By Daniel L. Farris
The European Securities and Markets Authority – a top EU security watchdog – published a paper last week calling for new regulation on so called blockchain technology in financial markets. The comments come as financial markets are experiencing a rapid increase in virtual currencies and the underlying Digital Ledger Technology that supports them.
ESMA has been “investigating” the rise of blockchain since 2013, and now says it has concerns about governance gaps and cybersecurity risks in the technology. “ESMA believes that the DLT will need to overcome a number of possible challenges and shortcomings before its benefits can be reaped. Some of these challenges are related to the technology itself. Others are mainly related to possible governance, privacy and regulatory issues,” the agency said.
ESMA is another voice in a growing chorus supporting greater regulation of DLT in Europe. In May, the European Parliament moved a step closer to regulating virtual currencies (like Bitcoin) by creating a new task force to consider virtual currency technology and regulatory issues surrounding it. The European Commission is also assembling its own team of experts to monitor developments and weigh the benefits and risks or virtual currency technology in financial markets.
The new regulatory focus comes as banks and technology companies are dedicating more resources to DLT implementation. Last year, 42 large multinational banks banded together to form R3 consortium, a partnership to develop standards and implement blockchain technology cross-platform. Microsoft recently announced a partnership with R3 to develop a “blockchain as a service” cloud-based product suite.
The benefits of DLT are many, including faster clearing and settlement of financial transactions, reducing the number of intermediaries involved in transactions, and creating efficiency in the reconciliation process. DTL is being considered as a method to issue digital securities, track ownership, and even provide greater transparency and regulatory reporting. Nonetheless, “[l]egal issues, such as the legality and enforceability of the records kept on the DLT, also need to be carefully considered,” ESMA said in its paper. “Differences in securities and company laws across the EU may also interfere with a wide deployment of the DLT in securities markets in the EU.” ESMA also raised potential cybersecurity risks, noting that a criminal who gains access to the shared ledger could not only access information stored at the point of attack, but also potentially the full breadth of sensitive information stored by the financial institution.
As investment in not only blockchain technology grows, but as Fin Tech implementation increasingly moves to the cloud and mobile platforms, financial institutions must prepare for greater cybersecurity risks and increased regulation. While DLT holds substantial promise, capturing the cost savings will likely come with new or additional regulatory compliance obligations.
For assistance in understanding how EU or other financial industry regulations may affect your company, auditing privacy and data security compliance programs, or developing transatlantic data transfer programs, please contact the author or a Polsinelli Privacy and Data Security team member.