Distributed Ledger Technology (DLT) and Blockchain Fin T ech Note | No. 1 © 2017 International Bank for Reconstruction and Development / the World Bank 1818 H Street NW Washington, DC 20433 Telephone: 202-473-1000 Internet: www.worldbank.org This work is a product of the staff of the World Bank with external contributions. The findings, interpretations, and conclusions expressed in this work do not necessarily reflect the views of the World Bank, its Board of Executive Directors, or the governments they represent. The World Bank does not guarantee the accuracy of the data included in this work. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of the World Bank concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Rights and Permissions The material in this work is subject to copyright. Because the World Bank encourages dissemination of its knowledge, this work may be reproduced, in whole or in part, for non-commercial purposes as long as full attribution to this work is given. Any queries on rights and licenses, including subsidiary rights, should be addressed to World Bank Publications, the World Bank Group, 1818 H Street NW, Washington, DC 20433, USA; fax: 202-522-2625; e-mail: pubrights@worldbank.org. Photo Credits: World Bank Photo Library and Shutterstock Table of Contents Acknowledgments III Glossary IV Abbreviations and Acronyms V Overview VII Executive Summary IX 1. What is Distributed Ledger Technology (DLT) and How Does it Work? 1 2. How are DLT and Blockchain Related to Digital Currencies? 3 3. Key Features of DLT 5 4. Open/Permissionless Distributed Ledgers vs. Permissioned Distributed Ledgers 11 5. Key Advantages of DLT 15 6. Challenges and Risks Related to DLT 17 7. Applications of DLT 21 DLT & Financial Inclusion 23 8. Smart Contracts 29 9. What are Governments, Development Organizations, and Donors Doing in this Space? 33 10. How can DLT be Leveraged for World Bank Group Programs and Projects in the Financial Sector? 37 Annex: The DAO Hack and Ethereum’s Forks 41 Endnotes 43 TABLE OF CONTENTS I II DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN Acknowledgments This note was written by a team composed of Harish Natarajan (Lead Financial Sector Specialist, Finance & Markets), Solvej Krause (Consultant, Finance & Markets), and Helen Gradstein (Financial Sector Analyst, Finance & Markets). Margaret Miller (Lead Financial Sector Economist, Finance & Markets) provided helpful comments on an early draft of this note. Douglas Pearce (Practice Manager, Finance & Markets) provided overall guidance. This publication benefitted immensely from the participation, guidance, and insights of other experts. The team is especially grateful to the peer reviewers for their contributions. The World Bank peer reviewers for this note were Stela Mocan (Lead IT Officer, ITS), Simon Bell (Global Lead for SME Finance, Finance & Markets), and Rosanna Chan (Economist, Transport & ICT). The external reviewers were Nicole Becher (Biplane Security/NYU Adjunct Instructor/New America Cyber Security Fellow) and David Mills (Federal Reserve Board of Governors). A special thanks goes to Aichin Lim Jones (Graphic Designer) for her work on the design, layout, and graphics of this publication. ACKNOWLEDGMENTS III Glossary The terminology in this field is still evolving and universal definitions have not yet been formalized. For the purpose of this note, the following definitions are used. A token is a representation of a digital asset. It typically does not have intrinsic value but it is linked to an underlying asset, which could be anything of value. Distributed Ledger Technology refers to a novel and fast-evolving approach to recording and sharing data across multiple data stores (or ledgers). This technology allows for transactions and data to be recorded, shared, and synchronized across a distributed network of different network participants. A ‘blockchain’ is a particular type of data structure used in some distributed ledgers which stores and transmits data in packages called “blocks” that are connected to each other in a digital ‘chain’. Blockchains employ cryptographic and algorithmic methods to record and synchronize data across a network in an immutable manner. Distributed ledgers’ (DLs) are a specific implementation of the broader category of ‘shared ledgers’, which are simply defined as a shared record of data across different parties. A shared ledger can be a single ledger with layered permissions or a distributed ledger, which consists of multiple ledgers maintained by a distributed network of nodes, as defined above. DLs are categorized as permissioned or permissionless, depending on whether network participants (nodes) need permission from any entity to make changes to the ledger. Distributed ledgers are categorized as public or private depending on whether the ledgers can be accessed by anyone or only by the participating nodes in the network. Digital currencies are digital representations of value that are denominated in their own unit of account, distinct from e-money, which is simply a digital payment mechanism, representing and denominated in fiat money. Cryptocurrencies are a subset of digital currencies that rely on cryptographic techniques to achieve consensus, for example Bitcoin and ether. Nodes are network participants in a distributed ledger network. Public Key Cryptography is an asymmetric encryption scheme that uses two sets of keys: a public key that is widely disseminated and a private key that is only known to the owner. Public key cryptography can be used to create digital signatures and is used in a wide array of applications, such as HTTPS internet protocol, for authentication in critical applications and also in chip-based payment cards. IV GLOSSARY Abbreviations and Acronyms AML/CFT Anti-Money Laundering/Combating the Financing of Terrorism CDD Customer Due Dilegence DLT Distributed Ledger Technology DL Distributed Ledger KYC Know Your Customer FSP Financial Service Provider SWIFT Society for Worldwide Interbank Financial Telecommunication SME Small and Medium Enterprise B2B Business-to-Business B2P Business-to-Peer P2P Peer-to-Peer WBG World Bank Group ABBREVIATIONS AND ACRONYMS V VI DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN Overview The financial sector is currently undergoing a major transformation, brought about by the rapid development and spread of new technologies. The confluence of ‘finance’ and ‘technology’ is often referred to as ‘Fintech’, typically describing companies or innovations that employ new technologies to improve or innovate financial services. ‘Fintech’ developments are seen across all areas of the financial sector, including payments and financial infrastructures, consumer and SME lending, insurance, investment management, and venture financing. This note on distributed ledger technology (DLT) and blockchains is part of a series of short notes that explore new trends and developments in Fintech and analyze their potential relevance for WBG activities. Forthcoming notes in this series will cover marketplace lending, ‘InsureTech’, and other topics. This note outlines the mechanisms, origins, and key characteristics of DLT; the difference between ‘public’ and ‘private’ DLT; the technology’s main advantages, challenges, and risks; relevant examples of DLT applications (with a focus on financial sector applications); and a brief overview of activities by governments, multilateral organization, and other stakeholders in this space. Finally, this note proposes next steps for the World Bank to study and evaluate areas where DLT could potentially be integrated into World Bank financial sector operations. What is DLT? What is a blockchain? DLT refers to a novel and fast-evolving approach to recording and sharing data across multiple data stores (or ledgers). This technology allows for transactions and data to be recorded, shared, and synchronized across a distributed network of different network participants. A ‘blockchain’ is a particular type of data structure used in some distributed ledgers which stores and transmits data in packages called ‘blocks’ that are connected to each other in a digital ‘chain’. Blockchains employ cryptographic and algorithmic methods to record and synchronize data across a network in an immutable manner. For example, a new digital currency transaction would be recorded and transmitted to a network in a data block, which is first validated by network members and then linked to an existing chain of blocks in an append-only manner, thus producing a blockchain. As the linear chain grows when new blocks are added, earlier blocks cannot retrospectively be altered by any network member (see figure 4 for a graphical representation of a blockchain’s structure). Note that not all distributed ledgers necessarily employ blockchain technology, and conversely, blockchain technology could be employed in different contexts. OVERVIEW VII VIII DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN Executive Summary Blockchain-based DLT, which was first applied as the underlying technology of the cryptocurrency Bitcoin, has a variety of potential applications beyond the narrow realm of digital currencies and cryptocurrencies. For instance, DLT could have applications in cross-border payments, financial markets infrastructure in the securities markets, and in collateral registries. But potential applications of DLT are not limited to the financial sector. DLT is currently being explored to facilitate digital identity products (such as national ID, birth, marriage and death records) or build tamper-proof, decentralized records of flow of commodities and materials across a supply chain by using trusted stakeholders to validate flows and movements. Proponents of DLT typically highlight a number of potential advantages over traditional centralized ledgers and other types of shared ledgers, including decentralization and disintermediation, greater transparency and easier auditability, gains in speed and efficiency, cost reductions, and automation and programmability. That said, the technology is still evolving and may pose new risks and challenges, many of which are yet to be resolved. The most commonly cited technological, legal and regulatory challenges related to DLT concern scalability, interoperability, operational security & cybersecurity, identity verification, data privacy, transaction disputes & recourse frameworks, and challenges in developing a legal and regulatory framework for DLT implementations, which can bring fundamental changes in roles and responsibilities of the stakeholders in the financial sector. A further challenge, particularly relevant for the area of financial markets infrastructures, are the substantial costs related to migrating existing longstanding IT systems, operational arrangements, and institutional frameworks to DLT- based infrastructure. Many industry observers note that due to these challenges, DLT applications will likely begin in areas without many legacy investments in automation, such as trade finance and syndicated loans in the financial sector. Distributed ledger systems can be open/permissionless or permissioned, and there are fundamental differences between these two types, which lead to very different risk profiles. In permissionless systems, there is no central owner who controls network access. All that is needed to join the network and add transactions to the ledger is a computer server with the relevant software. In permissioned systems, EXECUTIVE SUMMARY IX network members are pre-selected by an owner or That said, the technology is still at an early stage an administrator of the ledger who controls network of development and there is still a long way to go access and enforces the rules of the ledger. before its full potential can be realized, especially with regard to issues related to privacy, security, There are advantages and disadvantages to both types, scalability, interoperability, and legal and regulatory which vary significantly with different use cases. For issues. Therefore, the World Bank Group is not yet in example, permissioned systems are better at resolving a position to issue any general recommendations about issues related to identity verification and data privacy usability, independent of specific contexts. but they require a central entity that regulates access, which creates a potential target for cyberattacks. However, waiting for ‘perfect’ DLT solutions is Permissioned systems can also potentially fit more not necessarily an ideal approach for development easily into existing legal and regulatory frameworks organizations. Given the potential for DLT to structure and institutional arrangements. However, to some solutions to development challenges in the financial degree permissioned DLs remove key benefits of sector and beyond, the WBG can closely monitor and DLT’s most critical innovation. This is because security shape developments and, where appropriate, foster and system integrity of open, permissionless DLs their safe adoption while maintaining institutional is achieved through cryptographic and algorithmic neutrality towards private sector actors. Understanding solutions which ensure that anonymous network the true potential of DLT for development objectives participants are incentivized to enforce accuracy of the requires not just research but also real-life applications ledger, without the need for barriers to entry or trust and trials. among participants. In addition to developing the technology itself, The bulk of R&D resources for DLT are currently employing DLT to help reach development objectives devoted to improving financial infrastructure and in the financial sector requires the development and processes, and there is significant potential for active promotion of critical accompanying elements. this investment to be leveraged by development Important among these are: user-friendly application organizations for the benefit of developing countries. interface design, financial literacy and capability, a sound financial consumer protection framework, interoperability with traditional payment and financial services and infrastructure; and effective oversight. X DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN 1. What is Distributed Ledger Technology (DLT) and How Does it Work? DLT comes on the heels of several peer-to-peer (P2P) technologies enabled by the internet, such as email, sharing music or other media files, and internet telephony. However, internet-based transfers of asset ownership have long been elusive, as this requires ensuring that an asset is only transferred by its true owner and ensuring that the asset cannot be transferred more than once, i.e. no double-spend. The asset in question could be anything of value. In 2008, a landmark paper written by an as yet unidentified person using the pseudonym Satoshi Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System”, proposed a novel approach of transferring “funds” in the form of “Bitcoin” in a P2P manner. The underlying technology for Bitcoin outlined in Nakamoto’s paper was termed Blockchain, which refers to a particular way of organizing and storing information and transactions. Subsequently, other ways of organizing information and transactions for asset transfers in a P2P manner were devised – leading to the term “Distributed Ledger Technology” (DLT) to refer to the broader category of technologies. DLT refers to a novel and fast-evolving approach to recording and sharing data across multiple data stores (ledgers), which each have the exact same data records and are collectively maintained and controlled by a distributed network of computer servers, which are called nodes. One way to think about DLT is that it is simply a distributed database with certain specific properties (see section 3). Blockchain, a particular type of DLT, uses cryptographic and algorithmic methods to create and verify a continuously growing, append-only data structure that takes the form of a chain of so- called ‘transaction blocks’ – the blockchain – which serves the function of a ledger. New additions to the database are initiated by one of the members (nodes), who creates a new “block” of data, for example containing several transaction records. Information about this new data block is then shared across the entire network, containing encrypted data so transaction details are not made public, and all network participants collectively determine the block’s validity according to a pre-defined algorithmic validation method (‘consensus mechanism’). Only after validation, all participants add the new block to their respective ledgers. Through this mechanism each change to the ledger is replicated across the entire network and each network member has a full, identical copy of the entire ledger at any point in time. This approach can be used to record transactions on any asset which can be represented in a digital form. The transaction could be a change in the attribute of the asset or a transfer of ownership. See figure 1. 1. WHAT IS DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND HOW DOES IT WORK? 1 Figure 1: How Does Blockchain-Based DLT Work? 1. Blockchain-based DLT systems take the form of an append- 2. Information about this new data block is then shared across only chain of data ‘blocks’. New additions to the database are the entire network, containing encrypted data so transaction initiated by one of the members (nodes), who creates a new details are not made public. “block” of data containing several transaction records. Member A creates new transaction block with a 1 A transaction from member A to member B. 1 A 2 E 3 B 2 E 3 B 4 D 5 C 4 D 5 C 3. All network participants collectively determine the block’s validity according to a pre-defined algorithmic validation method (‘consensus mechanism’). Only after validation, all participants add the new block to their respective ledgers. Through this mechanism each change to the ledger is replicated across the entire network and each network member has a full, identical copy of the entire ledger at any point in time. 1 A 2 E 3 B 4 D 5 C Source: Adapted from: “Dubai Aims to Be a City Built on Blockchain”, By Nikhil Lohade, 24 April 2017, Wall Street Journal https://www.wsj.com/articles/dubai-aims-to-be-a-city-built-on-blockchain-1493086080 Two core attributes of a DLT-based infrastructure are: peer) and without the need for trust among counterparties; (i) ability to store, record and exchange “information” in and, (ii) ensure there is no ‘double-spend” (i.e. the same digital form across different, self-interested counterparties asset or token cannot be sent to multiple parties). without the need for a central record-keeper (i.e. peer-to- Terminology The terminology in this field is still evolving and universal definitions have not yet been formalized. Blockchain is a particular mechanism or data structure that employs cryptography and algorithms to record data in an immutable manner. Not all distributed ledgers employ blockchains and, conversely, blockchain technology could be used in other contexts. However, the terms ‘blockchain technology’ and ‘distributed ledger technology’ are commonly used interchangeably. ‘Distributed ledgers’ (DLs) are a specific implementation of the broader category of ‘shared ledgers’, which are simply defined as a shared record of data across different parties. A shared ledger can be a single ledger with layered permissions or a distributed ledger which consists of multiple ledgers maintained by a distributed network of nodes, as defined above. In this document, we are commonly using the term distributed ledgers (DLs), and specifically use the term blockchain only when referring to DLs that use a blockchain data structure. DLs are categorized as permissioned or permissionless, depending on whether network participants (nodes) need permission from any entity to make changes to the ledger. Distributed ledgers are categorized as public or private depending on whether the ledgers can be accessed by anyone or only by the participating nodes in the network. 2 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN 2. How are DLT and Blockchain Related to Digital Currencies? DLT has been closely linked to digital currencies since its inception because - as noted earlier - it was invented as the underlying technology of the cryptocurrency Bitcoin. The inventor of Bitcoin, writing under the pseudonym Satoshi Nakamoto, described the technology in a 2008 white paper as an “electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.”1 Nakamoto has not been identified until this day, having erased his entire online presence in 2011. Terminology Definitions in this field are still evolving and universal definitions are yet to emerge. For the purposes of this note, digital currencies are digital representations of value that are denominated in their own unit of account, distinct from e-money which is simply a digital payment mechanism, representing and denominated in fiat money. A 2015 CPMI report, “Digital Currencies”, noted three specific characteristics of non-fiat digital currencies: 1) They are not backed by any underlying asset, have zero intrinsic value, and do not represent a liability on any institution. 2) They are exchanged through distributed ledgers absent trust between partners and absent central record-keeping. 3) As a result of the above two characteristics, they do not rely on specific institutional arrangements or intermediaries for peer-to-peer exchanges. Cryptocurrencies are a subset of digital currencies that rely on cryptographic techniques to achieve consensus, for example Bitcoin and ether. Note that digital fiat currencies, issued by central banks, can also use centralized ledgers. Blockchain technology for Bitcoin was designed to solve for the problem of “double- spending”, which inhibited a full evolution of money into the digital world, similar to the digital transformations of music, emails, and documents. Before Bitcoin, to avoid double-spending, a trusted central party was needed to validate transactions to ensure ownership of account and balance. DLT’s critical innovation in the context of digital currencies is that it provides a cryptographic solution for providing security and protecting system integrity in a decentralized ledger that is maintained by a network of anonymous participants without any need for trust across one or more institutions. 2. HOW ARE DLT AND BLOCKCHAIN RELATED TO DIGITAL CURRENCIES? 3 The Bitcoin blockchain was designed with the specific While the addresses linked to the transaction are intention of creating a digital currency that is free from known, the owners behind the addresses can remain government control and anonymizes the identities anonymous, similar to sending a message to an email of its network participants. “Unlike HTML or HTTP, address. Law enforcement officials were successful Bitcoin was an ideological project from the start”2, in linking real world identities to the anonymous deeply embedded in the anti-censorship ideology of entity in the Bitcoin network in the case of the arrests the online community from which it emerged, known related to Silk Road3, an online black market for illicit as “cypherpunks”, who espouse a radical strand of activities, including selling of illegal drugs. techno-libertarianism. While Bitcoin was the original Several features of the Bitcoin blockchain have harmed application of DLT, and the first to achieve scale, the the cryptocurrency’s reputation and cause concerns for technology has a large number of potential applications governments and regulators. This includes the lack of far beyond digital currencies (see section 7). regulation of many of the bitcoin exchanges and the rise The anonymity offered for transacting rapidly online of ransomware computer malware that demands ransom attracted the attention of criminals and Bitcoin has paid in bitcoin to provide anonymity. Another issue of been used for financing illicit activities. However, concern is bitcoin’s data loss problem: if you lose your even though the identities of transacting partners can private key to your wallet, you lose all your money be anonymous, all Bitcoin transactions are recorded (see section 3 for an explanation for ‘private key’). in a distributed ledger that is visible to the public Traditional, centralized banking is much more resilient and it is possible to associate Bitcoin transactions to this. These are all features specific to applications with specific anonymous entities. (This is why the and industries surrounding bitcoin, rather than features term ‘pseudonymous’ is often used in the context of of DLT infrastructure. To date, there have not been any Bitcoin.) The anonymity provided by Bitcoin can serious integrity problems arising from the core bitcoin be compared to the anonymity provided by an email blockchain itself. address. All Bitcoin transactions contain a wallet Despite its anti-authority origins, DLT can also be used to address of the sender and the receiver, which can be create digital fiat currencies issued by central banks (see thought of as pseudonyms, similar to email addresses. section 7 for more details on DLT applications). 4 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN 3. Key Features of DLT Single ledgers with layered permissions that are shared, accessed, and edited by a network of vetted participants have existed for a long time but the concept of a de- centralized, distributed and immutable ledger was realized for the first time through DLT. Three features of DLT that are generally considered key to the technology are outlined below: the distributed nature of the ledger, the consensus mechanism, and cryptographic mechanisms. It should also be emphasized that DLT is not one single, well-defined technology. Instead, a plurality of blockchains and distributed ledgers are active or are under development today and their designs and precise configurations vary depending on the creators’ goals and the DL’s purpose and developmental stage. Distributed Nature of the Ledger Recordkeeping has always been a centralized process that requires trust in the record keeper. The most important innovation of DLT is that control over the ledger does not lie with any one entity but is with several or all network participants – depending on the type of DL. This sets it apart from other technological developments such as cloud computing or data replication, which are commonly used in existing shared ledgers. De facto, this means that in a DL, no single entity in the network can amend past data entries in the ledgers and no single entity can approve new additions to the ledger. Instead, a pre-defined, decentralized consensus mechanism (see below) is used to validate new data entries that are added to the blockchain and thus form new entries in the ledger. There exists, at any point in time, only one version of the ledger and each network participant owns a full and up-to-date copy of the entire ledger. Every local addition to the ledger by a network participant is propagated to all nodes. After validation is accepted, the new transaction is added to all respective ledgers to ensure data consistency across the entire network. This distributed feature of DLT allows self-interested participants in a peer-to-peer network to collectively record verified data in their respective ledgers, for example transaction records, without relying on a trusted central party. The removal of the central party can increase speed and potentially remove costs and inefficiencies associated with maintaining the ledger and subsequent reconciliations. Importantly, it can also enhance security because there is no longer a single point of attack in the entire network. To corrupt the ledger, an attacker has to gain control over 3. KEY FEATURES OF DLT 5 the majority of servers in the network; corrupting a but arbitrary condition is produced, specifically in the single or several participants does not compromise the Bitcoin blockchain this is a certain number of leading system’s integrity. zeros and the process of generating proof-of-work is called “mining”. Solving this “proof-of-work” However, security risks in the software application puzzle is a computationally difficult process and layers built on top the DL can become additional there are no shortcuts, which means that any single attack surfaces. Weaknesses in this layer can cause node in the network only has a diminutively small losses to the users of a DL system, even when the core chance of generating the required proof-of-work technology remains safe and secure. Notable examples without expending a vast amount of costly computing that caused financial and reputational damages were resources. The Bitcoin system is calibrated such that the hacks of Mt. Gox in Japan and Bitfinex.4 a valid proof-of-work is produced around every 10 minutes and in case two are created at exactly the Consensus Mechanism same time, the protocol with the higher difficulty The distributed nature of the DL requires the score is accepted as valid (“the longest chain”). Each participants in the network (‘nodes’) to reach a “miner” that produces a valid proof-of-work in the consensus regarding the validity of new data entries Bitcoin network receives Bitcoins as a reward (sort of by following a set of rules. This is achieved through like a transaction fee), which serves as an economic a consensus mechanism that is specified in the incentive to maintain system integrity. Therefore, the algorithmic design of the DL and can vary depending large size of an open, permissionless systems is key on its nature, purpose, and underlying asset. In a to its security. Network security is directly related DL, in general any one of the nodes can propose an to having a large number of nodes in the system addition of a new transaction to the ledger, however that are incentivized to validate new changes to the there are implementations which propose specialized ledger accurately and establish a consensus across roles for nodes where only some nodes can propose the network to ensure data consistency. an addition. A consensus mechanism is necessary to establish whether a particular transaction is legitimate The “proof of work” inflicts a significant or not, using a predefined specific cryptographic computational cost on network participants for validation method designated for this DL. The maintaining the DL (i.e. creating new data blocks consensus mechanism is also important to handle and adding these blocks to the blockchain), which is conflicts between multiple simultaneous competing only required in systems with distrusted participants. entries - for example, different transactions on Estimates suggest that Bitcoin miners currently same asset are proposed by different nodes. This consume electricity equivalent to Ireland’s electricity mechanism ensures correct sequencing of transactions consumption5 and could reach Denmark’s level by and prevents take-over by bad actors (in the case of 20206 (assuming the Bitcoin consensus mechanism a permissionless DL). The consensus mechanism remains unchanged). According to one estimate, if the and sequencing protect against the aforementioned Bitcoin network were to scale to the levels of usage of double-spend problem. existing payment systems like Visa and MasterCard, the electricity required would exceed current global The Bitcoin blockchain uses “proof of work” to electricity consumption. However, this problem is establish consensus in a global decentralized network, most pronounced for the Bitcoin blockchain. The DLT a concept that was first developed as an anti-spamming system used by ether, a recently introduced digital measure. In order to add a new block to the chain, currency by Ethereum, requires significantly less which means adding a new set of data entries to the computing resources and the consensus mechanism is ledger, a ‘proof of work’ protocol is required. This is a much faster. computational challenge that is hard to solve (in terms of computing power and processing time) but easy to Permissioned blockchains do not typically require verify. The proof-of-work is generated by repeatedly difficult “proofs of work” as a consensus mechanism running one-way cryptographic hashing algorithms for verifying transactions because network participants until a string of numbers that satisfies a predefined are pre-selected and trusted. There are also other 6 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN Figure 2: Distributed Ledger Centralized Ledger All parties reconcile their local databases with a centralized electronic ledger that is maintained and controlled by a trusted central party. Distributed Ledger (permissionless) Each node in a P2P network owns a full and up-to-date copy of the entire ledger. Every proposed local addition to the ledger by a network participant is communicated across the network to all nodes. Nodes collectively validate the change through an algorithmic consensus mechanism. After validation is accepted, the new addition is added to all respective ledgers to ensure data consistency across the entire network. Distributed Ledger (permissioned) In a permissioned system, nodes need permission from a central entity to access the network and make changes to the ledger. Access controls can include identity verification. • The distributed feature of DLT allows self-interested participants in a P2P network to collectively record verified data in a shared ledger without relying on a trusted central party. • The removal of the central party can increase speed and remove costs and inefficiencies associated with maintaining the ledger and subsequent reconciliations. • It can also enhance security because there is no longer a single point of attack in the entire network. • Permissioned systems can fit more easily into existing legal & regulatory frameworks and institutional arrangements. However, to some degree, permissioned DLs remove key benefits of DLT’s most critical innovation, such as the lack of need for a central party. 3. KEY FEATURES OF DLT 7 consensus mechanisms, for example proof-of-stake it is highly improbable for another input to have the which rewards seniority over computing power and same hash value.7 Hashing also applies a time stamp require a proof of ownership of a certain asset. to the original message. These transaction hashes are collated into a ‘transaction block’ that can contain any Cryptographic Hash Functions & Digital number of transactions but typically has a limited total Signatures size.8 The hash enables detection of any tampering of Cryptography is at the core of DLT, in particular for the underlying transaction data, as when a hash is blockchain implementations. Each new data entry, computed again, it will produce a different hash than i.e. a transaction record, is “hashed”, which means the originally generated hash. that a cryptographic hash function is applied to the The blocks are signed with a digital signature, which original message. A hash takes data of any size input binds the sender to the contents of the block, akin and computes a digital fingerprint similar to a human to a signature on a contract. DLT uses ‘public key fingerprint that cannot be changed unless the data itself cryptography’ for digital signatures, which is a is changed. The hash output is a so-called ‘digest’ of a common method that is used in a wide array of other defined length which looks random and unrelated to the applications, such as HTTPS internet protocol, for original input but is in fact deterministic. This means authentication in critical applications and also in chip- that for one original input only one hash is possible and based payment cards. Digital signatures are widely accepted as equivalent to physical signatures by law Figure 3: Public Key Cryptography for Digital Signatures Alice has two keys: a public key which she shares with Alice uses her private key to encrypt a “hash” of the digital the entire network and a private key which is only known message which is then propagated to the entire network. to Alice. The encrypted hash is called the “digital signature”. 1. 2. Original Message Alice Alice Digest Private Key Public Key Network participants receive the digital message with a Bob can then use Alice’s public key (which she has digital signature. shared with him) to validate that the digital message was encrypted with Alice’s private key and that Alice is the 3. sender of the message. 4. This message is from Alice. She signed it! Bob Alice’s Public Key 8 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN in many countries. Network participants each have a existing blockchain (blocks 1-4, block 1 being the private key, which is used for signing digital messages ‘genesis block’). Each block contains a unique “proof- and only known by the individual user, and a public key of-work” protocol, a reference to the previous block which is public knowledge and is used for validating that determines the correct chronological ordering the identity of the sender of a digital message. The of blocks, a series of hashed digests of transaction public key is also used to identify the recipient. information which cannot be changed, and a digital signature. In this figure, block 5 represents the newest These three concepts help explain the fundamentals addition to this blockchain which updates the ledger. of DLT. The process by which data is recorded in a blockchain-based distributed ledger is by forming Once a new block is added to the chain via a specified an append-only chain of ‘transaction blocks’ in consensus mechanism, the chain cannot retroactively chronological order that contains hash digests of be changed and blocks cannot be deleted or amended the transactions (digital messages) to be added to without redoing the proof-of-work protocol for each the ledger, a proof-of-work (or a different consensus block. This means that as the chain grows in length, mechanism output), and a digital signature of the hash this becomes progressively more difficult because all by the sender’s private key, and public keys of the nodes are constantly competing for solving proof-of- sender and the intended recipient of the transaction. work puzzles and adding new blocks to the chain. This chain starts with the first-ever entry in the In doing this they only consider the transaction ledger (the ‘genesis block’) and each appended block blockchain that reflects the greatest amount of contains hashed information of the previous block, computational work. Each successful addition to the setting the chronological order of the chain. chain is broadcast to the entire network and all nodes have an up-to-date copy of the entire blockchain. Figure 4 below depicts an example of a blockchain structure: The last block (block 5) was added to an Figure 4: Blockchain Structure Reference to the previous “block hash” that determines the correct, GENESIS chronological ordering of blocks in BLOCK the chain. BLOCK 1 BLOCK 2 BLOCK 3 BLOCK 4 BLOCK 5 00000o98v5 00000k2876 00000oj42x 00000o6pg7 TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION TRANSACTION Digital Signature Digital Signature Digital Signature Digital Signature Digital Signature 00000o98v5 00000k2876 00000oj42x 00000o6pg7 0000046sknk Cryptographic New, unique “block hash” of proof-of-work the data in this protocol for this block which is block generated by solving a difficult proof-of-work puzzle. 3. KEY FEATURES OF DLT 9 10 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN 4. Open/Permissionless Distributed Ledgers vs. Permissioned Distributed Ledgers Distributed ledger systems can be open (permissionless) or permissioned, and there are fundamental differences between the two. Bitcoin and Ethereum are the most prominent examples of completely permissionless blockchains, where network participants can join or leave the network at will, without being pre-approved or vetted by any entity. All that is needed to join the network and add transactions to the ledger is a computer with the relevant software. There is no central owner and identical copies of the ledger are distributed to all network participants. In permissioned DLs members are pre-selected by someone – an owner or an administrator of the ledger – who controls network access and sets the rules of the ledger. This solves for a number of concerns governments and regulators have about permissionless distributed ledgers such as identity verification of network members, whom to license and regulate, and legal ownership of the ledger. But it also reduces a chief advantage of permissionless blockchains: the ability to function without the need for any single entity playing a coordinating role, which necessarily requires other participants to trust this entity. However, even in permissioned DLs, in general there is no need for an administrator for the execution of transactions. Permissioned DLs, which regulate network access, typically do not require a computing power-intensive proof-of-work to verify transactions but rely on different algorithmic rules to establish consensus among members. In permissionless DLs, which don’t regulate network access, there is no requirement of any trust between the participants and a complicated proof-of-work is hence used to generate consensus about ledger entries. In contrast, in the case of a permissioned DL, the administrator bears the responsibility to ensure that the participants in the DL are reliable. In permissioned DLs, any node can propose an addition of a transaction, which is then replicated to other nodes, potentially even without any consensus mechanism. In reality, this is not a binary categorization but the degree of openness and decentralization of distributed ledger systems falls on a spectrum with fully open, permissionless blockchains such as Bitcoin on one end of the spectrum and permissioned blockchains hosted by private entities on the other, and the precise features vary from platform to platform. DLT arrangements can be defined in terms of different dimensions: access to the network (open/closed) vs. roles within the network (restricted/unrestricted) – see taxonomy in Figure 5. Many companies employ a hybrid approach where they provide the technology for permissioned networks to 4. OPEN/PERMISSIONLESS DISTRIBUTED LEDGERS VS PERMISSIONED DISTRIBUTED LEDGERS 11 ‘Public’ (open) Blockchains Permissioned Blockchains Central party No central owner or administrator Has some degree of external administration or control Access Anyone can join Only pre-selected participants can join the network Level of Trust Network members are not required to trust Higher degree of trust among members each other required (as collaboration among members could alter the ledger) Openness Ledger is open & transparent - shared Different degrees of openness and between all network members transparency of the ledger are possible Security Security through wide distribution in a large Security through access control combined scale network with DLT in smaller scale networks Speed Slower transaction processing restricts Faster transaction processing allows for transaction volume higher transaction volume Identity User identity anonymous or protected by Identity verification typically required by pseudonyms owner/administrator Consensus Difficult proof-of-work required as Variety of consensus mechanisms consensus mechanism possible (typically less difficult & less costly than proof-of-work in permissionless blockchains) Asset Typically: native cryptocurrencies. But Any asset implementations are possible where a token is used which can represent any asset. Legal ownership Legal concerns over lack of ownership as Greater legal clarity over ownership as no legal entity owns or controls the ledger owner/administrator is typically a legal entity Examples Bitcoin, Ethereum R3’s Corda, Hyperledger Fabric be built on public blockchain infrastructure and thereby different future scenarios: some believe the industry restrict roles in a DLT system with open access.9 will eventually converge to one worldwide public blockchain (akin to one worldwide internet) and Some industry players make a distinction between many different private blockchains (akin to many public/private (in terms of access) and permissioned/ different private intranets), while others believe that permissionless (in terms of roles) distributed ledgers. several public blockchains will continue to exist side- Ripple, for example, has a permissioned ledger but by-side. Originally, the internet was an internet of the data is validated by all participants, therefore information, which had the effect of democratizing their system can be considered a public, permissioned access to information. A possible future scenario ledger. A permissioned DLT where the data is validated of the blockchain could be an internet of value, only by a set of participants would be considered a democratizing access and storage of digital assets. private, permissioned ledger. Since Bitcoin’s start in 2009, over 600 different In all likelihood, both open DLs and permissioned public and private distributed ledger networks have DLs will have useful applications. The technology is emerged, though only a handful have achieved scale still at an early stage of development and there are and a more advanced stage of development. Most 12 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN Figure 5: Distributed Ledger Taxonomy How many copies ONE Traditional ledger of the ledger are maintained by a there? central party MANY Who can access Only a trusted Permissioned, ACCESS and use these group of network private ledger copies? participants ANYONE Permissioned Only a set of trusted public ledger, e.g. network participants, Ripple Who maintains by validation ROLES integrity of the ledger? Anyone, without need for trust, by consensus Permissionless mechanism public ledger, e.g. Bitcoin, Ethereum Source: Amended from Dave Birch (Consult Hyperion) in: UK Government Office for Science report “Distributed Ledger Technology: beyond block chain”, pg. 19 blockchain applications (see below) are built on public • Proposer: This role involves proposing new blockchains – predominantly Bitcoin and Ethereum. transactions for inclusion in the ledger. The Committee on Payment and Market Infrastructures • Validator: This role involves validating requests (CPMI) of the Bank for International Settlements for addition of transactions in the ledger. In a (BIS), in its recent publication on DLT proposed an permissionless DL, this role is performed by a analytical framework for studying DLT applications decentralized consensus mechanism. in payments and settlements.10 This is, however, a • Auditor: Allowed to view the ledger but not allowed generalized framework and is applicable for many to make changes. This could be used for performing different applications of DLT in the financial sector. audits and also be used by regulators and supervisors. The framework proposes the following different non- exclusive roles for a node: Financial institutions, which are heavy users of databases, are thus far not showing much interest in • System administrator: This role involves open, permissionless blockchains due to the difficulty deciding who can access the network, maintaining of complying with existing regulatory and compliance and administering dispute resolution rules and frameworks. Further concerns by the financial sector performing notary functions. This role is not relate to the open access and the difficulty of identity required in a permissionless DLT. verification in permissionless systems, which are often • Asset issuer: The nodes playing this role are at odds with existing business practices that require responsible for issuing new “tokens” used in the maintaining privacy of transactions. Financial institutions network. In the Bitcoin blockchain, there is no are making significant investments into researching entity playing this role, the system itself creates permissioned DLs as a technological solution to reducing new bitcoins based on specific rules. A token is a costs and removing frictions in cross-border payments, representation of a digital asset. It typically does not correspondent banking, clearing and settlements have intrinsic value but it is linked to the underlying processes, syndicated loans and trade finance. asset, which could be anything of value. 4. OPEN/PERMISSIONLESS DISTRIBUTED LEDGERS VS PERMISSIONED DISTRIBUTED LEDGERS 13 Examples of DLs Bitcoin • Open/Permissionless • First and largest public blockchain • Records transactions of cryptocurrency Bitcoin • View transactions live here: https://blockchain.info/ Ethereum • Open/Permissionless • Most popular blockchain for smart contracts (see section 8). Ethereum allows for a scripting language to exist on top of a blockchain, which enables construction of smart contracts. • The DAO used Ethereum (see Annex) Ripple • Permissioned • Focused on commercial cross-border and inter-bank payments • Offers alternative to correspondent banking • Raised $55 million in Series B funding in Q3 2016 Fabric (Hyperledger Project) • Permissioned • Open-source • Focused on helping financial institutions mitigate settlement risk and lower reconciliation costs • Collaboration between the Linux Foundation and over 80 financial and technological companies including IBM, DTCC, JP Morgan, Accenture, CISCO Corda (R3 CEV) • Permissioned • Created by R3, a consortium of over 70 financial institutions • Open-source • Focus on financial applications 14 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN 5. Key Advantages of DLT In the right context, distributed ledgers can potentially have a number of advantages over traditional centralized ledgers and other types of shared ledgers. The most important potential advantages of DLT are listed below, though generalizations are difficult because of the large variety of designs and specifications that permissioned and permissionless blockchains can have. • Decentralization and disintermediation. DLT enables direct transfers of digital value or tokens between two counterparties and decentralized record-keeping, removing the need for an intermediary or central authority who controls the ledger. This can translate into lower costs, better scalability and faster time to market. • Greater transparency and easier auditability. All network members have a full copy of the distributed ledger (which can be encrypted). Changes can only be made when consensus is established and they are propagated across the entire network in real-time. This feature, combined with the lack of a central authority or limited involvement of a central authority, has the potential to reduce fraud and eliminate reconciliation costs. • Automation & programmability. DLT enables programming pre-agreed conditions that are automatically executed once certain conditions hold. This is referred to as “smart contracts” (see section 8), for example invoices that pay themselves when a shipment arrives or share certificates which automatically send owners dividends or cash-for-work programs that pay beneficiaries out once the contracted work is completed. Smart contracts can be done in traditional centralized ledger systems as well, but the design of centralized ledger systems requires such actions to be implemented only after the concerned parties have agreed to the underlying transaction as recorded in the central system, which in some contexts can take upwards of a day. In contrast, in a DL, the counterparties by definition agree the moment the transaction is completed, as both have the same record of the transaction. Also, the result of the execution of the “smart contract” itself will take additional time to propagate and be reconciled in a traditional ledger system. • Immutability & verifiability. DLT can provide an immutable and verifiable audit trail of transactions of any digital or physical asset. While in most cases, immutability is desirable, it can create problems related to recourse mechanisms 5. KEY ADVANTAGES OF DLT 15 if the system fails. Immutability of the ledger, faster processing, and greater scalability potential. In however, does not mean that a countervailing specific contexts, a DLT-based design approach can transaction to annul a disputed transaction cannot provide many of the benefits discussed above. The be created. This is in line with how dispute below example for a collateral registry helps illustrate resolution works, for example in payment card the difference between DLT-based approaches and systems. The original record would, however, in alternative design approaches. this case still remain. Two MIT researchers have Establishing a collateral registry using existing, recently filed a patent for a cryptographic solution centralized approaches requires a central entity to that would allow an administrator to ‘unlock’ units setup a dedicated platform, establish membership in a blockchain and edit them, though this is highly criteria, and establish rules and procedures. All controversial as immutability is seen as one of the transactions pertaining to the collateral are processed core advantages of the first blockchains. on this platform and all business actions are triggered • Gains in speed and efficiency. DLT offers by the centralized platform. This platform is created the potential of increasing speed and lowering using standardized software applications developed inefficiencies by removing or reducing frictions in for the specific business need or developed bespoke. transactions or in clearing and settlement processes A DLT-based approach, in contrast, features by removing intermediaries and automating transactions involving collateral that are exchanged on processes. a peer-to-peer basis, with embedded, pre-determined • Cost reductions. DLT offers the potential for conditions, such as date of release and rules pertaining significant cost reductions due to removing the to failure to repay an underlying loan. There is no need for reconciliation as DLT-based systems by need to setup any centralized system and the business definition contain the “shared truth” and hence there rules pertaining to a particular collateral can be is no need to reconcile one version of “truth” with tailored based on the specific agreement between that of one’s counterparties. Additional sources of counterparties. cost reduction could be lower infrastructure costs for In a permissioned DL, there can be an administrator maintaining a DL, as well as reductions in frictions that establishes participation criteria and onboards and fraud. According to some estimates, distributed new participants. But in contrast to the centralized ledger technology could save the financial industry entity in a traditional implementation, the role of alone around $15-20 billion per year.11 the administrator in a DLT-based system would be • Enhanced cybersecurity resilience. DLT has the very minimal. Business actions can be event-driven potential to provide a more resilient system than and can be triggered without any need for additional traditional centralized databases and offer better external interventions. Setting up a new collateral protection against different types of cyber attacks registry using a DLT-based approach can potentially because of its distributed nature, which removes be faster and more scalable as the resources needed the single point of attack. at the administrator level are very minimal, the processing load is spread across all participants, and Fundamentally, DLT is an alternative design approach the business logic for collateral transactions can be that allows for a decentralized business and operational tailored and customized based on the specific needs of model when compared to existing, centralized design the counterparties. approaches that can be used for similar purposes. This makes possible a greater deal of automation, 16 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN 6. Challenges and Risks related to DLT The technology is still evolving and many regulatory and legal issues are yet to be resolved. For the time being, it is still unclear which DLT applications will actually deliver advantages over existing technological solutions and it is likely that overall gains will be incremental rather than sweeping in the medium term. In addition, there are several challenges related to migrating existing financial and payments infrastructure to DLT, such as central counterparties and securities settlement systems, due to the significant coordination and collaboration required within the ecosystem. The most commonly cited technological, legal, and regulatory challenges related to DLT are listed below: Technological Challenges • Bleeding Edge/Lack of Maturity. DLT remains at an early stage of development and there are still serious concerns about the robustness and resilience of DLT especially for large volume transactions, availability of standardized hardware and software applications, and also ample supply of skilled professionals. However, large traditional IT players like IBM and Microsoft, as well as financial sector players like Visa and MasterCard have started developing DLT products and services, which could eventually provide the same level of trust and confidence as traditional IT systems offer today. • Scalability and Transaction Speed. Current iterations of permissionless distributed ledgers face issues related to scalability of blockchains, both in terms of transaction volume and speed of verifications. Existing permissionless blockchains have limited transaction speed. Bitcoin, for example, can only process between 4-7 transactions per second due to the limitation of the block size at one megabyte, a subject of controversy in the bitcoin community. (Block size could be increased but bigger blocks would take longer to propagate through the network, worsening the risks of forking.) This problem, however, could be resolved over time and is most pronounced in the Bitcoin system. Other permissionless DLT systems like Ethereum report higher transaction throughputs. In addition, permissioned blockchains have greater capacity and can process higher transaction volumes but these lack global scale and come at the expense of a more centralized, less transparent platform, which removes many of the benefits from the distributed, open nature of public DLT systems. 6. CHALLENGES AND RISKS RELATED TO DLT 17 • Interoperability and Integration. Different DLT nature of the ledger and the presumption that systems will need to be interoperable with other attackers will not be successful in changing the ledgers and integrated with existing systems if algorithms that determine the core rules of the they are to be introduced at scale into the financial DLT system. A possible attack on a permissionless, system. In addition, the cost of integrating DLT distributed ledger with consensus mechanism is into financial infrastructures like payment and the “51% attack” where a bad actor takes over settlement systems will require industry wide co- 51% of a network’s computing power and can ordination and collaboration and require significant effectively lie to the network by manipulating expenses. There are efforts underway to develop consensus. The assumption that no entity – now or DL frameworks specifically for the financial in the future – could command more than half of sector, notably the CORDA framework by R3 the computing power of all servers on a particular CEV and Fabric by Hyperledger project. These blockchain critically depends on the robustness two frameworks are an effort to address specific of the underlying network. The applications that requirements raised by industry practitioners in are written to interface with these DL’s need areas such as: to be carefully reviewed and monitored. What if an attacker gains access to a permissionless • allowing transactions between counterparties system, obtains identity credentials, and then in a peer-to-peer manner; need for validating succeeds in multiplying until the majority of identity of counterparties; network participants are under the attacker’s • limiting visibility of transactions on a need-to- control? Also, what if future developments in know basis; need for regulators to have access computing like quantum computing render today’s to transactions; cryptographic methods trivial to break? Recent incidents of standard Distributed Denial of Service • ensuring equivalence between smart contracts (DDoS) attacks on multiple Ethereum nodes and actual legal prose; show that traditional cyberattack techniques can • using existing industry standard software tools; be successfully applied to DLT systems as well (see annex). Despite these concerns, it is worth • interfaces between multiple distributed ledgers; noting that while successful hacks have occurred and at the access interfaces to DLT, the technology at the core of the Bitcoin blockchain and other DLT • supporting a variety of consensus models, systems has – until the time of publication – never including one approach of just having the been compromised. transacting counterparties participate in the consensus. • Governance. The absence of a centralized infrastructure and a central entity leads to These frameworks, in essence, explore using concerns about ensuring effective governance of DL approaches within prevailing business and the overall infrastructure. The cases of Ethereum regulatory practices. CORDA is specifically forks (see annex) and proposals for changes focused on the financial sector whereas in Bitcoin’s protocol show how difficult and Hyperledger seeks to provide a broader framework contentious it is to reach decisions on critical with initial applications proposed for the financial changes in DLT infrastructure. Financial sector sector and for supply chain management. regulators have historically relied on instituting • Cybersecurity. No software is immune from effective governance arrangements on central technical vulnerabilities. Statistics show that there infrastructures and other regulated entities. In the are around 15-50 bugs per 1000 lines of code.12 context of permissionless DLT, it is often unclear Failures such as the DAO attack on the Ethereum to whom governance arrangements apply. In the blockchain have shown that any weaknesses in case of permissioned DLT, the administrator can smart contracts can be exploited to create undesired be subject to specific governance arrangements, effects. Network security relies on the distributed but depending on the nature of the particular DLT 18 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN The Basics of Forks Forks arise when the blockchain in a distributed ledger splits into two competing paths forward which then need to be resolved. In many cases, forks can resolve on their own. For instance, in the case of Bitcoin, forks occur quite regularly as a by-product of the distributed consensus mechanism and are quickly resolved when additional blocks are added to one block while the other block is abandoned by the entire network. In other cases, forks that remain unresolved can create two competing blockchain histories.13 There exist three general types of forks: • An accidental fork can occur if platform updates are accidentally incompatible with the previous code, meaning that nodes begin using two different versions of the software until the incompatibilities are fixed.14 • A soft-fork is backward-compatible, meaning that the blocks mined by nodes using upgraded software are considered valid by nodes that have not upgraded their software, but the reverse does not hold true: blocks mined by non-upgraded nodes are not valid to upgraded nodes.15 (This encourages all nodes to upgrade their software). • A hard-fork is not backward-compatible, meaning that the software upgrade has introduced a new rule which is not considered valid until a node upgrades. In this case, if members of the community of nodes do not agree with the new rules, they can choose not to upgrade to the new consensus and instead continue trading on the original (pre-fork) blockchain using the old software – creating a divergence of the cryptocurrency (like in the case of Ethereum Classic and Ethereum One or Core – see section 8 and annex). Bit Cash was a hard fork of Bitcoin in the Summer of 2017, where the blocksize was increased to allow for more transactions to be processed. system, the administrator may not in all cases have • KYC & CDD: For adoption in the financial adequate means to enforce these arrangements system, DLT systems will need to comply with among network participants. Know-Your-Customer (KYC) and Customer Due Diligence (CDD) requirements in Anti-Money Legal and Regulatory Challenges Laundering/Combating the Financing of Terrorism • Regulatory Vetting and Industry Standards: (AML/CFT) regulations. Most permissionless DLT Regulatory vetting and development of industry systems disguise the identity of network members standards are necessary but are still in very early by using public key encryption, which will make development phases. Some regulators around the it difficult to comply with existing AML/CFT world are actively studying the technology, but regulations, and would allow transactions with targeted regulatory frameworks for DLT are yet un-vetted parties. Many exchanges, for example to emerge – see section 9 for further details on Coinbase, are offering quicker verification and activities by regulators and standard-setting bodies. transaction times if users verify more information to comply with KYC requirements. Permissioned • Legal Clarity over Ownership and Jurisdiction: DLT systems solve for this problem because In payment and settlement systems, there are network access is controlled and identity specific concerns related to how the “point of verification of the participant is typically required finality” of a transaction would be defined in a DL for the vetting process, which could require AML/ environment. In addition, there are concerns about CFT compliance of all network participants. cross-border DL systems in terms of the jurisdiction of the underlying data and transactions. Regulating • Recourse Mechanisms: As a defining characteristic open, permissionless distributed ledger systems is of distributed ledgers is immutability, there are particularly complicated as no legal entity is in concerns about how transaction disputes will be control of the distributed ledger. Regulation of resolved, in particular how erroneous transactions private, permissioned ledgers is comparatively will be voided. These concerns could be addressed more straight-forward as there is usually an by integrating a reversal transaction framework, administrator or owner of the system that can which will have the effect of a separate transaction be subject to regulation or existing regulatory being initiated to returning rights to the underlying frameworks for outsourcing arrangements could digital asset back to the original sender. (As noted be used. earlier, this is in fact how the dispute resolution 6. CHALLENGES AND RISKS RELATED TO DLT 19 process currently works in payment card systems Other Challenges and also in electronic funds transfer systems.) This • Privacy: In permissionless ledgers, such as Bitcoin would, however, require the existence of some and Ethereum, all transactions are open and visible overall rules framework which can be invoked to all network members, though they can be to initiate reversals in specific circumstances. encrypted and the identity of the user is hidden. In Without such a framework in place, incomplete certain contexts, the identity of the participant can or erroneous transactions could lead to issues with be inferred based on transaction patterns or other accessing funds. Traditionally, the administration markers. Permissioned DLs encounter the same of a rules framework is managed by a central issue. This is one of the key concerns of applying entity – often referred to as a ‘scheme owner’ – for DLT to financial market infrastructures and it is one example Visa, MasterCard, Union Pay and other of the issues which CORDA and Fabric propose to payment card brands; or entities like NACHA address in their design. (Electronic Payments Association) for electronic funds transfers in the US. In permissioned DLs, • Environmental costs. Using proof-of-work as a this role can be played by the administrator of the consensus mechanism creates a large electricity DL. In permissionless DLs, this role is expected footprint as vast amounts of computing processing to be automated through smart contracts. Another power are used up for “mining”. (This concern concern relates to the question over liability for mainly applies to permissionless blockchains that losses arising from weaknesses in underlying DLT. use proof-of-work protocols.) This concern is easier to address in permissioned DL systems than in permissionless systems. 20 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN 7. Applications of DLT DLT has a breadth of potential applications beyond cryptocurrencies in the financial sector and in a wide variety of other industries. Applications that are written on a public blockchain utilize the blockchain infrastructure but they can be distinct from the underlying cryptocurrency (for example Bitcoin) or have a notional value of cryptocurrency tagged to it as a digital representation of the underlying asset. The two biggest trends in the development of blockchain applications are: 1) commercial Fintech start-ups are developing digital applications for a variety of purposes that utilize the public blockchain infrastructure, mostly Bitcoin and Ethereum; and 2) industry consortiums are forming to research and develop private, permissioned blockchain to solve industry-specific enterprise solutions. There is particularly strong interest in DLT in the financial sector: at the time of publication, at least half of the top 30 banks were engaging in blockchain proofs of concept. R3 CEV, one of the largest blockchain R&D consortiums for financial institutions, had over 100 members, including banks, regulators, and trade associations, while the open source consortium Hyperledger included more than 170 diverse organizations.16 Stock exchanges around the world are also investigating and testing DLT to improve securities trading platforms, including NASDAQ, NYSE, and LSE.17 DLT could disrupt the way stocks are issued and traded, and – in the long term – potentially replace existing trading platforms run by stock exchanges. • In December 2015, the US Securities Exchange Commission approved a plan by Overstock.com to issue company stock via the Bitcoin blockchain.18 • Germany’s central bank and stock exchange “Deutsche Börse” built a new blockchain prototype for digital asset trading.19 • The Tokyo Stock Exchange and IBM are testing blockchain for recording trades in low-transaction markets. • The Australian Stock Exchange and Digital Asset Holdings, a start-up, are exploring using DLT to improve clearing and settlement processes. • South Korea’s securities exchange (Korea Exchange KRX) has launched a blockchain-based market for equity shares in startups, called Korea Startup Market (KSM) in partnership with Blocko, a Korean blockchain start-up. Blocko’s CEO described this as the “first example” of how blockchain could be 7. APPLICATIONS OF DLT 21 used in the domestic over-the-counter stock market, • The Depository Trust and Clearing Corporation which could encourage similar developments for (DTCC), the main bookkeeper providing clearing other assets.20 and settlement services for securities’ transactions, Overview of Potential DLT Applications (at varying stages of development) Financial Sector Applications Money & Payments • Digital currencies • Payment authorization, clearance & settlement • International remittances and cross-border payments (alternative to correspondent banking) • Foreign exchange • Micropayments Financial Services • Capital markets: digital issuance, trading & settlements of securities & Infrastructure • Commodities trading (beyond payments) • Notarization services (e.g. for mortgages) • Collateral registries • Movable asset registries • Syndicated loans • Crowdfunding (as initial coin offerings) • Insurance (in combination with smart contracts) for automating insurance payouts and validation of occurrence of insured event Collateral registries • Land registries, property titles & other collateral registries and ownership registers Internal systems • Replacing internal ledgers maintained by large, multinational financial service providers of financial service that record information across different departments, subsidiaries, or geographies providers DLT-based applications in other sectors Identity • Digital identity platforms22 • Storing personal records: birth, marriage & death certificates Trade & Commerce • Supply chain management (management of inventory and disputes) • Product provenance & authenticity (e.g. artworks, pharmaceuticals, diamonds) • Trade finance • Post-trade processing • Rewards & loyalty programs • Invoice management • Intellectual property registration • Internet of Things Agriculture • Financial services in the agricultural sector like insurance, crop finance and warehouse receipts • Provenance of cash crops • Safety net programs related to delivery of seeds, fertilizers and other agricultural inputs Governance • E-voting systems • E-Residence • Government record-keeping, e.g. criminal records • Reducing fraud and error in government payments • Reducing tax fraud • Protection of critical infrastructure against cyberattacks Healthcare • Electronic medical records Humanitarian & Aid • Tracking delivery & distribution of food, vaccinations, medications, etc. • Tracking distribution and expenditure of aid money 22 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN has partnered with IBM and two blockchain without a central clearing system. Cross-border startups – Axoni and R3 – to develop a blockchain- payments through correspondent banking channels based software for post-trade processing of credit are restricted to banks’ business hours and are subject default swaps.21 to transaction fees at three different points in the process: fees charged by the sending institution, fees DLT & Financial Inclusion charged by the receiving institution, and fees charged As noted earlier, DLT has apparent potential to enhance for the inter-bank, cross-border transfer (this could be efficiencies, resilience and reliability for a variety through several intermediaries, each charging their of financial sector players and infrastructures. This own fee). could help address, or ease, some of the long-standing Non-bank players, such as Money Transfer Operators challenges to enhancing access to financial services. (MTOs) like Western Union and others, have developed Despite strong progress in expanding financial proprietary frameworks involving prefunding at agent inclusion, barriers to bringing unbanked and excluded institutions at the receiving institutions to enable populations into the financial system persist. In faster disbursement and settle aggregated amounts the near-to-medium term, many of the benefits and periodically. Tie-ups between financial institutions, efficiency gains of DLT are likely to be reaped by non-bank payment service providers, and MTOs start-ups and financial institutions in the developed have brought increased efficiency in the sending and world. But in the medium-to-long term, DLT holds receiving legs. However, the cross-border funds leg potential to expand financial inclusion by addressing has not seen much innovation and in particular the the following barriers to access to finance, in specific foreign exchange fees continue to be a large portion country contexts: of the remittance fees – around 20% of the total cost.23 • Affordability of financial products and services By creating a distributed network for cross-currency funds settlement that replaces the correspondent • Lack of robust, verifiable ID systems for KYC and banking network, DLT can remove inefficiencies in other eligibility and due diligence requirements the current system and offers potential for significant cost reductions, especially in the cross-border, inter- • Deficient payment and credit infrastructures bank leg of the transaction. By lowering settlement • Incomplete secured transaction frameworks and costs and increasing efficiency of inter-bank and collateral registries cross-border transfers, DLT could potentially help in bringing down the price of remittances even • Impact of de-risking on international remittances further. DLT can also allow for new approaches to Selected examples of applications of DLT that could correspondent banking, which can potentially be part lead to greater financial access and inclusion for of a solution framework for addressing de-risking. underserved populations are: Examples • Cross-border Payments and Remittances Ripple. Focuses on commercial cross-border and inter-bank • Digital Identity Systems payments combined with cross-currency funds • Asset Registries settlement. Ripple allows for a move away from establishing upfront correspondent banking • Digital Currencies relationships towards a more dynamic approach. This approach involves identifying a “path” for the flow Cross-border Payments and Remittances of funds from a sender in a particular currency to a Individuals and SMEs in developing economies receiver in a particular currency, through a series of face uncertainty, high costs, and long delays in participating institutions that offer services for that making inter-bank, cross-border payments, which currency. This can lead to better discovery of prices for are currently typically conducted across a network foreign exchange transactions and expanding access of correspondent banks or money transfer providers, to such services for smaller remittances companies. 7. APPLICATIONS OF DLT 23 Ripple has its own cryptocurrency, XRP, which is to release to third parties. This could – under some actively traded on several cryptocurrency exchanges. circumstances - be particularly valuable in Fragile Ripple also operates its own exchange, structured as a Conflict and Violence affected contexts (FCV) where network described above, in which the top currencies there is weak institutional capacity and/or volatile actively exchanged are CNY, USD, JPY and EUR. In government regimes. However, state institutions (or addition, other cryptocurrencies like BTC (Bitcoin) other official bodies) would, in most cases, remain and ETH (ether) are also actively exchanged. The necessary as authenticating bodies of the identity data. Shanghai Huarui bank recently announced that it is working on a remittance product using Ripple for the While digital identity systems that use DLT can USA-China corridor.24 potentially solve for problems related to data ownership and storing identity data, achieving Abra. Offers instant P2P money widespread acceptance of digital identity products transfers with no transaction fees among government agencies and service providers through Abra’s network, combining cryptocurrency remains a challenge. In addition, legal and regulatory with physical bank tellers. Due to the existence of frameworks need to be developed or revised to tellers, no bank account is required to conduct a cross- guarantee data privacy standards for ID applications border payment; only the recipient’s phone number. that use DLT, especially permissionless blockchains. As of 2017, Abra is available globally and supports over 50 currencies, in addition to Bitcoin. Examples ShoCard. Palo-Alto-based ShoCard is a digital Bitpesa.25 Offers cross-border identity card, optimized for mobile, that stores ID payments for businesses and individuals information on the Bitcoin blockchain. The company between several African countries (Kenya, Nigeria, is in the process of developing solutions for use cases Tanzania, Uganda) and China. It uses Bitcoin for the such as identity verification, including at airports cross-border leg and has gained traction among some and call centers; financial services credentialing; African importers for paying Chinese suppliers. automated registrations for online purchases, proof of Bitt. Barbados-based blockchain company that started age and address, e.g. at police road stops. as the Caribbean’s first bitcoin exchange company and BanQu. Blockchain company BanQu provides an launched a digital fiat currency of the Barbadian dollar “economic identity” to people by storing identity and on the Bitcoin blockchain in February 2016. Plans to other critical information, including biometrics, on create a unified financial settlement network for the the Ethereum blockchain. They have a focus on the CARICOM region to reduce settlement times, reduce humanitarian space and developing countries, and cost of remittances, and eradicate frictions caused by are testing the BanQu digital identity in a number the Caribbean’s fragmented currency systems. of projects including for providing a digital identity to Syrian refugees in Amman, fixing supply chain Digital Identity Systems leakages in the delivery of medications and vaccines, Globally, 18% of unbanked individuals cite lack and implementing micro crop insurance through smart of ID-related documentation as one of the reasons contracts. for being unbanked in 2014.26 DLT can be used to record and store ID-related documents, such as IBM announced a blockchain project with Singapore birth certificates and marriage certificates, but also fintech startup KYCK! to enable financial services transaction histories, land titles, or health records in providers to address KYC challenges and more rapidly a way that is secure and verifiable. One advantage of on-board customers in a secure environment. Their DLT is that it allows for a system in which personal project will be tested and built on the Hyperledger data could be owned by individuals, rather than blockchain ‘Fabric’. Once identity verification by respective government agencies. Under some is confirmed, KYCK! will enter the customer’s implementations, individuals could decide which information into current bank-based checks or a third- selected parts of their digital personal data they chose party KYCK! system before account on-boarding.27 24 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN Asset Registries Bitcoin mining company) and Peruvian economist Incomplete secured transaction frameworks and the Hernando de Soto in April 2016 to design and pilot absence of reliable asset registers (including movable a blockchain land titling project. The plan is to asset registers) mean that lack of proof of collateral create a private blockchain tailored for property can be a significant obstacle to eligibility for credit rights registration that is anchored to the public in many countries. Only two billion people globally Bitcoin blockchain.28 have a title that is legal, effective, and public regarding • Ubitquity. US-based blockchain start-up Ubitquity their control over an asset and Peruvian economist launched a real estate platform on the Bitcoin Hernando de Soto estimates that the value of this blockchain for the tracking of ownership of real “dead capital” totals $9.3 tillion globally. estate titles in the US. Ubitquity and the World Bank Traditionally, asset registries are managed in a co-authored a white paper on blockchain applications centralized manner. With additional services enabled for land administration for a World Bank conference on top for validating ownership, checking for on land and poverty in March 2016.29 existence of liens, etc., DLT could make possible a • Everledger. London-based blockchain start-up more decentralized and therefore potentially quicker Everledger launched a global diamond certification way of building asset registries by using civil society and tracking system on blockchain. There are and other trusted stakeholders to validate ownership currently 980,000 diamonds recorded on the and record them on a DL. Once they are recorded on a Everledger blockchain enabling reliable records public blockchain, they are immutable and verifiable, for insurers, financiers and other stakeholders.30 thereby reducing the risk of improper tampering due to corruption and political favoritism. The underlying assets could also be moveable assets like inventories Digital Currencies and assets in a warehouse (with appropriate tagging The definition for the term digital currencies is still mechanisms), which can thereby be used to enhance evolving. A 2015 report by the CPMI, identified three credit worthiness and thus open up more avenues for key characteristics of (non-fiat) digital currencies: (i) accessing credit. the underlying asset has no intrinsic value; the value is instead determined by demand and supply; (ii) they There are potential applications of DLT for creating use DLT as the underlying mechanism for transfers reliable records of provenance of raw materials in a peer-to-peer manner; and (iii) they do not rely on notably agricultural inputs and commodities, in specific institutional arrangements or intermediaries combination with other technologies like geo-tagging for peer-to-peer exchanges.31 Figure 6 depicts and recording of specific metrics like soil quality, the CPMI’s taxonomy for money and exchange weather condition and fertilizer use. As an example, mechanisms, which explains where e-money and an international bulk purchaser of cocoa could reliably digital currencies could be placed in relation to other ascertain that a particular batch of cocoa beans came types of money, and illustrates the key differences from a particular farm with specific farming practices between digital currencies and e-money. and passed through a specific set of intermediaries. This could boost the pricing power of the farmer and In recent years, there has been much discussion the intermediaries, thereby raising profitability. The of central bank-issued digital currencies that use number of parties which need to see a consistent set fiat currency as the underlying “asset” in the above of information could be dynamic in these contexts, framework. This section discusses non-fiat digital making it difficult to administer this in a traditional currencies, while central bank-issued digital fiat centralized system. currencies are referenced in section 9. Examples The potential of digital currencies to lower barriers to entry into the financial system for unbanked and • Republic of Georgia’s Land Titling Project. The excluded populations warrants further research and Republic of Georgia’s National Agency of Public exploration. Applications that combine e-money and Registry announced a partnership with Bitfury (a mobile money frameworks with DLT-based digital 7. APPLICATIONS OF DLT 25 Figure 6: CPMI Taxonomy of Money and Exchange Mechanisms Physical Electronic Potential substitutes for Money in a traditional sense Potential substitutes for physical money (denominated in a sovereign currency) non-physical money Physical tokens E-money (broad sense) (beads, shells) Central bank Privately money The Commercial bank Legally recognised Digital currencies Asset issued notes (eg “money” money E-money (e-money issued by Cash (notes Central in a narrow Decentralized certain local and coins) bank sense) Centrally or automatic authorities) deposits issued insurance E-money exchange mechanisms: Traditional centralized FMIs (large peer-to-peer exchange is Decentralized Peer-to-peer physical exchange value and retail payment systems, possible but a trusted third party payment The (no specific infrastructure including card schemes...) is also needed (eg to avoid mechanisms Exchange is needed) double-spending mechanism (peer-to-peer Alternative bilteral arrangements (eg electronic Mechanism is centralized and is similar to correspondent banking) traditional FMIs exchange) Peer-to-peer Need for a trusted third party or a “chain of trust” Peer-to-peer Source: ‘Digital Currencies’, CPMI, Bank for International Settlements, November 2015, pg. 6 currencies for inter-bank transfers could be especially and AML/CFT. Similar to cash, transactions in DLT- relevant for financially excluded and underserved based digital currencies are generally not reversible, populations: e-money and mobile money frameworks which raises questions about recourse mechanisms expand geographic reach and reduce reliance on and dispute resolution. Balances held in non-fiat physical bank infrastructure, such as bank branches digital currencies are also currently not covered by or agents, and DLT has the potential to enhance deposit insurance agencies, e.g. FDIC in the USA, efficiencies. The efficiency gains are mainly derived and law enforcement agencies do not systematically from using the digital currency as the transfer medium follow up cases of fraud involving digital currencies. between payer and payee without any intermediaries, The value of digital currencies is determined by often at zero cost. This is combined with using mobile demand and supply and can therefore exhibit wide phones as the access mechanism and using agents fluctuations, which can make it unsuitable as a or exchanges to convert digital currency back to fiat store of value, unlike fiat currencies. Further, many currency, such as e-money, cash, or credit in a bank discussions of digital currencies assume the existence account. It is likely that costs will be incurred at the of a complete ecosystem where this digital currency point of converting digital currency into fiat currency. is already widely accepted and therefore there is no need to convert digital currency to fiat currency. This, But despite these advantages, there are regulatory however, does not yet reflect the reality for large concerns and other challenges related to digital segments of the population in most countries today. currencies that require further attention before large- scale adoption becomes a realistic option. There are Currently, DLT is unlikely to fully replace any existing particular concerns related to consumer protection financial infrastructure, institutions, and protocols and 26 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN some of the most promising DLT-based applications It is also worth noting that employing DLT to help reach utilize and build on existing structures. Digital wallets financial inclusion goals requires the development and that contain digital currencies that enable direct active promotion of important accompanying elements. electronic cross-border transactions currently still rely Important among these are: (i) user-friendly application on the domestic payments infrastructure to be funded, interface design, (ii) financial literacy and capability, which is typically done through a conventional bank (iii) a sound financial consumer protection framework or mobile account or a payment card, but could – in that applies to financial services enabled by DLT, (iv) theory - also be done through an agent or teller (see interoperability with traditional payment and financial Abra example above). However, this could – at least services and infrastructure; and (v) effective oversight. in theory - change in the future if acceptance of Alternative approaches to address limitations of digital currencies among offline and online merchants existing financial infrastructure should be considered became more widespread, for example once central side-by-side and potentially in complement with DLT, banks issue digital fiat currencies. such as cloud computing, e-money and mobile money, and biometric ID systems. 7. APPLICATIONS OF DLT 27 28 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN 8. Smart Contracts ‘Smart contracts’, in the context of DLT, are programs that are written on the underlying distributed ledger and are executed automatically by nodes on the network. Any instruction that could be executed by a computer could theoretically be run by a smart contract. Transactions or data recorded on the distributed ledger trigger the smart contract and the actions taken are in turn recorded in the ledger. Another way of putting this is that smart contracts “allow for logic to be programmed on top of the blockchain transaction”.32 The same applies to other DLs, as smart contracts can also be executed by DLs that are not blockchains. Smart contracts have to be verifiable by each node on the network, meaning that all nodes on the network must see the same data. The term was first coined by cryptographer Nick Szabo in a 1997 paper where he used a vending machine to illustrate the idea of a smart contract.33 The vending machine, a mechanical device, controls ownership of an asset, the candy bar, and executes the transfer of ownership when triggered by a defined input, the event of entering a coin into the machine. The vending machine therefore enforces the terms of the pre-agreed ‘contract’ that defines the underlying assets, inputs, and consequential actions. A ubiquitous modern analogy would be automatic trading rules, executed by a computer program, that initiate sales or purchases of securities at a pre-defined strike price. Potential applications of smart contracts could be used in the derivatives markets, mergers & acquisitions, and in securities transactions, among many others. DLT systems provide a platform that allows for smart contracts, written in computer code, to actually control real-world assets, such as real estate, shares, land titles, or escrows, without the need for a third party that controls the release of the assets, such as a broker, a land title administrator or an escrow agent, for example. This is due to the fact that the nodes in the distributed network have the ability to enforce a contract by executing code. For example, figure 7 illustrates how a smart contract could be used in the context of trade finance. A similar DLT-based approach could also be applied to a variety of other contexts, such as mortgage processes or collateral registries. Smart contracts have captivated idealists because they make automated companies possible which do not rely on any human inputs – no managers or board directors - except financial backers. Ethereum is the second-largest public blockchain - 8. SMART CONTRACTS 29 Figure 7: Smart Contracts in Trade Finance 7 1 2 8 5&6 3 4 1. Buyer: The buyer and issuing bank create an electronic letter of credit, guaranteeing payment if the order is fulfilled. 2. Seller: The seller and advising bank gather documents with specifics on the oil shipment and create an invoice. 3. Cargo: The oil is loaded onto the vessel. 4. Inspector: The inspector checks the quality and quantity of the oil, and issues certificates that are added to the smart contract. 5. Vessel: The agent for the vessel issues the bill of lading, which details the shipment and is used as a receipt, and a certificate of origin. 6. Shipment: The oil is shipped to its destination. Documents are verified by the smart contract for compliance and accuracy. 7. Title and Payment: If documents are found to be compliant, the title of goods is transferred to the buyer, and payment is transferred to the seller. 8. Blockchain-based smart contract: All documents and records of ownership are added to the smart contract in unalterable “blocks.” Source: ING/Wall Street Journal * “Banks Turn to Virtual World to Modernize Physical Commodities Trading”, By Stephanie Young, 04 April 2017, Wall Street Journal https://www.wsj.com/articles/banks-turn-to-virtual-world-to-modernize-physical-commodities-trading-1491303623 30 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN after Bitcoin - and it is optimized for smart contract crowdsourcing records by raising the equivalent applications. A number of DAOs (Decentralized of US$120 million of ether in one month, which Autonomous Organizations) have been launched on the constituted 14% of all ether ever issued. A hacker Ethereum platform, which are, in effect, venture capital exploited a flaw in the DAO software, an application funds for automated businesses. CoinDesk defines run on Ethereum, but the core Ethereum blockchain a DAO’s goal as “to codify the rules and decision itself was not hacked. This hack is an example of an making apparatus of an organization, eliminating the exploit of a security vulnerability that existed in the need for documents and people in governing, creating application layer on top of the blockchain, which are a structure with decentralized control. Here’s how it a major security concern. works: In response to the attack, the Ethereum community • A group of people write the smart contracts made a controversial decision to complete a so-called (programs) that will run the organization. “hard fork” in the Ethereum blockchain in order to recover the stolen funds. As a result, the Ethereum • There is an initial funding period, in which people blockchain was broken down into two separate, add funds to the DAO by purchasing tokens that active cryptocurrencies: ether (containing the hard represent ownership – this is called a crowdsale, fork that restored the stolen funds, also referred to or an initial coin offering (ICO) – to give it the as Ethereum One or Ethereum Core) and Ethereum resources it needs. Classic (original transaction record with stolen funds • When the funding period is over, the DAO begins still under control of the hacker). A survey among to operate. 240+ technical leaders in the blockchain community conducted by CoinDesk revealed that 63% reported • People then can make proposals to the DAO on how no change in their use of Ethereum after the fork even to spend the money, and the members who have though one third had originally opposed the hard bought in can vote to approve these proposals.”34 fork.35 (See the annex for more information on the However, confidence in Ethereum was put to a DAO hack and Ethereum’s forks). test after a successful attack on such an entity – In addition to technical vulnerabilities, the use of referred to as “The DAO” - in June 2016 in which automated smart contracts combined with DLT also an attacker diverted 3.5 million units of Ethereum’s raise a number of legal and regulatory issues, for cryptocurrency “ether”, worth around US$50 million example related to liability, jurisdiction, amendments at the time of the hack. The DAO, which was run and voidability of contracts. by a German startup called Slock.it, had broken 8. SMART CONTRACTS 31 32 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN 9. What are governments, development organiza- tions, and donors doing in this space? The UK Government’s Office of Science issued a major report on blockchain and DLT, published in January 2016, which assesses the opportunities of DLT to be used within government and by the private sector and recommends a broad government initiative to facilitate the beneficial use of DLT. In this report, the UK’s Chief Scientific Adviser Mark Walport writes: “Distributed ledger technologies have the potential to help governments to collect taxes, deliver benefits, issue passports, record land registries, assure the supply chain of goods and generally ensure the integrity of government records and services. [...] For the consumer of all of these services, the technology offers the potential, according to the circumstances, for individual consumers to control access to personal records and to know who has accessed them. [...] Distributed ledger technology provides the framework for government to reduce fraud, corruption, error and the cost of paper-intensive processes. It has the potential to redefine the relationship between government and the citizen in terms of data sharing, transparency and trust. It has similar possibilities for the private sector.”36 The report sets out eight recommended actions for government to maximize opportunities and reduce risks of DLT, including: • Provide the vision, leadership and the platform for DLT within government • Invest in research • Create a regulatory framework for DLT • Set standards for security, privacy, integrity • Build trust and interoperability • Ensure implementation of effective identification and authentication protocols • Establish trials of DLT to assess usability within public sector • Build capability & skills within government. Estonia’s e-Residency platform. The Estonian government has been experimenting with DLT for years, using it to verify records on government databases, e.g. birth and marriage certificates. Estonia has also pioneered the concept of e-residency as a form of transnational digital identity. Estonian e-residence is available to anyone in the world interested in using Estonian online services, open a bank account, 9. WHAT ARE GOVERNMENTS, DEVELOPMENT ORGANIZATIONS, AND DONORS DOING IN THIS SPACE? 33 or start a company. E-residents can apply for a bank paper argues that digital fiat currencies could enhance account, conduct online banking, declare taxes, sign financial stability by providing the central bank with documents remotely, and get access to international an additional policy tool to reduce interest rates below payment providers. NASDAQ is partnering with the zero lower bound and also being able to directly Estonia’s e-residency platform to enable secure fund asset purchases by non-banks without need for e-voting in shareholder meetings. bank intermediation. Central Banks around the world are exploring Regulators across the world – in OECD countries as DLT-based digital currencies. In the UK, Canada, well as developing counties, for example Uganda39- Russia, Australia, Sweden, China, central banks are are studying regulation of digital currencies. Self- assessing risks and benefits of issuing fiat currency regulation efforts are also underway: the Australian backed digital currency on the blockchain, and Digital Currency & Commerce Association, for investigating their potential effects on the economy example, has launched Digital Currency Industry and on financial stability. Any central bank-issued Code of Conduct, which focuses on consumer digital currency would likely look substantially protection and outreach.40 different from Bitcoin’s open, decentralized, peer-to- peer model and it might not need a DLT approach. In The IMF issued a report on the benefits and contrast to cash, digital currencies create a permanent, risks of digital currencies in January 2016.41 The trackable record of each transaction and costs of report considers preliminary implications of digital handling cash would be eliminated. A further potential currencies (referred to as ‘virtual currencies’ in the advantage of DLT-based digital currencies is the report) for regulation and policy, including issues prospect for “smart money”. A DLT-based currency related to AML/CFT, consumer protection, taxation, with a digital ledger opens up the possibility to exchange controls and capital flow management, program certain terms and condition on digital money, financial stability and monetary policy. for example, how, where, when and by whom it can be The CPMI issued a report on digital currencies spent. Many different scenarios are being discussed, in November 2015, which considers implications of one radical option would bypass commercial banks digital currencies and their underlying decentralized as intermediaries by allowing individual customers payment mechanisms for central banks, regulatory to hold accounts directly with the central bank, issues, and demand- and supply-side factors using DLT.37 In Senegal, the Banque Régionale de influencing the development of digital currencies.42 Marchés (BRM) launched an e-money solution in The World Bank participated in the working group 2016, with the difference that the customer pool funds that produced the report. The CPMI also issued a are held with the regional central bank the BCEAO. report on the use of DLT for payment, clearing, and This solution has been provided by eCurrency Mint settlement in February 2017, which provides an Limited (eCurrency). China’s central bank, People’s analytical framework for central banks and other Bank of China, tested a blockchain-based digital authorities to review and analyze DLT use cases currency in January 2017. (focusing on permissioned ledgers), and identifying risks and opportunities.43 A recent paper issued by Bank of England discusses opportunities for significant savings from central The World Bank is also participating in several bank-issued digital currencies through a reduction in working groups on this topic at the FSB, CPMI- real interest rates, as well as lower transaction costs.38 IOSCO and the FATF. According to this analysis, a central bank-issued digital currency regime would result in a “permanent UK’s Department for Work and Pension piloted increase” in fiscal income flows for the government DLT for government transfers. DLT offers (due to reductions in net interest expenses), which the opportunity for governments to monitor the would allow for an increase in public spending observance or program rules related to conditional or a lowering of tax rates by the fiscal authority, at government transfers through smart contracts. For unchanged deficit and debt targets. In addition, the example, payments related to cash-for-work programs 34 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN can be executed automatically once the work is International development consulting firm completed or payments for public works projects that Chemonics, a major USAID contractor, established are conditional on completion of the works project can a ‘Blockchain for Development Solutions Lab’ in be executed automatically. The Department for Work partnership with blockchain technology company and Pensions in the UK started a trial in June 2016 to BanQu, announced in October 2016. The lab’s goal use DLT for welfare benefit payments, working with is “to build, test, and scale blockchain solutions to GovCoin Systems and other partners (Barclays, RWE reduce poverty and increase aid effectiveness.”45 Npower, University College London). Claimants are BitLicense – New York State’s Department of using an application on their phones through which Financial Services (NYDFS). In June 2015, New York they are receiving and spending their benefit payments, State released the BitLicense, a regulatory framework which is designed to help them manage their benefit for companies engaged in “virtual currency business money. With their consent, transactions are being activity” that act as cryptocurrency exchanges recorded on a distributed ledger with the aim to create and/or function as custodians of bitcoin and other a more efficient and secure welfare infrastructure that cryptocurrencies. As part of the application process, prevents fraud. the New York state regulator reviews companies’ Regulatory Sandboxes and “Test and Learn” anti-money laundering, consumer protection, and Regulatory Approaches. Regulators are exploring cybersecurity policies.46 As of October 2017, NYDFS different regulatory approaches for DLT-based has granted BitLicenses to three companies, who are innovations. A regulatory sandbox, as defined by all major players in the industry: Circle, Ripple, and the United Kingdom’s Financial Conduct Authority, Coinbase. In addition to the BitLicense, the regulator “aims to create a ‘safe space’ in which businesses can has also granted banking charters to bitcoin exchanges test innovative products, services, business models Gemini and itBit. The BitLicense has drawn some and delivery mechanisms in a live environment criticism by the start-up community for the high costs without immediately incurring all the normal associated with the application, which has led some regulatory consequences of engaging in the activity in firms to cease operations in New York. question.”44 Several regulators in OECD countries and Delaware’s 2017 “Blockchain Amendments”. In also in middle income countries like Malaysia have July 2017, the Delaware General Assembly passed a implemented such a framework allowing startups and series of amendments that recognize blockchain as an regulated institutions to experiment, pilot, and launch acceptable form of corporate recordkeeping, starting services on a small scale using DLT and other Fintech August 1, 2017. Under this law, Delaware corporations approaches. Taking advantage of this framework, the have the ability to issue shares and manage ownership Monetary Authority of Singapore recently announced records using blockchain technology.47 its plans to conduct a pilot using DLT for inter-bank payments and settlements. Malaysia and Hong Kong Securities Exchange Commission recently gave permission for a DLT-based crowd funding platform. 9. WHAT ARE GOVERNMENTS, DEVELOPMENT ORGANIZATIONS, AND DONORS DOING IN THIS SPACE? 35 36 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN 10. How can DLT be leveraged for World Bank programs and projects in the financial sector? DLT is still at an early stage of development and many challenges need to be resolved before the full potential of the technology can be realized, such as issues related to privacy, security, scalability, interoperability, and legal and regulatory issues. The bulk of R&D resources for DLT are currently devoted to improving financial infrastructure and processes, and this investment could potentially be leveraged by development organizations for the benefit of developing countries. However, as the technology is still being developed and tested, and is not yet sufficiently robust and scalable, the World Bank Group cannot, at this stage, issue any general recommendations about usability independent of specific contexts. The Bank of England (BoE) launched a review of the Real Time Gross Settlement (RTGS) system it operates, followed by an industry consultation in which it considered applications of DLT. The BoE recently concluded this consultation with the assessment that DLT is immature at this point, however it will explore how to integrate and incorporate DLT as the technology matures.48 Bank of Canada also came to a similar conclusion. There is an emerging view that the DLT applications in finance that will likely gain traction first will not be payment and settlement systems but instead areas in which there is little automation and heavy use of manual processes with high inefficiencies. Suggested areas that fit these characteristics are: (i) reference data maintenance in payment and settlement systems; (ii) trade finance; (iii) syndicated loans; and (iv) tracking of provenance of agricultural products, commodities and the like and their subsequent sale or use as collateral based on which financing is provided. There are also discussions about applications of DLT as part of the solution framework for de-risking through: (i) reliable and auditable maintenance of identity, including Know-Your-Customer and Customer Due Dilligence data; (ii) developing an alternative to the correspondent banking model (as noted in the discussion of Ripple); and (iii) using a cryptocurrency for the cross-border leg (as noted in the discussion of Abra). Consideration should also be given to the argument made in the 2016 report by the UK Government Office for Science that “if government waits for ‘perfect’ solutions, it will miss the opportunity to shape and procure implementations of the technology that will provide maximum benefit to the public sector, and the UK may lose opportunities for economic benefit as well”. Further research and 10. HOW CAN DLT BE LEVERAGED FOR WB PROGRAMS AND PROJECTS IN THE FINANCIAL SECTOR? 37 exploration is required to reach a higher level of Forum, Global Remittances Working Group technical sophistication and robustness of DLT, and the upcoming Financial Inclusion Global especially when used in combination with smart Initiative (FIGI) to closely monitor and analyze contracts. But understanding the true potential of DLT developments in DLT and, where feasible, design for development objectives requires not just research and implement pilots. but also real-life applications and trials. Foster collaboration and co-ordinate with Given the potential for DLT to structure solutions to international standard-setting bodies development challenges in the financial sector and • Join industry consortiums like R3’s R&D lab and/ beyond, the WBG should closely monitor and shape this or Hyperledger, propose specific research projects development and, where appropriate, foster its adoption. with a development focus, for example projects related to digital identity, addressing AML & KYC The applications of DLT in the payment and challenges, asset registries, agriculture finance settlement systems are being actively studied by related applications or cross-border payments and various central banks and the WBG should closely remittances. monitor the developments through participation in the various working groups of standard-setting bodies • Foster international co-operation and collaboration, and through bilateral engagements. However, other leveraging ongoing participation in working areas – in particular those related to financial sector groups of international standard setting bodies. development and financial inclusion – are not getting • Encourage companies and other entities working much attention from many private sector players and on DLT to explore applicability of the technology regulators. This is an area where the WBG could for a development context and provide assistance take a more active role. This could in particular with conducting pilots and proof-of-concepts. This include applications in agriculture finance, invoice/ could include a comprehensive analysis of the true receivables financing and collateral registries. costs and benefits of using DLT approaches. Potential actions the WBG could take include: Enhance awareness of DLT within WBG and Monitor developments explore applications • Closely monitor developments in the DLT field, • Enhance the level of awareness on DLT within the especially actions taken by governments and Finance & Markets Global Practice and beyond and development organizations. encourage ongoing and pipeline Advisory Services and Analytics (ASA) and investment programs to • Applying existing tools such as the World Bank explore opportunities for leveraging DLT. Remittances Prices World Wide database, to systematically collect information on costs of • Leverage the new WBG Blockchain Lab, which potential DLT-based remittance services; and partners with a group of DLT companies and other the Global Payments Systems Survey to collect technology firms, to study and further develop qualitative and quantitative information on usage DLT-based solutions for cross-border payments, of digital currency and DLT approaches and their particularly in the context of de-risking and regulatory framework, and explore opportunities to maintaining payment flows to regions affected collect information on uses of DLT approaches in by fragility, conflict and violence (FCV). Where retail payments in Retail Payment Costs surveys. feasible, this could done be in partnership with client countries. The WBG blockchain lab49 could • Leverage IFC investees and private sector forums also be used to support clients in testing country- like the SME Forum for knowledge exchanges and specific pilots. to identify regulatory bottlenecks hampering the development of DLT. • In WB-financed operations, encourage country counterparts to invite companies offering DLT- • Leverage existing forums like ID4D, International solutions to participate in the procurement process, Committee on Credit Reporting (ICCR), SME where appropriate, potentially as part of a 2-stage 38 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN procurement process.50 At minimum, bidders could be in other countries’ sandboxes (for example as asked to share alternative implementation approaches South-South collaboration with countries like and also share information on how the infrastructure Mexico, South Africa, Jordan, and Malaysia). in question would work in a DLT framework. • Support World Bank client countries in exploring • Explore financing small-scale pilots as part of potential applications of DLT in their specific WBG ASA and investment programs, notably in contexts through the full range of WBG the areas of agriculture finance, invoice/receivables engagements: technical assistance, convening and financing and collateral registries (which were investment, especially in the areas of cross-border identified earlier). payments and remittances, identity, and registries. Actively engage with WB client countries working • Participate in reviews of pilot implementations to on these topics: assess the costs and benefits of DLT. • Support WB client countries in establishing regulatory sandboxes or participating as observers 10. HOW CAN DLT BE LEVERAGED FOR WB PROGRAMS AND PROJECTS IN THE FINANCIAL SECTOR? 39 40 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN Annex: The DAO hack and Ethereum’s forks Forks arise when the blockchain in a distributed ledger splits into two competing paths forward, and they can disrupt the value and stability of the underlying cryptocurrencies. One of the most controversial forks took place in July 2016, when the Ethereum community completed a “hard-fork”, resulting in Ethereum’s blockchain diverging into two separate cryptocurrencies (Ethereum One or Core and Ethereum Classic). Since then, Ethereum has forked three additional times, and is planning a fifth hard fork, “Metropolis”, to be released later this year.51 The History of Ethereum’s Forks In April 2016, members of the Ethereum community – the team behind German start-up “Slock.it” - announced the inception of the Decentralized Autonomous Organization (DAO), an organization with decentralized control, governed by smart contracts. It was designed to operate like a venture capital fund for the cryptocurrency and decentralized space.52 The DAO built smart contracts on the Ethereum blockchain, which allowed people to make funding proposals, and if enough DAO investors voted for the proposal, the funding was released after 28 days. The initiative successfully crowdfunded approximately 150 million USD from over 11,000 investors, one of the largest crowdfunding successes in history.53 The DAO also had a “split function” that allowed investors to leave the organization in case they saw damaging proposals being accepted. However, in mid-June the DAO creators announced that they had found a “bug” in the software, and the programmers were beginning to fix the code while over 50 project proposals were still pending for the DAO vote. At this time, a hacker began to exploit the smart contract vulnerability and drain the DAO of ether (Ethereum’s cryptocurrency). By June 18th, the hacker had amassed over $50 million dollars in ether but, due to the funding window, the funds were unavailable for withdrawal for 28 days, as stipulated in the DAO’s smart contracts.54 The Ethereum community debated how to reclaim the funds. Due to the distributed nature of the ledger, there was no central authority to make a quick decision, and the proposed forks required a consensus vote by Ethereum community members. Two proposals were made: • The soft-fork proposal, which did not secure enough votes, was intended to retain backward compatibility, so that no blocks needed to be re-written and ANNEX: THE DAO HACK AND ETHEREUM’S FORKS 41 miners could continue to “allow transactions issues.58 Ethereum proposed a two-stage hard fork as normal, wait for the soft fork code and stand solution: the first hard-fork, code named “tangerine- ready to download and run it if they agree with whistle”, addressed the immediate vulnerabilities; and (the proposed) path forward for the Ethereum the second hard-fork, “Spurious Dragon” (released ecosystem”.55 This would have effectively November 22nd, 2016), enabled the “de-bloat of the attempted to blacklist the hacker. In response to blockchain state”.59 Spurious Dragon marked the this proposal, the hacker (or an individual posing fourth fork undertaken by Ethereum overall. as a hacker, as the messages were not verified) threatened legal action justifying that the rules The Future May Continue to Fork of smart contracts must be maintained. The Forks are now becoming a frequent occurrence in the hacker attempted to protect the “stolen” ether by blockchain community. However, the implications of offering miners that do not upgrade to the soft- continuous forking are unknown and many skeptics fork a “reward”. Due to a vulnerability that was are wary of the divergences and lack of community discovered in the soft fork proposal, this solution cohesion that accompany forks. For instance, the could not be implemented effectively. first Ethereum hard fork created some distrust in the • The hard fork proposal reached sufficient community60 as members complained that voting- consensus after a few weeks of discussion windows were too short and not well publicized, and (following the responses of the “supposed” hacker) as a result only a small percentage of community and proposed a reshaping of the platform to fix the members voted on fork proposals. Additional vulnerable underlying code of smart contracts and implications include the fracturing of cryptocurrency allow reparations for DAO investors. A splinter communities, like in the case of Ethereum Classic minority within the community refused to accept vs. Ethereum One (or Ethereum Core). Splitting the new rules, continued trading ether on the old into variant, similar platforms increases risks of platform and thus created a divergent blockchain multiple attacks, as the same vulnerabilities exist on which now continues to exist as the alternative multiple blockchains. Despite these risks, forks are cryptocurrency “Ethereum Classic”, alongside quickly becoming more widely accepted within the cryptocurrency “Ethereum One” (or Ethereum community, and Ethereum is planning two additional Core), which accepted the hard fork. hard-forks to improve the platform. The release of ‘Metropolis’ is planned later this year in 2017 and will provide greater flexibility in smart contracts for Subsequent Forks developers. In addition, there is anticipation for the After Ethereum’s landmark hard fork, the platform release of ‘Serenity’, which will include the transition continued to implement multiple forks over time in from proof-of-work to proof-of-stake consensus response to distributed denial of service (DDoS) through a new algorithm called “Casper”61. The online attacks – i.e. attacks that infect and compromise blockchain community will be waiting for the release multiple systems in order to flood the Ethereum host. of these forks to understand their broader implications The attacks contributed to what is called a “bloated on the future of public cryptocurrencies, and a state”, whereby miners and nodes spend a long time community’s ability to cohesively update, upgrade processing blocks, which make it difficult to process and handle platform evolutions over time. and verify transactions.56 Although a soft fork57 was released, according to the Ethereum blog, hackers continued to exploit various weaknesses through DDoS attacks, which posed immediate network health 42 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN Endnotes 1. Satoshi Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System”. https:// bitcoin.org/bitcoin.pdf 2. Adrian Chen, “We need to know who Satoshi Nakamoto is”, The New Yorker, 09 May 2016 http://www.newyorker.com/business/currency/we-need-to- know-who-satoshi-nakamoto-is 3. http://www.fatf-gafi.org/publications/fatfgeneral/documents/guidance-rba- virtual-currencies.html 4. In these cases, the exchanges were hacked and coins that were kept in the exchanges were stolen - much like an online wallet containing e-money or fiat money could be hacked. The Bitcoin ledger itself was never corrupted as a result of these hacks. 5. “Bitcoin Mining and its Energy Footprint”, Karl Dwyer and David Malone - https://karlodwyer.github.io/publications/pdf/bitcoin_KJOD_2014.pdf 6. http://motherboard.vice.com/read/bitcoin-could-consume-as-much-electricity- as-denmark-by-2020 7. This means that applying the same hash function to the same input always yields the same output. In contrast to encryption, which is a two-way process, hashing is a one-way process. A message can be encrypted and then decrypted but it is impossible to revert a hash output back to its original message using either the hash function or any other cryptographic method. 8. The block size limit of the Bitcoin blockchain is the subject of intense debate in the Bitcoin community. Satoshi Nakamoto decided to cap the size of a block at one megabyte, or about 1,400 transactions. Blocks could be made bigger but bigger blocks would take longer to propagate through the network, worsening the risks of forking. 9. See CoinDesks’s Q3 State of Blockchain for more information on this: http:// www.coindesk.com/research/state-of-blockchain-q3-2016/# 10. http://www.bis.org/cpmi/publ/d157.pdf ENDNOTES 43 11. This estimate is from a 2015 report by Spanish 24. https://ripple.com/insights/several-global-banks- bank Santander; management consulting firm join-ripples-growing-network/ Oliver Wyman and venture capital investor 25. https://www.bitpesa.co/blog/connecting- Anthemis Group. http://santanderinnoventures. payments-with-africa-and-china/ com/wp-content/uploads/2015/06/The-Fintech- 2-0-Paper.pdf 26. Global Findex 2014, World Bank 12. Steve McConnell, “Code Complete: A Practical 27. h t t p : / / w w w - 0 3 . i b m . c o m / p r e s s / u s / e n / Handbook of Software Construction”, Microsoft pressrelease/51054.wss Press; 2nd edition 2004. Cited in: https://blog. slock.it/the-history-of-the-dao-and-lessons- 28. This means in practice that assets will be managed learned-d06740f8cfa5 on a closed block chain system so no individual transaction will be identifiable, but the data on 13. http://www.coindesk.com/short-guide-bitcoin- the closed system will be stamped onto a public forks-explained/ block chain, i.e. Bitcoin, making any fraudulent changes publicly visible. 14. h t t p : / / w w w. t e c h - r e c i p e s . c o m / r x / 4 8 5 1 7 / cryptocurrency-what-is-a-fork/ 29. https://www.ubitquity.io/home/resources/ worldbank_land_paper_ubitquity_march_2016. 15. There is the possibility where the non-upgraded pdf nodes continue to mine and either abandon the block chain mined from upgraded nodes, or fork 30. h t t p : / / m e d i a . e v e r l e d g e r. i o / w p - c o n t e n t / off into its own cryptocurrency. uploads/2016/09/Everledger_OnePager_2016-1. pdf 16. CoinDesk, State of Block Chain, Q3 2016 31. http://www.bis.org/cpmi/publ/d137.htm 17. http://www.coindesk.com/10-stock-exchanges- blockchain/ 32. Autonomous Research LLP, “Block Chain: Backoffice Block Buster”. https://www. 18. http://www.wired.com/2015/12/sec-approves- autonomous.com/fintech/d9335db1-bf1a-4ab2- plan-to-issue-company-stock-via-the-bitcoin- 8d1d-a36cb747a6ae blockchain/ 33. Nick Szabo, “The Idea of Smart Contracts” (1997). 19. http://www.coindesk.com/german-central-bank- http://szabo.best.vwh.net/smart_contracts_idea. blockchain-trading/ html 20. http://www.coindesk.com/korea-exchange- 34. CoinDesk, “Understanding The DAO Attack”, launches-blockchain-powered-private-market- by David Siegel, 25 June 2016. https://www. service/ coindesk.com/understanding-dao-hack- 21. h t t p : / / w w w . f o r b e s . c o m / s i t e s / journalists/ laurashin/2017/01/09/dtcc-selects-partners- 35. CoinDesk, “CoinDesk Research: Ethereum for-blockchain-solution-for-credit-default- Hard Fork Had Little Impact on Sentiment”. By swaps/#1ebe0994ad88 Bradley Miles. 17 November 2016. https://www. 22. Identity becomes a token, which can be affirmed coindesk.com/coindesk-research-spotlight-study- as needed and record of identity validation stored q3-ethereum-hard-fork/ also on the DL. 36. U.K. Government Office for Science. “Distributed 23. Based on analysis of the remittance prices ledger technology: beyond blockchain”. A recorded at World Bank remittances price database report by the UK Government Chief Scientific (remittanceprices.worldbank.org), across a range Adviser. 19 January 2016. https://www.gov.uk/ of corridors. government/publications/distributed-ledger- technology-blackett-review 44 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN 37. Financial Times, “Central banks to explore Global Practice is currently working on a number blockchain to create digital currencies.” By of use cases with the Lab, including cross-border Jane Wild. 02 November 2016. https://www. remittances. ft.com/content/f15d3ab6-750d-11e6-bf48- 50. In a 2-stage procurement process, proposals b372cdb1043a without any specific restrictions on solution 38. Bank of England Staff Working Paper No approaches are invited in the first stage, and in the 605, “Macroeconomics of central bank issued 2nd stage a specific solution approach is chosen digital currencies” July 2016. http://www. and bids are invited for this specific approach. bankofengland.co.uk/research/Documents/ 51. https://themerkle.com/what-is-ethereums- workingpapers/2016/swp605.pdf metropolis-hard-fork/ 39. http://www.coindesk.com/uganda-africa-first- 52. CoinDesk, “Understanding The DAO Attack”, steps-bitcoin-blockchain-regulation/ by David Siegel, 25 June 2016. https://www. 40. http://www.coindesk.com/australia-digital- coindesk.com/understanding-dao-hack- currency-self-regulation/ journalists/ 41. http://www.imf.org/external/pubs/cat/longres. 53. https://qz.com/730004/everything-you-need-to- aspx?sk=43618 know-about-the-ethereum-hard-fork/ 42. http://www.bis.org/cpmi/publ/d137.htm 54. A helpful timeline of events related to Ethereum and the fork in response to the DAO hack is 43. http://www.bis.org/cpmi/publ/d157.htm available on Ethereum Classic’s website: https:// 44. https://ripple.com/insights/several-global-banks- ethereumclassic.github.io/ join-ripples-growing-network/ 55. https://blog.ethereum.org/2016/06/17/critical- 45. https://www.chemonics.com/news/blockchain- update-re-dao-vulnerability/ transforming-development/ 56. https://blog.ethereum.org/2016/09/22/ethereum- 46. http://www.dfs.ny.gov/legal/regulations/ network-currently-undergoing-dos-attack/ bitlicense_reg_framework.htm 57. https://news.bitcoin.com/ethereum-plans-hard- 47. h t t p : / / l e g i s . d e l a w a r e . g o v / fork-twice/ BillDetail?LegislationId=25730 58. https://blog.ethereum.org/2016/11/18/hard-fork- 48. http://www.bankofengland.co.uk/markets/Pages/ no-4-spurious-dragon/ paymentsystem/strategy.aspx 59. https://blog.ethereum.org/2016/11/18/hard-fork- 49. The WBG Blockchain Lab was launched in June no-4-spurious-dragon/ 2017 as an incubator for learning, experimenting 60. https://bitcoinmagazine.com/articles/op-ed- and knowledge sharing on Distributed Ledger why-ethereums-hard-fork-will-cause-problems- Technologies (DLT). The Lab is partnering coming-year/ with leading technology companies, start-ups, entrepreneurs, innovators and development 61. https://www.ethnews.com/ethereums-road-map- organizations to experiment, develop, and roll for-2017 out blockchain-enabled solutions for the business and its various development challenges. The lab has a cross-sectional mandate and has identified four priority tracks of work: Technology, Security, Regulation and Policy, and Learning and Knowledge Sharing. The Finance & Markets ENDNOTES 45 46 DISTRIBUTED LEDGER TECHNOLOGY (DLT) AND BLOCKCHAIN