Distributed ledger technology: a regulatory conundrum

With one financial regulator in Europe already having introduced rules on the use of distributed ledger technology, we consider whether others will follow suit.

2 March 2018

An increasing awareness among financial regulators of the benefits and risks of distributed ledger technology, such as the blockchain which underpins cryptocurrencies, has revealed the conundrum it poses – to regulate or not to regulate?  With one financial regulator in Europe already having introduced rules on the use of distributed ledger technology, we consider whether others will follow suit.
On 1 January 2018, the Gibraltar Financial Services Commission (GFSC) became the first regulator to introduce a framework to regulate the use of distributed ledger technology (DLT). While DLT is not currently the subject of UK or EU regulation, the pace of discussions around its applications in the financial sector highlights that regulators are now starting to grapple with this rapidly evolving area. 

What is DLT?

A distributed ledger is essentially a database that can be shared across a network of multiple participants. Unlike a traditional ledger which is controlled from a single source, a distributed ledger can be updated by multiple participants accessing the database from various locations. Each participant has access to an identical copy of the database and any changes are reflected virtually simultaneously across the network. 
The concept of a shared database is not new, but the main advantage of DLT is that it allows information to be shared both securely and efficiently. Thinking of each record or entry in a distributed ledger as a block, any change to the ledger is effected by the creation of a new block. 
Each new block is attached to the previous block, effectively creating a chain of blocks which acts as an audit trail of information and is difficult to tamper with. Individual blocks cannot easily be deleted and the public nature of the database means that a complete history of every transaction relating to a particular record or entry is permanently available. 
While Bitcoin is arguably the most public example of DLT in practice, the potential applications of the technology extend far beyond virtual currencies. Its use in securities trading, post-trade settlement and cross-border payments have all been promulgated as offering considerable advantages to the financial services sector. 
Other possible functions of the technology include assisting with mortgage loan applications, maintaining company and/or land registries, managing insurance claims and assisting with know your customer (KYC) and identity checks. 


Since the start of the year, all Gibraltar-based firms using DLT for the transmission or storage of value belonging to others need to be authorised by the GFSC as a DLT Provider. By providing regulatory certainty in a rapidly evolving area, Gibraltar aims to encourage firms carrying out DLT activities to develop new and innovative business models and products by offering them a safe and progressive environment in which to operate. 
The aspiration of the GFSC is to grow talent and skills in the fintech area and in particular to provide Gibraltar with a competitive edge that will position it as a major player in the global financial sector. 
The regulatory framework adopted by the GFSC recognises the evolving nature of DLT and the novel business activities, products and models involved. Rather than adopt rigid rules which are likely to become outdated quickly, the regulatory framework is designed to be purposefully flexible. All DLT Providers are subject to a set of nine principles (the DLT Principle) to which they must adhere during the lifecycle of their product or service. 
The DLT Principles are:

  1. A DLT Provider must conduct its business with honesty and integrity.
  2. A DLT Provider must pay due regard to the interests and needs of each and all of its customers and must communicate with its customers in a way which is fair, clear and not misleading.
  3. A DLT Provider must maintain adequate financial and non-financial resources.
  4. A DLT Provider must manage and control its business effectively, and conduct its business with due skill, care and diligence; including having proper regard to risks to its business and customers.
  5. A DLT Provider must have effective arrangements in place for the protection of client assets and money when it is responsible for them. 
  6. A DLT Provider must have effective corporate governance arrangements.
  7. A DLT Provider must ensure that all systems and security access protocols are maintained to appropriate high standards.
  8. A DLT Provider must have systems in place to prevent, detect and disclose financial crime risks such as money laundering and terrorist financing.
  9. A DLT Provider must be resilient and must develop contingency plans for the orderly and solvent wind down of its business.

In determining whether a principle is met, the GFSC may apply existing regulatory provisions from other frameworks, and may have regard to any similarities which exist with other business models and products. The DLT framework will only apply to activities that are not already the subject of regulation under another framework, with these activities continuing to be regulated by such existing frameworks. 

The UK

There is no regulation of DLT itself in the UK at present, although certain activities related to DLT may fall under the scope of existing regulation, such as contracts for differences (CFDs) based on cryptocurrencies. UK regulators have been actively engaging in discussions on DLT and its potential advantages and disadvantages and last November the Financial Conduct Authority (FCA) issued a consumer warning about the risks of investing in cryptocurrency CFDs. 
In April 2017, the FCA published a discussion paper (DP17/3) on DLT in which it considered the potential benefits and risks associated with its use in the financial services. In its feedback statement (FS17/4), the FCA re-iterated its ‘technology-neutral’ approach and noted that there were no substantial barriers to adopting DLT technology under the current regulatory framework. Although no changes to the FCA’s Handbook of Rules and Guidance were proposed at the time, the FCA did note its commitment to keeping the position under review and to maintaining an open dialogue with interested parties.  
In February 2018, the House of Common’s Treasury Select Committee launched an inquiry into digital currencies in which it will examine the potential impact of DLT on financial institutions. One of the objectives of the inquiry is to consider the regulatory response of the Government, the FCA and the Bank of England to digital currencies and anti-money laundering legislation, and to look at how regulation in this area could provide adequate protection for consumers and businesses whilst still encouraging innovation. 
The inquiry follows the recent volatility experienced by Bitcoin, Ethereum and Ripple in which huge fluctuations in price have triggered calls globally for a wider regulatory review. 

The EU

As in the UK, DLT is not currently the subject of specific regulation at an EU level. The European Securities and Markets Authority (ESMA) did however publish a report in February 2018 on DLT applied to securities markets in which it considered the need for regulatory action to facilitate the benefits of DLT or, where necessary, to mitigate against its risks. 
In summing up its findings, ESMA adopts a similar approach to that taken by the FCA and does not believe that there are any major impediments in the EU regulatory framework preventing the emergence of DLT in the short term. Given the evolving nature of DLT and the limited examples of its practical applications to date outside of cryptocurrencies, ESMA are of the view that it is premature to anticipate the regulatory response which will be required. 
The ESMA report acknowledges that DLT is likely have implications beyond financial regulation, with issues of corporate, insolvency and competition law all requiring further consideration. While no regulation is currently anticipated, ESMA are continuing to monitor the market with a view to assessing whether a regulatory response may be required in the future. 

Future developments

While Gibraltar is the only jurisdiction to date to have implemented a general regulatory framework for DLT as a technology, it is clear that other jurisdictions are considering their own regulations either for the general use of DLT in the financial sector or for specific applications of the technology, such a cryptocurrencies. 
Malta is currently consulting on a framework for the certification of DLT platforms in which three new pieces of legislation will be introduced. Estonia, who last year mooted the idea of issuing their own virtual currency in the form of the ‘Estcoin’, already apply additional requirements in relation to Bitcoin trading and are likely to revisit the topic of regulation. 
Within the last fortnight, Autorité des marchés financiers, the stock market regulator in France, released a statement confirming its view that online platforms which offer cryptocurrency derivatives fall within the scope of Markets in Financial Instruments Directive II (MiFID II) and the European Market Infrastructure Regulation (EMIR) and such platforms must therefore comply with the authorisation, conduct of business rules, and the trade reporting obligations.
In a separate development, Austria’s finance ministry announced it intends to extend regulation beyond cryptocurrency derivatives to cover cryptocurrencies themselves, using as a model its existing rules for the trading of gold and derivatives.
With the Treasury Committee re-opening the debate in the UK and ESMA committing itself to reviewing the need for EU regulation on an ongoing basis, the question of whether and how to regulate DLT is far from settled.