As the Cayman Islands, Bermuda, the BVI and other offshore jurisdictions position themselves as FinTech hubs, there are certain regulatory risks and challenges that each jurisdiction must overcome in this new blockchain era.
Blockchain has been widely touted as the most significant technology of the last 20 years, with the potential to revolutionise the financial services industry across a range of applications, from crypto-currencies to smart contracts, to fully automated clearing and settlements systems for payments.
Crucially, blockchain networks can operate securely without the need for any central administrator, and the technology can work for almost every type of transaction. The technology is particularly appealing as a possible replacement for existing processes, which are largely manual, labour-intensive and paper-based but require sensitive information to be transferred and stored in a secure manner, for example, know-your-customer (KYC) processes for identifying new clients. Its potential uses are almost limitless.
Offshore financial centres have a large stake here and are well placed to become attractive destinations for technology entrepreneurs looking for a neutral jurisdiction for their global operations. As the Cayman Islands, Bermuda, the BVI and other offshore jurisdictions position themselves as financial technology (FinTech) hubs, there are certain regulatory risks and challenges that each jurisdiction must overcome as the new era of blockchain-based financial services gains traction.
Risks and Challenges
Financial and banking stability, alongside consumer protection are the key objectives for all regulatory authorities, but, to date, many offshore authorities have issued little in the way of regulatory guidance or control principles around blockchain. Some of the main challenges facing offshore centres are:
Blockchain technology is, by its nature, a shared system, which leads to questions about which activities should be regulated, how activities should be regulated and by whom they should be regulated. As a result, organisations that make use of it will have to pay careful attention to allocating responsibilities appropriately given the absence of a central point of authority.
There are also implications where organisations engage third party service providers. Sufficient oversight of the providers' activities will be required to fulfil regulatory obligations.
These concerns can be allayed in part by using a 'permissioned ledger' and putting in place a governance structure among participants to deliver proper notification to customers through an agreed mechanism. The blockchain platform could also agree a set of rules and policies to be followed by all participants and then share these with customers and regulators.
2) Security Resilience
The strength of the security afforded by a particular form of encryption is continually under challenge. Blockchain networks will need to establish mechanisms to ensure that appropriate levels of encryption are maintained and that these include responsibilities for the safe custody of encryption keys.
Blockchain technology does, however, bring unrivalled security benefits. Hacking attacks that commonly impact large centralised intermediaries are almost impossible on the blockchain. If someone wanted to hack into a particular block, a hacker would not only need to hack into that specific block, but all of the preceding blocks going back the entire history of that chain, and they would need to do it on every ledger in the network, simultaneously.
3) Data Protection
One of the major benefits of blockchain technology is its immutability, meaning that data stored on the chain cannot be altered or deleted. This could also create a problem, because in theory there could be no ‘right to be forgotten’ in the context of blockchain. However, personal data can be kept off blockchain ledgers altogether by replacing the data with an encrypted reference to the data – a ‘hash’. These hashes or digital fingerprints prove that data did exist at a certain date, without the data itself appearing on the chain.
Encryption controls, limiting the accessibility of personal data hashed in the blockchain, is a viable solution for data protection compliance. While encrypted personal data may still qualify as ‘personal data’ under new data protection laws, as long as the holder of the data possesses the encryption key and those keys are only made available in circumstances dictated by the individual data subject, then it is difficult to see the objection from a data protection perspective.
4) AML Compliance
Blockchain's ability to replace paper trails with easily auditable digital trails offers many possibilities in the reduction of financial crime. Anti-money laundering (AML) regulations generally require organisations to keep easily accessible records of customer identities and transactions. To be effective, a blockchain solution would require network adoption by a number of organisations. However, this represents one of the biggest challenges to implementing a blockchain solution in the AML space, as regulated entities are often reluctant to outsource or share their AML responsibilities with third parties, even other regulated entities. How and whether blockchain solutions will change this approach remains to be seen. The potential global economic benefits from added efficiencies inherent in blockchain-based AML solutions would be immeasurable, but at this stage it is unclear to what extent international AML standards will be adapted to embrace the opportunity for change.
A Leading Offshore Role
Given the challenges above, one way for offshore financial centres to take a leading role in the fast moving FinTech sector would be to demonstrate success with an initial, modestly aimed blockchain proposal, perhaps between a number of local banks, in a regulatory “sandbox” or similar structure under the supervision of the regulator. This would provide an opportunity to gain experience and learn from a close evaluation of blockchain technology as a business tool and secure an offshore advantage in what is an increasingly competitive field.
Partner in the Corporate and Regulatory BVI practice groups at Appleby. Andrew has extensive experience in corporate, banking and finance, and capital markets transactions, with particular emphasis on clients in the mining, oil and gas, energy, and natural resources sectors.
Partner within the Corporate department and Joint Global Head of Technology & Innovation, specializing in Fintech and the Digital Asset Business Sector. He practises in the areas of corporate finance, capital markets, regulation and intellectual property.
Counsel in the Corporate Group and co-head of Appleby’s Global Technology and Innovation Group. He specialises in privacy, data protection and strategic corporate-commercial and regulatory work in the technology and innovation sectors.
Bermuda, British Virgin Islands, Cayman Islands, Guernsey, Hong Kong, Isle of Man, Jersey, Mauritius, Seychelles and Shanghai.