Bitcoin Edge workshop : DFA workshop 2019
Implications on regulation and governance of blockchain-based finance
Yuta Takanashi (Financial Services Agency, Japan)
First, please note that the opinions presented here belong to myself and don't represent the organizations to which I belong.
Major goals for financial regulators
The primary goals of financial regulators are to maintain financial stability, protect investors and consumers, and prevent financial crimes. These goals are public interests and are needed to be achieved regardless of the technology used in the financial systems.
These goals are our own, but also the goals of general society. We need to maintain these three goals in the society. When I talk with regulators and my colleagues, some people say that if these 3 goals are met by some other part of the community, then probably we're not needed. But at this moment, in the traditional financial system, the financial regulators are absolutely required.
Decentralized financial system and reduced regulatory enforceability
Regulation alone may not be enough to achieve regulatory goals when the financial system becomes highly decentralized. The decentralized system is decentralized, autonomous, anonymized, immutable, globalized and open. At the same time, this means there's no intermediaries to regulate, you can't stop the service, there's reduced traceability, no ex-post remedy, jurisdictional border issues, and obscured responsibility.
When we find a problem, we issue a business suspension order and sometimes we need to stop a company entirely. In the traditional financial system, authorities can do this. But in decentralized systems, this is more complicated. If there's no intermediaries to regulate, then perhaps we can regulate users. If the system is anonymized, then the user can hide from regulators. Basically regulators don't know what is happening and who is doing what in the system. There's also no way to understand what is happening, and no way to impose regulation.
Permissionless innovation makes it difficult for us to show who has the responsibility for these systems. Anyone can create and anyone can participate, without any participation from the regulators.
Emerging blockchain anonymization technologies
The engineering community is investing in anonymization technologies in recent years. Regulators have never heard of these kinds of technologies. Lots of anonymization technologies are already available and deployed in many crypto asset projects.
There's things like mixing, stealth addresses, ring signatures, zk-SNARKs, lightning network, and other things.
Two sides of the story: risks and benefits of anonymity
Anonymity is not necessarily a problem. Anonymity is important for a civil society, like for privacy and security reasons or to avoid censorship. Anonymity and privacy is very important. However, it can also help criminals to conduct criminal activities or help finance terrorism or money laundering. So there's two sides to this. It's a double-edged sword. It can also effect the way that people trade and conduct financial activities. If there is anonymity, then we can't trust someone. There's little discussion between engineers and regulators about anonymity.
Questions need to be answered
How may we continue to achieve financial regulatory goals as public interests evolve?
Lessons from the internet: The internet and regulators
Before the internet, within the United Nations, communications and information regulators and ITU sufficiently regulated communication intermediaries to achieve regulatory goals. But after the internet, it became very difficult. The internet has a huge scale, and it has eroded the ability of regulators to achieve regulatory goals both domestically and internationally.
There's global scope of communication, large scale of communication, and distributed control and new institutions, and reduced cost and increased capability of collective actions. There are new forms of collective action in civil society, which may be beneficial.
All of these issues make it difficult for communication regulators to enforce regulation.
In the case of the internet, some of the countries decided to raise this issue at the United Nations. They insisted that we needed to regulate ICANN as a single point of control. But there's lots of huge debate among regulators and stakeholders about how we should regulate the internet or ICANN. Some individual countries decided to accept a multi-stakeholder governance of the internet.
All the issues around the internet and regulation is managed by stakeholders with regulators as one of the stakeholders. We can't necessarily copy the internet's model directly, but I think it can inspire an appropriate solution.
Governance model for the blockchain based financial system
I am using Lawrence Lessig's 1997 diagram, but also De Filippi and Wright - blockchain and the law 2018. There's market, norm, law and architecture. Cyberspace governance models have been deeply discussed since the internet's inception. There's limitation of these models, though.
With law and regulation, the idea is to regulate end users, ISP/information intermediaries, service intermediaries, minors, software engineers, and hardware manufacturers. In the market, the idea is to intervene cost/incentive structure of network participants. In the social norms, we use education and formal working groups and other informal discussion to help form a social norm among community participants. As far as architecture, the idea is "code as law" but I don't like htis phrase because it sounds rigid-- like we're transferring all the laws into code. That's impractical. Still, there's a law of the computer program that controls your balance or acts like regulation. If the code of the computer program acts as regulation, then we need to incorporate all the different perspectives in the development process.
G20 in Fukuoka, Japan in June 8-9th, 2019
We talked about governance and finance and got together to discuss this. We finally published a report. But first let me explain the financial regulatory system. There are international standard setting bodies (SSBs). There's the G20 financial ministers and central bank governors meeting, which is sort of like the United Nations for financial regulators. The one level below that is the Financial Stability Board (FSB) and also the Financial Action Task Force (AML/CFT). Then there's the Basel Committee on Banking Supervision, the International Associaiton of Insurance Supervisors, and INternational Organization of Securities Commissions. All the SSBs work on blockchain and crypto asset related issues in various ways. Decentralized fintech isn't out of scope, but there's also no specific SSB that focuses on this.
Recent development from regulatory side
- Decentralized financial technologies report on financial stability, regulatory and governance implications (June 6, 2019)
- G20 finance ministers and central bank governors meeting Communique (June 9th, 2019)
".. regulatory and other public policy objectives are considered in the initial design of technical protocols and applications. [...] Authorities may therefore wish to enhance their dialogue and cooperation with a wider group of stakeholders [...] It would also enable supervisors to continue to address emerging issues promptly and use supervisory resources effectively while at the same time remaining open to the benefits of financial innovation".
Then we had the leaders meeting. It's sort of like the prime ministers of the countries getting together to discuss, although they aren't prime ministers. Then we worked on this concept, and the regulators are basically ready to discuss these issues.
Lack of harmonization among stakeholders in the blockchain fintech system
There's no good relationships between open-source engineers/cypherpunks and regulators. It's difficult to get them to talk together. It's a reality. Some people think regulators are enemies. Regulators have difficulty understanding what open-source engineers think. There's a lack of transparency. We regulators are ready to engage and communicate with other stakeholders. There's no such praise for this yet. We need to solve this, and help figure out coordination, solve misunderstandings, and figure out blockers for innovation.
Sometimes the engineers feel that regulators try to stop everything, but we're not doing so. The regulators sometimes think we need to put all the engineers on these issues in jail, but that's not the case either. There's a lot of misunderstandings that we need to resolve.
Sometimes countries impose sanctions. This might encourage engineers to invest more in anonymization, and then speak with regulators even less. The long-term goal should be to develop a healthy governance for a blockchain-based financial system.
The blockchain-based financial system
This picture might be idealistic but, we need to realize not just regulation but also code and market and nodes as a way to view this ecosystem. There's regulators, engineers, rule of law, code as law, market forces, and consumers. We need to come up with a better system together. In a few years, what we should do---
We will host the next conference in Spring and invite all the different stakeholders from engineers and stakeholders to discuss how we can proceed with this effort. Also, we hope we will make this kind of dialogue work and be effective. We hope that this can be hosted regulary to enhance communication among stakeholders.
Q: Which bitcoin developers are really reviewing any of the technical work at these regulated companies? I see no indication that these reviews are particularly thorough on the tech side. This has major implications for financial system stability. Is this the same in Japan or are things more thorough?
A: We have 3 defined groups within the Japanese FSA. We have one, then a regulatory side, then the promoter side of innovation. Within the promoter side, we often discuss with engineers in this space. In this team, we understand many technology initiatives, but at the same time, we have difficulties educating regulators and exchange knowledge. I think other regulators have similar challenges. Dedicated teams to understand technology is hard.
Q: I am reminded of the European Banking Authority in July 2014 (2016?) asking the european banks to not get involved in cryptocurrency until a clear governance process is put in place. To me, that sounds like wishful thinking. I am not so sure that we have to develop healthy governance processes--- but instead, help to correct any kind of misunderstanding.
A: Regulators don't regulate technologies. Still, we should pay attention to technologies. We should be involved in discussions with engineers and communities. Not top-down regulation or prohibition on technologies or something like that. Of course, the engineers discuss themselves how they develop technologies and which ones are best for the future. In these discussions, regulators would like to get involved and be present and have social interest to kind of stay informed and inform each other that this technology has some sort of implication on society, governance or regulation or something. The sentence from the G20 FSB document doesn't mean regulators should regulate technologies, but they should get involved in discussions in the open-source community.
Q: What about the travel rule? It means they need to exchange name and address of the participants. What's the status of this one? It sounds like madness to have a global database for that. How is that conversation going?
A: I don't personally get involved in such discussions. In my opinion, this discussion is very difficult because regulators have a limited capacity to understand technological characteristics. It also has a significant implication on the ecosystem. My personal opinion is that before publishing regulations, they should have more communication with other stakeholders. But most regulations are already published; countries then have to implement that regulation by some deadline or whatever. I think that's next year. We need to enhance communications with exchanges and FSA and the one that proposed that travel rule. They are having lots of conferences with stakeholders among other regulators. They are making effort to understand the implications and come up with new solutions. I personally don't know what the status really is, at this very moment. But there's an effort to proceed and mitigation all the risks that the industry are talking about.
Q: It's scheduled to go into effect soon, and nobody has a protocol or plan.
A: The international regulations of all the member countries need to implement by the implementation phase's end. They decided to implement this regulation by the end of this year or next year, but then it might turn out it's very difficult to implement within that timeframe, and then they will get together to discuss again and it will be postponed. That's a lot of the cases. I'm not sure how much can happen in this case. Also, it needs to be peer reviewed by other countries.