counterparties.
An important benefit is that it’s likely to reduce authorization costs for financial institutions – as they can use existing technologies and arrangements to set up their networks in a way that ensures compliance with all requirements, basically, purchase compliant infrastructure. This will at least partially resolve the aforementioned dilemma of balancing the promotion of innovation against the protection of consumers.
Much attention will be devoted to the authorization procedures for distributed networks and underlying protocols. There are several approaches that can be adopted, which have their pros and cons. These approaches differ at least in two dimensions – who provides authorization and what can be authorized.
- The authorization for every network and protocol can be provided by regulatory bodies themselves or outsourced to external licensed providers, as it is done on Malta with systems audit. The benefit of outsourcing is that processing bandwidth increases enormously, which reduces waiting time for authorization and makes the jurisdiction more attractive. Furthermore, it boosts competition between different providers of such technical audit, which creates incentives to support a good reputation and provide a high-quality service. The drawback is that competent authority will have limited control over who is authorized, which increases the risk of fraud.
- The authorization may be given to every single network and protocol on a case-by-case basis, or there may be a limited set of approved protocols and networks, and the requirement to build all IT infrastructures using them. Such networks would serve as systemically important institutions, such as a CSD or a Stock Exchange. Even when they are private, they are still very strictly regulated, and it is very difficult to set up a competing exchange, even if the law allows that.
The first approach is better for security, and the second is better for promoting innovation. The first one is also likely to be combined with the outsourcing approach, while the second is more likely to be adopted in jurisdictions where regulators are cautious and willing to approve everything themselves.
Most likely, regulators will adopt hybrid approaches. Small private networks may be approved by authorized institutions on a case-by-case basis, while systemically important networks will require approval by a competent authority.
An interesting implication is that job requirements for regulators change. Previously, legal expertise was crucial. Now it is the combination of legal and technical expertise, something a few people possess.
Conclusions: Compliance and Distributed Ledger Technology
When it comes to money, the risks of fraud and human mistake are high. The cost the markets pay for that is even higher: the 2008 crisis serves as a perfect illustration. Since its inception, the industry has been struggling to improve the compliance mechanisms in order to minimize illicit activities, mistakes and audit costs, resorting to a variety of regulations and technology. DLT, a fairly new kid on the block, is fit to make those changes. Replacing people with cryptography (at least partially!) might be the reliable way to ensure the integrity of financial markets, enhanced by transparency and speed.
And this is why regulatory authorities should be the first in line to advocate for the adoption of distributed ledger technology as the underlying infrastructure for financial markets.