Factors to Consider When Implementing DLT?
As discussed, DLT applications have already impacted the securities industry. Many financial institutions have already established in-house or third-party research teams to build and test DLT networks and applications. FINRA’s report provides a good high-level summary of the obvious factors to consider with implementing DLT technology in capital markets, including governance, operational structure and network security.
A basis of DLT technology is that it is an open network with no centralized governing power or operator. FINRA notes that although there are benefits to this system, there are also issues, such as how to handle a large volume of transactions effectively. As a result, closed networks have started where participants are pre-vetted trusted parties. In the capital markets, questions will need to be answered related to the operation of the network and who has responsibility for what aspects—for example, who would decide governance and internal controls and procedures, who would enforce these governance rules, who would be responsible for day-to-day operations, including addressing system failures or technical issues, and how errors would be rectified and conflicts of interests addressed.
Any DLT Network will need to consider its operational structure, including a framework for: (i) network participant access and related onboarding and offboarding procedures; (ii) transaction validation; (iii) asset representation (such as shares of stock); and (iv) data and transparency requirements.
A network will need to establish criteria and procedures for establishing and maintaining participating members and determining their level of access. Controls and procedures will need to address: (i) criteria for participants to gain access to the network; (ii) a vetting and onboarding process, including identity verification and user agreements; (iii) an offboarding process for both involuntary offboarding as a result of noncompliance and voluntary offboarding; (iv) monitoring and enforcement procedures for compliance with rules of conduct; (v) establishing various levels of access; and (vi) access for regulators.
Networks will need to determine a method for transaction validation. In the short history of blockchain, there have already been different methodologies. Validation could be consensus-based, single-node verifier or multiple-node verifier. Each method has pros and cons, and the specific algorithms and processes would need to be ferreted out.
On the topic of asset representation, networks will need to determine if the actual asset will be directly issued digitally (which only works for certain assets such as intangibles, stock or agreements representing ownership interests) or issued traditionally and be tokenized on the network. If tokenized, further thought must be given to security, handling loss or theft of the underlying asset, fractionalization issues, handling changes such as reverse or forward stock splits or conversions, and new issuances as some examples.
Likewise, thought must be given to the handling of cash on the network, including the settlement of transactions. In that regard, could tokens become a form of cash and if so, how would they ultimately be converted into established government currencies? Ownership in almost any asset could also be tokenized (such as diamonds, gold, precious metals, art, etc.), creating issues of custodianship and security for the underlying asset. Intangible assets would be relatively easy to tokenize. Fungible assets would be easier than non-fungible assets, with unique assets being the most difficult.
A network will need controls and processes related to data transparency, including public or shared information versus private information.
In addition to the security of the underlying asset, there are security concerns with the network itself. The issue is more complex due to the decentralized nature of, and global access and participants to, the network. A DLT Network must have security for external and internal risks while maintaining the privacy of personal information for network participants.
Network participants will need to consider: (i) how DLT fits within their current recordkeeping framework, including maintenance and backup systems; (ii) cybersecurity issues, including hacking, phishing, malware and other forms of threats and program and testing requirements; (iii) updating written supervisory procedures and policy procedures; and (iv) business controls for identity and transaction verification and fraud prevention.
Broker-dealers are currently exploring issuing and trading securities, facilitating automated actions such as dividend payments and maintaining transaction records on a DLT network. These areas are regulated by both the SEC and FINRA. The FINRA report points out the potential for a “paradigm shift for several traditional processes in the securities industry through the development of new business models and new practices incorporating DLT” that requires regulatory attention.
This shift may quite possibly occur in a shorter period of time than many predict. It is probably that the role of transfer agents is minimalized or completely changed to a reviewer of opinion letters for legend removals; the DTC will be correspondingly changed and much less powerful; there will no longer be a separation between clearing firms and introducing brokers, and all trades will clear instantaneously (t+0).
The FINRA report specifically discusses some major areas of consideration, including: (i) customer funds and securities; (ii)
Customer Funds and Securities
DLT will create new ways to hold customer funds and securities and thus custodial changes. Broker-dealers that hold funds and securities must generally comply with Exchange Act Rule 15c3-3, which generally requires the broker to maintain physical possession or control over the customer’s fully paid and excess margin securities. Where funds and securities are purely digital, such as cryptosecurities, consideration will need to be made over how they are accounted for and who has the obligation. In addition, certain activities and access levels could amount to “receiving, delivering, holding or controlling customer assets” such as having access to a private key code for a customer.
Also potentially implicated in this area are Exchange Act Rule 15c3-1 related to net capital requirements, FINRA Rule 4160 on verification of assets, and Exchange Act Rule 17a-13 related to quarterly security accounts.
Broker-Dealer Net Capital
Exchange Act Rule 15c3-1 requires a firm to maintain a minimum level of net capital at all times. The FINRA Rule 4100 series sets forth the rules and requirements for complying with net capital requirements, including calculations and which assets are allowable or non-allowable within those calculations. Regulations need to address how cryptosecurities, digital currency, and tokens in general will be accounted for, for purposes of net capital calculations.
Books and Records Requirements
Exchange Act Rule 17a-3 and 17a-4 and FINRA Rule 4511 regulate book and record requirements for broker-dealers. DLT allows books and records to be maintained on the network itself, though consideration must be made as to how this will comply with regulations, and what changes need to be made with the regulations to update for the new technology.
Clearance and Settlement
Many believe that DLT could have the biggest impact on clearance and settlement from a pure industry disruption viewpoint. FINRA notes, “Depending on how trade execution and settlement is ultimately structured, broker-dealers and other market participants may wish to consider whether any of their activities in the DLT environment meet the definition of a clearing agency and whether corresponding clearing agency registration requirements under Section 17A of the Exchange Act would be applicable.”
In addition, as mentioned, DLT could eliminate the distinction between introducing and clearing brokers and the corresponding carrying agreement rules.
Anti-money Laundering and Customer Identification Programs
DLT allows for global and anonymous participation, and accordingly practices and regulations will need to address anti-money laundering (AML) and customer identification obligations (CIP). The Bank Secrecy Act of 1970 requires controls and procedures to detect and prevent money laundering. FINRA Rule 3310 addresses AML obligations. For more on this topic, see HERE.
In addition, FINRA Rule 2090, the Know Your Customer (KYC) rule, requires firms to “use reasonable diligence, in regard to the opening and maintenance of every account, to know (and retain) the essential facts concerning every customer and concerning the authority of each person acting on behalf of such customer.” Technology is already being explored to centralize identity management functions such that once a customer identity is verified, the information can be shared with all network participants. Obviously this would greatly streamline processes for broker-dealers and customers alike.
It is likely that DLT technology will surpass regulatory changes in the AML/CIP/KYC sectors. The FINRA report notes that the current rules allow a firm to outsource functions to third parties, but not overall responsibility. Accordingly, a firm could utilize DLT technology for these functions now if they can fashion internal controls and procedures that comply with the ultimate rule responsibilities.
Customer Data Privacy
Broker-dealers have an obligation to protect personal customer information (Regulation S-P). The rules also require that a firm provide an annual notice to customers related to the protection, and sharing, of their personal information. DLT by nature will include customer information and transaction histories that will be available to network participants. Regulations, as well as internal controls and procedures, will need to adapt for DLT technology.
Trade and Order Reporting Requirements
FINRA regulates the trading and order reporting requirements for the over-the-counter markets (OTC Markets) and requires certain reports to a centralized Securities Information Processor for listed securities. DLT may be soon be used for the facilitation of OTC Markets equity transactions. This may involve tokenizing existing securities and trading on a different network. FINRA Rule 6100 Series (Quoting and Trading in NMS Stock), Rule 6400 Series (Quoting and Trading on OTC Equity Securities), Rule 4550 Series (Alternative Trading Systems) and Rule 5000 Series governing offering and trading standards and practices would all be implicated.
Supervision and Surveillance
DLT networks will present new and unique challenges related to maintaining supervisory rules and procedures as well as surveillance systems themselves. This area includes the ability to review customer accounts and correct order errors. Like other areas of DLT technology, centralized systems available to all network participants are being developed that can perform some of these functions.
Fees and Commissions
Certain additional fees may be necessary for a DLT network, such as wallet management, key management and onboarding, whereby other areas may reduce fees as centralization brings economies. In addition, consideration must be given to the payment of fees to third parties that are not registered broker-dealers but that provide DLT outsource functions.
Customer Confirmations and Account Statements
Exchange Act Rule 10b-10 requires firms to provide customers with certain records, including trade confirmations and account statements. DLT technology will change the flow and availability of information.
Material Impact on Business Operations
NASD Rule 1017(a)(5) requires broker-dealers that undergo a material change in business operations to file a Continuing Membership Application (CMA) prior to implementing the material change. Many of the aspects of DLT technology may result in a material change, and broker-dealers need to consider the need to file 1017 applications.
Business Continuity Plans
FINRA Rule 4370 requires broker-dealers to maintain business continuity plans. Firms must consider the impact of DLT technology on their plans and update accordingly.