The European Banking Authority (EBA), charged with harmonizing banking across the EU, has devoted 13 pages of its latest 56-page Fintech report to assessing two potential use cases in banking for “distributed ledger technology” (DLT, although sometimes called “blockchain”).
And while its not all sunshine and roses, the “Report on Prudential Risks and Opportunities Arising for Institutions from Fintech,” released July 3rd, paints a pretty picture of how DLT could strengthen economies and streamline trade finance, which is “currently grounded on paper-based contracts travelling around the world with settlements that may take weeks, resulting in a rather inefficient process.”
Nonetheless, despite its excellent potential of DLT, the EBA found that immaturity and spin off complixities in the implementaion of DLT tech continue to pose risk to trade and finance security. As well, jurisdictions will have to harmonize pertinent laws if smart contracts are to hold up on transnational trade routes.
According to the report, banks are currently key in helping companies manage risk in domestic and transnational supply chain work because they providing the bank guarantees and letters of credit needed to release goods at customs and assure a supplier is paid when a customer receives goods.
But the creation and verification of trade letters is often labourious and slow and often, manifold signing parties (including “insurance companies, carriers, stevedores, custom offices, shippers and controllers”) must receive documentaion, and reconcile the info in their own distinct registries before they can forward the physical documentation that would allow a trade to proceed.
To make matters worse, if the negotiating parties are in different countries, letters of credit and guarantees may also have to pass through several “correspondent banks.”
Enter DLT and Smart Contracts
Obviously, this situation is ripe for disruption, but whatever is implemented must provide a reliable record.
Distributed Ledger Technology is accordingly promising because it could, “allow a common ledger to be shared across networks of computers.”
The report refers to blockchain, but says that many of the features described in the report, “are also applicable to other types of DLT.”
Because blockchains and similar DLTs are distributed among all parties and settled by consensus (meaning all the computers in the system must agree to record the same information in the same sequence before it can be added) and because the information is sealed by encryption, the information a DLT carries is theoretically “more difficult to tamper with” than many current systems of data storage and record keeping.
The idea with DLT, states the report, is that, “the need for a central counterparty would disappear, as participants could rely on the platform itself.”
The report identifies different axes of distributed ledger, including public and private; restricted and unrestricted; permissionless and permissioned.
“In public ledgers, anyone has access to read the ledger while, in private ledgers, they need to be granted access. In some private ledgers, only those involved in a transaction are allowed to read it… (I)n unrestricted ledgers, anyone is able to create transactions while, in restricted ledgers, authorisation is needed in order to create transactions….(I)n permissionless ledgers, anyone can validate transactions and include them permanently in the ledger while, in permissioned ledgers, only some members are able to do it.”
The report cites Bitcoin as, “the first…unrestricted, public and permissionless implementation of a distributed ledger for digital exchanges that stands as proof of every transaction on the network.”
Banks are more likely to use a permissioned, restricted and private DLT.
And while they have been around since the 1990s, smart contracts have lately, “generated great expectations, especially in conjunction with DLT,” because they can be, “executed automatically on multiple distributed nodes upon fulfilment of pre-defined conditions…”
For example, a scanner could read tags on a set of arriving shipping containers and that data then fed to a smart contract, which could trigger payment.
Smart contracts may also:
“…store the status of a transaction (such as a certain package’s current position in a supply chain), to avoid having to go through the list of records in the DLT, and their execution can be triggered by another contract, by an individual or by a group of individuals…”
Contrary to some sweeping claims, not all aspects of contracts can be automated nor all lawyers “disintermediated.” Lawyers, says the report, will still be required to help with interpretation of terms, and, I would add, the considerable work of aligning relevant laws in participating jurisdications.
Ultimately, sprawling paper trails could be cleaned up considerably, and, “A shared view (of data, invoices, payment status, photos or any other useful information) could rationalise the manual effort and reconciliation processes, with consequent savings in time, money and resources”:
“At the time of writing this report, the use of DLT and smart contracts for trade finance was still a prospective use case, as a number of entities had developed proofs of concept to verify its feasibility and potential, but DLT had not replaced the traditional processes.”
Jurisdictional Issues in Smart Contracts
Given the transnational nature of the EBA’s oversight, the bank looked next at, “potential legal and compliance risks (that) could arise…” for distributed ledger networks with “nodes” (data centres) located in various jurisdictions with potentially conflicting laws.
Governance issues also loom. Transnational DLTs for trade finance, says the report, would need dispute resolution mechanisms in the event of conflicts arising from, “overall governance and management of the model”:
“Despite the use of DLT, the risk of forged papers could arise again if not all the participants accept the use of digital documents. Potential compliance issues with the relevant regulations could arise, for example on personal data protection if sensitive personal information is revealed; on competition laws, especially when joining consortia; or on AML/CFT (anti-money laundering and countering the financing of terrorism).”
Despite the improved security of DLTs in many regards, the EBA believes they could be gamed by criminal interests. “As this technology potentially allows less physical analysis of documentation, DLT could lead to abuses for money-laundering and terrorism-financing purposes.”
Part of governing an international trade ledger would have to involve determining consequences for its abuse. Governance would also be needed to help render even mundane decisions regarding, “who is allowed to participate in the ledger and each participant’s role, how to proceed if one member loses its private key or whether or (not) a member could be expelled from the platform on the grounds of non-compliance with the governing rules…A lack of adequate governance could have a negative impact leading to operational and reputation risks.”
Measures would also have to be considered regarding how to prevent a consortium’s misuse or monopolization of a shared ledger, “leading to macroprudential concerns, i.e. a possible single point of failure,” so that the thing doesn’t function more as one big target or honeypot:
“Furthermore, the sums involved in trade transactions could incentivise internal or external fraud, including at the level of organised crime. An attacker could exploit a vulnerability in the weakest node to steal its private key, to forge a node or to access sensitive data of persons or companies, especially when data is stored in clear text…Additionally, when smart contracts need to send or retrieve external data, they rely on external services, the so-called oracles, which could also be attacked or unavailable.”
The report cautions that, as demonstrated in Bitcoin, updating a large, public network can be a complex and time-consuming procedure: “Computer code is distributed throughout the DLT, and correcting a mistake in every node becomes challenging.”
The report outlines a number of other possible risks, which are nothing to sneeze at, but concludes that the efficiencies of DLT and smart contracts, by “reducing processing costs…(could) encourage institutions to boost their trade finance business, with the possibility of enlarging their customer bases.”
The report is embedded below.
[scribd id=383342669 key=key-xDM6MqxOyCdQTfGoy1NM mode=scroll]