Reflections on the Proposed DLT Regulations

March 05th 2018 - Michael Stivala

On Friday 2nd March 2018, Blockchain Malta Associate held a conference at Le Meridien hotel in St Julians with the aim of discussing the proposed DLT regulations. Below is the transcript of the event.

Panel 1: The Proposal on a Dedicated Regulator for the DLT Sector – The MDIA Act; The Joint Coordination Board and the National Ethics Committee

Moderator
Mr. Steve Tendon, ChainStrategies (ST)

Panelists
Mr. Louis Mercieca, CryptoGEEKS (LM)
Dr. Jonathan Galea, Blockchain Advisory Ltd (JG)
Dr. Wayne Pisani, Grant Thornton (WP)

The Proposal on a TAS Act, DLT Platforms, Administrators and Systems Auditors; The Proposal of Certification of Smart Contracts

Panelists
Mr. James Farrugia, GANADO Advocates (JF)
Dr. Joseph Borg, WH Partners (JB)
Mr. George Sammut, PWC (GS)

Moderator Question: Is there a need for a Malta Digital Innovation Authority?

JG: Bitcoin and crypto currencies were conceived to revolutionize the current system and it was not thought that these would be regulated.  Some, however, need guidance and welcome regulation. Regulation, in this case, is not to be equated to restriction but is rather to be perceived as guidance.  In fact, applications to the MDIA are voluntary as this is to have a guidance function.

JF: No authority currently fulfills the functions assigned to the MDIA and all authorities have a different focus, whether MFSA, MITA, MCA, MGA etc. Given the nature of DLT and its broad uses in numerous areas, the choice was whether to allocate partial responsibility to different authorities (fragmented approach) or to centralize these responsibilities in one Authority. The latter approach was chosen.

LM: This area involves numerous aspects and it is very difficult to have one regulator which is more important than the others. The MDIA must work with other authorities for this legislation to work in practice.

WP: The MDIA must be an enabler for businesses.  It must not have a restrictive approach and must rather act quickly and not bureaucratically.

JB: The establishment of the MDIA is not ideal.  However, the other option is to establish a specialized unit in each authority and each unit would have to collaborate. It is difficult for this to work in practice. Therefore, the establishment of the MDIA seems to be the best solution in the circumstances.

Attendee Question: The authorization process currently proposed is voluntary.  Is there the intention to recognize or licence any operator in the industry?

This may be used by those who consider that having a certification will give them added value. Others may opt not to go down this route. It is not the intention to have a heavy handed approach at this stage.

Attendee Question: What is the purpose of Regulation? Is it to safeguard consumers? Aren’t there experts whose role is to ensure this?

Education is key in this area.  How many people really know how investments work? Yet there is an outcry when funds are lost.

Attendee Question: Why are we trying to force a centralized authority on decentralized technology? Authorisation will be voluntary – however there is no guarantee that this will not become mandatory in the future.  

ST: Education is lacking in this area. There is currently an information gap as not even lawyers understand what smart contracts are and how they work. We have a huge area to cover and this is why having the MDIA makes sense.

JF: Certification is not intended to be heavy handed and while it is the MDIA which will determine its approach, the direction is to focus on competence.

Moderator Question: Do you agree with the establishment of the Joint Coordination Board?

GS: This will be a new development in this area. It is, therefore, important to have a fluid structure - it will be difficult achieve the right structure initially.

JB: This is a good proposal.  It may be difficult for authorities to communicate between themselves and it is impossible for them to have expertise in every area. Moreover, not all authorities have the same level of efficiency.  It is, therefore, important for this Board to give direction to the various authorities.  The Board is also to embark on a review of all legislation to determine what needs to be changed so that this complies with the present reality (as it is difficult to render laws future proof). 

WP: Coordination between the authorities is important so that no one of them becomes a dead end.  The Authority must be a facilitator so that business does not have to wait months for someone to take action at the expense of innovation.

Attendee Input:  Having a centralized authority does not tally with the future.  Attendee read parts of a World Economic Forum document entitled ‘Realizing the Potential of Blockchain’, June 2017. Governance is not equal to government.  This is not intended to regulate behavior.  Heavy regulation will kill technology and a new type of regulatory framework is needed as well-intended regulation may lead to unintended consequences. While it is possible not to regulate blockchain at a national level, how does one calculate risk?

ST: It is ideal to use technology itself to arrive at a new method of governance (Smart Governance). Software behaves on its own - if a law establishes that this software is unlawful, such software may not be switched off.

JF: Initially authorization was intended to be mandatory.  Some operators would not have chosen Malta due to this. Mandatory authorization, however, would attract, those who prefer regulation.  The solution is therefore to allow for a process of voluntary authorization and this will be availed of by those who feel that this will help their cause.

Attendee Input:  Why is regulation being proposed at this level? Why haven’t the current regimes been extended to include this technology without having to establish all this regulation at the high level of architecture of blockchain itself – there is no need of a hierarchical authority.

JF: If we do not establish a separate authority, which authority which currently exists will deal with blockchain? 

If authorities cannot adapt and restructure, the solution is to establish a new authority.  While it is a good idea to establish the MDIA, the Committee may be too bureaucratic and may cause delay.

Moderator Question: Do you agree with the establishment of the National Ethics Committee?

LM: This is the Committee which is least required as long as education is in place.  This Committee will have to foster both innovation and certification which are worlds apart. Which shall be its focus?

JF: The intention was to create a forum for discussion about the way in which technology is used.  Guidelines could be issued in this case - this Committee is not essential. The National Competent Authority will always remain the lead authority as it is the subject matter specialist and not the MDIA.

JG: It may be very dangerous to allow people who are against this area to sit on this Ethics Committee as they may hinder progress and innovation. 

Moderator Question: Is it possible to regulate Administrators and Systems Auditors? There may be a mismatch between the intention and what the code actually executes. A Systems Auditor may certify that the smart contract is consistent with what is being discussed.  Does this kind of audit make sense?

WP: Whilst having an audit does make sense, how will this take place? Audits entail specialization and while it is good to have audits for DLTs, education is also key. Should functions be given to an auditor or should a code ascertain whether the smart contract reflects the original intention?

LM:  It is impossible to be knowledgeable in all areas.  It is important to have a manifesto of what the intention is so that this may be synchronized with what the smart contract actually achieves.  The auditor will verify that the smart contract achieves what the consumers expect. The auditor does not audit the function itself but rather the expectations of consumers, and therefore, protects consumers.  They are not auditors for new technology.  Further study is needed in this area.

JB: It is difficult to discuss this at this stage without having further details but he does not agree with the current proposal. High level standards may be established and auditors may then test a technology against a particular standard. The question however remains as to which standard to use.  He is very skeptical in the case of TAS in general and there is too much risk in doing this in a speedy manner. 

GS: The audit concept adds credibility. There is a variety of audits and at different levels. There are also international standards which allow one to state what one wants to be audited against but these may be dangerous due to public misconception of what ‘audit’ means, or which part is audited. 

JG: Continuity is not difficult in the case of permissioned, centralized DLTs.  It is very difficult for someone to agree to be responsible in the case of permissionless public DLTs. Auditing is needed in the case of permissionless blockchain as this will exist forever and may never be deleted. 

ST: In a system, there may be a discrepancy between the intention and the execution.  The solution may be that the white paper prevails and not the code (although this may not always be the case). 

JF: A smart contract must be coded to reflect the white paper. Which authority is going to check this?  The MFSA does not have the necessary competence and the MDIA will not be involved in this level of detail. A systems auditor will help them discharge their regulatory function based on competences. This will also help avoid national competent authorities having to consult the MDIA to ensure that smart contracts are compliant. Administrators are required from a governance point of view.

Attendee Input: An Authority is established to protect consumers from fraud or any technological cause of loss of funds. These risks may, however, be solved differently. Fraud may be avoided through KYC. Loss of funds generally takes place due to the hacking of email or websites and not smart contracts which are static in nature. Auditing will not be effective as auditors themselves do not know all aspects and they may even disagree amongst themselves. The result may be cartel behavior or collusion. 

Attendee Input: this area will suffer if certification is compulsory. 

Panel II The Idea of a Technology Arrangement, including a DAO, being a Legal Organisation and possibly with Legal Personality

Moderator: Dr Max Ganado (MG)

Panellists:

Dr. Ian Gauci, GTG Advocates (IG)

Dr Michael Psaila, Mamo TCV (MG)

Dr Antonio Ghio, Fenech & Fenech (AG)

Other Legal Issues Relation to DLT and Smart Contracts

Panellists: 

Dr. Terence Cassar, Camilleri Preziosi (TC

Dr. Simon Schembri, GANADO Advocates (SS)

Moderator Question: Do you agree with the idea of a technology arrangement being a legal personality?

IG: Does not agree with DLTs being granted legal personality. A DLT is neutral – it is a technology. It is the smart contract which is to be granted legal personality. 

Moderator Question: Can a DLT be compared to a block of flats where there are different levels of legal personality?

MP: It is a challenge for a system with different levels of legal personality to work. Legal personality involves rights and obligations.  How do these apply in the case of DLTs?  Who will be sued and how? Who will ultimately have to pay damages? 

Moderator Question: Who may be sued if a DLT does not have legal personality?

AG: Blockchain may be compared to a road. How is a road regulated? An application may be compared to a car owned, for example, by a company. The car uses the road. In the case of an accident, it is the company which is responsible. The car itself does not require separate legal personality.  

What is the position in the case of a driverless car? No person may be held responsible in this case.  Therefore, legal personality may be considered in such cases. Other possibilities are the use of foundations or protected cell companies or using the nearest person theory wherein the nearest person will be held responsible. 

TC: It is wrong to give legal personality to the technology itself.  This should not be the aim of regulation.

SS: In recent cases, loss has been attributed to all the users. Legal Personality would solve this and avoid a situation in which users would participate in a loss. Alternatively one has to identify the administrator who would be responsible for any damages. 

Moderator Question: Is it a good idea to develop legislation to grant legal personality to smart contracts or platforms? This would be voluntary. 

Attendee Input: It has been stated that liability rests on the users.  These may decide to change something in a contract a year later.  Who is responsible for this change? 

IG: Principles of caveat emptor but also restitutio ad integrum may apply. Consensus would be needed to make a change. Liability may be included in the structure itself as a principle of best practice wherein the end result would be anticipated and catered for.

MP: Legislation is required to determine the liability of third parties. Can there be limited liability without legislation?  Liability will exist – but who will carry it?

TC: Rather than attributing legal personality to the technology itself, liability should be attributed to the persons who develop the technology. It is better to regulate such persons.  There is no solution at this stage.

SS: Do we need the principle of caveat emptor to facilitate innovation?  What remedies may exist in this context?  Insurance policies may be a solution as these may be available for DLT platforms.  It will be the insurance policy which will cover any liability and not the users. The insurance contract will be taken out by the DLT platform or by another involved person e.g. a developer.

Attendee Input: Will insurers be willing to take this risk? Liability is generally attributed to a legal person.  The principle of caveat emptor is a must for innovation.  PCCs are excellent tools in this case and foundations may also be very flexible.

Moderator Question: On whom will criminal liability for AML and Data Protection be placed? 

IG:  One would have to analyse what the law mandates in such cases.  A member could be a controller and the Data Protection Commissioner would need to be involved. 

AG: Should liability be placed with the administrator?  If a person is killed by a driverless car, should the person who drew up the technology be held liable?  Should the nearest person theory be adopted in such cases?

TC: Will the insurance policy be taken by the administrator on what the DLT will actually do?  A DLT will function in a space which is beyond the reach of Maltese legislation. 

SS: Persons who are engaged must be insured so that they have the comfort and security that this type of risk will be catered for.

Panel III: The Financial Instrument Test 

Moderator: Dr. Max Ganado (MG)

Panellists:

Dr. Leonard Bonello, GANADO Advocates (LB)

Dr. Chris Buttigieg, MFSA (CB)

Virtual Currencies and the Proposed VC Act

Panellists: 

Mr Patrick Young, DV Advisors (PY)

Mr Leon Siegmund, Ivaja (LS)

Dr Jonathan Galea, Blockchain Advisory Ltd.

LB: There is a lot of inconsistency in the market – some things are highly regulated and others, like blockchain, are in a grey area and may escape regulation.  Proportionality between these two extremes is necessary.  We need to have a new regime which falls between full regulation and no regulation.  Moreover there are a number of hybrid instruments which cannot be pigeonholed into one area.

CB: The sensitivity in this case was ensuring investor protection due to fraud and the misappropriation of funds. A framework was needed to ensure investor protection in these new areas not tackled by EU legislation. This framework is to be principle based – it will be based on EU principles which will be applied to local legislation.  This will not stop innovation.  A highly regulated regime would hinder progress in this area. The industry is thinking of best practices and standards to distinguish between two extremes. 

Attendee Input: We need to look at this area in a holistic manner – laws and regulation are important to a certain point. We also need to attract businesses and innovation.  We run the risk of not applying regulation properly and moreover this may lead to added bureaucracy particularly because regulators may take too much time to take a decision due to the technical difficulties involved. Efficiency is essential in this area. There could also be a circle of exemption (e.g. close family and friends) which falls outside the definitions and therefore does not trigger off regulation.

Attendee Question: There is only one sentence in the law about utility tokens. Why is this? 

Wide definitions are used in this law – not all utility tokens will be captured. Efficiency is important in this area and a new process must be identified to achieve this. Due diligence must always be carried out and persons must be fit and proper due to the reputational risk involved.

LS: Regulation is not needed. Investor protection is achieved through the use of private keys and also doing research. The purpose of bitcoin is to overcome regulation. Entrepreneurs will go where they are treated best and we should also consider giving a VAT reduction to those who use bitcoin.  Unregulated markets promote innovation.

JG: The role of the regulator should be that of investor protection.  Innovation and experimentation should be allowed and the regulator should only be involved to offer recourse if things go wrong. A solution could be to regulate depending on what the crypto currency is achieving - if it is for private interest, then this should be regulated.  If it has a supporting function within the blockchain itself, then it should not be regulated.