The use of blockchain in financial services would need to be carefully regulated with access restricted to only approved participants. Institutions should also be required to use "kill switches" to stop computers automatically executing in times of stress. These are some of the recommendations of outgoing chair of IOSCO Greg Medcraft based on concerns from global regulators. In short, blockchains are risky business.
Medcraft told The Australian Financial Review that blockchains must be able to operate with each other and the financial services companies that use them will have to stand behind the technology in case it fails.
Mr Medcraft was commenting on the principles guiding global regulators' assessment of emerging blockchain technology which have been set out for the first time.
Blockchains in the financial services industry would need to be 'permissioned' networks, he said, meaning access is restricted to known parties, in contrast with the open and public blockchain that powers the controversial cryptocurrency bitcoin.
Mr Medcraft also suggested that regulated financial institutions seeking to use 'smart contracts' on blockchains may have to integrate 'kill switches' in the programs to stop computers automatically executing in times of stress.
The chairman of the Australian Securities and Investments Commission finished his term as IOSCO chair in May after a three year term in which he drove the global regulatory community's engagement with blockchain. He said global regulators had identified three key risks from the technology: fragmentation, excessive complexity and cyber-security.
Fragmentation is the risk of different systems and protocols developing that are not able to talk to each other. Should one system become dominant and not able to connect to other blockchains, regulators would be concerned about the potential for monopolistic behaviour that would potentially counter to the interest of the consumer, he said.
Global banks are currently working with various blockchain developers, including R3 CEV, Ripple, Digital Asset Holdings and IBM's Hyperledger.
"Interoperability is going to be very important in this," Mr Medcraft said from ASIC's Sydney headquarters. "You want to be able to use different suppliers: as long as they can talk to one another, that works. Fragmentation is one of our big concerns. But if you put your customers first, interoperability makes a hell of a lot of sense."
Drawing an analogy to the original development of the global telephone industry, he said he would prefer the industry to put in place their own protocols rather than having regulators insist upon them.
Mr Medcraft also revealed global regulators want to ensure that investors and markets fully understand the risks that blockchain pose, including the potential for bugs and errors.
The regulated entities using blockchains would need to stand behind the technology to ensure that consumers were not harmed in the case of failures, he said.
"Somebody will need to stand behind and guarantee performance for the market. Someone is going to have to guarantee that the thing works."
IOSCO's research and risk department is currently preparing a report on the regulatory issues for blockchain that will be completed by the end of 2016. IOSCO may then issue guidance on the appropriate risk framework for regulated entities to have in place when using blockchains.
The IOSCO board was briefed in February by Blythe Masters, the chief executive of New York-based blockchain startup Digital Asset Holdings, which is working to build blockchains for the clearing and settlement of equities for the Australian Securities Exchange and Deutsche Borse, and representatives of the US Depository Trust & Clearing Corporation.
Despite the risks, Mr Medcraft, who was replaced as IOSCO chair in May by Hong Kong Securities and Futures Commission CEO Ashley Alder, said global regulators wanted to encourage the development of blockchain technology because it promised to reduce overall risk in the financial system and would provide regulators with more transparency into markets.
"We have been watching it extremely closely. I think it is going to happen much faster than people expect," he said. There are two types of blockchain systems: 'permissionless' blockchains, such as bitcoin, which are open to the public and operated by all users of the network; and 'permissioned' systems, where direct access to the blockchain is restricted to pre-defined users whose identities are known.
R3, Ripple and Digital Asset Holdings are all developing 'permissioned' systems.
"Probably the way this will evolve to start with will be in permissioned networks, where they are known parties, rather than anonymous networks. Permissioned networks also give you more comfort dealing with cyber security," Mr Medcraft said.
As lawyers begin to consider how 'smart contracts' or computer code which facilitates a set of business rules, can be programmed onto blockchains such as Ethereum, Mr Medcraft said: "If you are going to have a smart contract on your blockchain and you are a regulated entity, we would want to make sure you have appropriate risk management systems in place. These would probably include testing, to make sure they work properly."
He pointed to the regulation of high frequency trading and robo-advisers as a precedent; ASIC requires both to test algorithms.
Furthermore, ASIC requires high frequency traders to have a "kill switch" that stops the computers executing the trades. Mr Medcraft suggested global regulators might require regulated institutions using smart contracts to use similar devices. "Maybe that is something they might want to look at," he said.
Even though IOSCO was attuned to various risks, Mr Medcraft said global regulators do not want to prevent blockchain technology coming to fruition.
"We would like to help rather than hinder this, and the way you help is to make sure regulators are not afraid of it and get educated," he said. "The most important thing at this stage is to exchange view on what is happening and how people are thinking about it."
"I want IOSCO to be proactive and forward thinking because their job is to fund economies and economic growth. So if there is a new innovation that can help markets work better and more efficiently, that is positive."
Providing an insight into the global regulatory philosophy of new technologies, he said: "With digital, the outcome is still the same. But the way we get to the outcome is going to be different in a digital world to a physical world."
"In a digital world, it still about the fundamentals of having good risk management and good internal controls about what you are doing. It should not be about making us happy. It should be about making the investors in the market comfortable that you are on top of it and they are not at risk."