Highly regulated industries such as Finance need to know who they are dealing with and who they can sell to. While Bitcoin is ideal for people to transfer funds to each other securely, the regulated financial institutions need to comply with a host of regulations. The prime difficulty for regulated firms with using public blockchains is that in order to comply with Know Your Client (KYC) regulations, they need to know more about a person than 16SrTvZ1sBoJD6tVJXi2j6gVBqGWng3Ucx and in particular who they are, where they live, what their investment objectives are, and their appetite to risk in order to build a sensible profile. There are also issues around Anti Money Laundering (AML) compliance and the origin of funds, and in the absence of a better solution this leads to a database of whitelisted addresses for each customer.
The power of a permissioned, public blockchain is in having a robust decentralised network and allowing groups to form and put the rules in place to allow them to run their businesses in a compliant way.
Bitcoin is the original blockchain that was born out of the Financial crisis of 2008, and created a blockchain with a limited number of coins as a reaction against the institutional printing of money, and devised a way to allow peer to peer payments to be made in a decentralised, trustless environment.
Public blockchains are decentralised, which makes them robust, and minimise the connections between two parties. We don’t see the equivalent of correspondent banks, agencies or other middlemen in the interactions on chain. Public blockchains are very transparent, anyone with a block explorer can see what transactions are being made and the addresses involved, although they can’t know who is behind a given address. The records are immutable and secure, while it could be possible to attack or hack a blockchain it is a very expensive operation and the rewards often do not make it worthwhile.
Private Permissioned Blockchains
Private, permissioned blockchains solve the issue of who has access, but in the process take the benefits of a robust decentralised network with them. The trust is baked in as the blockchain is run by known participants, they can use the shared ledger to store and access data securely and can build more complex applications as they don’t need to worry about running their software on a decentralised (trustless) network. There is a place for private blockchains but they come at a cost of robustness and transparency and are centralised by definition.
How would a Public, Permissioned Blockchain work?
It is possible to build a public, permissioned, blockchain and for it to remain decentralised.
While this may alienate the cyber-purists who abhor any control or hints of authority, and on the other side the advocates of private blockchains who get nervous about a possible loss of control, it is worth examining for the application of highly regulated businesses being able to take advantage of decentralised technology.
The blockchain is built as a public, decentralised blockchain with a form of Proof of Stake (PoS), and a Byzantine Fault Tolerant (BFT) Consensus mechanism. The BFT gives instant finality with tolerance of up to 33% of malicious validators colluding, and the PoS consensus mechanism provides a second line of defense such that there is a mechanism to punish dishonest validators through being able to remove some or all their stakes. A third layer could be introduced with some disclosure required from the validators to give some means of screening who runs the network.
The most important part of the permissioned, public blockchain is that the granting of permission is not done by a central authority and thus compromising the decentralised nature of the blockchain.
The permissioning is built in so that a community can determine who can transact with whom. In the context of regulated financial institutions this would be determined by the jurisdiction of the regulatory body. The granting of permissions could be done by the regulators but is more likely to be done in a transparent way by the regulated institutions who would need to demonstrate compliance to the regulators.
The permissioning does not need to be limited to the participants of a community, further permissioning is built at the asset, token, Non Fungible Token (NFT), or coin level. This combined with the permissions set at the participant level means that an asset may be traded between a restricted list of participants in given circumstances and in others towards a wider set.
For example, an investor may only be able to buy funds that have approval for retail distribution but they may not participate in the wholesale tokenised equity markets.
Using this model the permissioning works for the creation of any group based around some criteria and it scales so that it is possible to have many groups based on the jurisdictions of the various regulators around the world. A global investment bank is a member of many groups, and this mirrors the current regulatory frameworks and in detail it would be the companies the bank registers in the country or area where they do business which is a member of the group.
The creation of groups within the public, permissioned, blockchain can be thought of islands and there are no restrictions on who can create a group and that the group can determine the permissioning on who can do what. This way the blockchain remains decentralised, and public, and at the same time there are islands of centralisation that by nature are self-sovereign.
How do the groups work?
A group can be formed, for example, in Switzerland where financial institutions are regulated by FINMA. FINMA could take the lead in creating the group and authorising the institutions wishing to onboard who they regulate, alternatively the market participants form a group and ensure they comply to their local regulations and determine the permissions of the group.
The founder member can give permission to others in the capacity of a community member, and one enhancement to this would be in requiring the community members to have tokens held in escrow and in the event of them not adhering to the rules, they can be “fined” by having the tokens removed and are removed as members. The community specify the permissions needed within their community in order to do business.
Why Public? Why not!
Having a robust, secure, decentralised blockchain is the foundation of the businesses that transact on the blockchain.
There are many arguments about blockchains not being able to cope with the volume of data that traditional systems enjoy and point to the millions of transactions that occur. While Bitcoin has slow transaction times, by design, there are newer blockchains achieving much higher speeds without compromising integrity and are using BFT consensus mechanisms.
The second concern from the finance community is around exposing sensitive data on a public blockchain. This is a legitimate concern, and should be addressed by ensuring that only the data needed on chain as part of an immutable data source is held on chain. Clearly porting the current way of doing things onto a blockchain is a bad idea, and it will need some deep analysis as to what is stored. By recording trading data on a blockchain it potentially exposes an institutions positions and thus gives away sensitive market data. There are several mechanisms which could be used to address this such as the introduction of a time delay to settlement so that the position data is not current, or to create a large number of wallets to obfuscate the data.
A public, permissioned, blockchain built around communities solves many of the issues faced by regulated industries to demonstrate compliance.
The regulations in Finance are in place to protect people, and to some extent the crypto world of unregulated markets has not covered itself with glory, with the scam ICOs, or the wild west of crypto trading (wash trades, pump and dump and spoofing being widely seen). Rather than finding ways to avoid the regulations designed to protect investors and create a fair playing field, a public, permissioned, blockchain might just be the answer to build businesses in an environment that complies with regulations?