CRYPTO-FINANCIAL ASSETS IN A DLT-BASED MARKET ...
181
CRYPTO-FINANCIAL ASSETS IN A DLT-BASED MARKET INFRASTRUCTURE Legal Principles of Ownership and Obligation Amy Held LL.M Minor Thesis June 2019
-
Upload
khangminh22 -
Category
Documents
-
view
4 -
download
0
Transcript of CRYPTO-FINANCIAL ASSETS IN A DLT-BASED MARKET ...
CRYPTO-FINANCIAL ASSETS IN A DLT-BASED MARKET INFRASTRUCTURE
Legal Principles of Ownership and Obligation
Amy Held
LL.M Minor Thesis
June 2019
i
Preface
To the loving memory of P, who always believed in me.
I would never have been able to complete this thesis on time without the support of three persons in particular: Isabel; and Cris and Basti. You each know I owe you an immeasurable debt and, moreover, how it was incurred! Thank you, from the bottom of my heart. Many thanks to Yannick for clarifying the programming aspects of the paper and preventing what might have been glaring technical errors. The usual caveats for any outstanding apply. Thank you to Andrew for his steady academic support; and to David for his overwhelmingly positive examiner’s report. The paper has been improved considerably with the benefit of their insights and comments. Special thanks to Matthias for his wise and pragmatic advice on revising the thesis for publication; and to my colleagues at the University of Bonn’s Institute of Private International Law and Comparative Law for their warm welcome and understanding of my repeated absence from lunch as I took up this thesis once more. Now that it’s done: alle Jläser huh!
As an English barrister who spent a memorable year in Melbourne to study the MLS Law Masters, this paper is based primarily on English law (including EU legislation) with supplementary references to Australian and Victorian law where available and appropriate. Given the pace at which new developments occur in the crypto sphere, both the law and commercial practices remain stated as reported and available to me on 30 May 2019.
Amy Held Bonn, February 2020
ii
TABLE OF CONTENTS
1. INTRODUCTION 2. FINANCIAL ASSETS 2.1. Definitions 2.2. Substance and Form: Financial Assets and Legal Property 2.2.1. Bearer Instruments and Certificates 2.2.2. Book-Entries and Intermediation 2.3. Summary 3. CODE 3.1. Bitcoin 3.2. Ethereum 3.3. Further Developments 3.3.1 JP Morgan’s Quorum 3.3.2. r3’s Corda 3.4. Summary 4. CRYPTO-FINANCIAL ASSETS AND A DLT-BASED MARKET INFRASTRUCTURE 4.1. Cryptographic Assets: The Basic Premise 4.1.1. Private Keys and Blockchains 4.1.1.1. Private Keys as Documentary Intangibles
4.1.1.2. Private Keys as Intellectual Property 4.1.1.3. Private Keys as ID Credentials 4.1.1.4. Other Possibilities
4.1.2. Exchanges 4.1.2.1. Coinbase
iii
4.1.2.2. Gemini 4.1.3 Summary 4.2. ICOs and Issuers 4.2.1 LuxDeco - Nivaura
4.2.2. Overstock - tØ 4.2.3. Summary 4.3. Intermezzo: The Role of the Financial Markets Infrastructure
4.3.1. The Role of a CSD
4.3.2. Settlement Finality 4.3.3. Double Issuance 4.3.4. Conflicts of Interest 4.3.5. Conclusions 4.4. Top-Tier Intermediaries
4.4.1 The ASX: CHESS 4.4.2. The ASX: the DLT Solution
4.4.3. Summary 4.5. Sub-Tier Intermediaries Inter Se 4.5.1. HQLAx - Deutsche Börse 4.5.2. Summary 5. CONCLUSIONS 5.1. The Primary Question 5.2. Cryptographic Financial Form 5.3. Final Conclusions
1
1. INTRODUCTION
Before a right or an interest can be admitted into the category of property, or of a right
affecting property, it must be definable, identifiable by third parties, capable in its nature of
assumption by third parties, and have some degree of permanence or stability.
Lord Wilberforce, in National Provincial Bank Ltd v Ainsworth1
Of all the wide and varied modern forms of economic value and wealth, financial assets have
the dubious honour of being least amenable to a consistent property law analysis. In the past
two centuries alone, formal developments in respect of such assets have required no fewer
than three distinct property law analyses and characterisations.
Taking negotiable bonds as an example, until very recently, such assets typically took
definitive bearer form as a physical piece of paper. As such, they were treated for many legal
purposes as tangible property: capable of being situate in a jurisdiction for the conflict of laws;
capable of being the subject of legal possession and, therefore, of possession-based legal
techniques. As a matter of English property law, investment securities in bearer or certificated
form were classified as choses in possession.
Following, however, a shift in the 1980s to an electronic system of securities ownership,
investment securities are now issued electronically in global form and ‘held’ by chains of
intermediaries on behalf of investors. Whereas ownership was once established by physical
possession of the relevant piece of paper, ownership now is established by reference to the
intermediaries’ electronic book entries of clients’ securities accounts. Given the intangible
nature of such electronic book entries and use of custodian entities, intermediated securities
are characterised under English law as interests arising under a trust.
The even more recent trend towards decentralised ledger technology (‘DLT’), on the other
hand, raises wholly different considerations. Ownership of ‘crypto’ assets is, in practice,
typically established by knowledge and use of a cryptographic private key – essentially a large
and unique number – which can be ‘stored’ either digitally online or physically on paper, USB,
or computer hard drive. This is supplemented by consensus as to the quantum of value
1 [1965] AC 1175 (HL), 1247-8.
2
ascribed to this unique number by means of a decentralised blockchain. In the absence of
binding authority or statute, it will be demonstrated that crypto assets are open to a wide
variety of legal property analyses, depending on the approach taken in substantive analysis.
Such changes in form and legal analysis would not be problematic for financial assets as a
subject of legal property but for one significant issue: the nature and strength of the property
rights which necessarily follow from legal characterisation. A negotiable bond in commercial
terms may represent the same obligation of a debtor to pay, yet a creditor’s property rights in
such an obligation is protected from misappropriation by third parties either in conversion or
breach of trust, depending on whether that bond exists in bearer or intermediated form.
Similarly, a bailee and trustee may offer in practical terms the same custodial services over
the same financial assets yet, as a matter of law, bailments - possible only for bearer
instruments - and trusts - which are the only option if the asset takes intermediated form -
draw mutually exclusive conclusions regarding the location of legal title. These differences
have been shown to have knock-on effects on basic incidents of ownership.
Given such wide-ranging differences in the legal strength of property rights, the immediate
question becomes: why is there no consistent property characterisation for investment assets?
Does the problem lie with financial assets per se as the subject of legal property, or is there a
lacuna in English law? Relevant factors arise from consideration of both questions, however,
this paper will consider the issue predominantly from the perspective of the former and analyse
the formal factors inherent in modern financial assets which give rise to changes in legal
characterisation. More specifically, it will focus on the contemporary innovations in DLT, as
adopted at three levels of the financial markets infrastructure, to analyse how the shift from
book-entry to cryptographic financial form will have implications for legal principles of
ownership.
Chapter 2 will define the scope of the paper and set out the commercial and legal history of
financial assets prior to the invention of Bitcoin in 2009. Chapter 3 will give some technical
background to DLT. Chapter 4 will analyse specific applications of DLT by reference to case
studies at four levels of the modern financial markets infrastructure. Chapter 5 will offer
broader conclusions.
3
2. FINANCIAL ASSETS
Financial law is beautiful as well as useful, and the greatest expression of English
imagination since Shakespeare. We are not as proud of it as we ought to be.
Joanna Benjamin1
2.1 Definitions2
It is useful to begin with the proposition that all financial assets are, in legal terms, substantively
rights against other parties to enforce payment obligations. The paradigm example, from
which all financial assets derive, is the simple debt: an obligation imposed by law on one party
to pay a certain sum of money to another. The commercial transaction giving rise to the
obligation is mostly irrelevant, but the most obvious example is the purchase price which
becomes payable on a sale of goods. The creditor’s right of legal action to enforce payment
obligations has a long history in English law, beginning with the ancient writ of Debt which
appeared in standardised form by the late 1100s.3
‘Financial’ debts may be commercially distinguished as a sub-category defined by the
transaction giving rise to the obligation. Typically, these are not an obligation simply to pay a
sum of money but specifically to re-pay a certain sum of money, usually with some other
economic asset (interest) as the ‘price’ or security for use of the sum. In financial terms, such
an arrangement is generally known as a loan. As a matter of legal analysis, loans are financial
transactions which remain squarely within the realm of contract and obligations: a bilateral
agreement between two known parties who, as a matter of English law, are bound by privity
of contract.
1 J Benjamin, Financial Law (OUP 2007), [25]. 2 This section draws upon a past paper but does not cite directly from it, ‘Privity of Contract and Contract Theory,’ (LL.B Dissertation, University of London 2015). 3 AWB Simpson’s translation of Glanville’s writ in Latin, dating from the late 1180s: “The King to the Sheriff, greeting. Command N to render to R, justly and without delay, one hundred marks, which he owes him, and which, he complains, he is unjustly withholding from him. And if he does not do so, summon him by good summoners to be before me or my justices at Westminster …to show why he has not done so” in AWB Simpson, A History of the Common Law of Contract: The Rise of the Action of Assumpsit (Clarendon Press, Oxford 1975 (1987 printing)), 54.
4
Historically, the common law strictly prohibited substitutions to the parties to such agreements,
notwithstanding the practical advantages which flow from freely assigning contractual rights.
Consider the tripartite practice of assigning a debt which so troubled the common law judges
from the 15th century.4 Typically, Debtor will owe a debt to Creditor 1, who himself is indebted
to Creditor 2. Creditor 1 assigns his entitlement against Debtor to Creditor 2, thereby
discharging the debt that Creditor 1 owes to Creditor 2 and substituting Creditor 2 as the party
entitled to payment by the Debtor. Orthodox debt theory at common law, however, did not
recognise such practices, and instead maintained that the “debt cannot be maintained without
privitie.”5 Under this doctrine, the rights of a creditor were considered personal against his
debtor, and the credit comprising the right to receive payment from the debtor could not be
unilaterally transferred to someone other than his creditor. A promise to guarantee the
payment of a debt did not make that promisor a debtor; nor would a factual payment from the
guarantor discharge the debtor’s legal obligation to his creditor. This remained dependent on
the creditor’s subsequent forbearance on his legal right; there was technically nothing
preventing him from insisting on this to obtain double payment.6 Although the modern law
has moved on from the historic strict common law position,7 contemporary commercial loans
demonstrate this continued basis in contract, with formal procedures for substituting the
parties to the contract, or the identities of those entitled under the contract, such as assignment
and novation.
In this regard, loans are distinguished from debentures or bonds which, although are also
based on an obligation to re-pay with interest, are not constrained by the doctrines of orthodox
debt theory. Instead, they are positively intended to be freely transferrable and negotiable,
and boast a different legal lineage: deriving not from the English writ of Debt and developing
4 YB (1433) 11 Hen VI, 43 (30); Bourne v Mason (1669) 2 Keb 454, 457, 527; 1 Vent. 6; 86 ER 5; Clypsam v Morris (1667) 2 Keb 443; 84 ER 278. See generally VV Palmer, The Paths to Privity: The History of Third Party Beneficiary Contracts at English Law (Austin & Winfield, 1992), 68-72. 5 YB (1490) 5 Henry VII, 12, p1.18, in Palmer (n 4) 17. 6 Keble’s report to Bourne v Mason (1669) 2 Keb 454, at 527-428; 86 ER 5, highlighted the problem per curiam: the action lieth not by the plaintiff in regard the defendant promise to discharge the plaintiff, and he is a stranger to the plaintiff, the promise being made to one Parry ... he to whom the promise was made must bring the action, and the plaintiff hath still remedy him (his original debtor). But adjournatur.” See more generally Palmer (n 4). 7 It was only in the mid-19th century with the fusion of the administration of law and equity that choses in actions were recognised as being capable of being assigned; section 25(6) of the Judicature Act 1873, now s 136 of the Law of Property Act 1925 (UK) and s 134 of the Property Law Act 1958 (Vic) prescribed a statutory method of assigning debts, however, enforcement of a contractual obligation by a third party in England and Wales would not be possible until the Contracts (Rights of Third Parties) Act 1999 (UK).
5
through assumpsit into the common law of contract, 8 but from the merchant banking
instruments which developed in the 12th century as a means of financing international trade
at the medieval continental fairs.9 One particular innovation which emerged in 13th century
Italian banking practice recognised the free transferability and negotiability of payment
obligations represented by certain financial instruments. These were the early prototypes of
modern bills of exchange.10
Although such financial instruments could be enforced in England through the specialised law
merchant courts by the 15th century,11 such customs were not recognised at common law until
the 17th century when the common law judges began to incorporate law merchant into the
common law12 as traditional feudal socio-economics based on land increasingly gave way to
the modern credit-based economy. By the very early 18th century, both bills of exchange and
promissory notes were recognised at law as, not merely transferrable from one person to
another, but also fully negotiable in the technical sense: capable of passing from a transferor
to a good faith purchaser for value without notice,13 free from prior equities or defects in the
title of the transferor if the instrument were negotiated prior to maturity.14 Special treatment
was accorded to the promissory notes of the Bank of England: recognised as ‘money’ in 175815
before being declared legal tender by s 6 of the Bank of England Act 1833.
Transferability is consistently emphasised as the defining characteristic of property in the
common law authorities,16 and although its significance has been challenged by theorists,17
this paper adopts the position that free transferability and full negotiability without legal
formality are essential to whether financial obligations can be properly considered a subject of
8 See generally Simpson (n 3); AWB Simpson, ‘Innovation in Nineteenth Century Contract Law,’ in Legal Theory and Legal History: Essays on the Common Law (1987, The Hambledon Press). 9 F Braudel (trans S Reynolds), Civilisation and Capitalism 15th-18 Century Vol II: The Wheels of Commerce (1983, Book Club Associates by arrangement with William Collins Sons & Co), 81 et seq, particularly 90 et seq for the instruments of finance. 10 PS Atiyah, The Rise and Fall of Freedom of Contract (Clarendon Press 1979 (1986 printing)), 137. 11 Ibid. 12 Woodward v Row (1666) 2 Keb 132, 84 ER 84; Williams v Williams (1683) Carth. 269, 90 ER 759. 13 Bills of Exchange Act 1882 s 29(1). 14 Brown v Davies (1789) 3 Term Rep 80; 100 ER 466. 15 Miller v Race (1758) 1 Burr 452, 97 ER 398. 16 M Bridge et al (eds) The Law of Personal Property (2nd ed, Sweet and Maxwell, 2018), [1-003], fn 10. 17 Bridge et al (n 16), [1-003], fn 11.
6
legal property. 18 For this reason, this paper considers loans and other strictly bilateral
agreements rooted in the common law of contract as a limited type of ‘financial asset’ insofar
as the incident of alienability is considered definitive. As has been written:
Debt securities by their nature, are transferable (subject to any transfer restrictions under
applicable securities laws). Loan agreements usually allow the banks to transfer their
interests to other banks (either by assignment or by execution of a novation certificate)
or to achieve a similar commercial effect (by sub-participation). In practice, however,
there is less secondary trading in loans (other than in the 'distressed' debt market) when
compared to debt securities, for which transferability is an important factor in attracting
investors.19
This paper will not, therefore, explore loan transactions at length, save as to provide clarity by
way of comparison. Rather, financial assets thus defined for the purposes of this paper can
be, in most cases, very conveniently identified as those which are freely traded on an
exchange. 20 The most recognisable such assets are those associated with corporate
fundraising, which have been defined by various legislation and regulations. In the European
Union, Art 4(44) of the Markets in Financial Instruments Directive (‘MIFID’) defines
’transferable securities’ as:
…those classes of securities which are negotiable on the capital market, with the
exception of instruments of payment, such as (a) shares in companies, depositary
receipts in respect of shares; (b) bonds or other forms of securitised debt,
depositary receipts in respect of such securities; and (3) any other securities giving
the right to acquire any of the above or giving rise to a cash settlement determined
by reference to transferable securities, currencies, interest rates, yields,
commodities or other indices or measures.21
18 Professors Bridge et al (n 16) also adopt this position, stating at [1-003] that “transmissibility is a general incident of property in English law. Alienability or transferability is the default position. Inalienability is exceptional. Ultimately all assets or wealth are transferable, if only upon death or bankruptcy.” At [1-057], they suggest that “the three features of transferability, excludability, and exigibility provide useful benchmarks for testing whether new forms of wealth or other assets give rise to property rights.” 19 G Fuller, The Law and Practice of International Capital Markets (3rd ed, 2012, LexisNexis), [1.44] 20 Fuller (n 19), [1.14]. Emphases added. 21 Financial Services and Markets Act 2000 s 102A(3); Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU [2014] OJ L 173/349 (MiFID) Art 4(44).
7
Another definition for securities under the US Federal Securities Act 1933:
Any note, stock, treasury stock, security future, security-based swap, bond,
debenture, evidence of indebtedness, certificate of interest or participation in any
profit sharing agreement, collateral-trust certificate, preorganization certificate or
subscription, transferable share, investment contract, voting-trust certificate,
certificate of deposit for a security, fractional undivided interest in oil, gas or other
mineral rights, any put, call, straddle, option, or privilege on any security, certificate
of deposit, or group or index of securities (including any interest therein or based
on the value thereof), or any put, call, straddle, option, or privilege entered into on
a national securities exchange relating to foreign currency, or, in general, any
interest or instrument commonly known as a "security", or any certificate of interest
or participation in, temporary or interim certificate for, receipt for, guarantee of, or
warrant or right to subscribe to or purchase, any of the foregoing.22
For current purposes, the more general definition as bearer company shares and debentures
will suffice, as the emphasis here is not the commercial features of the instrument, but the
legal analysis which, it is submitted, yields two key characteristics: (i) an underlying obligation
by one party, (usually a company) to repay funds (typically with some added economic value,
such as interest, dividends, returns, or voting rights); but (ii) are, as a matter of property law,
fully negotiable and transferrable from one creditor to another without legal formality.23 In
accordance with the nomenclature used in modern financial regulation and legislation, this
paper will refer to such assets as ‘securities’24 and interchangeably with ‘financial assets.’
For the sake of completeness, is worth noting that, although this paper clearly distinguishes
between (1) financial obligations that are typically inalienable, such as loans; and (2) financial
22 Securities Act 1933 s 2(a)(1), 15 USCA § 78a (2012). 23 In many US jurisdictions, share certificates are still regarded as bearer negotiable instruments transferrable by simple delivery. In England and Wales and in Australia, however, Longman v Bath Electric Tramways, Limited [1905] 1 Ch 646 remains good law; in these jurisdictions, therefore, and share certificates merely evidence entry of the holder’s name in the company’s definitive register of members. In addition, also excluded here are any formalities which may be imposed under the terms of the investment or the company’s constitutional documents, e.g., lock up on withdrawing capital from a private investment fund or permission from a company to transfer shares or the need to register the share transfer on the register of the company. These are formalities imposed under contract, and not the nature of the asset. 24 See Fuller (n 19), [1.10]-[1.14] for the development of the term.
8
obligations that are freely transferrable on an exchange, such as securities, these are not two
mutually exclusive categories exhaustive of the vast range of financial agreements used in
modern commercial practice. For example, “chattel paper” is a concept derived from US law
and is defined in s 10 of the Australian Personal Property Securities Act 2009 as:
…one or more writings that evidence a monetary obligation and either or both of the
following:
(a) a security interest in, or lease of, specific goods, or specific goods and
accessions to the specific goods (even if the description of the goods (and
accessions) is taken to include a description of intellectual property, or an
intellectual property licence, under section 105);
(b) a security interest in specific intellectual property or a specific intellectual
property licence;
but does not include any of the following:
(c) a document of title;
(d) an intermediated security;
(e) an investment instrument; (f) a negotiable instrument.
As such, chattel paper does not, strictly, fall to be classified either as a bilateral loan or financial
asset traded on an exchange. This is so, notwithstanding that, in early US commercial
practice, chattel paper received similar treatment in law as negotiable instruments, even if they
did not meet all the technical requirements of negotiability.25 Given, however, the present
emphasis on transferability as an incident of legal property and ownership, rather than on
financial law and practice, financial obligations that lie between the poles of loan and security
will not be considered in depth.
25 JK Winn, ‘Electronic Chattel Paper: Invitation Accepted,’ (25 September 2010), 5. Available at < https://ssrn.com/abstract=1682783 > or < http://dx.doi.org/10.2139/ssrn.1682783 > accessed 30 January 2020.
9
2.2. Substance and Form: Financial Assets as Legal Property
Unlike other types of economic wealth, financial assets have not enjoyed any consistent
definition as a subject of English property law. To some extent, this may well be attributable
to the peculiarities of English property law itself, shaped, as it is, by the common law’s
centuries-old preoccupation with real estates which, until the advent of capitalism in the 18th
century, remained at the heart of social and economic life. Reflecting this importance,
historically, the English property law taxonomy properly consisted only of real property, that
is, those subject to the real actions and thereby recoverable in rem. In practical terms, this
essentially meant interests in land. The personal actions – Debt, Detinue, Trover, and
Conversion – could be used to enforce obligations or for damage suffered to goods, but gave
rise to compensatory relief only, not recovery of the thing itself.26 These ‘things’, though
undoubtedly possessing economic value, were not formally recognised as a category in
English property law until Blackstone in 18th century, albeit, a residual one for anything of
economic value which was not an interest in land. Blackstone’s familiar sub-categories27
within personal property - ‘choses in possession’ and ‘choses in action’ - remain in general
use today; however, their continued relevance and usefulness are increasingly the subject of
specialist scholarly debate.28
On the other hand, financial assets are, in themselves, conceptually difficult. Based,
essentially, on moral notions 29 of promise, obligation, and duty, financial assets are, in
substance, abstract concepts. However, given the social significance of such obligations and
the increasingly impersonal and commercial nature of trade, there has been increasing
recourse to some kind of tangible representation to symbolise the obligation. It is the specific
features of such symbolic representation that is presently defined as financial ‘form.’
As will be demonstrated, the form used to represent financial promises intended to be binding
– and enforced by the law if necessary – has varied over time. Legally, a financial asset is
26 F Maitland, Equity and The Forms of Action: Two Courses of Lectures, ed. A.H. Chaytor and W.J. Whittaker (1910, CUP), 65; 71. 27 Bl Comm II 389. 28 Bridge et al (n 16), [1-018]; [1-020]; [1-021]; Financial Markets Law Committee, ‘Issues of Legal Uncertainty Arising in the Context of Virtual Currencies’ (July 2016) < www.fmlc.org > accessed 18 June 2018. 29 See David Graeber, Debt: the First 5000 Years (Melville House 2011) for a fascinating anthropological account of debt as a fundamental moral and social construct, as opposed to the capitalist and commercial associations of orthodox economic theory.
10
nothing but an abstract concept of obligation, which allows for flexibility. Unlike other social
constructs giving form to obligations or promises undertaken - such as a wedding ring or
clerical collar - there is no prescribed form which must be or is customarily used to symbolise
financial obligations. Financial form for indebtedness can, therefore, be whatever is
convenient. On the other hand, it is submitted that this flexibility, more than any other factor,
is the reason for the unique problems faced by financial assets as the subject of a legal
property analysis. These can be demonstrated by an examination of the evolution of financial
forms between the mid-20th and early 21st centuries.
2.2.1. Bearer Instruments and Certificates
Paper records have long been the preferred method in law of reifying abstract obligations such
as promises, as is plainly demonstrated by the promissory notes issued by the Bank of
England bearing the words: “I promise to pay the bearer on demand the sum of x pounds.”
Cash banknotes remain arguably the most everyday example of financial obligations as a kind
of transferrable and negotiable property and, conceptually, financial assets issued and traded
on the capital markets in bearer form are no different. Consider the Autostrade eurobond,
issued in 1963; the commercial transaction from which the birth of the modern international
capital markets can be traced. Although the commercial features of the issue - essentially,
the specifics of what exactly was promised and how and where - were certainly revolutionary,30
the legal obligations owed by Autostrade to its investors still took traditional form as a bearer
bond. 31 Like cash banknotes, possession of the paper instrument was still definitive of
entitlement to performance of the obligation (that is, to establish ‘ownership’): payments were
made against physical presentation of the paper coupons or bond itself at the offices of the
issuer’s paying agent, with no other proof of ownership required in either case.32 Hence, the
form known today as the ‘definitive bearer security:’ a piece of paper printed with security
features to a similar standard as a banknote. These were typically (but not always) negotiable
instruments.33
30 I.e., a bond denominated in US dollars and issued by an Italian company, and moreover, arranged and documented by City of London bankers and lawyers, and listed on various international exchanges. For details on the Autostrade issue, see further Fuller (n 19), [2.49] – [2.51]. 31 Fuller (n 19), [2.49]. 32 Fuller (n 19), [2.58]. 33 Fuller (n 19), [1.113]-[1.115].
11
As freely transferrable and negotiable pieces of paper representing indebtedness gained ever
increasing significance in economic and social life though the latter half of the 20th century, a
new perspective in property law developed to accommodate such instruments. Professor
Goode has notably proposed a new property law taxonomy, whereby the old category of
‘choses in action’ or ‘intangibles’ is sub-divided into pure and documentary intangibles.34 Key
to such distinction is the use of paper documents. ‘Pure’ intangibles are defined as “a right
which is not in law considered to be represented by a document.”35 By contrast, ‘documentary
intangibles are those in which “the debt or other obligation is considered in law, in recognition
of mercantile usage,36 to be locked up in the document.”37 Professor Goode identifies three
types of documentary intangible: (i) documents of title to payments of money (termed
instruments); (ii) documents of title to negotiable securities (e.g., bearer bonds and notes),
and documents of title to goods (such as bills of lading).38
Professor Bridge et al summarise the consequences that are said to flow from symbolising a
legal promise in this kind of paper form in three main points.39 First, delivery of the document
will usually be effective to transfer the ownership of the asset, that is, the benefit of the
promise, to the transferee. Second, the remedies for wrongful interference with goods, such
as conversion, are extended by a ‘benevolent fiction’ to apply to documentary intangibles, or
any commercial document evidencing an obligation or a debt. The measure of damages in
such cases is not the value of the paper itself - worthless per se - but the value of the
entitlement.40 Although not all commercial documents recording an entitlement or obligation
are regarded as documentary intangibles for all purposes, it is noted that tort of conversion
has been extended to misappropriation of share certificates.41 Third, possession-based legal
techniques, such as bailment and pledge, are available in respect of such assets.42
34 E McKendrick (ed), Goode on Commercial Law, 5th ed (2016), [2.53] et seq. 35 McKendrick (n 34), [2.54]. 36 McKendrick (n 34), [2.58]. 37 McKendrick (n 34), [2.56]. 38 McKendrick (n 34), [2.56]. 39 Bridge et al (n 16), [1-022]. 40 International Factors Ltd v Rodriguez [1979] QB 351; BBMB Finance (Hong Kong) Ltd v Eda Holdings Ltd [1990] 1 WLR 409 (PC); OBG v Allan [2007] UKHL 21, [2008] 1 AC 1 in Bridge et al (n 16), [1-022] fn 92. 41 BBMB Finance (Hong Kong) ltd v Eda Holdings Ltd [1990] 1 WLR 409 (PC) in Bridge et al (n 16), [1-022] fn 95. 42 S Dromgoole and Y Baatz, ‘The Bill of Lading as a Document of Title,’ in N Palmer and E McKendrick E (eds), Interests in Goods (2nd ed, 1998), in Bridge et al (n 16), [1-022] fn 93.
12
2.2.2. Book-Entries and Intermediation: The Modern Financial Markets Infrastructure43 Although Professor Goode’s distinction between pure and documentary intangibles is
conceptually useful, it is respectfully submitted that its reliance on the existence of a paper
document renders its practical use - at least in the financial sector - somewhat outdated. In
response to the steady increase in the volume of trading since the Autostrade issue in 1963,
the capital markets have experienced significant changes in the way which financial assets
are held and traded.
First, a formal shift away from paper instruments to electronic book entries. Given the reliance
on definitive paper documents, the growth of the capital markets precipitated a parallel ‘paper
crisis’ as the volume of transactions increased. The costs of printing valuable securities
vulnerable to theft or fraud also became an increasing concern. Hence, a new method of
holding securities was established by the first Eurobond clearing systems in the late 1960s,44
which was designed to eliminate these issues by storing bearer securities in safe custody; the
clearing house performing administrative tasks, such as presenting coupons and bonds for
payment on behalf of the investor, remitting the proceeds to the investor’s accounts, and
recording transfers between market participants. Further innovations include the ‘temporary
global bond’ pioneered in 1973; a single bond representing an entire issue and held by the
clearing system until definitive bearer bonds were printed some months after the closing of
the issue.45
The benefits of such systems soon attracted wider interest. By 1989, the Group of Thirty
(‘G30’) recommended that all countries establish a central securities depository (‘CSD’) to hold
securities within their domestic markets.46
43 Approximately 1,500 words (on global custody and intermediation) was taken from a past paper ‘Intermediation, Custody, and the Law of Trusts: Did English Law Cope with the Lehman Insolvency?’ (LL.M Research Paper, Commercial Law: Issues and Policies, Melbourne Law School, December 2017). 44 Euroclear was established 1968, closely followed by Cedel (now Clearstream) in 1971: see Fuller (n 19), [2.58]. 45 Fuller (n 19), [2.59]. 46 Group of Thirty, ‘Clearance and Settlement in the World’s Securities Markets’ (1989), Recommendation 3, p 7; pp 51-55. The ‘most important’ feature of such a central depository was held to be the efficient and low risk transaction settlement of securities in book-entry form.
13
Two techniques to achieve this end were recognised. ‘Immobilisation’ of securities was
defined as:
…storage of securities certificates in a vault in order to eliminate physical
movement of certificates/documents on transfer of ownership.47
‘Dematerialisation,’ on the other hand, takes the concept further:
…elimination of physical certificates or documents of title which represent
ownership of securities so that securities exist only as computer records.48
Today, the usual practice is for bonds to be issued in permanent global form, to be held by an
international clearing system49 on an immobilised or dematerialised basis50 for the entire term.
Definitive documents are only issued in certain defined circumstances, upon which they
become mandatory. These refer to exceptional events, such as a continuing default under
the terms of the issue, or the on-going closure of the main international central securities
depositories (‘ICSD’), such as Euroclear Bank and Clearstream Banking SA.51 In most cases,
however, the economic owner of a financial asset will never receive any piece of paper
reflecting their entitlement against the issuer. Instead, ownership is determined largely, if not
solely,52 by reference to the transfers recorded in the electronic book-entries of the settlement
system.53 Even in the case of global bearer securities, which require payments made to be
recorded in a schedule to the security, it is widely believed that most common depositories do
47 Group of Thirty (n 46), 83. 48 Group of Thirty (n 46), 82. 49 Fuller (n 19), [1.119]. 50 Until relatively recently, both Euroclear and Clearstream operated on an immobilised basis under the ‘Classic Global Note’ structure; the New Global Note structure introduced in 2006 for bearer global notes issued on a partially dematerialised bass. From 2010, the ‘New Safekeeping Structure’ has been used for registered global securities. See further Fuller (n 19), [1.131]-[1.135]. 51 Fuller (n 19), [1.120]. More unusually, it may be possible to exchange the global security for definitives at the option of the issuer or investors, Ibid [1.1.21]. See also Secure Capital SA v Credit Suisse AG [2017] EWCA Civ 1486, [11]. 52 Such is the position under registered securities, where the title register is definitive of legal ownership. 53 M Yates and G Montagu, The Law of Global Custody: Legal Risk Management in Securities Investment and Collateral (4th ed, Bloomsbury 2013), [2.6]: “When participant 1 wishes to transfer assets to participant 2, both participants send matching electronic instructions to the settlement system. Provided sufficient assets are available in the relevant accounts, the settlement system then debits the account of participant 1 and credits that of participant 2.”
14
not, in practice, retrieve the security from its vaults and physically record each transfer.
Instead, they typically rely on their own internal records to establish ownership.54
Book-entry form thus precipitates the second major change to financial assets: ownership and
trading through a complex network of third-party intermediaries, which is collectively known
as the financial markets infrastructure. This is necessitated by immobilisation and
dematerialisation, both relying on the use of a CSD which stands between the contractual
parties, that is, the debtor-issuer and creditor-investor. Given the pace at which the identity of
the creditor-investor changes through trading of the debtor-issuer’s promise to re-pay on the
secondary markets, the function of the CSD, at least from a property law perspective,
essentially is to keep track of who, at any given time, is entitled to the performance of the
debtor-issuer’s obligation to repay principal and pay interest.
Although this may sufficiently encapsulate the principle for theoretical purposes, in practice,
CSDs comprise only the first layer of intermediaries which stand between the contractual
parties. Much like the way in which a central bank does not concern itself with the identities of
every individual who participates in the central banking system, modern CSDs do not establish
ownership records by identifying individual creditor-investors. Access to CSDs is typically
limited to custodian entities and other large financial institutions providing custodial services,
which then typically maintain securities accounts for sub-custodians, in a chain of sub-
accounts ending with the individual investor.
In line with the shifts to issuing securities in immobilised and dematerialised form, custodians
have adopted new methods of thus ‘holding’ securities in custody. Traditionally, assets
deposited with a custodian for safekeeping took effect as a bailment for reward.55 A bailee-
custodian gained the legal interest of possession, and the bailor-investor retained his legal
title throughout the term of bailment.56 Bailment, thus, offers similar insolvency protections to
those associated with the trust. Today, however, custodians have largely dispensed with
physical vaults and hold securities in electronic accounts. Unless specific segregation is
requested (and paid for), it is customary for custodians to commingle the like assets of different
54 Fuller (n 19), [1.132] fn 2. 55 AW Beaves, ‘Global Custody – A Tentative Analysis of Property and Contract’ in N Palmer and E McKendrick (eds) Interests in Goods (2nd ed, LLP 1998) 20 fn 17 and text. The classification derives from the classic statement in Coggs v Barnard (1703) 2 Raym 909, 912-13; 92 ER 107, 109. 56 Re Ware, Ex p Drake (1877) 5 Ch D 866, in NE Palmer, Palmer on Bailment (3rd ed, Sweet and Maxwell 2009), [30-031] fn 115 and text.
15
custody clients in a single, electronic pool.57 One significant contemporary legal issue arising
in this context is that, absent any requirement that the custodian maintains the account so that
it reflects the aggregate of client entitlements in the custodian’s records, the pool is subject to
the risk of shortfalls. These may arise through relatively simple administrative failures, the
commercial practices of the custodian itself, 58 or, of course, deliberate fraud. Where,
therefore, client-specific segregation is not offered, the allocation of losses between clients in
the case of shortfall remains an outstanding issue.
Book-entry form and intermediation, thus, can be defined by two key characteristics: (i)
financial assets take form as book-entries on an electronic ledger which is created by records
of trades by a settlement system; (ii) financial assets are indirectly owned through a chain of
intermediaries. Two significant legal consequences subsequently follow.
First, financial assets are no longer ‘documentary,’ in the sense of being documented on paper
following Professor Goode’s definition and, although there have been attempts to extrapolate
the legal analysis applicable to documentary intangibles to electronic records, these have
been adopted only in a limited way in practice.59 Rather, given that records of ownership are
documented electronically on the custodians’ settlement systems as records of trades and
settlement, the general position is that intermediated securities are intangibles which can no
longer benefit from the ‘benevolent fiction’ of being treated as a chose in possession. Unlike
financial assets in the form of bearer instruments, the orthodox position is that intermediated
form is generally thought to render financial assets incapable of being the subject of legal
57 Yates and Montagu (n 53), [2.39]. 58 Yates and Montagu (n 53), [3.54], e.g., contractual settlement, whereby a custodian extends credit to a client by settling trades as settlement falls due; notwithstanding that a client might not at that time hold sufficient cash or securities in their account. 59 The UNCITRAL Model Law on Electronic Transferrable Records (2017) provides for the domestic and cross-border legal use of “electronic transferable records,” which are electronic records functionally equivalent to bearer transferrable paper documents - such as bills of lading, bills of exchange, promissory notes, warehouse receipts - that confer ownership by possession. Control is adopted as the functional equivalent of possession and may be established if a reliable method is used to: (a) establish exclusive control of that electronic transferable record by a person; and (b) identify that person as the person in control. The Model Law is expressly intended to be technologically neutral, and the UNCITRAL itself states that it may accommodate tokens and distributed ledgers. As at the time of writing, however, the Model Law, has only be adopted in one State. Similarly, the concept of “electronic chattel paper” was first introduced by an amendment to Article 9 of the US Uniform Commercial Code in 1999, but was not widely adopted in practice. It appears that this was, at least in part, attributable to the high technological threshold for showing control of ECP; new amendments finalised in 2010 lower that threshold and it is expected that this should further encourage increased use of ECP. See further Winn (n 25).
16
possession and possession-based legal techniques, 60 such as bailment 61 and lien. 62
Although Article 8 of the US Uniform Commercial Code does make provision for
dematerialisation or immobilisation of investment securities – including for claims in
traditionally possession-based actions, such as conversion, replevin, and lien – such
provisions were not enacted to create a legal property interest analogous to a piece of paper,
capable of being within the control and possession of one person. Rather, they provide
practical substantive solutions for problems, such as fraud, shortfalls, and the good faith
purchaser for value without notice, that arise from intermediation and electronic book-entry
form.
Second, intermediaries such as CSDs and custodians have become a necessary feature of
owning and trading in financial assets. Even if it were ‘possible or practicable’ for all investors
to gain direct participation in settlement systems,63 the Law Commission has noted that:
…as long as securities are immobilised in the form of a global certificate, investors
are obliged to hold securities indirectly, either through a central depository or
through an account holder of the depository.64
Until relatively recently, there was no direct English authority on the legal nature of the
relationships that underpin intermediation. The dominant view, however, tended to be that,
given that bailment was no longer possible, the ‘natural characterisation’65 of the contemporary
custody relationship is trustee-beneficiary: title to the global security held by, usually, the
common depository on trust for the next level of intermediaries (ICSDs or CSDs), which also
hold that interest for the next tier (account holders of those depositories), and so on through a
chain of further sub-trusts to the ultimate end investor. This trust characterisation was recently
confirmed in the recent litigation following the insolvent collapse of the Lehman Brothers
Group.66
60 Benjamin (n 1), [16.07]. 61 Yates and Montagu (n 53), [3.12]. 62 Re Lehman Brothers International (Europe) (Extended Liens) [2012] EWHC 2997 (Ch); [2014] 2 BCLC 295. 63 Yates and Montagu (n 53), [2.39]. 64 Law Commission, ‘Fiduciary Duties of Investment Intermediaries’ (Law Comm No 350, 2014), [11.108]. Emphasis added. 65 Yates and Montagu (n 53), [3.12]. 66 Re Lehman Brothers International (Europe), also known as Lomas v RAB Market Cycles (Master) Fund Ltd [2009] EWHC 2545 (Ch); Re Lehman Brothers International (Europe), also known as Pearson v Lehman Brothers Finance SA (RASCALS) [2010] EWHC 2914 (Ch).
17
Drawing both these strands together, book-entry financial assets are thus, under an English
property law analysis, characterised as an interest arising under at sub-trust. This
characterisation, however, is not without its critics, especially in respect of investors’ rights of
ownership in their financial assets. Gabriel Moss, for example, has argued that an ‘interest in
an interest’ under a trust does not accord with an investor’s ‘gut feeling’ of ownership.67
Further, Mr Moss draws attention to the fragility of rights under an English trust when
intermediaries are located in another jurisdiction.68
More significantly, however, as the owner of only a beneficial interest, investors lack legal
standing to sue upon default on the issuer’s obligations. In MCC Proceeds Inc v Lehman
Brothers International (Europe),69 legal title to shares had been transferred to a trustee as a
bare nominee for the transferor-beneficiary. In breach of trust, the nominee pledged the
shares to a third party which subsequently exercised its right of sale. The beneficiary was
held to have no standing to bring a claim for conversion and its claim was struck out as
disclosing no reasonable cause of action. The Court of Appeal upheld the decision and,
furthermore, by a majority of 2:1, the action was held to be an abuse of process. Although
some solace may be had in the practice of issuing definitive securities in exceptional
circumstances,70 this does not recognise that not all defaults on a financial asset are pecuniary
in character and arise only upon serious default of payment obligations. In Secure Capital
SA v Credit Suisse AG,71 an investor in a global bearer Note held by the Bank of New York
Mellon (as depository for Clearstream) wished to sue the issuer for misrepresentation. The
investor was held not to have standing to bring a claim, notwithstanding that the only person
entitled to do so (the depository) would not suffer any loss from the breach.72 Such a dilution
67 G Moss ‘Intermediated Securities: Issues Arising on Insolvency’ in L Gullifer and J Payne (eds) Intermediated Securities (Hart 2010) 65. For proponents of the trust analysis, see B McFarlane and R Stevens, ‘Interests in Securities: Practical Problems and Conceptual Solutions’ in L Gullifer and J Payne (eds) Intermediated Securities (Hart 2010). 68 Moss (n 67), 64. 69 [1998] 4 All ER (CA) 675; [1998] 2 BCLC 659. 70 Fn 51 and text at 13 above. 71 [2017] EWCA Civ 1486. 72 [2017] EWCA Civ 1486, [39]. Thus, the securities parallel to the problems in Alfred McAlpine Construction Ltd v Panatown Ltd [2001] 1 AC 518 and Beswick v Beswick [1967] UKHL 2.
18
in ownership rights has raised significant concerns amongst theorists73 and policymakers
alike.74
Other problems with a trustee-beneficiary characterisation of intermediation are the fiduciary
obligations imposed on trustees, traditionally ex officio without more. Although modern trust
practice, 75 legislation, 76 and common law authorities 77 recognise the validity of clauses
exempting trustees from strict fiduciary liability, there remains, contrary to common law
authority,78 a general ‘historical hangover’ of fiduciary ideals associated with the traditional
office of trustee. For example, the modern commercial practice of securities lending by prime
brokers, commercially a custodian entity often associated with hedge funds but in law
considered a trustee, has given rise to significant concern amongst the legal community:
To an industry-outsider, and lawyer, stock-lending by custodians seems little short
of scandalous. The idea that a custodian should be gambling the very assets which
are entrusted to its safekeeping, for its own private profit, must be outlawed unless
there are compelling reasons justifying its continuance, in which case the profit
should be, at the very least, shared.79
It is submitted that such concern is misplaced and arises solely from the legal characterisation
of book-entry financial assets as interests arising under a trust. From a macroeconomic
perspective, securities lending has been recognised by the G30 as a practice to be
73 J Benjamin, ‘Stewardship and Collateral,’ (LSE Law, Society and Economy Working Papers 7/2017 July 2017) < https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2969829 > accessed 29 October 2018; L Gullifer and J Payne (eds) Intermediated Securities (Hart 2010). Professors Benjamin and Dr Eva Micheler of the London School of Economics are particularly active in this field. 74 See generally, Financial Markets Law Committee, Proprietary Interests in Investment Securities’ (Issue 3, July 2004); Law Commission of England and Wales, ‘The UNIDOIT Convention on Substantive Rules Regarding Intermediated Securities: Further Updated Advice to HM Treasury’ (May 2008). 75 See generally Law Commission of England and Wales, ‘Trustee Exemption Clauses’ (Law Com No 301 Cmmd 6874, 2006). 76 The Companies Act 2006 s 750, which re-enacts Companies Act 1947 s 17(1), limits the liability of debenture trustees to the powers and duties contained in the trust deed. The provision was recommended by the 1945 Cohen Committee on Company Law Amendment (Cmmd 166). 77 Armitage v Nurse [1997] EWCA Civ 1279. 78 Bristol and West Building Society v Mothew [1996] EWCA Civ 533. 79 Commercial Bar Association and Bar Council of England and Wales, in Law Commission, Fiduciary Duties of Investment Intermediaries (Law Comm No 350, 2014), [11.86].
19
encouraged to facilitate effective settlement.80 From a commercial perspective, it is inaccurate
to say that the prime brokers with whom securities lending is associated are ‘entrusted’ with
the securities for ‘safekeeping.’ Contemporary global custody has evolved far beyond the
basic administrative duties customarily associated with administration of the international
portfolios of time-poor institutional investors, and now encompasses a range of enhanced
services as market participants compete to win new mandates.81 In the context of prime
brokers, far from the security deposited being a use-value investment acquired to be held until
maturity, hedge fund clients typically acquire securities to establish positions for derivative,
secondary market arbitrage purposes on an ‘acquire to trade’ basis; such acquisitions are
highly leveraged and funded by none other than the prime broker itself on the faith in the
client’s investment strategy.
80 The G30 expressly encouraged the practice as a “method of expediting the settlement of securities transactions” and recommended that “existing regulatory and taxation barriers that inhibit the practice of lending securities should be removed by 1990” in Group of Thirty (n 46), Recommendation 8 p16. The current aim for securities settlement is T+1. Other justifications include liquidity and preventing bubbles in the market. 81 Yates and Montagu (n 53), [1.10]-[1.12].
20
2.3. Summary
This section set out the relevant considerations for a property analysis of financial assets and
outlined the evolution of forms used to represent such assets since the launch of the modern
international capital markets. It demonstrated the extent to which the same substantive
economic asset, essentially a promise by an issuer-debtor to re-pay a sum of money with
additional economic benefits, gives rise to radically different property characterisations, often
with unintended consequences in law. It was submitted that such inconsistency arises from
the essentially abstract nature of the economic benefit as an obligation and the lack of any
prescribed form for the way in which such obligations are represented.
It is worth reflecting upon several points to bear in mind for the following sections, which will
consider cryptographic form to represent financial assets. First, the essential substance of a
financial asset is an abstract obligation, which may be represented in a wide range of forms.
Care should be taken not to conflate form with substance, or, even worse, allow legal analysis
to be misguided by what are essentially nothing more than secondary considerations of form.
Second, legal analysis should be alert to the nature of the obligations which arise as a
necessary consequence of adopting certain legal forms. Third, the legal structure of the
modern financial markets infrastructure, which has been set out in some depth, as the
background against which the contemporary debate on cryptographic financial assets and a
DLT-based settlement system is premised and conceptualised.
21
3. CODE, CRYPTOGRAPHY, AND DISTRIBUTED LEDGERS
Regardless of the particular analogies used to explain the technology, regulators will
continually look at how a token is employed, what work it helps a user accomplish, and they
will thus classify these activities as within or without their regulatory purview. The “how it is
employed” question will always be more significant to any regulatory policy than the abstract
and metaphysical “what is it” question. The unintended result, however, will necessarily be a
confounding cavalcade of seemingly contradictory conclusions
Peter van Valkenburgh1
‘Bitcoin’ and ‘blockchain’ are now two terms of which the general public will have at least
passing awareness, especially since the price of Bitcoin peaked on 11 December 2017 at
£13,133.28.2 First associated with fraud and trade on the dark web in the broader public
discourse, the potential of cryptographic assets and DLT to herald the ‘fourth industrial
revolution’3 is now widely recognised and continues to be explored in almost every sphere of
socio-economic life. 4 The increasing volume of formal research papers published by
institutional, political, and legal entities make clear that crypto assets and DLT can no longer
be dismissed as a passing trend but one which warrants serious consideration.
To facilitate the most accurate legal analysis in this study of cryptographic property and
applications of DLT in the financial markets infrastructure, this Chapter will give a basic
introduction to the core technical concepts that underpin Bitcoin, the original cryptocurrency,
1 P Valkenburgh, ‘Framework for Securities Regulation of Cryptocurrencies’ (Version 2.0, Coin Centre, August 2018), 4 <https://coincenter.org/files/securities-cryptocurrency-framework-v2.1.pdf > accessed 24 November 2018. 2 Coindesk Website < https://www.coindesk.com/price/Bitcoin > accessed 17 December 2018. 3 R Kemp, ‘The Fourth Industrial Revolution: Blockchain and Smart Contracts,’ (The Lawyer 6 June 2016) < https://www.thelawyer.com/issues/6-june-2016/the-fourth-industrial-revolution-blockchain-and-smart-contracts/ > accessed 9 September 2017. 4 Such as central banking: Bank of International Settlements, Committee on Payments and Market Infrastructures Markets Committee, ‘Central Bank Digital Currencies’ (March 2018, CPMI Paper No 174) < https://www.bis.org/cpmi/publ/d174.htm > accessed 3 November 2018; ‘Distributed Ledger Technology in Payment, Clearing, and Settlement: An Analytical Framework’ (February 2017, CPMI Paper No 157) < https://www.bis.org/cpmi/publ/d157.htm > accessed 3 November 2018; organic beef farming: Beefchain Website < https://beefchain.com/ > accessed 18 January 2019; diamond companies: Everledger Diamond Platform Website < https://diamonds.everledger.io/ > accessed 20 March 2018.
22
and Ethereum, the original smart contract decentralised ledger, before touching briefly on
more recent initiatives.
It is worth, however, beginning with a clarification of terms. The acronym “DLT” is often used
for both “decentralised ledger technology” and “distributed ledger technology,” and also as a
synonym for “blockchain technology.” Whilst the terms “distributed” and “decentralised” in
respect of ledgers are not always used as exact terms of art and are, in many respects, broadly
similar, there is a key technical distinction often drawn. The term ‘distributed’ used in respect
of a database often simply means that the data may be accessed across any number of
different computers or devices. For example, data stored on the cloud, such as in
GoogleDrive, may be accessible from any number of devices connected to the internet, but all
data requests are still processed through a central server; i.e., in the case of GoogleDrive, one
belonging to Google, which maintains the single, definitive record of data stored. On the other
hand, ‘decentralisation’ refers a wholly peer-to-peer system of storing and recording data; i.e.,
without the use of a single, trusted intermediary to maintain the ‘master’ record. Decentralised
systems, instead, rely on various different types of consensus mechanisms according to which
participants in the system ‘vote’ or ‘agree’ on what is taken to be the definitive record of data
stored. In this context, “blockchain” is simply one such consensus mechanism, and which was
first used in the context of Bitcoin. Although, therefore, “blockchain” in the strictest sense
refers to the decentralised ledger underpinning Bitcoin, this paper will use the term to refer to
decentralised ledgers generally, unless otherwise indicated.
3.1. Bitcoin5 Although intuitive to consider cryptocurrencies as a kind of ‘digital coin,’ for present purposes
it is more helpful to consider Bitcoin as a particular technique used to clear and settle
payments. Although clearing and settlement are recognised as “basically a matter of practice,
rather than of law,” the banking law authorities have also recognised that “certain aspects of
the procedure are relevant for defining the legal roles assumed by the parties.”6 It is, therefore,
worth considering this process, rendered novel by use of a blockchain, in greater detail.
5 Approximately 3000 words from this Part (part of the explication of Bitcoin) was taken from a past paper ‘Bitcoins, Blockchains, and Decentralised Ledgers: Does Situs Actually Matter? (LL.M Dissertation, City Law School, City, University of London, September 2018). 6 EP Ellinger et al, Ellinger’s Modern Banking Law (5th ed, OUP 2011), 577.
23
3.1.1 The Blockchain
At the most basic level, the blockchain is simply a record of all transfers of Bitcoin between
Bitcoin users. Transfers, known as ‘spends’ in Bitcoin parlance, are grouped temporally and
recorded on ‘blocks’ which are created, on average, every ten minutes.7 Suppose, then, that
blocks are exactly created on the hour (00:00, 00:10, etc), and that Alice sends five Bitcoins
to Bob, who receives them at 12:30; then Bob sends three to Charlie at 12:52. Alice’s transfer
will be recorded on the block created at 12.30, Block X, thereby confirming that Bob is now
the owner of those five Bitcoins. Bob’s payment to Charlie will be recorded on the block at
13.00, Block X+3, or sometime shortly after.
Older blocks are not ‘updated’ by newer blocks. Rather, each newly mined block, known in
this context as the ‘child’, is linked to the block immediately preceding it in time, known as the
corresponding ‘parent.’ Each parent is also a child to its own parent, which is child to its own
parent, and so on all the way back to the ‘genesis’ block,8 which records the creation of the
very first Bitcoin through its transfer on 3 January 2009.9 The cumulative record, known as
the ‘blockchain’ is freely available to download on an open licence to be accessed in real
time.10 Any device connected to the Bitcoin network is known as a ‘node’.11
Although conclusive of past spends, the blockchain is merely a record that such-and-such
transactions have occurred. It is, crucially, independent of any interaction between users in
sending Bitcoins inter se. To illustrate, consider Alice’s act in transferring Bitcoins to Bob as
the equivalent of Alice handing him a non-negotiable cheque. This is, essentially, an
unequivocal order by the drawer (Alice) to the drawee (Alice’s bank) to pay the payee (Bob)
the stated sum. Although handing such a cheque to Bob demonstrates a clear commitment
by Alice to pay him, transfer of the cheque does not in itself transfer ownership of the £100.
Instead, Bob must first cash the cheque with his own bank (the collecting bank) to initiate the
clearing process. Bob’s bank will then physically present the cheque to Alice’s drawee bank,
which will then confirm whether Alice has sufficient credits standing to her account to honour
7 A Antonopoulos, Mastering Bitcoin: Programming the Open Blockchain (2nd ed, O’Reilly Media 2017), 213; 26. 8 Antonopoulos (n 7), 29. 9 Antonopoulos (n 7), 198-199. 10 Antonopoulos (n 7), 31. 11 Antonopoulos (n 7), 25.
24
the payment. If so, Alice’s bank will make payment to Bob’s bank, who collects it as his agent
and deposits it to Bob’s own bank account. If not, the drawee bank will dishonour Alice’s order
to pay Bob, who will find that the cheque has ‘bounced.’ Whereas transfers of value by cheque
are verified by the drawee bank checking the drawer’s account balance, clearing and
settlement in the Bitcoin system relies on cryptography, a branch of a mathematics concerned
with proofs of knowledge widely used in computer and information security.
3.1.2. Cryptographic Numbers and Bitcoin Wallets At the heart of the mathematics underpinning Bitcoin is a cryptographic ‘private key.’ This is
simply a very large and essentially random number (Figure 1),12 which is used to generate
more large and unique numbers through special mathematical functions which enable
calculation of an equation in one direction, but are infeasible to calculate in reverse.13 Such
functions are known as ‘one-way’ or ‘asymmetrical’ and are part of the security design which
renders Bitcoin secure.
Figure 1. A Private Key in Three Different Numerical Formats. Because the number is
so large, it is cumbersome to represent it using the decimal system. Hex stands for
‘hexadecimal’, which is a system of representing numbers using not only the numerals
0-9, but also the letters A through F. WIF is often used to generate QR barcodes (Figure.
5 below).14
12 Antonopoulos (n 7), 58. 13 Antonopoulos (n 7), 57. 14 Antonopoulos (n 7), Table 4-4 at 75.
25
Figure 2. Generating the Public Key and Bitcoin Address from the Private Key.15
For the receive- side of a transaction, two numbers are sequentially generated by applying
one-way functions to the private key in a process known as ‘hashing.’ First, the ‘public’ key,’16
which is then further hashed through the application of different one-way functions to generate
the ‘digital fingerprint.’ This is known as the ‘Bitcoin address’ and functions as the public face
of the public key.17 Essentially, it signals ‘at where’ one receives Bitcoin payments within the
Bitcoin network,18 in the same way that one’s email address is made public to signal to others
‘at where’ in the digital universe one receives email.
For the spend- side, the private key is used to generate a ‘digital signature.’ Each transfer of
Bitcoin requires the payer to ‘sign’ the proposed transaction with this signature; signalling to
other participants in the Bitcoin network that the payment instruction is authentic. A more
critical function, however, is intricately linked to the receive- side of the transaction through
the role the private key, public key, Bitcoin address, and digital signature – essentially, four
numbers – play in establishing the proofs of ownership that are necessary for any given
transaction to be included on any block, thereby indicating settlement. Thus, although we did
not know at what time Alice transferred five Bitcoins to Bob, inclusion of the transaction on
Block X at 12:30 indicates all the clearing requirements were met19 so that Bob is now
recognised as the ‘owner’ of those five Bitcoins.
The cryptographic proofs which constitute the Bitcoin clearing process revolve around the
precise mathematical relationships underpinning the four numbers. Whilst it is possible to
begin with the private key, apply the relevant one-way function, and then generate the public
key and Bitcoin address, it is infeasible20 to begin from any of the latter two to calculate the
15 Antonopoulos (n 7), Figure 4-1 at 57. 16 Antonopoulos (n 7), 60. 17 Antonopoulos (n 7), 64-65. 18 Antonopoulos (n 7), 65. 19 Antonopoulos (n 7), 29. 20 Antonopoulos (n 7), 56.
26
private key in reverse (Figure 2). What is, however, possible is verification that the digital
signature, Bitcoin address, and the public key – given the mathematical relationships between
them – were generated from the same private key. This can be done without disclosing the
private key itself, which must remain private.
These concepts underpin a Bitcoin spend roughly as follows. Assume Alice is the legitimate
holder of the five Bitcoins when she sends them to Bob’s Bitcoin address. Having received a
legitimate payment to this particular Bitcoin address, the mathematical relationships
underpinning Bob’s private key, public key, Bitcoin address, and signature will prevent Bob
from spending any of those coins in turn; unless he can also ‘sign’ his spends using the digital
signature derived from the same private key which lies at the root of his Bitcoin address.
Hence, although digital signatures are used on the spend-side of a transaction, they also
function as a mechanism on the receive-side which ensures that only a rightful transferee of
Bitcoin can ‘unlock’ its value by transferring it on to another user (Figure 3). This is critical for
use of Bitcoin as a means of exchange because, just as a paper banknote is worthless in itself,
Bitcoins have no intrinsic value. Having received five Bitcoins from Alice is of no value to Bob
unless he can send them on to someone else as payment in exchange for some other
economic resource. This is only possible if Bob can sign payments using the digital signature
generated from his private key.
Figure 3. Bitcoin Transactions21
21 S Nakamoto, ‘Bitcoin: A Peer-to-Peer Electronic Cash System’ (2008), 2 < http://nakamotoinstitute.org/Bitcoin/ > accessed 5 January 2018.
27
The private key, thus, is said to lie “at the root of all ownership in the Bitcoin system”22 and,
although secure in that they cannot be calculated in reverse from public keys, Bitcoin
addresses, or digital signatures, private keys are nonetheless vulnerable. Once generated
according to cryptographic standards of randomness, it is up to Bitcoin users to ensure their
private keys are kept secure. Generally, the safest way is to generate the private key offline,
record it physically on paper or storing it on a USB, then ensure that piece of paper or USB
stays safe.23 Such offline methods of storing private keys are known as ‘cold’ storage or ‘in
cold wallets,’ and are contrasted with ‘hot wallets’ in which private keys are kept in online
Bitcoin accounts or wallet apps downloaded to mobile devices.
Figure 4. Printout of Private Key and Address. This is the most basic method of storage.24
Figure 5. Simple Paper Wallet. Note the user-friendly ‘translation’ of keys into scannable
QR barcode form, and detachable backup copies (right) in case of loss or damage.25
22 Antonopoulos (n 7), 58. 23 Antonopoulos (n 7), 273. 24 Antonopoulos (n 7), Table 4-9 at 88. 25 Antonopoulos (n 7), Figure 4-12 at 91.
28
Since Bitcoin was launched, there have been considerable developments in wallet technology,
and software-based wallets now offer other functions to key and address management.
Software wallets come in two main types, distinguished by whether the private keys they
contain are related to each other or not. The first kind of Bitcoin wallet, now called Bitcoin
Core, was a collection of 100 pre-generated private keys, each generated from a different
random number, which were each used only once for security purposes (Figure 6). Further
keys were then generated as needed.26 Such wallets with unrelated keys are called ‘non-
deterministic’ wallets and are sometimes referred to as JBOK: ‘just a bunch of keys.’ Use of
non-deterministic, or ‘random’ wallets is now discouraged by Bitcoin developers, given that
frequent copies and backups are required when each new key is generated.27 These wallets
are, thus, being replaced by deterministic wallets, which contain private keys generated from
a single ‘seed’ unique number combined with other data to derive the private keys (Figure 7).
Given that all keys can be derived from the seed, a single backup at creation is sufficient.28
Figure 6. Type-0 Non-Deterministic ‘Random’ Wallet; ‘Just a Bunch of Keys’29
26 Antonopoulos (n 7), 94. 27 Antonopoulos (n 7), 94. 28 Antonopoulos (n 7), 95. 29 Antonopoulos (n 7), Figure 5-1 at 95.
29
Figure 7. Type-1 Deterministic ‘Seeded’ Wallet30
Figure 8. Type-2 Hierarchical Deterministic wallet31
The most sophisticated type of deterministic wallet is the ‘hierarchical’ deterministic wallet, in
which a master key is derived from the seed, from which further ‘child’ keys can be used, from
which ‘grandchildren’ keys can be derived, and so on infinitely (Figure 8). HD wallets offer
two major practical advantages over random keys. First, the ‘tree’ structure can be used to
implement organisational structures, such as using one branch of keys to receive incoming
payments, and a different branch used to receive change from outgoing payments; or
allocation of different branches to different payees or accounting categories.32 Second, users
can create a sequence of public keys without having to access the private keys, setting up
receive-only addresses using a different public key for each transaction.33
30 Antonopoulos (n 7), Figure 5-2 at 95. 31 Antonopoulos (n 7), Figure 5-3 at 96. 32 Antonopoulos (n 7), 96. 33 Antonopoulos (n 7), 96.
30
Multi-signature, frequently abbreviated to ‘multi-sig,’ addresses, on the other hand, offer other
functionalities. Requiring several different signatures to ‘sign off’ a proposed spend, multi-sig
addresses can be useful in corporate settings; generated and stored in different locations and
under the control of different persons to ensure no single person can compromise the funds.34
Although there are, thus, many technical differences between different types of wallets, most
retail users are most familiar with software wallets simply through its function as the interface
through which they connect to the Bitcoin network and make payments to other users.
Considered at this level, wallets are a kind of Bitcoin node; participating in the Bitcoin network
and its information flows. ‘Retail’ user wallets, however, usually translate the code
underpinning the network into a more user-friendly interface resembling an ordinary banking
app. Further, given the amount of storage space required, most ‘retail’ wallets do not store
copies of the entire blockchain; only the transactions relevant to that particular user. Such
wallets are called ‘Simple Payment Verification/SPV’ nodes and differ from the nodes used by
the miners who maintain the blockchain.35
3.1.3. Clearing A Bitcoin Transaction
Drawing all these elements together, suppose that Charlie were an antiques retailer and
received the three Bitcoins from Bob in payment for two antique chairs. At user level, Bob’s
and Charlie’s SPV mobile wallet apps will first generate unique private keys, public keys,
Bitcoin addresses, and digital signatures. Charlie will then determine the price using a GBP-
BTC exchange rate and inform Bob of her Bitcoin address. Bob inputs these details into the
‘Send To’ and ‘Amount’ in the payments section of his wallet, then taps ‘Confirm.’ At this stage,
the exchange is at a comparable stage of development to if Charlie had just been handed a
cheque in payment for the chairs. As the cases on contractual mistake and cheques shows,
Charlie would be wise not to part with the chairs until the payment clears.
34 Antonopoulos (n 7), 274. 35 Antonopoulos (n 7), 172.
31
From a clearing perspective, Bob’s spend comprises two transaction elements: an input and
an output. The input refers to the transaction through which Bob received the Bitcoins he is
currently trying to send to Charlie.36 Assume Bob owns only the five Bitcoins he received from
Alice; transfer of which was recorded in Block X at 12:30. As will be clear by now, Bob cannot
spend any of these unless he can sign his intended payment to Charlie with the private key
which corresponds with the Bitcoin address to which Alice had sent those five Bitcoins. The
output refers to the payer’s current spending intentions, known in traditional banking terms as
the mandate or order, and represents a small ‘chunk’ of Bitcoin which is recognised by the
Bitcoin network as available for spending. Hence, they are called ‘unspent transaction
outputs/UTXO.’37 For current purposes, assume that in Bob’s case the output will be a transfer
of three Bitcoins to Charlie’s Bitcoin address, and a small additional amount as the mandatory
transaction fee.38
When Bob confirms this spend - or more accurately, his mandate - in his wallet, the wallet
connects to the Bitcoin network and ‘broadcasts’ his mandate to the nearest nodes. These will
verify the transaction against a checklist of cryptographic criteria, including: (i) whether the
transaction using Bitcoins received from Alice has been validly signed by Bob’s digital
signature; (ii) the provenance of Bob’s input data (that is, the inclusion of Alice’s transfer to
Bob on a previous block on the blockchain); and (iii) verification that the input has not been
already used for a corresponding output since (that Bob has not already spent the relevant
coins in another transaction).39 If the transaction does not come up to proof, it will be rejected
by the first node to encounter it.40 Otherwise, the node will broadcast the mandate to its own
neighbouring nodes, which will verify it again against the same list of criteria; then, if valid,
broadcast on to their own neighbours. The process is repeated simultaneously, ’flooding’ the
Bitcoin network, until every single node has received notice of the transaction. This takes a
few minutes.41
If Bob’s proposed transaction is successfully propagated to the entire network, it passes the
first line of security which renders Bitcoin secure. Settlement has not yet been effected, and
the spend exists in the Bitcoin system as a verified but unconfirmed transaction. As such, it
36 Antonopoulos (n 7), 123-125. 37 Antonopoulos (n 7), 119-122. 38 Antonopoulos (n 7), 126-130. 39 Antonopoulos (n 7), 218. 40 Antonopoulos (n 7), 218. 41 Antonopoulos (n 7), 25.
32
temporarily ‘waits’ in lists known as ‘memory pools/mempools’42 which are maintained by
nodes for various different purposes. In Charlie’s case, her SPV node will register Bob’s
transaction as corresponding to her private key, as well as verifying and broadcasting it.
Mining nodes also verify and broadcast transactions, but also register verified unconfirmed
transactions as part of the solution to a mathematical puzzle, known as the Proof of Work
Algorithm.43 Miners compete to be the first to find a solution to this puzzle, which results in
both (i) the creation of the latest block to be added to the blockchain,44 thereby effecting
settlement of all verified unconfirmed transactions included in the solution;45 and (ii) the
creation of new Bitcoins, which go to the winning miner as a prize. 46 This competition
constitutes the second layer of Bitcoin’s security.
3.1.4. Mining Blocks
To appreciate how the Proof of Work Algorithm functions as a security measure, it is helpful
to consider the problem it was designed to solve. The ‘Byzantine Generals’47 problem has
long been considered in computer science, originally known in this context as the ‘interactive
consistency problem,’ and focuses on a network of computers reaching consensus in the
presence of a ‘weak link’ faulty computer. The problem is popularly known in the terms of the
eponymous allegory: a number of army generals must decide whether to attack a city or retreat
but must decide by at least a majority. The decision-making process is complicated due to
the facts that the generals only communicate by messengers, who may or may not be
trustworthy; and the potential for treacherous generals sending different messages to each of
his peers. In the Bitcoin context, this problem manifests in the question of how mining nodes
can reach consensus as to whether transactions broadcast to the network should be rejected
or accepted as valid.
Traditional banking ledgers ultimately rely on a trusted third party to maintain the definite
‘master’ record, which ensures that the same money in the hands of one person cannot be
42 Antonopoulos (n 7), 219. 43 Antonopoulos (n 7), 219-220. 44 Antonopoulos (n 7), 28; 238. 45 Antonopoulos (n 7), 28-29. 46 Antonopoulos (n 7), 215. 47 L Lamport et al, ‘The Byzantine Generals Problem’ (SRI International 1982) < https://people.eecs.berkeley.edu/~luca/cs174/byzantine.pdf > accessed 4 April 2019.
33
spent twice. For the cheque, Bob simply must trust that Alice’s drawee bank will keep an
accurate record of Alice’s checking account, and that the central bank will keep accurate
records of the respective drawee and collecting bank, to ensure that the £100 currently to the
credit of Alice’s account was not, in fact, used by Alice to pay someone else in a previous
transaction. Trust is, therefore, highly concentrated in these third parties, rendering the entire
banking system highly susceptible to fraud, hacks, or abuse.
Bitcoin was, therefore, conceived of as an alternative: a decentralised method of financial
accounting ultimately relying on peer-to-peer consensus regarding transaction histories to
ensure no coin is double-spent.48 Given, however, that anyone can operate a mining node
simply by downloading the full source code, the key obstacle had long been developing a way
to ensure all miners can trust one another sufficiently to reach such consensus - without
recourse to a third party occupying an privileged position of authority. To this end, the
blockchain relies on a combination of incentives, deterrents, independent verification, and
indirect voting by each member of the mining community. The primary incentive is the reward
of new Bitcoins and the transaction fees each user will have included in their spend.49 This is
off-set against the cost of mining: the considerable computing power and electricity required
to compete in the Proof of Work competition.50
This involves preparing a candidate block for the next block due to be created;51 which
constitutes, inter alia: (i) a bundle of verified unconfirmed transactions which are waiting in the
mempool to be cleared;52 (ii) a ‘coinbase’ transaction to the miner’s own Bitcoin address which
represents all transaction fees included in this bundle of transactions;53 and (iii) a reference to
the parent block which the miner considers the most recent, valid block on the blockchain and
to which the miner intends his candidate block to be attached as child.54 Having prepared
these details, the competition then comprises finding a variable data point, the ‘nonce’, to
complete the candidate block.55 Crucially, this must yield a specific result when the completed
candidate block is hashed, 56 and the correct nonce cannot be found other than by way of trial
48 Nakamoto (n 21), 1. 49 Antonopoulos (n 7), 214. 50 Nakamoto (n 21), 4. 51 Antonopoulos (n 7),220. 52 Antonopoulos (n 7), 220. 53 Antonopoulos (n 7), 221-222. 54 Antonopoulos (n 7), 227. 55 Antonopoulos (n 7), 228. 56 Antonopoulos (n 7), 228.
34
and error, through quadrillions of individual possibilities.57 The processing power required is,
therefore, considerable; one study estimating that the electricity consumption by the Bitcoin
network is comparable to the entire consumption of Ireland.58 Any realistic chance of success
requires highly specialised processing chips and hardware costing several tens of thousands
of pounds, which are upgraded every year or so.59 Consequently, it has been for some years
unprofitable for miners to operate ‘solo’ as a hobby using a standard computer.60
Further, from the perspective of overall security, acquiring a Bitcoin with superior hardware is
not enough; the newly mined block recording its acquisition must also remain on the
blockchain. Closely aligned to the primary incentive, therefore, is reliance on the consensus
of all miners that the winning block is valid. This is secured in two stages. First, when the
winning block is ‘announced’, it will immediately be propagated across the network to be
checked by all other mining nodes against a list of cryptographic criteria. Thus, all mining
nodes will verify the new block to confirm that it is valid.61 Second, when the blockchain is
extended in due course, the newly mined block must be selected as the valid parent block to
which the next child will be attached. Should it be rejected as a valid parent this second stage,
it will then be treated as an ‘orphan’ offshoot not part of the main blockchain and its definitive
record of spends.62 All transactions included in an orphan block, including the reward of new
Bitcoins created with that block, are, therefore, not recognised. Thus, given the possibility of
doubt regarding a newly mined block, transactions are by convention considered cleared
beyond dispute six blocks after it appears and has remained on the blockchain; that is, an
hour after clearing and settlement has been effected.63
57 Antonopoulos (n 7),228. 58 A Vries, ‘Bitcoin’s Growing Energy Problem’ (16 May 2018) Joule 2, 801–809 < https://www.cell.com/joule/fulltext/S2542-4351(18)30177-6 > accessed 30 June 2018. 59 Antonopoulos (n 7), 247; 250. 60 Antonopoulos (n 7), 250. 61 Antonopoulos (n 7), 238-239. 62 Antonopoulos (n 7), 238. 63 Antonopoulos (n 7), 28.
35
Figure 9. Blockchain Forks and Orphan Blocks. Blocks 4b, 7a, and 8a are all orphans
off the main blockchain.64
Given the considerable computing power expended when creating a new block, the chance
that it may subsequently be rejected by other miners acts as a broader deterrent. 65
Blockchain, thus, derives much of its security by relying on “the majority of miners acting
honestly out of self-interest.”66 Although it is not impossible for a miner to propagate fraudulent
blocks - generating payments to himself or reversing his own payments to others67 - there is
little incentive to do so. Not only must the relevant block recording the transaction be altered,
but so must every block which subsequently descends from that particular parent. Given that
this requires the cooperation of the majority of miners, this is computationally infeasible and
economically unviable. Since 2009, the increase of total hashing power has arguably made
Bitcoin impervious to attacks by a single miner.68
3.1.5 Coloured Coins
Since the launch of Bitcoin in 2009, the technology underpinning the network has been used
or adapted for various other applications and functions. One of the first such applications of
the Bitcoin network not envisioned by its White Paper was use of the blockchain to record
similarly the entire transaction history of some external asset. Such assets make use of
‘coloured coins’: certain Bitcoins ‘earmarked’ as representing certain assets amongst a sub-
society of Bitcoin users.69
64 Antonopoulos (n 7), Figure 10-9 at 257. 65 Antonopoulos (n 7), 239 66 Antonopoulos (n 7), 253. 67 Nakamoto (n 21), 6. 68 Antonopoulos (n 7), 256. 69 Antonopoulos (n 7), 279.
36
Coloured Coins are ‘issued’ through an initial transaction which registers the coloured coin on
the blockchain by creating an asset ID as metadata attached to Bitcoin transactions.70 This
ID is used to ‘track’ that asset,71 which is transferred between addresses as usual using
transactions.72 Coloured Coins, however, require use of special wallet software which can
interpret the metadata attached to the relevant Bitcoin transaction. Care is required to avoid
sending coloured coins to regular Bitcoin wallets, which may destroy the coloured coin
metadata.73
3.2. Ethereum and Smart Contracts
A more radical innovation separates the DLT of the blockchain from the cryptocurrency
application entirely and utilises it for other purposes. Of these so-called ‘second generation’
blockchains, Ethereum and its pioneering of decentralised ‘smart contracts’ remains the
original and one of the widely recognised applications of Bitcoin’s underlying DLT as a
powerful innovation in its own right. Although, therefore, Ethereum shares many similarities
with Bitcoin, it is essential to note that Ethereum was developed in pursuit of wholly different
objectives. Whilst there is nothing to stop users from using Ether, Ethereum’s native
cryptocurrency, as an alternative means of payment, Ether, unlike Bitcoin, is not intended as
an alternative to the central banking system. 74 Rather, Ether is intended as a means to access
the Ethereum network to execute computer programmes, known as ‘smart contracts,’ stored
on the Ethereum blockchain.75 For this reason, Ether is not classified as a ‘cryptocurrency’
proper, but a ‘utility’ cryptocurrency76 of limited use outside this very specific context.
Ethereum’s contribution to the recognition and development of DLT as a powerful technology
independent of Bitcoin is its combination of (i) ordinary computer programming, that is,
instructions written in computer code which automate the future execution of pre-defined
70 Antonopoulos (n 7), 280. 71 Antonopoulos (n 7), 278. 72 Antonopoulos (n 7), 280. 73 Antonopoulos (n 7), 279. 74 A Antonopoulos and G Wood, Mastering Ethereum: Building Smart Contracts and DApps (O’Reilly Media 2018), 2. 75 Antonopoulos and Wood (n 74), 26. 76 Antonopoulos and Wood (n 74), 2.
37
functions; with (ii) a decentralised blockchain ledger to store and execute such functions
automatically, then record that such functions have been executed.77
To take a familiar, everyday example, an email account may be programmed today to send
autoreplies to any emails received from tomorrow for a week using an Ethereum-based,
decentralised computer program. If any emails are then received in that inbox, the pre-
programmed autoreply instructions will be triggered, sending the pre-programmed email in
reply. These events would then be recorded in a blockchain ledger as events which Ethereum
miners all agree occurred.
Such ‘events which have occurred’ are known in formal terms as ‘changes in state’ or ‘state
transitions,’ which are then bundled together and recorded on blocks by miners according to
the time at which they occurred according to a consensus algorithm. The cumulative chain of
blocks, recording all changes in states across the network, comprises the single,
decentralised, and public record of ‘what has happened.’ In the previous section, ‘what has
happened’ in the Bitcoin network was largely explicated in terms of ‘transfers’ of value;
although intuitive and accessible for introductory purposes, this is not technically correct. More
accurately, the Bitcoin blockchain records changes in state as to the distribution of UTXOs
across the entire network of public addresses, which change as users broadcast their
intentions to decrease the UTXOs associated with their own address and increase that of their
intended recipient. Whereas the Bitcoin blockchain is limited to recording and tracking
changes in state in such terms of UTXOs across the network, the Ethereum blockchain is
designed to track state transitions of general purpose data.78 In the email example given
above, the changes in state would include at least the programming of the autoreplies, the
email received, and the autoreply sent.
The Ethereum network, thus, has two distinct components: (i) the Ethereum virtual machine
(‘EVM’), a decentralised ‘computer’ which handles the deployment and execution of
programmes over the network; and (ii) the Ethereum blockchain, which records changes in
state using the concepts pioneered by Bitcoin and explicated above (private-public keys,
digital signatures, wallets and nodes, broadcasting transactions, the proof of work consensus
algorithm, etc). Thus, the primary purpose of Ethereum is to ensure execution of pre-
77 Antonopoulos and Wood (n 74), 8 78 Antonopoulos and Wood (n 74), 6.
38
programmed functions and record successful executions in line with the Bitcoin-inspired ideals
of decentralised trust and immutability.79 Unlike the Bitcoin network, which is intentionally
programmed to support a limited number of computing functions, Ethereum’s scripting
language is designed to support a wide range of applications.80 The EVM, thus, is said to lie
”at the heart of the Ethereum protocol and operation”81 and remains its most distinctive feature.
This section will therefore primarily explore how the EVM functions alongside the
cryptographic concepts associated with DLT outlined in the previous section.
3.2.1 Smart Contracts: Transactions and Accounts
It is useful to begin with the clarification that Ethereum ‘smart contracts’ are neither ‘smart’ nor
‘contracts’ in the legal sense. Rather, it is the term which has stuck in Ethereum parlance to
describe “immutable computer programmes that run deterministically82 in the context of an
EMV as part of the Ethereum network protocol.”83 Thus, Ethereum smart contracts are simply
the instructions, written in code, programmed in advance, deployed to and ‘stored’ internally
within the Ethereum network, which then lie dormant until ‘called’ into execution.
To understand how contracts are called, it is necessary to distinguish between two types of
accounts (or ‘nodes’) which are used within Ethereum. First, the ordinary user account
through which Ethereum users access and interact with the network, typically through external
software such as a wallet application.84 Such ‘user’ accounts are known as ‘externally owned
accounts’ (‘EOAs’) and feature all the functions to initiate transactions and manage a user’s
interactions with the Ethereum network.85
‘Contract accounts’ (‘Contracts’), on the other hand, are best thought of as passive ‘storage’
accounts which simply hold data, code, and if necessary, funds. Data and code are
determined and programmed ‘into’ the account at the outset by a (human) computer
programmer, before the prospective Contract is deployed to the Ethereum platform via a
79 Antonopoulos and Wood (n 74), 3-4. 80 Antonopoulos and Wood (n 74), 2. 81 Antonopoulos and Wood (n 74), 297. 82 In this context, ‘deterministically’ means that any given data input will always give the same data output; similarly, any two nodes executing the programmed instructions will always reach the same solution. Antonopoulos and Wood (n 74), 253. 83 Antonopoulos and Wood (n 74), 127. 84 Antonopoulos and Wood (n 74), 127. 85 Antonopoulos and Wood (n 74), 26.
39
special ‘contract creation’ transaction.86 Once a Contract is thus deployed, its programmer has
no further ‘authority’ over nor ownership of it; the Contract becomes wholly self-sufficient and
governed entirely by its internal programming.87 Its code cannot ever be changed or altered,
and only ever deleted if the programmer has specifically programmed in a ‘self-destruct’
function.88 Once deployed, Contracts function as an Ethereum node with the basic features
in common with EOAs, such as identification and receipt of Ethereum transactions at a public
address.89
Ethereum transactions, like spends in Bitcoin, are essentially cryptographically signed
messages broadcast to the network.90 Ethereum transactions consist of seven data points,
which cover details of: (i) the transaction nonce, essentially the transaction number associated
with a node; (ii) the recipient’s Ethereum address; (iii) and (iv) arrangements for transaction
fees; (v) the value of Ether to be sent; (vi) ordinary data, often known as the ‘payload;’ and
(vii) aspects of the sender’s digital signature.91 For present purposes, the most significant
point to note is that Ethereum transactions can only be initiated by EOAs.92 Contracts do not
have private keys93 and cannot execute of any of it is programmed functions unless called by
an Ethereum transaction originating from an EOA. 94
Transactions can be of simple Ether. If the specified recipient is an EOA, it functions as a
simple payment. If the recipient is a Contract, unless a specified response is programmed
into the contract code – such as reject, or transfer to someone else – the Contract will simply
hold the funds. Given that Ethereum is not intended, however, as a means of payment,
transactions will more commonly include specific messages sent in the data payload.
Although this will serve no real purpose if the recipient is an EOA,95 data payloads ‘sent to’ a
Contract will ‘call’ its programmed functions, causing the function to execute using the data
payload as the input. 96 If the function executes in its entirety and terminates (that is,
86 Antonopoulos and Wood (n 74), 112. 87 Antonopoulos and Wood (n 74), 128-9. 88 Antonopoulos and Wood (n 74), 129. 89 Antonopoulos and Wood (n 74), 26. 90 Antonopoulos and Wood (n 74), 99. 91 Antonopoulos and Wood (n 74), 99-100. 92 Antonopoulos and Wood (n 74), 128-9. 93 Antonopoulos and Wood (n 74), 128. 94 Antonopoulos and Wood (n 74), 128-9. 95 Antonopoulos and Wood (n 74),110. 96 Antonopoulos and Wood (n 74), 110-111.
40
‘completes’)97 successfully, the changes effected to the overall, ‘global’ state of the Ethereum
network will be recorded in the Ethereum blockchain.98 If the function fails to complete
successfully, its effects are ‘rolled back’ as though execution had not been attempted. The
failed attempt, however, is recorded on the blockchain.99
3.2.2. Ether, Gas, and Tokens
One reason a function may fail to execute successfully is an insufficient transaction fee. As
with any decentralised ledger, the Ethereum network is resource-intensive; executing smart
contracts consumes considerable processing power. In addition, Ethereum’s scripting
language, designed to support a wide range of applications, poses a particular issue known
in computer science as the ‘halting’ problem. Unlike Bitcoin, which is limited to computing
‘true/false’ functions to assess spending conditions (that is, whether a proposed transaction
has been validly signed and does not propose to send more Bitcoin than is associated with
the relevant public address), the EVM aspect of Ethereum is able to compute any program of
any complexity within the limitations of the EMV’s finite memory capacity.100 Such ‘universal
computability’ is known as ‘Turing completeness,’101 after the English mathematician, Alan
Turing. Turing was the first to prove the halting problem;102 concluding it is not possible to
determine, given an arbitrary program and its input, whether a program will ever stop running
once it has begun to execute.103 In the context of the EMV, the halting problem inherent in
Turing completeness poses serious risks of wasting resources by requests to execute smart
contracts, which may potentially run infinitely with no way of stopping the programme once it
has been called into execution. 104 As a solution, the number of computational steps
permissible in the execution of any given Ethereum smart contract is deliberately limited by a
pre-determined transaction fee.105
97 It is worth noting that ‘termination’ here is not to be confused with ‘termination’ in the legal contractual sense of performance having been interrupted but is used to describe a programme has successfully executed from start to finish. Antonopoulos and Wood (n 74), 129. 98 Antonopoulos and Wood (n 74), 129. 99 Antonopoulos and Wood (n 74), 129. 100 Antonopoulos and Wood (n 74), 8-9. 101 Antonopoulos and Wood (n 74), 8. 102 Antonopoulos and Wood (n 74), 8. 103 Antonopoulos and Wood (n 74), 9. 104 Antonopoulos and Wood (n 74), 314. 105 Antonopoulos and Wood (n 74), 9.
41
To this end, there are three kinds of crypto-assets associated with Ethereum: Ether, Gas, and
Tokens. Ether is Ethereum’s native cryptocurrency and is available on crypto-exchanges. As
noted above, Ether is not intended as an alternative to fiat currency, but is used to access the
Ethereum network. Here, Ether is primarily used to purchase Gas, the unit in which
transactions fees for executing smart contracts is denominated.106 Gas cannot be purchased
outside the context of an Ethereum transaction, where a certain portion of Ether is set aside
for this specific purpose.107 The transaction fee is expressed in terms of the maximum amount
of Gas the sender is willing to expend on executing the smart contract, with each
computational step to be executed fixed with a pre-determined price:108 calling a self-destruct
function, for example, costs 5,000 Gas; every word to be added when expanding memory
costs 3.109 As the EVM executes the smart contract, it accounts for the cost of executing the
instructions expressed in the code by consuming the Gas available in the transaction
message. If this is insufficient to execute the smart contract to termination, execution will
automatically stop when the when the supply of Gas is depleted.110
Tokens, on the other hand, are distinct from Ether and Gas in that they are not intrinsic to the
Ethereum platform.111 Rather, they are a feature of smart contracts and Contracts, which may
be programmed to implement tokens for use within the Contract’s intended application.112 Two
main types of tokens are available. The first type, known as ‘fungible tokens,’ have no unique
properties and are interchangeable with other Tokens in its set or issue. 113 They are
appropriate for Contracts intended to track dealings in fungible goods or items, such as bulk
goods, commodities, or credits to a bank account.
To illustrate, suppose a commercial bank (‘Blockchain Bank’) decided to move its banking
ledger onto the Ethereum blockchain and deployed a Contract (‘Code Blockchain Bank’) to
manage its consumer banking ledger. Code Blockchain Bank would be programmed and
deployed on the Ethereum network as a contract account, implementing Blockchain Bank
Tokens representing its capital. Other functions will be included in the code to govern
106 Antonopoulos and Wood (n 74), 314. 107 Antonopoulos and Wood (n 74), 9. 108 Antonopoulos and Wood (n 74), 314. 109 G Wood, ‘Ethereum: A Secure Decentralised Generalised Transaction Ledger,’ (‘the Yellow Paper,’ Byzantium Version 4e05aa0 4 March 2019), Appendix G ‘Fee Schedule’ < https://github.com/Ethereum/yellowpaper > accessed 24 March 2019. 110 Antonopoulos and Wood (n 74), 315. 111 Antonopoulos and Wood (n 74), 227. 112 Antonopoulos and Wood (n 74), 227. 113 Antonopoulos and Wood (n 74), 227.
42
transfers, ownership, and access rights to and between Blockchain Bank customers. The
ERC20 standard consists of a number of minimum such functions (Figure 10).
It is important to note that it is the relevant Contract which governs and manages all aspects
of any given token set;114 such governance operates independently of the broader Ethereum
network.115 For this reason, Tokens behave differently to Ether. Ether transferred from one
user to another is recorded as a global change of state in the Ethereum network in terms of
the parties’ EOA Ether balances.116 Transactions to transfer Tokens, on the other hand, are
not ‘sent’ to the recipient’s EOA, but use the relevant Contract address as the intended
recipient. This calls the Contract’s transfer function, which adjusts the balances between user
addresses mapped within its internal contract state.117 Thus, unlike Ether, Tokens are not
associated with users’ EOAs; rather, the users’ EOAs are stored internally within the Token
Contract.118 Unless the user adds the specific Token Contract to their wallets to ‘watch’ or
manually call the Contract’s ‘balanceOf’ function, they will not be aware of any Tokens
received to their EOA wallet.119
If, therefore, Alice and Bob are both customers of Blockchain Bank, Code Blockchain Bank
will store both their EOA addresses internally. If Alice wishes to send Bob 2 Blockchain Bank
Tokens, she sends a transaction with data input containing the relevant mandate from her
EOA with Code Blockchain Bank as the recipient. The data input then calls Code Blockchain
Bank’s transfer function. If Alice has included enough Ether to cover the Gas, Code
Blockchain Bank will internally adjust Alice’s and Bob’s Blockchain Bank Token balances and
issue a ‘transfer’ event.120 This will be a change in state recorded on the Ethereum blockchain
involving only Code Blockchain Bank’s Account and Alice’s Ether (not Token) balance; no
change in state is recorded for Bob’s EOA.121
114 Antonopoulos and Wood (n 74), 227. 115 Antonopoulos and Wood (n 74), 227. 116 Antonopoulos and Wood (n 74), 242. 117 Antonopoulos and Wood (n 74), 230 and 242-243. 118 Antonopoulos and Wood (n 74), 243. 119 Antonopoulos and Wood (n 74), 242-243. 120 Antonopoulos and Wood (n 74), 230. 121 Antonopoulos and Wood (n 74), 242.
43
Figure 10. ERC20 Token Standard Functions.122
The second type of Token is non-fungible tokens, often known as ‘deeds,’ which are
distinguished by a unique 256-bit identifier.123 Whereas fungible tokens are mapped internally
by the Contract by final balances associated with user addresses, non-fungible tokens are
mapped and tracked according to this identifier.124 This enables the entire transaction history
of the token to be traced; deeds are, thus, suitable to represent dealings in and transfers of a
specific item, such as a Ming vase, debt instrument, or a house. There is currently a proposal
for a standard non-fungible deed, known as the ECR721.125
122 Antonopoulos and Wood (n 74), 228. 123 Antonopoulos and Wood (n 74), 247. 124 Antonopoulos and Wood (n 74), 247. 125 Antonopoulos and Wood (n 74), 247.
44
3.2.3. Oracles
Another feature of Ethereum is the use of systems, known as Oracles, which provide external,
‘off-chain’ data sources to Ethereum Contracts.126 This significantly broadens their capacity
to automate, execute, and enforce agreements ‘in the real world.’ A will smart contract, for
example, may be programmed to distribute assets according to the wishes of the ‘smart
testator’ upon his death. Oracles are designed to solve the obvious obstacle to the real-life
usefulness of a smart will: how would that Contract know when the testator has died? Such
random data cannot be pre-programmed; the EVM intrinsically cannot support random
functions without compromising the ability for nodes to reach decentralised consensus.127 The
only way, therefore, that extrinsic data concerning the testator’s death can be introduced into
the Ethereum network is within the data payload component of an Ethereum transaction128 to
be then viewed by other accounts.
Oracles have three main components:129 (i) collection of off-chain data; (ii) transfer of the data
‘on-chain;’ and (iv) making the data available across the network by storing it in a special
Oracle Contract. Once stored, other users and Contracts can view the data by sending a
transaction calling the Oracle’s ‘retrieve’ function. Alternatively, the data may be viewed by
looking directly into the Oracle’s storage.130 There are three main ways to set up an Oracle,
which differ only in the way in which the extrinsic data is stored and viewed by other nodes.131
3.2.4. Web3: Decentralised Applications Apps
Much like the way in which Bitcoin was conceived as an ideal, or even utopian alternative to
the central banking system, the founders of Ethereum too developed a much broader vision
than simply decentralising the controlling logic and payment functions of computer
programmes as a smart contract programmed and executed on a blockchain. Instead, they
held the ambitious objective of transforming the way in which the internet operates through
decentralising all aspects of web applications using peer-to-peer networks rather than central
126 Antonopoulos and Wood (n 74), 254. 127 Antonopoulos and Wood (n 74), 253. 128 Antonopoulos and Wood (n 74), 253. 129 Antonopoulos and Wood (n 74), 255. 130 Antonopoulos and Wood (n 74), 256. 131 Antonopoulos and Wood (n 74), 256-258.
45
servers. Such decentralised web applications are known as Decentralised Applications, or
DApps, and consist, at the very least, of (i) a smart contract programmed onto a blockchain,
which controls the ‘back-end’ programming logic of the function; and (ii) a ‘front-end’ web-
based user interface.
Figure 11. Internal logic of an auction DApp. First, a Contract implementing an ERC721
deed to represent the chair is created and deployed. Ownership of the deed is then
registered to an Auction House Contract, which is programmed with functions which
govern the bidding process.132
3.3. Further Developments Since the launch of Ethereum, there have been no shortage of new blockchain initiatives,
many of which have been designed for and tailored to particular use cases. These are typically
developed by technology firms privately, resulting in proprietary software to which access or
mining may be restricted by the operator of the network or contractual licensee of the software.
Such ‘closed’ or ‘permissioned’ networks are distinguished from Bitcoin and Ethereum, which
are both open source and free to use by all under open licences.133 It is arguable that closed
132 Antonopoulos and Wood (n 74), Figure 12-2 at 272. 133 Bitcoin uses the MIT Creative Commons Licence: < https://Bitcoincore.org/en/download/ > accessed 15 July 2018, which is available at < https://opensource.org/licenses/mit-license.php > accessed 15 July 2018. Ethereum uses several different licences, but adheres to the principles that (i) Ethereum is both open source software and Free software after the definition of the Free Software Foundation (so-called FLOSS); (ii) no special treatment is given to any single entity concerning the copyright of the software, the Ethereum Foundation included; and (iii) source-code will not be
46
networks mark a major departure from the original ideal of decentralised, peer-to-peer trust.
On the other hand, the case studies show that such compromises may well be necessary if
DLT is to be used in ‘real life’ applications.
In the finance sector, JP Morgan’s Quorum and r3’s Corda are two notable platforms
developed for use by and between financial institutions inter se. Along with Ethereum, these
comprise the only three platforms for which Thompson Reuter’s BlockOne IQ oracle is
available to provide financial markets data.134 A brief outline of the distinctive features of each
is mentioned for the sake of completeness.
3.3.1. JP Morgan’s Quorum
Quorum is built on top of the Ethereum blockchain and was developed by JP Morgan with
transaction privacy in mind.135 To prevent all except those party to the transaction from
accessing confidential or sensitive data, Quorum implements a single shared blockchain used
in conjunction with a combination of smart contract architecture and modifications to
Ethereum, including to the way in which new blocks are proposed and validated.136 All nodes
validate public transactions and any private transactions they are party to by executing the
contract code associated with the transactions.137 For other “private transactions,” a node will
simply skip the contract code execution process. 138 This results in a segmented state
database (Figure 12): a public state database in respect of which all nodes are in consensus,
and a private state database which records only the transactions to which that node is party
or otherwise is permitted to access.139
distributed ahead of binaries. See further < https://github.com/Ethereum/wiki/wiki/Licensing > accessed 18 June 2019. 134 Thompson Reuters BlockOne IQ Website < https://blockoneiq.thomsonreuters.com/ > accessed 1 May 2019. 135 JP Morgan, ‘Quorum White Paper’ (24 August 2018, Version 2), [1]; 1. < https://github.com/jpmorganchase/quorum/blob/master/docs/Quorum%20Whitepaper%20v0.2.pdf > accessed 17 March 2019. 136 JP Morgan (n 135), [2] at 1. 137 JP Morgan (n 135), [2] at 1. 138 JP Morgan (n 135), [2] at 1. 139 JP Morgan (n 135), [2] at 1.
47
Figure 12. Quorum Segmented State Databases.140
140 JP Morgan (n 135), Figure 2 at 2.
48
3.3.2. r3’s Corda
Corda is a new blockchain platform altogether and was designed by r3, an enterprise software
firm, to be used in highly regulated and complex financial markets.141 To this end, it leads a
consortium of market participants, which, originally began with nine financial institutions:
Goldman Sachs, Barclays, JP Morgan, State Street, UBS, RBS, Credit Suisse, BBVA and
Commonwealth Bank of Australia.142 Two versions of the platform are currently available, the
original, free, open source project, Corda, and its commercial version, designed specifically
for use by businesses, known as Corda Enterprise.
If Quorum focuses on transaction privacy, Corda emphasises off-chain ‘real-world’ usage and
legal enforceability. The Corda White Paper begins with its vision:
The end state vision is one where real-world entities manage legally-enforceable
contracts, and transfer value without technological constraints or loss of privacy.143
With legally enforceable transactions in mind, Corda is distinguished for being something of a
hybrid between permissioned and unpermissioned networks. Corda differs from permissioned
networks in that it is designed to allow multiple groups of users, called ‘business networks’144
to co-exist and interoperate across the same platform. Although each business network is
expected to comprise a group of Corda participants who collaborate for a specific business
purpose and, thus, impose their own membership criteria for entry,145 Corda is designed to
allow nodes to participate in other business networks or transact directly with other nodes at
the same time and with the same infrastructure.146
At the same time, Corda also differs from unpermissioned networks in that the network is
governed by a common set of standards, parameters and associated governance processes
for the network of nodes, which is known as the Global Corda Network. These common
141 r3 Website < https://www.r3.com/history/ > accessed 18 April 2019. 142 J Kelly, ‘Nine of the World’s Biggest Banks Join to From Blockchain Partnership’ Reuters (London, 15 September 2015) < https://www.reuters.com/article/us-banks-blockchain/nine-of-worlds-biggest-banks-join-to-form-blockchain-partnership-idUSKCN0RF24M20150915 > accessed 8 August 2018. 143 RG Brown, ‘The Corda Platform: An Introduction,’ (May 2018, Version 2), 1 < https://docs.corda.net/_static/corda-platform-whitepaper.pdf > accessed 13 October 2018. 144 Brown (n 143), [5.1]. 145 Brown (n 143), [5.1], [5.2.1]. 146 Brown (n 143), [5].
49
standards and parameters not only enable interoperability between business networks, but
also ensure that the network operates in the interest of its participants to achieve transaction
legality, finality and privacy.147 To this end, the Corda Network Foundation was incorporated
as a not-for-profit Dutch Stichting on 4 December 2018,148 to take over from r3 governance of
the network according to governing guidelines, articles of association, and bye-laws. A
transitional board of directors was elected in April 2019149 to hold office until ‘democratic
elections’ are held in Spring 2020.150 Another difference with unpermissioned networks lies in
the fact that access as a participant requires and application for admission.151 The Global
Corda Network provides an identity framework and service, linking public keys to real-world
identities so that businesses can enter into real-world contracts.152 Such identity services
were, in May 2018, envisioned as being a ‘bring your own identity’ model whereby participants
provide signed attestations from trusted third parties, with the overall process overseen by the
Corda Network Foundation.153
3.4. Summary
Decentralised ledger technologies and cryptographic assets present an unprecedented
challenge for private law and legal concepts of property. This section set out the basic
principles underpinning such technologies to inform a legal analysis which adequately takes
into account the essential characteristics of its subject, with the ultimate objective of
developing the most rational and robust system of legal ownership in cryptographic assets
that is possible.
147 Brown (n 143), [5]. 148 Corda Network Foundation Website < https://corda.network/governance/articles.html > accessed 18 March 2019. 149 Corda Network Foundation Website < https://corda.network/governance/board-election.html > accessed 18 March 2019. 150 Corda Network Foundation Website < https://corda.network/ > accessed 18 March 2019. 151 Corda Network Foundation Website < https://corda.network/participation/pre-joining.html > accessed 18 March 2019. 152 Brown (n 143), [5.2]; [5.2.3]. 153 Brown (n 143), [5.2.3].
50
4. CRYPTO-FINANCIAL ASSETS IN A DLT-BASED MARKET INFRASTRUCTURE Since the launch of Bitcoin and Ethereum, all manner of cryptocurrencies, DApps,
tokenisations, Initial Coin Offerings, and other similar – generally referred to indiscriminately
under the broad umbrella term ‘cryptos’ – have swiftly followed. From established institutions
exploring new methods of streamlining existing practices, to start-ups intent on disrupting the
markets, interest in this new technology continues to grow. It is arguable that a crypto-market
infrastructure, enabling trading of these assets complete with an attendant suite of supporting
services, is now well and truly established; in commercial practice, at least, if not in every
regulatory rule book.
One of the greatest difficulties, however, in developing effective regulatory policy for the crypto
asset market is the diversity of ‘products’ currently being traded under the umbrella term
‘cryptocurrency.’ Several taxonomies have been proposed, as outlined in Tables 1 and 2
below, which immediately demonstrate that not all crypto assets currently traded are relevant
for present purposes. Only ‘Asset’ and ‘Asset-Backed’ tokens may be classified as financial
assets in that they represent investment entitlements against issuers, or traditional investment
securities in intermediated or bearer forms. Only these token types will, therefore, be
analysed to identify the extent to which and in what ways cryptographic form may affect
principles of legal property in financial assets.
This section, however, will first analyse the basic legal property issues raised by crypto-assets
and distributed ledgers generally, before turning to specific applications of DLT and tokenised
financial assets at three specific levels across the existing infrastructure: (i) between issuer
and investor; (ii) ‘top-down’ from the top-tier intermediaries of the settlement systems; and (iii)
between sub-tier custodian intermediaries inter se. Readers unfamiliar with the current
structure of the financial markets infrastructure are referred to Richard Brown’s blogpost on
the topic for an accessible introduction to the key commercial features.1
1 R Brown, ‘A Simple Explanation of How Shares Move Around the Securities Settlement System’ (5 January 2014) < https://gendal.me/2014/01/05/a-simple-explanation-of-how-shares-move-around-the-securities-settlement-system/ > last accessed 1 June 2019.
51
Table 1. The ISSA’s Taxonomy2
Payment Tokens Cryptocurrencies proper, intended to compete with fiat currencies.
Utility Tokens Provide digital access to an application or service.
Asset Tokens Represent investment entitlements against companies; sometimes treated as a new class
of investment security.
Asset-Backed Tokens
Provide absolute rights in rem of an underlying asset, e.g., fine art, real estate, equity, fixed income, gold, or intellectual property.
Table 2. The FINMA’s Taxonomy3
Payment Tokens
Synonymous with cryptocurrencies are tokens which are intended to be used, now or in the future, as a means of payment for acquiring goods or services or as a means of money or value
transfer. Cryptocurrencies give rise to no claims on their issuer.
Utility Tokens Intended to provide access digitally to an application or service by means of a blockchain-based
infrastructure.
Asset Tokens Represent assets such as a debt or equity claim on the issuer. Asset tokens promise, for
example, a share in future company earnings or future capital flows. In terms of their economic function, therefore, these tokens are analogous to equities, bonds or derivatives. Tokens which
enable physical assets to be traded on the blockchain also fall into this category.
Hybrid Tokens Asset and utility tokens can also be classified as payment tokens. In these cases, the
requirements are cumulative; in other words, the tokens are deemed to be both securities and means of payment.
Fund-Raising Tokens are already put into circulation at the point of the ICO and takes place on a pre-existing
blockchain.
Pre-Financing Investors are offered only the prospect that they will receive tokens at some point in the future
and the tokens or the underlying blockchain remain to be developed.
Pre-Sale Investors receive tokens which entitle them to acquire other different tokens at a later date.
2 International Securities Services Association (‘ISSA’), ‘Infrastructure for Crypto-Assets: A Review by Infrastructure Providers’ (October 2018), Table 1 at 10 < https://www.issanet.org/e/3/reports-and-documents.html> accessed 28 October 2018. 3 FINMA, ‘Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs)’ (16 February 2018) < https://www.finma.ch/en/news/2018/02/20180216-mm-ico-wegleitung/ > accessed 1 December 2018.
52
4.1. Cryptocurrencies: The Basic Premise Whilst there may be some academic debate as to the precise nature of the property right, in
the light of the fact that [the Defendant] does not seek to dispute that [cryptocurrencies]
may be treated as property in a generic sense, I need not consider the question further.
International Judge Simon Thurley QC B2C2 v Quoine1
Given their relative maturity and foundational status as underpinning all subsequent
applications of DLT, Bitcoin and Ethereum remain the most useful case studies through which
to identify and analyse the first principles of legal property in crypto assets. This chapter
therefore begins with an exploration of the general principles of law potentially appropriate to
inform an analysis of crypto assets as the subject of legal property on their own terms and
programming principles.
4.1.1 Private Keys and Blockchains
Notwithstanding wide technical variation between applications, two characteristics may be
identified as definitive for ‘crypto assets’ for present purposes: (i) reliance on a blockchain to
generate a decentralised, immutable, and definitive record of changes in state; and (ii) reliance
on cryptographic key pairs to render proposed changes to the state trustworthy and secure.
One of the central theses of this paper is that it is this combination that creates a unique
challenge in property law: determining the legal significance to be ascribed to each of these
two factors to underpin a rational system of legal property in crypto assets that is fit for
purpose.
The imperative to strike the correct legal balance between the private key and blockchain,
however, is often obscured. One reason for this, at least from a securities law perspective,
may be the fact that the discussion is generally premised on the precedent of the intermediated
system; a global bearer note physically deposited with an ICSD, which in modern practice
1 B2C2 Ltd v Quoine Pte Ltd [2019] SGHC (I) 03, [142].
53
relies on electronic book entries of securities accounts to establish for whose benefit it ‘holds’
the relevant security. Thus, it is often assumed that, because the blockchain can operate as
a definitive record of ‘who owns what’ in a manner prima facie akin to book-entry records
maintained by custodians in respect of securities accounts, the blockchain is, without more, a
register of title, or crypto assets are similarly ‘held’ in the blockchain in the same way that book
entry securities are, at least for the purpose of private international law, legally considered to
be ‘held’ in the accounts of the relevant intermediary.2 This assumption, which has given rise
to concerns regarding the situs and governing law of crypto assets, 3 however, is not
technically correct.
The essential difference with the intermediated system is the absence of any depository
function within the network: mining nodes have cryptographic validation and settlement
functions only. Failure to recognise this fundamental difference risks unduly underestimating
the function of the private key which, considered from the property hallmarks of control,
benefit, exclusion, and transfer, arguably takes precedence over the blockchain as a marker
of ownership. The blockchain is, after all, premised on transactions broadcast across the
relevant network to be verified by mining nodes; only if the cryptographic criteria are fulfilled
will it be included as a change in state recorded on the blockchain.
Hence, the importance of the private key, written in the context of Bitcoin:
Ownership and control over the private key is the root of user control over all funds
associated with the corresponding Bitcoin address. The private key is used to
create signatures that are required to spend Bitcoin by proving ownership of funds
used in a transaction. The private key must remain secret at all times, because
revealing it to third parties is equivalent to giving them control over the Bitcoin
secured by that key. The private key must also be backed up and protected from
2 This is the so-called ‘Place of the Relevant Intermediary Account’ or ‘PRIMA’ approach used in the EU, e.g., Directive 2002/47/EC of the European Parliament and of the Council of 6 June 2002 on financial collateral arrangements [2002] OJ L 168 Art 9; Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement finality in payment and securities settlement systems [1998] OJ L 166 (‘SFD’) Art 9(2). 3 ISDA and Linklaters, ‘Whitepaper: Smart Contracts and Distributed Ledgers - A Legal Perspective’ (August 2017), 9 < https://lpslive.linklaters.com/en/about-us/news-and-deals/news/2017/smart-contracts-and-distributed-ledger--a-legal-perspective > accessed 18 December 2017.
54
accidental loss, because if it’s lost it cannot be recovered and the funds secured
by it are forever lost, too.4
Further, by comparison to the popular aphorism ‘possession in nine-tenths of the law’:
…in Bitcoin, possession is ten-tenths of the law. Possession of the keys to unlock
the Bitcoin is equivalent to possession of cash or a chunk of precious metal. You
can lose it, misplace it, have it stolen, or accidentally give the wrong amount to
someone. In every one of these cases, users have no recourse, just as if they
dropped cash on a public sidewalk.5
It is therefore worth analysing what private keys are in law if they are simply a large number
chosen at cryptographic standards of randomness. Within the orthodox property taxonomy,
as devised by Blackstone, private keys are clearly not choses in possession. The obvious
alternative under the existing taxonomy is the chose in action. However, private keys sit no
more comfortably within this category, either; the value derived from the unique character of
a random number proceeds from an entirely different premise from contractual intangibles
which are underpinned by an obligation. Cryptocurrencies proper involve no contractual claim
against any issuer. Nor are disputes with commercial counterparties where cryptocurrencies
have been exchanged as consideration likely to require legal analysis of the private key as a
large and random number; a simple analysis in contract or sale of goods will probably suffice.
Chose in possession and chose in action remain the most obvious categories of personal
property, however, the common law also recognises that certain interests are sui generis. In
Rolls Royce Ltd v Jeffrey (Inspector of Taxes),6 Lord Radcliffe said this in respect of ‘know
how,’ which the appellant, Rolls Royce, submitted should be considered part of their fixed
capital:
…I see no objection to describing this as an asset. It is intangible: but then so is
goodwill. It would be difficult to identify with any precision the sources of the
4 A Antonopoulos, Mastering Bitcoin: Programming the Open Blockchain (2nd ed, O’Reilly Media 2017), 58. 5 Antonopoulos (n 4), 269. 6 [1962] 1 WLR 425, at 430-431. I am very grateful to David Kreltszheim for drawing this authority to my attention.
55
expenditure which has gradually created it and, patents apart, I would not have
thought of it as a natural balance-sheet item...
[…]
An asset of this kind is, I am afraid that I must use the phrase, sui generis. It is not
easily compared with factory or office buildings, warehouses, plant and machinery
or such independent legal rights as patents, copyright or trade marks, or even with
goodwill. “Know-how” is an ambience that pervades a highly specialised
production organisation and, although I think it correct to describe it as fixed capital
so long as the manufacturer retains it for his own productive purposes and
expresses its value in his products, one must realise that in so describing it one is
proceeding by an analogy which can easily break down owing to the inherent
differences that separate “know-how” from the more straight-forward elements of
fixed capital.
The Financial Markets Law Committee (‘FMLC’) has recognised that cryptocurrencies do not
quite fit within the category of choses in action, albeit for the slightly different reason that ‘digital
assets’ cannot be said to be tangible. It therefore proposes a new category of ‘virtual chose
in possession’ for cryptocurrencies 7 as a hybrid. 8 Although welcome, the proposal
nevertheless remains underdeveloped, and crucially, does not recognise nor address the
essential questions of (i) the nature of property in crypto assets as a combination of knowledge
of, control, and possession of a private key, to which changes in state are ultimately ascribed
via the address by reference to a blockchain and public address; (ii) the function of a private
key in verifying spends and unlocking the value ascribed to its corresponding public address;
and, perhaps most crucially, (iii) the essential nature of a private key as a large and random
number. Several proposed alternatives that take these factors into account, therefore, follow.
7 Financial Markets Law Committee (‘FMLC’), ‘Issues of Legal Uncertainty Arising in the Context of Virtual Currencies’ (July 2016), 23 < www.fmlc.org > accessed 18 June 2018. 8 FMLC (n 7), 8.
56
4.1.1.1. Private Keys as Documentary Intangibles9
One possible analysis may be developed by reference to the logic underpinning Professor
Goode’s proposed category of documentary intangibles. Most users of crypto assets use
wallet applications to store private keys, and the specific type of wallet used opens up the
scope of valid considerations when undertaking a legal property analysis by reference to form.
A basic distinction was drawn in Chapter 2 between hot and cold storage methods; hence,
four main types of wallets may further be identified:
1. Paper wallets simply record the private key on paper, either written out in full or in
compressed form, to be safely locked away in a physical safe or vault.
2. Hardware wallets are closely related to paper wallets, and store keys on small devices,
like a USB, which connect to a computer or mobile device via a USB port. Trezor10
and Ledger Nano S11 are two of the market-leaders, both of which confirm transactions
using no more sophisticated technology than two buttons on the devices themselves.
Hardware wallets are the digital equivalents of physically writing out the private key on
a piece of paper then keeping that piece of paper private. These generally operate
wholly offline, so technically classify as cold storage.
3. Mobile and desktop wallets are software-based applications that are downloaded to a
mobile or computer and stored within the local hard drive. Mycelium and Jaxx are two
of the most well-known, and, although make more use of software than paper or
hardware wallets, are still technically cold-storage methods as keys are stored offline.
4. Web wallets, on the other hand, are fully electronic methods of storage which hold
keys on the internet - or, technically, on the relevant hosting server.
From a documentary intangibles perspective, paper wallets are least problematic: the number
that is the private key can be ascribed to the piece of paper upon which it has been written in
the same way in which the obligations underpinning financial assets have benefitted from the
9 Approximately 500 words (on the documentary intangibles analysis) were taken from a past paper ‘Bitcoins, Blockchains, and Decentralised Ledgers: Does Situs Actually Matter? (LL.M Dissertation, City Law School, City, University of London, September 2018). 10 Trezor Website < https://trezor.io/ > accessed 4 April 2019. 11 Ledger Website <https://www.ledger.com/ > accessed 4 April 2019.
57
‘benevolent fiction’ of being treated as the piece of paper upon which they were recorded.
Hence, it is no stretch to apply this same reasoning to files stored on a physical device (in the
case of hardware wallets) or a computer or mobile phone’s local hard drive (desktop and
mobile wallets). Appropriation of private keys stored on any of these kinds of wallets will
(possibly) amount to (i) theft of the paper, Trezor or Ledger device, or computer or mobile
device, contrary to s 1 of the Theft Act 1968; and (ii) the tort of conversion.
The extent, however, to which each of these actions will vindicate an owner’s rights –
assuming that the essential elements of the action or offence are made out at all – will largely
depend on the type of wallet used. If Alice has Bob’s permission to use his laptop, finds a
private key file stored on a desktop wallet, then prints it off without his knowledge, has Alice
appropriated property, defined at s (1)(4) of the Theft Act 1968, belonging to Bob for the
purpose of the actus reus of theft and with the intention of ‘permanently depriving’ Bob of it?
Has Alice taken anything “with the intent of exercising over the chattel an ownership
inconsistent with the real owner's right of possession"12 for the purpose of conversion?
A more pressing issue is that recourse to the physical thing upon which the private key is
recorded is obviously inappropriate when the private key is kept in hot storage. Any person
appropriating private keys from a web wallet is more likely to have committed unauthorised
modification of computer material, contrary to section 3(1) of the Computer Misuse Act 1990
than theft13 in England and Wales, or sections 247C, 247D, and 247G of the Crimes Act 1958
in Victoria but, critically, no known civil wrong upon which a property claim could be brought
by a user. Conversion is not available for intangibles;14 the proper claimant being she with a
better right to possession than the defendant, which limits the action to “property which is
susceptible of possession itself, which pure incorporeals are not.” 15 The possibility of
recovering at least damages in the case of paper, hardware, or even mobile or desktop wallets,
but nothing in the case of web wallets is plainly undesirable for legal consistency and a
functional property law taxonomy, even if, commercially, little sympathy is shown for those
who opt for hot storage.
12 Fouldes v Willoughby (1841) 81 M & W 540, 550. Emphasis added. 13 As was the prosecution’s case in R v West, Southwark Crown Court, 14 December 2017. See more at the Crown Prosecution Service News Centre, ‘Prolific Computer Hacker Jailed for 10 Years’ (25 May 2018) < https://www.cps.gov.uk/cps-london-north-london-south/news/prolific-computer-hacker-jailed-10-years > accessed 29 August 2018. 14 OBG Ltd v Allan [2007] UKHL 21; [2008] 1 AC 1. 15 D Nolan and J Davies, ‘Torts and Equitable Wrongs’ in A Burrows (ed), English Private Law’ (3rd ed, OUP 2013), [17.311] fn 609.
58
The arbitrary distinction fixed by tangible form is thrown into even sharper relief in the context
of remedies. In the case of paper, hardware, and mobile/desktop wallets, under the Torts
(Interference with Goods) Act 1977, users would have an option between specific delivery of
the chattel upon which the private key had been stored, or the alternative of damages by
reference to the value of the goods.16 Were, however, the paper, hardware device, mobile
phone, or laptop, made subject to an order of specific delivery, to what extent could it be said
that a user’s rights as owner had been vindicated? The remedy does not prevent the
defendant from retaining copies made prior to the order; continuing to access transaction
inputs sent to the user’s public address and signing spends for them using these copies.
Furthermore, if the user had elected damages, should the defendant be ordered to pay based
on the quantum of value currently17 associated with the user’s public address at the prevailing
BTC/GBP or ETH/USD price (currently £3,969.32 and $156.68), or the value of the paper
(typically worthless), Trezor T or Ledger Nano S (currently retailing at £149 and £54.50
respectively on amazon.uk), or Samsung Galaxy S10 or MacBookPro (£899 and £1,449 minus
any appropriate deduction)? Although solace may be found in the practical sense of the
common law in conversion cases involving documentary intangibles treated as chattels, which
uniformly assessed damages as the value of the underlying right or obligation,18 it has also
been noted that there are limits to extending conversion to intangible property. In particular,
“there is a judicial reluctance to extend the tort by deeming documents copying intangible
information to be treated as belonging to the claimant for the purpose of a conversion action.”19
Although, therefore, it may, in theory, be possible to extend Professor Goode’s category of
documentary intangibles to crypto assets and apply a property analysis by reference to the
kind of wallet used, the difficulties encountered and undesirable consequences arising with
the arbitrary distinction between physical and non-physical methods of storage are too
significant for the proposal to be considered a truly viable solution. In short, the form or method
of recording what is still the same substantive asset should not render ownership rights
precarious.
16 Torts (Interference with Goods) Act 1977, ss 3(2)(b), 3(3). 17 All prices as at 15 April 2019. 18 M Bridge et al (eds), The Law of Personal Property (2nd ed, Sweet and Maxwell 2018), [32-034] fn 249, fn 253 and text. 19 Ibid, [32-034] fn 259 and text.
59
4.1.1.2 Private Keys as Intellectual Property20
An alternative approach is to analyse the private key substantively as a large and unique
number used to sign cryptographic messages. If the right to use the private key in
broadcasting proposed changes in state to the blockchain network is emphasised, ownership
rights in such assets are not vindicated through locus standi to compel performance of the
obligation (the ‘chose in action’ method used for the simple contract debt); nor by simply
‘obtaining possession’ of the private key as personal property (the ‘chose in possession’
method used for bearer negotiable instruments and, presumably, also the ‘virtual chose in
possession’ proposed by the FMLC). Rather, the value and ownership over a private key is
vindicated, not on any bilateral level,21 but by injunctive relief against all the world in preventing
others from knowing, or even if known, using the number.
This distinction between use and knowledge on the one hand, and other notions of ownership,
such as possession or control on the other is subtle, yet its importance is highlighted if one
considers the situation of copies of private keys being taken, preserved, and used without the
rightful owner’s authorisation. This was recognised by Lord Radcliffe in Rolls Royce in respect
of the appellant’s valuable ‘know-how’:
…it would be wrong to confuse the physical records with the “know-how” itself,
which is the valuable asset: for, if you put them on a duplicator and produce one
hundred copies, you have certainly not multiplied your asset in proportion. Again,
as the facts of the present appeal show, “know-how” has the peculiar quality that
it can be communicated to or shared with others outside the manufacturer's own
business, without in any sense destroying its value to him. It becomes, if you like,
diluted, and its value to him may be affected.22
Unlike know-how, however, private keys have a one-time use, in the sense that any message
cryptographically signed with the digital signature derived from the private key will irrevocably
20 Approximately 130 words were taken from a past paper ‘Bitcoins, Blockchains, and Decentralised Ledgers: Does Situs Actually Matter? (LL.M Dissertation, City Law School, City, University of London, September 2018). 21 P Paech, The Governance of Blockchain Financial Networks’ (LSE Legal Studies Working Paper No 16/2017 2017), 39 < https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2875487 > accessed 18 December 2017. 22 Rolls Royce (n 6), 430 (Lord Radcliffe).
60
propagate a proposed a change in state across the network. On the other hand, as with the
reference by Lord Radcliffe to patents above, it is clear that private keys are substantively
related to intellectual property (‘IP’): rights in the use of an abstract concept, which may be
realised in an unlimited number of manifestations, both physical and digital, and are protected
– not ‘enforced’ – by restricting all the world from realising the concept.
IP rights are typically register-based and, in theory, there is no reason why a register could
not guarantee ownership of private keys by registering keys pairs and/or addresses with legal
persons off-chain. Such an approach has been already adopted in the EU in the context of
financial crime through the fifth iteration of the Anti-Money Laundering Directive (‘AMLD V’)23
which has brought “virtual currencies”24 within the scope of the Directive (currently AMLD IV)25
by including “providers engaged in exchange services between virtual currencies and fiat
currencies” and “custodian wallet providers” 26 within the list of ‘obliged entities.’ 27 The
rationale for doing so is set out in Recital 9 of AMLD V:
The anonymity of virtual currencies allows their potential misuse for criminal
purposes. The inclusion of providers engaged in exchange services between
virtual currencies and fiat currencies and custodian wallet providers will not entirely
address the issue of anonymity attached to virtual currency transactions, as a large
part of the virtual currency environment will remain anonymous because users can
also transact without such providers. To combat the risks related to the anonymity,
national Financial Intelligence Units (FIUs) should be able to obtain information
23 Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU [2018] OJ L 156/43 (‘AMLD V’). 24 Art 1(2)(d) amends Art 3 of Directive (EU) 2015/849 to add: “the following points are added: ‘(18) “virtual currencies” means a digital representation of value that is not issued or guaranteed by a central bank or a public authority, is not necessarily attached to a legally established currency and does not possess a legal status of currency or money, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically.” 25 Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC [2015] OJ L 141/73. 26 Defined in Art 1(2)(d) by inserting the following to the definitions at Art 3(19) “custodian wallet provider” means an entity that provides services to safeguard private cryptographic keys on behalf of its customers, to hold, store and transfer virtual currencies.’ 27 Article 1(1)(c) amends Art 2(1) and includes under ‘obliged entities’: “(g) providers engaged in exchange services between virtual currencies and fiat currencies; (h) custodian wallet providers.”
61
allowing them to associate virtual currency addresses to the identity of the owner
of virtual currency. In addition, the possibility to allow users to self-declare to
designated authorities on a voluntary basis should be further assessed.28
Similarly, the objects of the Australian Anti-Money Laundering and Counter Terrorism
Financing Act 2006 include: to provide measures to detect, deter and disrupt money
laundering, the financing of terrorism, and other serious financial crimes;29 and to provide
relevant Australian government bodies and their international counterparts with the
information they need to investigate and prosecute money laundering offences, offences
constituted by the financing of terrorism, and other serious crimes.30 In 2018, the Act was
amended to bring digital currency providers within the list of “designated services” for the
purposes of that Act,31 with digital currency defined as:
(a) a digital representation of value that:
(i) functions as a medium of exchange, a store of economic value, or a unit of
account; and
(ii) is not issued by or under the authority of a government body; and
(iii) is interchangeable with money (including through the crediting of an
account) and may be used as consideration for the supply of goods or
services; and
(iv) is generally available to members of the public without any restriction on its
use as consideration; or
(b) a means of exchange or digital process or crediting declared to be digital
currency by the AML/CTF Rules.32
Whilst such provisions and reporting requirements may be invaluable for long-term financial
crime prevention, in the simpler context of civil property rights, the pace at which individual
transactions occur would likely render such identity registers ineffective. By the time a private
key is stolen, the relevant register alerted, and an action brought to protect the right, it would
28 AMLD V (n 23), Recital 9. 29 Part 1, s 3(1)(aa) Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth). 30 Part 1, s 3(1)(ab) Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth). 31 Part 1, s 6, Item 50A, Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth). 32 Part 1, s 5, Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth).
62
likely be too late. The other practical difficulty with a register linking key pairs to legal persons
off-chain, at least in unpermissioned networks such as Bitcoin, is the resistance likely to be
met by the relevant crypto asset community and the pseudo-anonymous nature of participation
in the network as a whole. Short of a court order in individual circumstances compelling a
legal person to disclose his or her key pair,33 it is unlikely that in unpermissioned networks that
registers of key pairs will be readily implemented.
A variation of a register linking private keys to legal persons is to maintain a ‘blacklist’ of crypto
assets which have been reported as tainted by criminal activity. In respect of Bitcoin, such a
register was previously maintained;34 similarly, Professor Anderson et al of the Cambridge
Computer Laboratory report that the Bitcrime project recommended in January 2017 that
Europol should maintain a public blacklist for Europe, albeit, only in respect of ‘coin crimes’ for
which a court had made a final determination.35
4.1.1.3. Private Keys as ID Credentials
Another possibility is to analyse private keys in the terms of their use within the wider
blockchain network. Here, it is worth noting that, notwithstanding the emphasis on knowledge
of the private key as the root of user control in enjoying the benefit of a crypto asset, there are
at least three reasons why crypto assets and private keys should be considered distinct.
First, if Alice transfers 1 Bitcoin to Bob, although she is unable to do so without her private key
and loss of the key means loss of 1 Bitcoin, it is not this key itself which is transferred to Bob.
Were the private key equivalent to the Bitcoin, the only method of transfer would be to hand
over the wallet itself, whether paper, Trezor, or simply giving knowledge of the key to the
intended transferee by reading out a long string of letters and numbers.
33 As was reportedly ordered by the Southern District Court of Florida against Craig Wright in respect of Bitcoin addresses held as at 31 December 2013 in an on-going civil dispute with a former business partner. As reported by Y Kharti, ‘Craig Wright Ordered to Disclose Bitcoin Addresses in Kleiman Court Case,’ (Coindesk, 6 May 2019) < https://www.coindesk.com/craig-wright-ordered-to-disclose-bitcoin-addresses-in-kleiman-court-case > last accessed 2 June 2019. 34 R Anderson et al, ‘Bitcoin Redux’ (28 May 2018), [3] <https://weis2018.econinfosec.org/wcontent/uploads/sites/5/2018/05/WEIS_2018_paper_38.pdfblockchain.info > accessed 17 September 2018. 35 Anderson et al (n 34), 11.
63
Second, from a coding perspective, a successful transfer of Bitcoin does not transfer the
UTXO associated with the transferor’s key pair; the transfer simply creates a link between the
transferor’s public address and the transferee’s public address. In the words of Professor
David Fox:
The coin is only a notional entity, a convenient way of imagining the BTC value
represented by the output associated with a public key. The coin representing the
input to the transaction at pkA is destroyed and replaced by another coin
representing the transaction output at pkB. We would not imagine the data string
representing the coin at pkA as being transferred to pk B. The data strings at each
public key, before and after the transaction are distinct. We can, however, identify
one with the other because of the recorded transactional link between them, going
back to a specific mining transaction.36
Third, although the private key is essential to control over UTXO, the specific quantum of value
it unlocks remains premised on a broader system of validation and consensus by the
blockchain network.
Hence, the proposition explicated at the outset of this Part: the difficulty in determining the
legal significance to be ascribed to each of the private key and the blockchain to underpin a
rational system of legal property in crypto assets.
Returning to the basic proposition that Bitcoin is a novel method of clearing payment
instructions immediately demonstrates that the private key is a type of ID credential used
within the relevant crypto network to validate a payment mandate. This simple fact may be
obscured due to the growing commercial recognition that the context in which a private key is
used renders it a valuable asset in its own right: the subject of demand in a recognised market,
the target of theft, the subject of insurance37 and custody services. One of the broader issues
is, therefore, not strictly one limited to crypto assets and DLT but reflects a wider socio-
economic shift. If, from the 18th century, obligations to pay money increasingly gained social
importance as the capital-based economy began to supplant land as the dominant source of
36 D Fox, ‘Cryptocurrencies in the Common Law of Property’ in D Fox and S Green (eds) Cryptocurrencies in Private and Public Law (OUP 2019), [6.18]. 37 See for example Lloyd’s of London, ‘Bitcoin: Risk Factors for Insurance’ (Lloyd’s Emerging Risk Report 2015) <www.lloyds.com> accessed 7 August 2018.
64
wealth, it is arguable that in the 21st century, digital proofs of identity are increasingly treated
as valuable – and socially significant – assets in their own right. It is worth noting that terms
such as ‘identity theft’ have been long used in popular parlance, and the flourishing markets
for custody and insurance for private keys demonstrates the extent to which mercantile
practice recognises a password – at least in the crypto asset sphere – as a valuable economic
asset.
Further discussion of whether ID credentials meet the common law definition of property is
beyond the scope of this paper; for present purposes, it suffices to note that identity
credentials, however valuable in their own right, cannot be equated with the asset to which
they grant access. Just as a bankcard PIN is not the same asset as the bank credit to which
it grants access, the private key cannot be taken to be the crypto asset itself. The question
remains, thus, what a valuable private key grants access to and the legal weight or significance
it assumes in this broader analysis. Within the wider operation of the network, what legal
significance does a message proposing a change in state duly signed by a private key
assume?
4.1.1.4. Other Possibilities38
Professor Ross Anderson et al have suggested that a solution could be developed by
reference to the EU Payment Services Directive,39 under which instructions by a user to a
payment services provider to initiate a payment are not necessarily conclusive in law. Article
72(1) of the Payment Services Directive (‘PSD 2’) provides that:
Where a payment service user denies having authorised an executed payment
transaction, the use of a payment instrument recorded by the payment service
provider, including the payment initiation service provider as appropriate, shall in
itself not necessarily be sufficient to prove either that the payment transaction was
38 Approximately 400 words (the section on Partnerships) was taken from a past paper ‘Bitcoins, Blockchains, and Decentralised Ledgers: Does Situs Actually Matter? (LL.M Dissertation, City Law School, City, University of London, September 2018). 39 Directive 2015/2366/EU of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC [2015] OJ L 337/35 Art 72(2) (‘PSD2’).
65
authorised by the payer or that the payer acted fraudulently or failed with intent or
gross negligence to fulfil one or more of the obligations under Article 69. The
payment service provider, including, where appropriate, the payment initiation
service provider, shall provide supporting evidence to prove fraud or gross
negligence on part of the payment service user. 40
The authors therefore conclude that,
A legislature that made cryptography constitutive of ownership would violate a
number of established rights and principles […] It would exclude, or at least make
more complex, legal reasoning about intent, agency, liability and other issues that
have already been discussed in the context of the law on digital signatures.
Probably the most that might reasonably be done is to treat the signature as a
rebuttable presumption of ownership, following the electronic signature directive.
However that had such adverse effects on liability that qualified electronic
signatures found only very limited use. Here, we merely flag up such issues as
needing clarification.41
The proposal of a rebuttable presumption of ownership or authenticity of mandates is certainly
worth consideration. Even if, however, mining can be considered simply a form of clearing
and the blockchain the definitive record of settled transfers, this precedent will be of limited
application as its usefulness will depend on whether the network is open or closed. Closed or
permissioned contexts, especially where mining is a privileged activity undertaken by the
operator or operator’s agents alone is considered at Part 4.4.2 below. Open or
unpermissioned networks, however, are more problematic, given that mining is a voluntary
activity open to all; the network of nodes cannot be said to be a defined entity providing
clearing and settlement services which has any interest in rebutting a presumption under Art
71(2) of the PSD 2, if it can even be said to attract legal liability to users at all.
On an ideological level, the concept of enforceable user rights against an unpermissioned
mining community is incongruous in systems designed to implement an ideal of decentralised
trust. In theory, the interests of users and miners are designed to be so aligned and the
40 PSD2 (n 39), Art 72(2). 41 Anderson et al (n 34), 24-25.
66
mathematics underpinning the cryptography so precise that there should be no need for
recourse to the law to protect legitimate expectations or, even worse, any scope to imply duties
of care between participants beyond the mathematics of the system. True decentralisation of
trust, thus, comes at a heavy price to the individual:
A centralized model, such as a traditional bank or payment network, depends on
access control and vetting to keep bad actors out of the system. By comparison,
a decentralized system like Bitcoin pushes the responsibility and control to the
users.42
And again:
With control comes a big responsibility. If you lose your private keys, you lose
access to your funds and contracts. No one can help you regain access—your
funds will be locked forever.43
In short, in decentralised systems, the price paid for equality in knowledge of the definitive
ledger amongst participants is individual responsibility. There seems to be no ideological basis
upon which a user could hold the mining community responsible for his or own failure to keep
his private keys safe, even if he were a wholly innocent victim of theft or fraud; it is arguable
that parties who participate in such networks implicitly agree that the code is the law and to
abide by the immutability of the resulting blockchain. User entitlements seem further
incongruous in a system where there is no obligation on miners to effect ‘clearing and
settlement services’ at all. In the words of Assistant Professor Angela Walch:
A decentralized structure creates the risks that no one will even attempt to ensure
that Bitcoin works; that even if someone does step up to help, he or she has no
official authority […] it will be difficult to tell who should be involved in the process
because the Bitcoin community is so fluid. With existing centralized financial
market infrastructure, it is at least clear who has the responsibility to manage and
repair it, and it is possible to impose risk management obligations on someone…44
42 Antonopoulos (n 4), 269. 43 A Antonopoulous and G Wood, Mastering Ethereum (O’Reilly Media 2019), 16. 44 A Walch, ‘The Bitcoin Blockchain as Financial Market Infrastructure: a Consideration of Operational Risk,’ (2015) 18(837) Legislation and Public Policy, 872-7.
67
Bitcoin’s status as open-source software means that everyone interested may
participate […] but, crucially, that no one must do so.45
Similarly, it is often assumed that the de facto immutability of a decentralised ledger or the
unpermissioned context ‘prevents lawful interventions’ 46 in the operation of the system.
However, such a position is, with respect, naïve. The real question for the law is whether such
normative facts should be overridden by the law to impute responsibilities to those who fall
within its jurisdiction. A duty of care might be imposed upon miners to verify or later rectify the
blockchain where transactions have been propagated as a result of theft. However, as a
matter of commercial law, with its attitude of caveat emptor, and the foresight requirements
imposed by the law of torts, implied duties on miners do not seem appropriate when users
have been adequately warned to keep their private keys safe and secure from the possibility
of theft. On the other hand, such a position may be overcome as a matter of policy in the
same way that the harshness of caveat emptor has been mitigated by statutory protections.47
A distinction may be drawn with cases of theft by means of fraud on the blockchain itself.
Here, there is some scope to imply obligations between users and miners following orthodox
legal principles, given that all transaction instructions include a transaction fee to be
transferred to the winning miner. This is ‘paid’ in advance by the user when constructing its
signed transaction and is included on the winning candidate block as the coinbase transaction.
Hence, there is clear potential for a contractual relationship between users and the winning
miner on whose candidate block the relevant transactions are included: mining services in
consideration of a transaction fee denominated in BTC or Gas.
This, however, paints only a partial picture of the commercial transaction. First, although no
consideration is exchanged with the rest of the mining network, it performs the necessary
verification with respect to the winning candidate block to ensure its validity, and the indirect
voting necessary to ensure that the candidate block remains a valid ‘parent’ the blockchain.
If, therefore, the winning miner proved to be fraudulent, to what extent would it be possible to
separate liability between this miner and the rest of the mining network which propagated,
45 Walch (n 44), 876. 46 Oliver Wyman and Euroclear, ‘Blockchain in Capital Markets: The Prize and the Journey’ (February 2016), 14 < https://www.oliverwyman.com/content/dam/oliver-wyman/global/en/2016/feb/BlockChain-In-Capital-Markets.pdf > accessed 29 July 2018. 47 Such as the Unfair Contract Terms Act 1977.
68
verified, and validated his candidate block? Given that a majority of miners would be required
to validate the blockchain or successfully propagate fraud on the blockchain, it seems
unrealistic to apportion liability to a single miner.
A speculative response to these issues may be conceiving of the miners as operating in a
partnership. After all, users do not address offers of a transaction fee to any miner in particular
but the entire mining network, which participates as a whole to effect the mining service in
exchange. Partnership concepts of joint liability48 and fiduciary duties49 are, further, strikingly
appropriate to the ideological underpinnings of the blockchain as a peer-to-peer system of
trust. If this characterisation is accepted, the first key question would then be whether the
mining network can be said to fall within the definition of partnership as “the relation which
subsists between persons carrying on a business in common with a view of profit.”50 For
present purposes, it suffices to note that there is nothing in the decided cases 51 which
precludes the recognition of a partnership which carries on mining activities on the basis that
partnership profits (transaction fees and new Bitcoins) will be allocated according to internal
rules (the proof of work competition).52
Taking this concept one step further, a further alternative may be to consider the network of
nodes as a whole as representing a collective undertaking or agreement, such as a collective
investment scheme, joint venture, private investment fund, company, or unincorporated
association. Although each captures the concept of participation in a collective, the formal
difficulties in respect of the former vehicles arguably renders the unincorporated association
the most appropriate characterisation for an unpermissioned blockchain network.
Unincorporated associations have a long history in English law and remain the basis from
which the now-formalised vehicles for collective participation, such as companies and
partnerships, developed. 53 During the 17th century, when incorporation was originally by grant
48 Partnerships Act 1890 s 9 (UK); Partnership Act 1958 s 13 (Vic). 49 See generally M Blackett-Ord and S Haren Partnership Law (5th ed, Bloomsbury Professional 2015) Ch 11. 50 Partnerships Act 1890 s 1(1) (UK); Partnership Act 1959 s 5(1) (Vic). 51 See further Blackett-Ord and Haren (n 49), [2.15]-[2.39]. 52 Approximately 400 words (on contract and partnerships) were taken from a past paper, ‘Bitcoins, Blockchains, and Decentralised Ledgers: Does Situs Actually Matter? (LL.M Dissertation, City Law School, City, University of London, September 2018). 53 For a general history of the development of English company law from the ‘nexus of contracts’ which characterise unincorporated associations, see L Talbot, ‘Enumerating Old Themes? Berle’s
69
of royal charter, incorporated form did not necessarily differ much in practice from
unincorporated form.54 Businesses often operated as a ‘nexus of contracts’ and informal
understandings – that is, as an unincorporated association – within the broader aegis of a
single corporate entity. 55 Whereas company law has since developed, unincorporated
associations remain without legal personality, and have been authoritatively defined in
Conservative and Unionist Central Office v Burrell as:
Two or more persons bound together for one or more common purposes, not being
business purposes, by mutual undertakings each having mutual duties and
obligations, in an organisation which has rules which identify in whom control of it
and its funds rests and on what terms and which can be joined or left at will. 56
Unincorporated associations, thus, are ‘creatures of contract’; modern authority continues to
hold that the rules of the association are impliedly binding upon members as a matter of
ordinary contract law.57
Applied to Bitcoin, the following observations are made. First, although many Bitcoin users
typically use them for business purposes, this does not preclude the finding of an
unincorporated association because the Bitcoin network or community itself does not promote
a business purpose; rather, the common purpose appears more to be rooted in the ideology
of ‘doing things differently’ using cryptography and decentralised consensus algorithms. Thus,
the common purpose amongst users would be to agree that 21 million Bitcoin can be used an
alternative to central bank money, values of which are defined as UTXO distributed across
addresses in the network, settled according to the proof of work consensus algorithm, with
changes in the distribution definitively recorded on the blockchain. Second, these rules are
clearly stated in the Bitcoin White Paper. Third, mutual duties and obligations can be said to
arise in the collective task of verifying transactions. It is submitted, therefore, that
Concept of Ownership and the Historical Development of English Company Law in Context’ [2010] 33(4) Seattle U L Rev 1201, Part II at 1203 et seq. 54 Talbot (n 53), 1203-04. 55 Talbot (n 53), 1204. 56 [1981] EWCA Civ 2, [1982] WLR 522, [2] (Lawton LJ). 57 Most recently considered by reference to the authorities and confirmed in Speechley v Allott [2014] EWCA Civ 230. In Hardy v Hoade [2017] EWHC 2476 (Ch), the court held that the rules of a club, like any other contract, fell to be construed in accordance with the principles summarised in Arnold v Britton [2015] UKSC 36, [2015] AC 1619, [2015] 6 WLUK 320.
70
unpermissioned networks are best characterised as a novel type of unincorporated
association.
If this is accepted, the concept of a unit or share in the more formal collective investment
scheme or company can be usefully adapted and applied to refine the property analysis.
Obviously, the network does not ‘own’ extrinsic property in the same way that an alternative
investment fund owns a portfolio of assets and holds it on behalf of its fund participants and it
is not suggested that it is appropriate to import wholesale the terminology of ‘units’ or ‘shares’
into a proposed characterisation of an unpermissioned network as a kind of unincorporated
association. However, the concept is useful from a property perspective. By parallel, crypto
assets can be considered a quantum of participation or value determined by the rules of
consensus used by the relevant blockchain ‘association.’ Within this context, knowledge of the
private key could be considered definitive of the legal interest of possession, that is, the right
to control and exercise the property incident of transferability and enjoy the benefit of use, in
respect of this right to be recognised as participating in the network with a defined quantum of
value.
Notwithstanding the theoretical legal possibilities, the primary difficulty with developing a
functional system of property in respect of unpermissioned networks lies in practical
implementation. The blockchain can only ascribe value to particular public addresses; it does
not identify who is entitled to the benefit of that value and determine the manner in which it will
be spent. In the absence of an identity register or blacklist of tainted coins maintained off-
chain, any duties imputed to participants would be difficult, if not impossible, to enforce. In
this regard, Corda, with its hybrid model and objective of legal enforceability, represents the
most promising model. On the other hand, the issue raises more fundamental ideological
questions of the role of law in truly decentralised networks. For the more utopian advocates
of cryptography, the law itself is simply another form of centralised trust which may ultimately
become unnecessary in a society governed by lex cryptographia.58
58 See, for example, A Wright and P Filippi, ‘Decentralised Blockchain Technology and the Rise of Lex Cryptographia’ (2015) < http://ssrn.com/abstract=2580664 > accessed 19 December 2017.
71
4.1.2. Exchanges
Notwithstanding these difficulties, clarity in the legal characterisation of a crypto asset and its
constituent parts is desirable not only for legal certainty in itself, but because, in practice, most
users do not hold private keys directly but instead use ‘hosted’ or ‘custodial’ wallets. These
operate in such a way that a derivative property interest in crypto assets, premised upon and
limited by the definition of the basic crypto asset itself, is arguably created.
Hosted wallets are usually provided by crypto asset exchanges, which typically purport to hold
private keys ‘on behalf of the user.’ However, unlike dedicated wallet apps, which offer private
key management, exchange-hosted wallets do not generally transmit signed instructions to
the other nodes in the relevant blockchain network for inclusion on the next block. Rather, they
enable users to transmit buy/sell orders to the exchange itself for execution on the exchange
platform.
Direct interaction with the blockchain is generally understood to be undertaken by the
exchange on behalf of its users, and most exchanges are marketed as keeping private keys
in secure, cold storage vaults to be retrieved to the order of exchange participants. However,
again, as a matter of practice, most industry insiders59 assume that exchanges do not store
private keys nor broadcast signed transactions ‘on behalf of’ exchange participants at all.
Rather, most exchange transactions occur ‘off chain’: exchanges maintain internal records of
transactions between exchange participants, but these are not necessarily transmitted to the
other nodes nor included on the blockchain. If Alice and Bob both hold Ether in hosted wallets
at the same exchange and Alice transfers some to Bob having sent the necessary instruction
to the exchange, it is more likely than not that the transfer will not be broadcast to the
blockchain network; the exchange will simply update its own internal records. No change in
state will occur in respect of the exchange’s public address; it will simply be attributed with the
same amount of Ether as it did before.
Off-chain transactions appear to have become the default between the period 2016-2018,
vindicating the prediction by early pioneers of Bitcoin that off-chain transactions would
59 Anderson et al (n 34),13-14.
72
eventually become the norm.60 The concerns which have consequently arisen61 mirror those
which have long been identified in respect of omnibus securities accounts: the absence of any
requirement that exchanges guard against shortfalls in their internal accounts by maintaining
sufficient balances of crypto assets attributable to their public addresses to cover the sum of
their client entitlements, as recorded in the exchange’s internal accounts. Should any shortfalls
arise, the exchange users’ property rights in ‘their’ crypto assets ‘held in an exchange wallet’
will depend on: (i) the characterisation of the crypto asset itself which the exchange
purportedly holds ‘for’ the user; (ii) the precise contractual agreement between the exchange
and the user; and (iii) the method the exchange itself uses to interact with the relevant network
as a node. Factor (i) having been considered in Part 4.1.1, the remainder of this section
examines the user agreements of two well-known crypto-exchanges, Coinbase and Gemini.
4.1.2.1. Coinbase
In the UK, a user account with Coinbase comprises an Agreement with each of Coinbase UK
Ltd (‘Coinbase UK’) and CB Payments Ltd (‘Coinbase Payments’).62 Coinbase Payments
provides E-Money services in respect of E-Money payments issued by Coinbase Payments,
which are typically purchased with fiat currency in a standard bank transfer.63 Coinbase UK,
on the other hand, provides Digital Currency services, which comprise provision of a hosted
Digital Currency Wallet, which enables users to store, track, transfer, and manage balances
of certain supported Digital Currencies.64 The property considerations arising from Digital
Currency and Digital Currency Wallets can be examined predominantly through three clauses
in the Coinbase User Agreement:
60 Hal Finney is cited as having stated: ‘Bitcoin itself cannot scale to have every single financial transaction in the world be broadcast to everyone and included in the block chain...Most Bitcoin transactions will occur between banks, to settle net transfers. Bitcoin transactions by private individuals will be as rare as...well, as Bitcoin based purchases are today.’ Cited in Anderson et al (n 28),15. 61 Anderson et al (n 34), 13-16. 62 Coinbase User Agreement, Recitals <https://www.coinbase.com/legal/user_agreement > accessed 4 April 2019. 63 Coinbase User Agreement (n 62), Clause 2.1. Coinbase Payments and the provision of its services are regulated by the FCA under the E-Money Directive. 64 A full list of supported digital currencies is available at < https://support.coinbase.com/customer/en/portal/articles/2630943 >.
73
5.1. In General. “Your Digital Currency Wallet enables you to send Digital
Currency to, and request, receive, and store Digital Currency from, third parties by
giving instructions through the Site.” 65
[…]
5.12. Digital Currency Storage & Transmission Delays. The Coinbase Group
securely stores Digital Currency private keys, in a combination of online and offline
storage, which are the means by which you can securely approve a Digital
Currency Transaction. As a result of our security protocols, it may be necessary
for us to retrieve private keys or related information from offline storage in order to
facilitate a Digital Currency Transaction in accordance with your instructions, and
you acknowledge that this may delay the initiation or crediting of such Digital
Currency Transaction.66
[…]
5.16 Digital Currency Title. All Digital Currencies held in your Digital Currency
Wallet are custodial assets held by the Coinbase Group for your benefit. Among
other things, this means:
1. Title to Digital Currency shall at all times remain with you and shall not
transfer to any company in the Coinbase Group. As the owner of Digital
Currency in your Digital Currency Wallet, you shall bear all risk of loss of
such Digital Currency. No company within the Coinbase Group shall have
any liability for fluctuations in the fiat currency value of Digital Currency held
in your Digital Currency Wallet.
2. You control the Digital Currencies held in your Digital Currency Wallet. At
any time, subject to outages, downtime, and other applicable policies, you
may withdraw your Digital Currency by sending it to a different blockchain
address controlled by you or a third party.
65 Coinbase User Agreement (n 62), Clause 5.1. 66 Coinbase User Agreement (n 62), Clause 5.12. Emphasis added.
74
3. In order to more securely custody assets, the Coinbase Group may use
shared blockchain addresses, controlled by a member of the Coinbase
Group, to hold Digital Currencies held on behalf of customers and/or held
on behalf of Coinbase UK. Although we maintain separate ledger
accounting entries for customer and Coinbase Group accounts, no member
of the Coinbase Group shall have any obligation to segregate by blockchain
address Digital Currencies owned by you from Digital Currencies owned by
other customers or by any member of the Coinbase Group (emphases
added).67
Three distinct terms require detailed consideration. Clause 5.12 refers to ‘Digital Currency
private keys’ which “are the means by which [users] can securely approve a Digital Currency
Transaction.” Given that they may need to be retrieved from offline storage in order to facilitate
an instruction to transfer Digital Currencies, they seem relatively uncontroversial as the private
keys which broadcast proposed changes in state to the relevant blockchain network.
There are, however, two different clauses referring to ‘Digital Currencies’ which give rise to
inconsistency as to where such assets are ‘held.’ Clause 5.16 refers to Digital Currencies held
in Digital Currency Wallets, which are stated to be “custodial assets held by the Coinbase
Group for [users’] benefit.” Sub-Clause 5.16.3, however, also refers to Digital Currencies; this
time held on behalf of users by use of “shared blockchain addresses, controlled by a member
of the Coinbase Group,” with a disclaimer of any obligation to “segregate by blockchain
address” ownership of Digital Currencies. Digital Currencies are thus held either in a Digital
Currency Wallet controlled by the user, or at a shared blockchain address controlled by the
Coinbase Group.
The Coinbase User Agreement is one of many surveyed in an informal study68 which does
clarify how digital assets are held and traded vis-a-vis the relevant network; more specifically,
the User Agreement does not disclose whether trades initiated on the Coinbase Exchange are
mirrored by ‘on-chain’ transfers, or whether these trades remain off-chain. Such specifications
would assist in determining what rights users have in respect of Digital Currencies, but in the
67 Coinbase User Agreement (n 62), Clause 5.16. Emphases added. 68 Anderson et al (n 34), 14.
75
absence of any technical specifications, a rudimentary programming analysis suggests that (i)
“blockchain addresses” in Clause 5.16.3 are public addresses derived from the “Digital
Currency private keys” controlled by the Coinbase Group referred to in Clause 5.12; and (ii)
’Digital Currency Wallets’ refers to programs on Coinbase’s own exchange software through
which users connect with Coinbase’s systems. This accords with Clause 5.1, which states
that Digital Currency Wallets enable crypto asset transactions by giving instructions through
the Coinbase Site.
Chapter 2 demonstrated that wallets do not contain crypto assets but private keys. This raises
questions regarding what, then, a Digital Currency Wallet contains, given that users do not
have access to private keys. These were stated as being ‘custodied’ by the Coinbase Group
(Clause 5.12); Digital Currency Wallets only enable users to transmit instructions to Coinbase
(Clause 5.1). This raises further questions as to the economic value users’ ownership rights,
because, as a matter of fact and in programming terms it does not appear that Digital Currency
Wallets hold anything of any value at all. This is obscured by the somewhat unclear drafting
of the Coinbase User Agreement, but if:
(1) the private keys underpinning Digital Currencies which broadcast to the blockchain
networks are held in storage by Coinbase; and
(2) the corresponding public key and addresses are controlled by members of the
Coinbase Group; which
(3) use “shared blockchain addresses” to hold on behalf of users and the Coinbase Group
without any obligation to segregate holdings ‘by blockchain address’;
then it follows that:
(4) Coinbase users do not own, control, or access a private key, nor receive individually
at an individual public address; and
(5) whatever is stored in users’ Digital Currency Wallets does not correspond to anything
recognised as part of the relevant blockchain network.
Hence, the contents of a Digital Currency Wallet are most likely to be, as a matter of fact, a
repository of buy/sell instructions transmitted from such wallets to Coinbase. As a matter of
property law, the most reasonable characterisation seems to be that Digital Currency Wallets
contain the means through which precise value of the user’s claim – if they have one at all –
76
in the shared blockchain address controlled by the Coinbase Group can be determined. These
contents of the Digital Currency Wallet are described in the terms of two different forms
throughout the User Agreement, as Digital Currency held either: (i) by use of a shared
blockchain address controlled by a member of the Coinbase Group (sub-clause 5.16.3); and
(ii) in users’ Digital Currency Wallets (clauses 5.1, 5.16, sub-clause 5.16.2).
That the two forms are used is not necessarily fatal to legal certainty; the issue, rather, appears
to arise from the differing perspectives generated by the use of two software applications: (i)
the relevant crypto network with which Coinbase interacts through its wallet node; and (ii) the
Coinbase software through which the user interacts with Coinbase through the Digital
Currency Wallet. It is reasonably clear that, notwithstanding the use of two forms and terms,
both refer to the same substance of economic value: the user’s rights against Coinbase in
respect of the value associated with the shared blockchain address.
Defining the legal nature of this actual asset with more particularity is, nevertheless, important,
not least because the User Agreement read as a whole gives rise to inconsistency. Clause
5.16 is clearly in terms of property rights: “Title to Digital Currency held in Digital Currency
Wallets shall at all times remain with [users] and shall not transfer to any company in the
Coinbase Group.” Three main legal characterisations are possible for the “Digital Currency
held in Digital Currency Wallets” to which users purportedly have title: (1) it could be no more
than a contractual claim against the Coinbase for the relevant amount of crypto asset;
alternatively, (2) it could be a reference to the “separate ledger accounting entries” referred to
in Sub-clause 5.16.3 which the Coinbase Group maintains in respect of its shared blockchain
addresses as a kind of definitive title register; or further in the alternative, (3) it could be a
beneficial interest in the shared blockchain address.
The use of the phrase “custodial assets held by the Coinbase Group for users’ benefit” and
repeated references to “held for” and “on behalf of” strongly suggests a trustee-beneficiary
relationship rather than a claim in contract. This would not be surprising, given that custodians
of book-entry securities have generally always been presumed, in the absence until very
recently of direct authority on the point, to hold securities on behalf of custody clients as a
trustee. Given that users hold a share in the value ascribed to a public address and controlled
by a member of the Coinbase Group via the private key, it seems intuitive that the relationship
is one of trustee-beneficiary.
77
On the other hand, certain terms of the User Agreement are inconsistent with the existence of
a trust. First, title to trust property remains vested in the trustee; beneficiaries have no ‘title’
to trust property, notwithstanding common usage of that term to denote equitable interests
which are enforced against the trustee which are effective against third parties.69 Second,
beneficiaries have no rights of direct control over trust property which would enable users to
control Digital Currencies freely by withdrawal or transferring to other blockchain addresses
(sub-clause 5.16.2). Dispositions of trust property must be made through the trustee, even in
cases of nomineeship where the only obligation of the trustee is to hold trust property ‘to the
order’ of the beneficiaries.70 At most, a beneficiary can assign his equitable interest or declare
a sub-trust of his interest for his intended transferee. Finally, beneficiaries do not bear the risk
of loss in respect of property impressed with trust as users do in respect of their Digital Assets
(sub-clause 5.16.1). Trustees owe obligations to beneficiaries to preserve trust property;
failure to do so, both through positive acts, such as mis-management of trust assets, and
omissions, such as failing to keep trust property insured, will incur liability in account. If proved,
the trustee will be obliged personally to restore the value of the trust property.71
It is submitted that, if a trust characterisation is preferred, the only way to reconcile these
seemingly inconsistent provisions is to take the step of reifying a trust interest – essentially a
set of obligations against a trustee – in the same way that debts – essentially an obligation in
contract – became a freely transferrable and negotiable asset which a person could be said
to ‘own’, or to have ‘title.’ Again, using the example of financial instruments, an investor,
although he owns his financial asset vis-à-vis other traders, has no more than a claim in
contract vis-à-vis the issuer. Property, given the present emphasis on transferability, does not
necessarily always mean proprietary rights vis-à-vis the original obligor; ‘title’ may well be used
69 W Swadling, ‘Property’ in A Burrows (ed), Oxford Principles of English Law: Private Law (3rd ed, OUP 2017), [4.179]: “The fact that the beneficiary has no rights of enforcement of the trust right against third parties is often obscured by the language used by judges and commentators in this area. It is, eg, common to talk of a trustee of a title to goods as having a ‘legal’ title, and his beneficiary having an ‘equitable’ title. But there is only one ‘title’, where that word means a right to exclusive possession. Although the beneficiary has rights, has an entitlement, his rights are of a different order and therefore not appropriate described in such terms.” 70 E.g., Vandervell v IRC [1967] 2 AC 291 (HL); [1967] 2 WLR 87 concerned a bare trust under which the settlor wished to divest himself of all benefit to the trust property. 71 This comprises the beneficiaries’ right to hold the trustee liable for their management of trust 39-assets. ‘Falsification’ involves disputing a transaction made in breach and the trustee is liable to reverse the effect of the transaction by restoring the fund. ‘Surcharging’ involves breach by omission, such as failing to insure trust property or failing to make a proper investment, which results in a reduction of the value of the trust property. Trustees will be liable to pay the balance of what the fund ought to have been but for the omission. See further L Tucker et al (eds), Lewin on Trusts (19th ed, 2015, Sweet and Maxwell), Chapter 39 generally and [39-003]-[39-004] in particular.
78
in the sense that the underlying obligation is freely transferrable on the secondary markets in
the way prescribed by Sub-Clause 5.16.1.
The alternative legal analysis that users retain title as a bailor of Digital Currencies, which are
bailed to Coinbase as bailee: bailors retain title over bailed goods throughout the term of the
bailment, whereas the bailee obtains only legal possession. The main obstacle, however, to
the recognition of a bailment of Digital Currencies in England and Wales is the centrality of
possession to the legal mechanism of bailment. Noting the etymological root from the French
bailler ‘to deliver,’ Professor Norman Palmer has written that “the essence of bailment is
possession,”72 thus, “unless one person is in possession of goods to which another has a
superior right of possession there can be no bailment.”73 Only legal interests, therefore, may
be the subject of bailment, unless an equitable interest draws with it a right to the immediate
possession of the property.74 Hence, the common law position that intangibles cannot be the
subject of possession and, so, nor can they be the subject of bailment; nor other possession-
based legal techniques.75 It does not seem currently possible, therefore, to characterise
Digital Currencies as being bailed to Coinbase under English law, however, this orthodoxy will
be considered in more depth and ultimately challenged at Part 5.1.
For present purposes, it suffices to note that the terms of the Coinbase User Agreement are,
under current law, inconsistent with the existence of both a bailment and a trust. However,
even if these difficulties could be overcome, a final obstacle presents in the segregation
requirement common to both trusts and bailment. Prima facie, the fact that private keys are
simply large numbers designed to be random to cryptographic standards is striking in this
context because, as such, private keys cannot be said to be in any way fungible.76 As truly
unique assets, the problems of segregation which have arisen with purported bailments and
72 NE Palmer, Palmer on Bailment (3rd ed, Sweet and Maxwell 2009), [1-001]. 73 NE Palmer, ‘Bailment’ in A Burrows (ed) Oxford Principles of English Law: Private Law (3rd ed, OUP 2017), [16.06]. 74 Palmer (n 73), [16.05] fn 40, 41, 42 and text. These principles are reinforced by a “strong judicial conviction that intangible things cannot be converted,” in Palmer (n 72), [30-004]. 75 Approximately 100 words here were taken from a past paper ‘Intermediation, Custody, and the Law of Trusts: Did English Law Cope with the Lehman Insolvency?’ (LL.M Research Paper, Commercial Law: Issues and Policies, Melbourne Law School, December 2017). 76 It is worth noting that a fungible token, such as an ERC20 which considered ‘fungible’ because it does not show the token’s full transaction history, may not necessarily be fungible as a matter of legal property if the analysis remains that it is the private key that is properly the subject of the legal analysis. Although the token may be fungible within its intended sphere of utility, the private key to which the token is attributed will still remain a large and unique number generated to cryptographic standards of randomness.
79
trusts over commingled fungible goods – bars of gold,77 bottles of wine,78 share certificates,79
and book-entry securities80 – on the basis that it is impossible to tell which fungible goods
belong to whom simply do not arise.
On the other hand, even if key pairs, being derived from unique private keys are uniquely
identifiable, it remains open whether bailments and trust require each beneficiary or bailor to
be able to identify which non-fungible asset belongs to them at all times, or whether it is
sufficient that the total number of non-fungible assets held by a common bailee or trustee
matches the total number of claims so that, if necessary, allocation can be made ex-post.
There is little guidance in the authorities, which have concerned fungible assets. However,
that proprietary rights may be recognised over unascertained property by means of a floating
charge81 or over future property82 is certainly indicative that such ex-post allocation would be,
in principle, in accordance with doctrine. Potential methods, should the equivalent of
crystallisation arise in respect of private keys, could be to allocate by reference to time of
‘acquisition’ by a user as recorded on the blockchain, or a ‘first-in, first out’ method currently
used for tracing funds standing to the credit of a bank account.
Notwithstanding this potential for doctrinal development through adapting to a novel form of
property, the effect of the express disclaimer by Coinbase of any obligation to segregate “by
blockchain address” is indicative that the property in question is a single, or certainly minimal
number of, private keys and their associated value, of which users own a proportion; not a
mass or multitude of non-fungible, unique key pairs which simply need to be allocated to
specific users on a ‘one-key-per-user’ basis. That assets are not segregated is, under current
doctrine,83 no bar to the recognition of a trust. The main consideration for assessing the
strength of property rights in Digital Currencies held with Coinbase question would be,
therefore, ensuring that the current value attributed by the relevant blockchain to the shared
address corresponds with the aggregate value of entitlements recorded in the internal ledgers
77 Re Goldcorp Exchange [1995] 1 AC 74. 78 Re London Wine Company (Shippers) Limited [1986] PCC 12. 79 Hunter v Moss [1994] 1 WLR 452 (CA); 3 All ER 215 (CA); [1993] 1 WLR 934 (Ch). 80 Re Lehman Brothers International (Europe), also known as Pearson v Lehman Brothers Finance SA (RASCALS) [2010] EWHC 2914 (Ch); Re Lehman Brothers International (Europe), also known as Lomas v RAB Market Cycles (Master) Fund Ltd [2009] EWHC 2545 (Ch). 81 Agnew v Commissioners of Inland Revenue, also known as Re Brumark Investments Ltd [2001] UKPC 28. 82 Tailby v Official Receiver (1888) 13 App Cas 523. 83 Hunter v Moss (n 79); Re Re Lehman Brothers International (Europe) (n 80).
80
kept by the Coinbase Group. It is submitted that this is a matter of contract between the
exchange and user, as set out in the User Agreement.
In light of these considerations, it is highly likely that assets held in Coinbase Digital Currency
Wallets are claims against Coinbase in proportions identified by the repository of buy/sell
orders and instructions those Wallets contain. This, however, remains speculative and, in the
absence of any proper disclosure or clearer drafting, it is submitted that the Coinbase User
Agreement exemplifies the kind of opaque exchange user agreement to which Professor
Anderson et al drew attention in their survey. Citing their analysis of the financial statements
filed at Companies House, as against the reported assets under management and relative
size of the UK cryptocurrencies markets and its GDP,84 those authors conclude that Coinbase
probably executes all trades off-chain.
4.1.2.2. Gemini
By contrast, the Gemini User Agreement 85 demonstrates a higher degree of legal and
technical sophistication. As with Coinbase, a Gemini account comprises a number of sub-
accounts: one or more of a ‘Fiat Account’ that reflects its fiat currency balance; and a ‘Digital
Asset Account’ that reflects its Digital Asset balance. Each Digital Asset Account is further
subdivided into ‘Depository Accounts’ and ‘Custody Accounts.’86
Gemini is a fiduciary under § 100 of the New York Banking Law in respect of both Fiat and
Digital Asset Accounts. The precise ownership provisions, however, differ between accounts.
In respect of Digital Assets, users are told that Gemini is:
… a custodian that is licensed to custody your Digital Assets in trust on your behalf.
Gemini custodies your Digital Assets in either a Depository Account or a Custody
Account controlled and secured by Gemini; the balances of which are reflected in
the Digital Asset Account of your Gemini Account. Digital Assets custodied in a
Depository Account are pooled together in one or more of our Digital Asset wallets.
Digital Assets custodied in a Custody Account are custodied pursuant to the
84 Anderson et al (n 34), 14-15. 85 Gemini User Agreement, < https://gemini.com/user-agreement/#user-agreement-archive > accessed 19 April 2019. 86 Gemini User Agreement, ‘Account Types,’ < https://gemini.com/user-agreement/#account-types > accessed 15 April 2019.
81
Custody Agreement entered into by and between you and Gemini Trust Company,
LLC […]
Digital Assets custodied on your behalf and reflected in the Digital Asset Account
of your Gemini Account are not treated as general assets of Gemini.87
It seems, therefore, that Digital Assets ‘custodied’ in Depository Accounts are intended as
impressed with trusts. By contrast, Digital Assets ‘custodied’ under the Custody Agreement88
are expressed to be bailed Assets with Gemini as bailee,89 and are held in Custody Accounts
in the name of the user. Users agree and understand that:
Your Custody Account will have one or more associated unique Blockchain
Addresses in which your Assets will be (i) segregated from any and all other assets
held by us and (ii) directly verifiable via the applicable blockchain. We will provide
you with all Blockchain Addresses associated with your Custody Account.
The ownership of your Assets will be clearly recorded in our books as belonging
to you. Our records will at all times provide for the separate identification of your
Assets. We will not loan, hypothecate, pledge, or otherwise encumber any Assets
in your Custody Account, absent General Instructions from you.
You agree and understand that nothing herein prevents us from using our Cold
Storage System to custody our own property and/or the property of third
parties; provided, however, that, at minimum, separate Blockchain Addresses are
utilized to segregate your Assets from such other property.90
Use of the term ‘separate blockchain addresses’ strongly suggests use of a HD seeded wallet
to generate different public addresses for Custody Account clients, which, indeed, enable such
segregation of public addresses without necessarily giving users control over the assets by
means of a private key. If the property characterisation at Part 4.1.1.4 is accepted, it is
submitted that it accommodates the terms Gemini’s Custody Account: users, in receiving at a
87 Gemini User Agreement, ‘Your Digital Assets,’ < https://gemini.com/user-agreement/#your-digital-assets > accessed 15 April 2019. 88 Gemini Custody Agreement < https://gemini.com/custody-agreement/> accessed 15 April 2019. 89 Gemini Custody Agreement (n 88), ‘Custodian Appointment.’ 90 Gemini Custody Agreement (n 88), ‘Custody Account.’
82
segregated public address, hold legal title to their right to be recognised by and participate in
the relevant blockchain network; such abstract entitlement is then bailed to Gemini, which
holds the legal interest of possession, represented by the private key, in respect of this
entitlement. It seems that the statement that “all Exchange trading activity [on Gemini] is ‘off-
chain’ and not broadcast to a given blockchain,”91 applies only to Depository Accounts, if, as
the Custody Agreement states, Custody Accounts can be directly verified on the public
blockchain.
Bailments come in a variety of forms, but certain general obligations are imposed on every
bailee. Bailees must take reasonable care of the bailed goods and must not convert them;92
usually, this will include a prohibition against denying the bailor’s title.93 Bailees must also
not deviate from the terms of the bailment and becomes an insurer if he does.94 These
obligations are generally in line with those accepted by Gemini which, in respect of Custody
Accounts and custody of Assets, Gemini expressly disclaims any obligations requiring Gemini
to “expend or risk [its] own funds, property, or otherwise incur any financial liability, in the
performance of any of [its] duties” and accepts a general standard of duty in accordance with
the ‘Reasonable Care’ section of the User Agreement.95 This is generally framed in terms of
“reasonable care and commercially reasonable efforts.”96
By contrast, Gemini Depository Accounts impressed with trust involve no separation of legal
title and legal possession: both vest in Gemini, against whom Depository Account holders
have a claim as, as it would appear to be, beneficiaries under a trust. Some proprietary
interest, therefore, in the participation right in the network and directions as to dealings with
trust property would also be conferred upon users. Again, as with Coinbase, however,
dealings from such accounts are disclosed as executed ‘off-chain’; similar risks of shortfall,
thus, arise.
91 Gemini User Agreement, ‘Gemini Exchange’ < https://gemini.com/user-agreement/#gemini-exchange > accessed 1 April 2019. 92 Morris v CW Martin & Sons Ltd [1966] 1 QB 716, 738 (CA), per Salmon LJ; East West Corp v DKBS 1912 [2003] EWCA Civ 83. 93 Biddle v Bond (1865). 6 B & S 225, 122 ER 1179; Ross v Edwards & Co (1895) 73 LT 100. 94 Lilley v Doubleday (1881) 7 QBD. 510; Shaw v Symmonds & Sons Ltd [1917] 1 KB 799; Mitchell v Ealing London Borough Council [1979] QB 1. 95 Gemini Custody Agreement (n 88), ‘Custodial Obligations.’ 96 Gemini User Agreement, ‘Reasonable Care’ < https://gemini.com/user-agreement/#reasonable-care > accessed 1 April 2019.
83
Other than this, the main difference between the strength of property rights in Digital Assets
held in Depository and Custody Accounts is, thus, the difference between the rights of a
beneficiary under a trust and those of a bailor. Given the express disclaimer of traditional
obligations associated with trusts, as is common in the modern commercial trust context,97
there is unlikely to be any significant difference in the personal rights vis-à-vis Gemini itself as
trustee or bailee. The main property distinction, and no insignificant one at that, is that title in
the context of bailment is retained by the bailor. If, therefore, New York State law, which
governs the Gemini Agreement, 98 recognises that intangibles may be the subject of
possession, Gemini Custody Account clients have relatively strong property rights in their
Digital Assets; stronger than those associated with Coinbase and Gemini Depository
Accounts, as well as intermediated securities held in omnibus custody accounts.
4.1.3. Summary
This Part set out to explore the basic legal property issues which arise in respect of ‘native’
cryptocurrencies analysed on their own coding terms. It established that, notwithstanding the
influential precedent of definitive book-entry securities, the blockchain cannot be considered,
without more, a definitive title register of registered securities or records as to bearer assets.
Nor, notwithstanding the commercial and practical coding emphasis on the private key as the
means to control and transfer crypto assets, can the private key be conflated with the asset
itself. The central property question was therefore identified as being the legal weight to be
given to each of the private key, the blockchain, and the relationships between users of nodes,
in a broader analysis which considers the network as a whole.
97 Law Commission of England and Wales, ‘Trustee Exemption Clauses’ (Law Com No 301 Cmmd 6874, 2006); Financial Markets Law Committee (UK), ‘Trustee Exemption Clauses: Analysis of the Role of the Trustee in the Wholesale Financial Markets and of the Proposals Contained in the Law Commission's Consultation Paper No 117’ (FMLC Issue 62, May 2004); also fn 76-79 and text at 18 above. 98 Gemini User Agreement, ‘Governing Law’ < https://gemini.com/user-agreement/#governing-law > accessed 1 April 2019.
84
The proposed characterisation of a crypto asset was a right to participate in a collective
undertaking with a quantum of value determined by network consensus. In the public network
contexts of Bitcoin and Ethereum, the unincorporated association was identified as the most
appropriate vehicle for such characterisation. In respect of the private key, a documentary
intangibles analysis, intellectual property analysis were both considered, before concluding
that the private key is essentially an ID credential which is increasingly treated as a valuable
asset in its own right. It then considered the proposal that the private key could be a rebuttable
presumption of ownership, before suggesting that a better analysis would treat the private key
as definitive of the legal interest of possession of the crypto asset, in the sense of exercising
over such asset rights of use, transfer, and control.
The final section then applied this foundation to indirect holdings of crypto assets through
exchange-hosted or custodial wallets and concluded that holding through exchange-
intermediaries arguably creates a new interest in such rights: if the exchange holds a
participation right vis-à-vis the network, exchange users in their exchange wallets hold some
claim against the exchange in respect of this right; claims, which furthermore, are freely traded
as assets in their own right. Characterisation of this derivative interest will, in the first instance,
depend on the precise contractual relationship between exchange and user, as well as the
technology underpinning the exchange’s API. It was seen that a Gemini Custody Account
offers presumed use of HD seeded-wallets to generate public addresses from a single master
key, held in their possession as bailor. Gemini Depository Accounts and Coinbase, on the
other hand, tended to use omnibus public addresses in which users own a claim – either in
trust or contract – against the exchange in proportions evidenced by the repository of
instructions in their exchange wallet.
85
4.2. ICOs and Issuers
At this point, the narrative begun in Chapter 2 of the evolution of financial forms – defined in
this paper as the symbol used to represent an abstract, transferrable, and valuable obligation
– properly resumes. From beginnings in paper instruments, through the book-entries of
intermediaries, such form is now starting to see trends towards what the International
Securities Services Association (‘ISSA’) and Swiss Financial Market Supervisory Authority
(‘FINMA’) both define as ‘Asset Tokens.’1 Many start-ups, typically in the fintech sector, have
opted to raise investment capital, complete with attendant voting and profit-sharing
entitlements, directly from the public as an ‘initial coin offering’ (‘ICO’). On the other hand,
established issuers accustomed to regulatory oversight and the public exchanges are far more
likely to market their forays into the crypto sphere by emphasising the underlying DLT, using
phrases such as ‘issuing traditional securities on a blockchain.’
From a property perspective, there is little to distinguish the two: in both cases, the substantive
obligation underpinning the financial asset is largely the same (claims against the issuer) and
the form used to represent this obligation is the same (a crypto asset). The only real legal
difference is that one falls within the remit of the existing financial regulation whereas the other
may not. In this regard, financial regulators across jurisdictions are slowly gaining the
confidence to look beyond the novelty of cryptographic form to recognise that the substance
of unregulated ‘asset tokens’ render them indistinguishable from traditional securities subject
to the whole gamut of financial regulation.2 For would-be issuers, regulatory ‘sandboxes’
remain one of the most compliance-friendly ways through which to experiment with DLT-
enabled issues of securities. In the UK, since the first cohort of firms were admitted to the
Financial Conduct Authority’s (‘FCA’) Sandbox on 7 November 2016, 14 out of a total 118
admitted have specifically explored the use of DLT in the primary markets (Table 1).
1 Chapter 4, Tables 1 and 2 at 51 above. 2 See, for example, the ASIC’s Information Sheet 225, ‘Initial Coin Offerings and Crypto-Assets’ (May 2019 Update) < https://asic.gov.au/regulatory-resources/digital-transformation/initial-coin-offerings-and-crypto-assets/ > accessed 31 January 2020; and CMS Legal Services EEIG, ‘Initial Coin Offerings: New Means of Fundraising’ (March 2018) <https://cms.law/en/INT/Publication/Initial-Coin-Offerings-New-means-of-fundraising > accessed 19 April 2019.
86
Table 1. Summary of FCA Sandbox businesses testing the use of DLT in primary issuance3
Cohort 1: 18 businesses admitted for testing; announced 11 July 20164 Issufy A web-based software platform that streamlines the overall Initial Public Offering (IPO) distribution
process for investors, issuing companies and their advisers. Nivaura A platform that uses automation and blockchain for issuance and lifecycle management of private
placement securities. Otonomos A platform that represents private companies’ shares electronically on the blockchain, enabling
them to manage shareholdings, conduct book building online and facilitate transfers. Cohort 2: 24 businesses admitted for testing; announced, 15 June 20175 BlockEx BlockEx wish to test a bond origination, private placement and lifecycle management platform
based on distributed ledger technology. Nivaura Nivaura’s focus is on automating the primary issuance and administration of financial assets
through a centralised system or a blockchain infrastructure. Cohort 3: 18 businesses admitted for testing; announced 15 Dec 20176 ResonanceX New electronic platform that enables end-to-end automation of price discovery, execution and life-
cycle management of structured products using centralised or blockchain asset custody. Cohort 4: 29 businesses admitted for testing; announced 3 July 20187 BlockEx Platform that facilitates the issuance and manages the lifecycle of regulated bonds using DLT. Capexmove Platform that uses DLT to allow small companies to raise capital in a more efficient and streamlined
way. Fineqia Blockchain-based digital platform that enables companies to issue and administer debt and equity
securities, including bonds backed by cryptoassets. Globacap Capital raising platform for SMEs and institutional investors which facilitates the issuance process
of debt and equity securities. Globacap use DLT to simplify and streamline the issuance process.
TokenMarket Funding platform that uses DLT to facilitate the issuance of shares in private companies more efficiently.
20|30 DLT-based platform that allows companies to raise capital in a more efficient and streamlined way. The test will be facilitated in conjunction with London Stock Exchange Group and Nivaura.
Cohort 5: 29 businesses admitted for testing; announced 29 April 20198 London Stock Exchange Group
A test that will integrate DLT within LSEG-operated listing and trading venues to test market infrastructure for the issuance, admission and trading of equity securities, evidencing the change of beneficial ownership. LSEG has invited Nivaura and select market practitioners along the value chain to participate as part of this test
Torca A platform that uses DLT to streamline the capital raising process, providing a one-stop-shop for issuing securities, including onboarding, raise-management and token issuing services. The platform aims to increase transparency and speed of execution for both security issuers and investors.
3 FCA Regulatory Sandbox Website < https://www.fca.org.uk/firms/regulatory-sandbox > accessed 1 March 2019. 4 FCA Regulatory Sandbox Website < https://www.fca.org.uk/firms/regulatory-sandbox/cohort-1 > accessed 1 March 2019. 5 FCA Regulatory Sandbox Website < https://www.fca.org.uk/firms/regulatory-sandbox/cohort-2 > accessed 1 March 2019. 6 FCA Regulatory Sandbox Website < https://www.fca.org.uk/firms/regulatory-sandbox/cohort-3 > accessed 1 March 2019. 7 FCA Regulatory Sandbox Website < https://www.fca.org.uk/firms/regulatory-sandbox/regulatory-sandbox-cohort-4-businesses > accessed 1 March 2019. 8 FCA Regulatory Sandbox Website < https://www.fca.org.uk/firms/regulatory-sandbox/cohort-5 > Accessed 19 May 2019.
87
4.2.1. LuxDeco-Nivaura
Of these firms, Nivaura is a software company which aims to facilitate “automation of the entire
lifecycle of a financial instrument,”9 and remains the only firm with multiple admissions for
testing. In November 2017, Nivaura partnered with the luxury furniture company, LuxDeco, to
issue two bonds in tandem. Both were live deals making use of a public blockchain and
Nivaura’s platform, but in significantly different ways.
Commercially, the issues were identical and structured as a standard registered Eurobond
(Figure 1) which have the following features:10
(i) The securities are issued as a global certificate representing the entire issue;
(ii) Legal title to the global certificate is held by a nominee, whose name appears in the
register;
(iii) Title is held by the nominee for the chain of depositories and custodian entities
comprising the clearing system, all of whom hold accounts for sub-beneficiaries;
(iv) The investor is the ultimate sub-beneficiary in this chain;
(v) The issuer’s payment obligations under the bond are performed via a paying agent
appointed, who remits payments to the investors through the clearing systems;
(vi) Trustees are appointed to represent the interests of the investors and play a major
enforcement role if the issuer defaults.
The Control bond retained this basic structure (Figure 2), but included some differences:11
(i) Investors paid investment capital into Nivaura’s client account, which was immobilised
there, through an ordinary bank transfer;
(ii) This deposit was mirrored by the addition of tokenised credits to the relevant investors’
cash accounts on the Nivaura platform;
(iii) The bonds were issued into LuxDeco’s securities account on the blockchain platform;
(iv) Upon settlement, the bonds were transferred to the relevant creditors’ securities
accounts as the cash was transferred to LuxDeco’s cash account on a typical DvP
basis.
9 R Cohen et al, ‘Automation and Blockchain in Securities Issuances,’ (2018) 3 JIBFL 144, 147. 10 Cohen et al (n 9), 144-145. 11 Cohen et al (n 9), 145.
88
By contrast, the Experimental bond was denominated in Ether, and was issued entirely without
recourse to any of the existing market infrastructure (Figure 3):12
(i) Investors transferred Ether from their existing wallets to their Nivaura wallets;
(ii) On settlement, Ether was transferred from the investors’ wallets to LuxDeco’s public
address, and the bonds, represented by ERC20 Tokens,13 passed from LuxDeco’s
securities wallet address to the investors’ addresses;
(iii) These changes in state were recorded in a public blockchain, which functioned as the
register;
(iv) Smart contracts were deployed to automate payment of principal and interest to
investors’ addresses;
(v) Custodians provided key custody and reconciliation services between the internal
Nivaura platform records and the public blockchain.
Figure 1. Traditional Eurobond in the current financial markets infrastructure14
12 Cohen et al (n 9), 146. 13 Telephone conversation between R Cohen and author, 31 May 2019. 14 R Cohen et al, ‘Banking on the Blockchain,’ (February 2018) IFLR 24, Figure 1 at 43 < http://www.allenovery.com/SiteCollectionDocuments/Banking_On_The_Blockchain.pdf > accessed 30 March 2019.
89
Figure 2. The LuxDeco-Nivaura Control Bond15
Figure 3. The LuxDeco-Nivaura Experimental Bond16
15 Cohen et al (n 14), Figure 2 at 44. 16 Cohen et al (n 14), Figure 3 at 45.
90
In both the Control and Experimental bonds, the asset itself remained a registered security,
and the FCA considered the public blockchain sufficiently independent to satisfy the regulatory
requirements for third-party reconciliation of the register.17 There was, therefore, “no need for
a registrar to keep a register of holders; the register was the blockchain.”18 It is, however,
unclear whether this does indeed mean, as contended, that “the blockchain allowed for legal
and beneficial title to be united.”19 If the public blockchain is intended to function as the
definitive register, it would need to be supplemented by some additional database to link key
pairs with legal persons. This appears to be within Nivaura’s contemplation. Applications that
leverage the blockchain were cited as a potential solution to the pseudo-anonymity problem;
in this particular use case, the digital custody service was the relevant application. 20 It
appears, therefore, that the Custodian’s records of key custody clients may be used to
supplement the blockchain register.
Here, it is worth noting a useful legal precedent in the Spanish system of holding intermediated
securities in a similar two-tier structure. First, Iberclear, the Spanish CSD, maintains a ‘Central
Register’21 which contains the aggregate balances of securities held in the accounts of each
Iberclear participant, which are typically financial institutions. Second, the participants each
maintain ‘Second-tier Registers’22 in respect of their own customers’ holdings. The two
registers are linked by a common register reference for each account entry which correspond
to a particular transaction; a new register reference must be generated each time there is a
transfer in ownership, upon which the prior register reference is cancelled.23 The two registers
are, thus, treated as a single, record of ownership.24 There is no reason why not, therefore,
the blockchain supplemented by the Custodian’s records could not cumulatively operate as
the definitive register identifying exactly who is entitled to the benefit of the security.
The role of the private key in this context of the blockchain as a definitive register, then, falls
to be considered. Transfers of the Experimental Bond were effected and recorded by way of
17 Cohen et al (n 9), 147. 18 Cohen et al (n 9), 147. 19 Cohen et al (n 9), 147. 20 Cohen et al (n 9) 147. 21 Article 19.2, Consolidated Text of the Regulation of Sociedad de Sistemas (‘Iberclear Regulation’) as at 6 September 2017 < http://www.iberclear.es/ing/Regulations/Legal-Framework > accessed 9 April 2019. 22 Article 19.3, Iberclear Regulation (n 21). 23 Law Commission of England and Wales, ‘The UNIDOIT Convention on Substantive Rules Regarding Intermediated Securities: Further Updated Advice to HM Treasury’ (May 2008), [2.44]. 24 Article 19.1 Iberclear Regulation (n 21).
91
dealings in ERC20 tokens directly through investors’ crypto wallets. The private key therefore
functioned as the means through which transfers of the registered security were effected.
Notwithstanding that this is likely to be the only way in which users exercise such rights of
ownership, Nivaura does not expect that investors will store and manage private keys directly.
Rather, Nivaura’s digital custody service is structured in such a way that private keys are held
by a Custodian, with direct access granted to investors by means of a PIN.25 Such a method
eliminates the risk of losing access to assets if private keys are lost; if an investor forgets his
PIN, a new one may be generated by the Custodian upon adequate proof of identification.26
This raises several questions regarding the legal characterisation of the private key, and the
basis upon which they are held by the Custodian. If the bonds themselves are registered
securities to which legal title is held directly by the investor, using the proposed
characterisation in Part 4.1.1.4, the only characterisation possible is that the security is bailed
to the Custodian, who holds the interest of possession represented by the private keys. Given,
furthermore, that the use of the private key is largely ‘self service’ through use of the PIN,27 it
does not seem that investors face the risks arising with off-chain transactions: private keys are
held by the Custodian but are accessed directly by investors under, as it were, a bare bailment,
rather than through issuing mandates. Rather, the greater difficulty lies in the fact that the
blockchain network used – at least for the Sandbox context – is public and, therefore, the
Ethereum mining community owes no duty to neither issuer nor investor to maintain the
blockchain. This, however, would appear to be largely a matter for the issuer; Nivaura’s
platform is ‘blockchain-agnostic’ in the sense that it is a software company, not a blockchain
company, and its platform may be used across any blockchain network.28
A related question arises as to personal liabilities. For example, for whom does the Custodian
– as asset keeper, critical interface between the pseudo-anonymous blockchain and legal
identity of the investors, and potential part of the legal register – act: issuer or investor? To
some extent, that the digital custody service is a software licensed to issuers suggests that
the Custodian is appointed by the issuer. Although Nivaura played the role of Custodian within
the Sandbox, Nivaura does not expect to fulfil this function in non-Sandbox applications, in
which context independent entities will perform this role.29 The importance, however, of a
25 Telephone conversation between R Cohen and author, 31 May 2019. 26 Telephone conversation between R Cohen and author, 31 May 2019. 27 Telephone conversation between R Cohen and author, 31 May 2019. 28 Telephone conversation between R Cohen and author, 31 May 2019. 29 Telephone conversation between R Cohen and author, 31 May 2019.
92
robust framework for personal liabilities becomes more apparent when considered in the
context of the actual performance of the issuer’s payment obligations. In the case of the
Experimental bond, rather than payments due under the bond ‘trickling down’ the chain of
custody,30 automation via a smart contract enables payments to be made directly to holders.31
However, removing the intermediary typically involved in remittance, the paying agent, raises
novel issues because economic value in performance of an underlying obligation, enforceable
by legal action, is premised upon performance by legal persons capable of being sued.
Paying agents stand at the ‘top’ of the custody chain and are appointed pursuant to an agency
agreement, to which the agent, issuer, trustee and the guarantor are typically all party. When
a payment of interest or principal falls due, the issuer is obliged under the agency agreement
to transfer the funds to the paying agent, who then is responsible for ensuring that the
payments are duly remitted to the relevant investors. The liabilities between the parties are
structured in such a way that, as between issuer and investor, failure by the paying agent to
make a requisite payment does not generally discharge the issuer’s obligation vis-a-vis the
holder, even if the issuer has already paid the relevant amount to the paying agent.32 Should,
therefore, the paying agent fail to make a payment to the investors having been put into funds,
the issuer remains liable to the investors, but has an action against the paying agent under
the terms of the agency agreement. Most agency agreements typically provide for a banker-
customer relationship (Figure 4); thus, any money transferred by the issuer to the paying agent
is so transferred as unsecured creditor, and the issuer’s action against a defaulting paying
agent arises in simple debt. Should, therefore, the paying agent fail to make any payment
having collapsed into insolvency after having been put into funds, the issuer’s claim would fall
to compete with those of all other unsecured creditors.33
30 Cohen et al (n 9), 145 31 Cohen et al (n 9), 147 32 G Fuller, The Law and Practice of International Capital Markets (3rd ed, LexisNexis 2012), [3.23]. 33 Fuller (n 32), [3.24].
93
Figure 4. Example of standard provisions in an Agency Agreement regarding funds paid
by issuer to paying agent.34
(1) Each Paying Agent will be entitled to deal with money paid to it by the Issuer
for the purposes of this Agreement in the same manner as other money paid to
a banker by its customers, except that:
(a) it will not exercise any right of set-off, lien or similar claim in respect of the
money; and
(b) it will not be liable to account to the Issuer for any interest on the money.
(2) In acting under this Agreement and in connection with the Notes each Paying
Agent will act solely as an agent of the Issuer and will not assume any
obligations towards or relationship of agency or trust for or with any of the
owners or holders of the Notes or the Coupons.
It should be underscored that such insolvency would not affect the legal rights of the investor
against the issuer, whose obligations under the asset itself are not discharged by transfer of
funds to the paying agent. In practical terms, however, the insolvency of the paying agent
would likely have some effect on the investor’s chances of being paid, whether through the
immediate default or on future performance, as the issuer’s action against the paying agent
may well turn out to be worthless. Issues governed by US law, on the other hand, offer holders
a proprietary advantage. Under the Trust Indenture Act 1939, all sums paid to the paying
agents by the issuer for the payment of principal and interest on the notes are held on trust for
the holders or the trustee.35 Although under English law, a Quistclose trust36 may, in theory,
arise in light of the express intention of the issuer that the money is paid for a specified
purpose, the express disclaimers of any trust that are typical of agency agreements will
prevent such trust from arising (Figure 4).
Irrespective, however, of the strength of the property rights or ‘guarantee,’ as it were, that an
investor can expect the underlying promise by the issuer to pay will be honoured, that there is
34 Fuller (n 32), [3.27]. This is an example for a stand-alone issue with a fiscal agent and no guarantor. 35 s 317(b) Trust Indenture Act 1939 15 USCA §77aaa (2012). 36 Barclays Bank Ltd v Quistclose Investments Ltd [1970] AC 567 (HL).
94
a clear division of responsibility and an identified defendant to an action provides, in itself, a
measure of legal certainty. Where, however, the paying agent’s function is automated by a
smart contract, there is uncertainty as to what redress an investor or the issuer has if the code
fails to execute correctly and any funds intended to fulfil payment obligations are lost. The
relevant question seems to be whether a smart contract could similarly be held to be a ‘debtor’
to the issuer; or be otherwise liable for its own failure to execute in the same way as the paying
agent is a debtor vis-a-vis the issuer which has put it in funds; or alternatively, hold funds on
trust as does a paying agent who is subject to the US Trust Indenture Act 1939.
In this latter case, it is worth noting that Ethereum smart contract accounts are able to hold
funds to be ‘unlocked’ and distributed upon being called into execution,37 so it would be
possible for issuers to make funds available in advance of the hypothetical error in execution
of the smart contract code. Assuming a court would be willing to hold a trust has arisen over
Ether38 held in a contract account, such rights under a trust, hitherto the ‘holy grail’ of third
party proprietary claims, would not, however, actually be of any avail to the holders if the error
in code execution involved an irrevocable loss of access to the funds. In 2017, approximately
US$150-300 million worth of Ether was irretrievably lost after a developer inadvertently
exploited a bug in the Parity wallet library contract; in an attempt to rectify the problem in the
affected multi-sig wallet, the developer accidentally deleted the library code itself. All Parity
multi-sig wallets relying on that code were consequently frozen.39 In cases involving such
errors, essentially where trust property is destroyed, given that the only redress available to
beneficiaries would be personal actions for breach of trust and account, the question remains
how a smart contract can be held in law a trustee and legal person owing personal duties to
the holders.
This is subject of an on-going and inconclusive debate in the crypto sphere: ascribing or
imputing civil and criminal liability for failures in self-executing code and programmes to an
appropriate defendant. Jenny Leung, writing for Coindesk, notes that:
37 Part 3.2.1 at 38 et seq above. 38 In B2C2 Ltd v Quoine Pte Ltd [2019] SGHC (I) 03 at [141]-[146], the International Commercial Court of Singapore (International Judge Thorley QC) found a trust could be impressed upon cyptocurrencies. 39 As set out in the Github < https://github.com/paritytech/parity-ethereum/issues/6995 >; reported by J Wilmoth, ‘Parity’s $150 Million Wallet Bug’ (CCN, 11 September 2017) < https://www.ccn.com/i-accidentally-killed-it-parity-wallet-bug-locks-150-million-in-ether > accessed 19 April 2019.
95
Somewhat analogously [to company law], a ‘tech veil’ has helped code developers
escape liability from state and federal regulations and civil lawsuits arising from
bugs in, or third parties’ malicious use of, their code. This ‘tech veil’ is maintained
by courts’ willingness to uphold broad disclaimers in open source software
licenses, and is bolstered by the principled argument that users (not coders)
ultimately cause and should take responsibility for criminal violations of law.40
Ms Leung, however, continues to report an apparent change in attitude to coder liability, citing
a speech given by Brian Quintez, Commissioner of the US CFTC, in October 2018 which
proposed a test of reasonable foresight:
…the appropriate question is whether these code developers could reasonably
foresee, at the time they created the code, that it would likely be used by US
persons in a manner violative of CFTC regulations. In this particular hypothetical,
the code was specifically designed to enable the precise type of activity regulated
by the CFTC, and no effort was made to preclude its availability to US
persons. Under these facts, I think a strong case could be made that the code
developers aided and abetted violations of CFTC regulations. As such, the CFTC
could prosecute those individuals for wrongdoing. 41
A similar approach was independently applied in the civil context at first instance in B2C2 Ltd
v Quoine Pte Ltd,42 heard in the International Commercial Court of Singapore. The issue
arose in an allegation of contractual mistake in respect of an algorithmic trading program,
which had executed trades according to pre-programmed prices wholly without human
intervention. Given that the party seeking to enforce the contract was required to show
knowledge of a sufficiently important or fundamental mistake in the terms, the claim raised the
question of to whom knowledge in respect the relevant trades should be ascribed.
40 J Leung, ‘7 Legal Questions That Will Define Blockchain in 2019,’ (Coindesk, 3 January 2019) < https://www.coindesk.com/7-legal-questions-that-will-define-blockchain-in-2019 > accessed 4 January 2019. 41 B Quintez, ‘Remarks at the 38th Annual GITEX Technology Week Conference,’ (October 2018) < https://www.cftc.gov/PressRoom/SpeechesTestimony/opaquintenz16 > accessed 4 January 2019. 42 B2C2 Ltd (n 38). An appeal was heard against certain aspects of the decision in October 2019 but, at the time of reviewing the paper for publication, the decision of the appellate court had not yet been handed down.
96
International Judge Thorley QC began by noting that the law on knowledge in cases where
computer programs have replaced human actions will undoubtedly develop, especially in
cases of artificial intelligence where the computer in question could be said to ‘have a mind of
its own.’43 The Judge expressed confidence in the law to adapt, citing at [207] Lord Briggs in
the recent UK Supreme Court decision, Warner-Lambert Co Ltd v Generics (UK) Ltd:44
Even if the manufacturer is a corporation using a factory entirely staffed by
robots, if the manufacturing process is only protected by the patent if it is
carried out for a particular purpose, the requirement to identify a mental
element on the part of the manufacturer is simply inescapable. The court is
well versed in identifying the governing mind of a corporation and, when the
need arises, will no doubt be able to do the same for robots. 45
Drawing a parallel with computers used for trading purposes but mindful of the fact that the
present case was at first instance, the Judge proposed not to express any view on the precise
legal relationship between computers and their programmers. In any event, the Judge noted
that the programmes in question were deterministic; they had no artificial intelligence
capacities and only did what they were programmed to do in an arbitrary manner.46 Hence:
Where it is relevant to determine what the intention or knowledge was underlying
the mode of operation of a particular machine, it is logical to have regard to the
knowledge or intention of the operator or controller of the machine. In the case of
the kitchen blender, this will be the person who put the ingredients in and caused
it to work. His or her knowledge or intention will be contemporaneous with the
operation of the machine. But in the case of robots or trading software in
computers this will not be the case. The knowledge or intention cannot be that of
the person who turns it on, it must be that of the person who was responsible for
causing it to work in the way it did, in other words, the programmer. Necessarily
this will have been done at a date earlier than the date on which the computer or
robot carried out the acts in question. […]
43 B2C2 Ltd (n 38), [206]. 44 Warner-Lambert Co Ltd v Generics (UK) Ltd [2018] UKSC 56. 45 Warner-Lambert Co Ltd (n 44), [156]; cited in B2C2 Ltd (n 38) at [207]. Emphasis added. 46 B2C2 Ltd (n 38), [208] – [209].
97
Accordingly, in my judgment, in circumstances where it is necessary to assess the
state of mind of a person in a case where acts of deterministic computer programs
are in issue, regard should be had to the state of mind of the programmer of the
software of that program at the time the relevant part of the program was written.47
On the other hand, it may be just to impose some limitations to liability based on the coder’s
knowledge or foresight at the time when the code was programmed. In B2BC, the Defendant’s
Chief Technology Officer in cross-examination was keen to emphasise that programmes may
sometimes execute ‘as designed,’ but that this does not necessarily mean that the
programmes execute ‘as intended’ or ‘as foreseen.’ Granted permission to explain further,
the witness said this in respect of the coding flaw which automatically matched and executed
the relevant orders on the exchange:
A. … these are really complex platforms, by the way, really complex systems,
highly sophisticated. A lot of things can go wrong […] that's why we have bugs
in systems, you know, computers crash. Sometimes it's very difficult to foresee
all the different things that could happen […]
The system matched the forced close with the plaintiff's order, but […] the
balance transfer was a result of an oversight. It shouldn't have happened.
When the other party doesn't have enough balance, it doesn't make any sense
to do the transfer to the other party. That was an oversight on the system. It
was a bug, it was an architectural flaw. It was designed to do that, and it was
a flaw on the system.
Q. Sorry, are you telling the court that the fact that the system was designed to
match, even though a forced-closed customer had insufficient assets, was a
bug in the system?
A. It was a flaw in the system, yes.
Q. But it wasn't a bug?
47 B2C2 Ltd (n 38), [210] – [211]. Emphasis added.
98
A. It was not necessarily a bug. It was an oversight in the design of the system.
So you design a system, you build specifications, this is what is going to
happen. Then a programmer takes it and programmes it. If a designer, for
some reason, forgets, or by oversight doesn't account for all these issues, then
it will happen. So it's not necessarily a bug, it's more system design issue.
Q. You would then agree with me that as design, leaving aside the oversight, the
B2C2's orders were correctly matched with the forced-closed orders?
A. As designed, yes.48
There is a policy element, therefore, to determining the extent to which coders should be liable
for, or are reasonably able to foresee and prevent design issues and bugs, given the difficulty,
keenly felt within the coding community, in writing programmes that execute exactly as
expected.49 In the Overstock Prospectus, to be examined in due course, undiscovered flaws
in the code underpinning digital securities are expressly listed three times in the disclosure of
risks associated with the issue.50 In light of such untested technologies used in ICOs, Peter
van Valkenburg, of Coin Centre, points out:
We do not have similar laws requiring honest disclosure from more diffuse or
abstract common causes to which people give their energies. There is no law, for
example, that the scientific community must be honest about the likelihood that
cancer treatment breakthroughs will be achievable in the near future, nor do we
worry that too many young cancer researchers are contributing to that effort under
a false sense of the common endeavour’s likelihood of success.51
Although there is an obvious difference between cutting-edge research into cancer treatment
and commercial applications of DLT, it is submitted that the difference is one of degree, not
48 B2C2 Ltd (n 38), [75]. 49 A Antonopoulos and G Wood, Mastering Ethereum: Building Smart Contracts and DApps (O’Reilly Media, 2018), 130. 50 Overstock Inc, Prospectus dated 9 December 2015 (Filed 11 December 2015), 6 < http://investors.overstock.com/static-files/aeb7115e-cc0c-482a-9f44-69eade872e53 > last accessed 4 June 2019. 51 P Valkenburgh, ‘Framework for Securities Regulation of Cryptocurrencies,’ (Version 2, Coin Centre August 2018), 48. < https://coincenter.org/entry/framework-for-securities-regulation-of-cryptocurrencies > accessed 24 November 2018.
99
kind; at least in the context of unpermissioned networks and open-source software where no
representations are made, express disclaimers are given, where coders enjoy no privileged
position in respect of a smart contract account once it has been deployed, and nor, crucially,
is any consideration exchanged for use of the relevant programme. Given the extent to which
the law of obligations imposes liability based on consideration52 and objective consensus ad
idem,53 foresight,54 or assumptions of responsibility;55 and furthermore, excludes recovery of
damages for pure economic loss where negligence is pleaded,56 it is submitted that there will
be limitations under the current law in attributing civil liability on developers and coders in the
context of open-source software, at least in the absence of actionable misrepresentation or
fraud.
Given the proprietary nature of Nivaura’s software, these uncertainties in personal liabilities
are less significant in the context of the LuxDeco bond. Here, losses caused by errors in the
code – such as the freezing of funds committed by the issuer to the contract account to be
distributed to the investors under the terms of the bond – are likely to be covered by the terms
of the licencing agreement.57 Given that the investor is excluded from the legal relationships
of both paying agent-issuer under the current framework, and licensor-licensee in the
Experimental bond, it seems likely that the broader framework of personal liabilities will also
be the same: a default on the Experimental bond owing to an error in the code will not affect
LuxDeco’s obligations to its bondholders, even if payments have already been committed to
the contract account. Instead, LuxDeco will have an action of some kind against Nivaura to
remedy the error under the licence. The precise measure of damages, whether in tort or
contract, will largely be a matter of the terms of the licence itself.
Although this provides some insight as to liability between the parties to the issue, it sheds
little light on the closely related issue of losses arising from errors or fraud on the part of the
Ethereum miners or coders. Given that Nivaura’s platform is ‘blockchain-agnostic,’ choice of
blockchain will be a consideration for the issuer and investor. This raises the question of
whether choice of blockchain – for example, public or private; Ethereum or Corda – goes to
52 Thomas v Thomas (1842) 2 QB 851, 859; Re Hudson (1885) 54 LJ Ch 881. 53 For example, Smith v Hughes (1871) LR 6 QB 597. 54 Donoghue v Stevenson [1932] AC 562 (HL); [1932] UKHL 100, as developed through Caparo Industries Plc v Dickman [1990] 2 AC 605 (HL). 55 Hedley Byrne & Co Ltd v Heller Partners Ltd [1964] AC 465 (HL). 56 Spartan Steel and Alloys Ltd v Martin & Co Ltd [1973] QB 27 (CA). 57 Telephone conversation between R Cohen and author, 31 May 2019.
100
the commercial risk associated with the substantive obligation underpinning the asset, or to
its form. It is submitted that the former is the more appropriate of the two, due to the
fragmentation of the property framework which would arise from the latter approach. This will
be more fully explicated in Chapter 5.
4.2.2. Overstock-tØ
Overstock Inc, a Delaware-incorporated company, is another experienced issuer exploring
with blockchain securities. Founded in 1997 as an e-commerce platform, in January 2014, it
became the first major retailer to accept payments in Bitcoin, before continuing its interest in
crypto-assets and DLT by developing online methods of distributing corporate shares away
from the major public exchanges. 58 Known as its ‘Medici’ initiative, such developments
resulted in an announcement in its Prospectus dated 9 December 2015 (the ‘2015
Prospectus’) that Overstock would continue to offer its securities on the traditional exchanges,
but may issue its offerings “as digital securities.”59 By a supplement dated 14 November 2016
(the ‘2016 Supplement’), Overstock registered an offering of up to 1,000,000 shares of
‘Blockchain Voting Series A Preferred Stock and/or Voting Series B Preferred Stock.’60
Digital securities are defined as “uncertificated, registered securities” 61 “represented by
balances written on proprietary ledger built on a blockchain network62 by the Pro Securities
ATS and secured by cryptographic associated key pairs.”63 The Pro Securities ATS is64 a
SEC-registered alternative trading system (‘ATS’), which is used by Overstock as the
exclusive platform on which its digital securities are issued, purchased, and traded. Access
is closed,65 granted only through the sponsorship of the single broker-dealer (the ‘Sole Broker-
Dealer’) licensed to use Overstock’s tØ software to settle trades on Overstock’s ledger and
58 C Metz, ‘Overstock.com Assembles Coders to Build a Bitcoin-Like Stock Market’ (Wired, 10 June 2014) < https://www.wired.com/2014/10/overstock-com-assembles-coders-build-bitcoin-like-stock-market/ > accessed 1 June 2019. 59 Overstock Prospectus (n 50), 4. 60 Overstock Inc, Prospectus Supplement (To Prospectus dated 9 December 2015) dated 14 November 2016 (Filed 14 November 2016), S-3. < http://investors.overstock.com/static-files/39d5b2c0-1c69-4112-b0a5-552edd2a9a4c > last accessed 22 June 2019. 61 Overstock Prospectus (n 50), 34. 62 Overstock Prospectus (n 50), 35. 63 Overstock Prospectus (n 50), 35. 64 Confirmed by the SEC Alternative Trading System (“ATS”) List at < https://www.sec.gov/foia/docs/atslist.htm > last accessed 2 June 2019. 65 Overstock Prospectus (n 50), 34.
101
provide access to the trading platform.66 Potential investors must open an online brokerage
account with the Sole Broker-Dealer to purchase and sell digital securities.67
Two ledgers are used in this trading system: an electronic database, referred to as the
‘proprietary ledger,’ maintained by Pro Securities ATS;68 and a ‘distributed ledger,’ currently
the Bitcoin blockchain.69 The two ledgers track trades in parallel through the following process.
First, trades successfully matched on the Pro Securities ATS are broadcast to and publicly published on the proprietary ledger70 in the names of the traders.71 At the same time, Pro Securities ATS begins the process of “embedding in the blockchain information necessary to mathematically prove the validity of available copies of the proprietary ledger.” This is by way of:
…an editable field that can be used to implant code or other data within the Bitcoin transaction that will be embedded into the blockchain, and the tØ software
will use this field to implant anonymized cryptographic hash functions for the digital securities transactions reflected on the proprietary ledger into the Bitcoin transfer made by the ATS.72
After a set of transactions are successfully recorded on the proprietary ledger, the Pro Securities ATS sends “a de minimis amount of from an ATS-controlled wallet to another ATS-controlled wallet using the blockchain protocol.”73 The blockchain validates this de minimis transaction and embeds it, together with the implanted anonymized cryptographic
hash function, into the blockchain.74 Once the cryptographic hash function containing the trade information is thus immutably ‘embedded’ into the blockchain, the Pro Securities ATS appends the applicable transaction (including the embedded cryptographic hash function) to the proprietary ledger, which “already reflects the consummated digital securities
66 Overstock Prospectus (n 50), 34. 67 Overstock Prospectus (n 50), 34. 68 Overstock Prospectus (n 50), 35. 69 Overstock Prospectus (n 50), 35. 70 Overstock Prospectus (n 50), 36. 71 Overstock Prospectus (n 50), 34. 72 Overstock Prospectus (n 50), 36. 73 Overstock Prospectus (n 50), 36. 74 Overstock Prospectus (n 50), 36.
102
transactions.”75 The updated proprietary ledger information is then given to the transfer agent, trustee or other similar agent with respect to the applicable series of digital securities.76
Thus, there are both similarities and differences with the LuxDeco-Nivaura bond. As a basic
matter of coding techniques, it appears that the tØ software makes use of a kind of coloured
coin to represent dealings in the securities, embedding hashed data within transactions
broadcast to the blockchain network,77 rather than a smart contract token. To some extent,
this may not be of any real significance from a property perspective, as the Overstock digital
securities are, like the LuxDeco Experimental bond, registered securities. This formal
similarity, however, belies a fundamental difference: of the two ledgers used in the tØ platform,
it is the proprietary ledger, not the public blockchain, which functions as the definitive
register.78 The benefits of decentralised trust, however, are said to be retained through the
capacity for anyone with rudimentary cryptographic skills to corroborate the validity of the
proprietary ledger by reference to the distributed ledger.79
Another similarity with the LuxDeco-Nivaura bond is use of a dual-database as the register.
The tØ platform makes use of a supplementary database containing the personal identity
information of holders, maintained by the Sole Broker-Dealer in respect of its online brokerage
account holders, which the Sole Broker-Dealer is obliged to share with Overstock and its
agents under the terms of the licence to use the tØ software.80 The book-entry system is, thus,
expressly stated to comprise both the proprietary ledger and the Sole Broker-Dealer’s client
database. 81 Overstock warns investors that, although the personal identity information
database will not be made public, the information necessary to identify legal persons with
public keys may be compromised in the event of a security breach, thereby potentially
exposing the affected person’s complete trading history in respect of the digital securities.82
75 Overstock Prospectus (n 50), 36. 76 Overstock Prospectus (n 50), 36. 77 This appears to be corroborated by the industry media. Luke Parker reports that ‘Overstocks [sic] ATS’ uses the Open Assets protocol, which describes itself as an ‘evolution of the concept of coloured coins.’ L Parker, ‘Overstock Announces Cryptosecurity Exchange And World's First Crypto Bond (Brave New Coin, 7 June 2015) < https://bravenewcoin.com/insights/overstock-announces-cryptosecurity-exchange-and-worlds-first-crypto-bond > last accessed 2 June 2019. 78 Overstock Prospectus (n 50), 35. 79 Overstock Prospectus (n 50), 35. 80 Overstock Prospectus (n 50), 35. 81 Overstock Prospectus (n 50), 35. 82 Overstock Prospectus (n 50), 6.
103
Trades will be recorded and digital securities will held in brokerage accounts directly in that
customer’s name, rather than in ‘street name.’83
Customers, however, will not have direct control of and access to private keys. Overstock
emphasises the importance of the private key and maintains the position that “the general
public is not yet accustomed to using secure cryptographic methods and managing private
keys.”84 As a result, Overstock, Pro Securities ATS, and the Sole Broker-Dealer each will hold
the private keys, leaving - or, in the subtly different terms of the prospectus, ‘enabling’ -
investors to manage their digital securities with a ‘user-friendly’ login and password in the
same way as a traditional online brokerage account.85 It is not clear whether this means each
of the three entities will hold a copy of the private key individually, or whether the three are
party to a multi-sig wallet. Furthermore, depending on the particular security protocols used
for particular series of digital securities, Overstock, the Pro Securities ATS, and the Sole
Broker-Dealer may be able to transfer digital securities on behalf of investors and/or block
transfers.86
Notwithstanding that Customers will not have access to any private keys, Overstock disclaims
to a certain degree the risks associated with hacking. Investors are informed that online
brokerage accounts may be hacked, resulting in private keys being stolen. Further, where
private keys are held in a centralised repository by Pro Securities ATS and the Sole Broker-
Dealer, the risks are stated to be particularly heightened, as the thief would be able to target
a single security system for breach of multiple accounts.87 Crucially, however, Overstock gives
no assurance that, if such hacker gained access to private keys, “such theft would be detected
in time to hold the culprit accountable.”88
On some level, theft of private keys is less of a property concern in the case of registered
assets, as opposed to bearer assets represented by the private key, as the register itself is
the definitive record of title. Presumably, the operator of the system would, by reference to
the time at which the private keys were stolen, would be able to identify on the ledger at what
stage entries should be regarded as erroneous through fraud. Of more concern is the way in
83 Overstock Prospectus (n 50), 34. 84 Overstock Prospectus (n 50), 6. 85 Overstock Prospectus (n 50), 6. 86 Overstock Prospectus (n 50), 35. 87 Overstock Prospectus (n 50), 6-7. 88 Overstock Prospectus (n 50), 7.
104
which private keys are held by three persons: Overstock, Pro Securities ATS, and the Sole
Broker-Dealer. This is significant, especially given the corporate relationships upon which the
digital securities trading platform is structured. This involves the following entities:
1. Overstock Inc: the issuer.
2. Medici Ventures, Inc: a FinTech company which owns a portfolio of blockchain
companies. Medici Ventures is a wholly-owned subsidiary of Overstock launched
in 2014.89
3. The tZERO Group, Inc: a fintech company 90 and owner/developer of the tØ
software underpinning the digital securities trading platform; licensor of the use of
the tØ software to the Sole Broker-Dealer and to Pro Securities ATS. The tZERO
Group is one of the portfolio companies owned by Medici Ventures Inc91 and is
majority-owned by Overstock.92
4. t0.com, Inc: the name of the tZERO Group between 21 October 2016 and until at
least March 2018.93 As at 1 March 2018, Medici Ventures held 81% of ownership
in t0.com, Inc, which had been transferred by Overstock.94 Overstock therefore
indirectly owned 80.1% of t0.com, and the remaining 19.9% of t0.com was held by
31 other individual or entity shareholders “many of whom are employees or former
employees of t0.com, Inc.”95 As at 1 March 2018, t0.com Inc stated it “has, to date,
relied upon funding from Overstock and if such funding were not provided, it would
have an adverse impact on [t0.com, Inc’s] operations and financial conditions.”96
89 See further the Medici website < https://www.mediciventures.com/ > last accessed 6 April 2019. 90 Overstock Inc, Prospectus dated 15 March 2019, 2. Available within the Prospectus Supplement dated 18 March 2019 (Filed 18 March 2019) < http://investors.overstock.com/static-files/40ff2707-5c3b-46ba-b90c-f573f28f8450 > accessed 15 April 2019. 91 Medici Website < https://www.mediciventures.com/ > 92 Overstock Prospectus (n 90), 2. 93 The most recent Overstock Prospectus, dated 15 March 2019, refers to this name change. The t0.com Inc, Amended, Supplemented, and Restated Offering Memorandum dated 1 March 2018 (SEC Ex-99.1, made available by Overstock by way of voluntary disclosure), also refers to this name change at 1 < https://www.sec.gov/Archives/edgar/data/1130713/000110465918013731/a18-7242_1ex99d1.htm > accessed 28 April 2019. 94 t0.com Offering Memorandum (n 93), 1. 95 t0.com Offering Memorandum (n 93), 1. 96 t0.com Offering Memorandum (n 93), 31.
105
5. Medici, Inc: the original name of the tZERO Group. Medici was incorporated in
2014 as part of Overstock’s commitment to DLT and traded under the tZERO
name.97 On 21 October 2016, Medici formally changed its name to t0.com, Inc.
Medici was also a wholly-owned subsidiary of Overstock until 2015 when 19% of
its holdings in Medici was transferred to ‘a third party.’ On 3 February 2017,
Overstock transferred the remaining 81% of ownership to Medici Ventures, as
mentioned above.98
6. Pro Securities LLC: the operator of the Pro Securities ATS, and owned by t0.com.99
In 2014, Overstock acquired a 24.9% interest in Pro Securities, which was
transferred to Medici on 26 August 2015,100 before Medici became t0.com and
t0.com became the tZERO Group. Pro Securities LLC also has little by way of its
own resources and depends on Overstock for funding.101
7. Keystone Capital Corporation: the Sole Broker-Dealer for the 2016 offer.102
The implications of such close corporate relationships in the context of an issue of securities
will be explored more fully in Part 4.3. For present purposes, it suffices to note that Overstock,
the debtor-issuer, is the ultimate parent and majority-owner, whether directly or indirectly, of
all the entities involved in the operation of the digital securities platform, and those which have
access to the private keys. Although, the companies are, of course, separate legal persons,
the financial interdependence between the companies is indicative of de facto relationships
which underpin this corporate structure. Overall, there is only one party wholly independent
of Overstock: the Sole Broker-Dealer.
This is to be contrasted with the LuxDeco model, in which the proprietary software has been
developed by an independent entity, which licences its software to (presumably) any and all
issuers who are willing to pay the licencing fee. It is further worth noting that, although the
97 Overstock Prospectus (n 50), 2. 98 t0.com Offering Memorandum (n 93), 1. 99 t0.com Offering Memorandum (n 93), 1. 100 Overstock Prospectus (n 50), 2. 101 Overstock Supplement (n 60), S-18; S-24. 102 Overstock Supplement (n 60), S-3.
106
proprietor of the software, Nivaura, took on various roles in the issue for the purposes of the
Sandbox, it is not expected that they will take on these functions for non-Sandbox issues.103
4.2.3. Summary
This section explored the use of DLT at the first of three levels of the financial markets to be
explored in this paper: between issuer and investor directly. Both the LuxDeco-Nivaura and
Overstock-tØ issues demonstrated that adopting decentralised ledgers at this level has
obvious potential to remedy the fragility of ownership rights inherent in the current
intermediated structure of ownership.
Although both the two models adopted different technical solutions, summarised in Table 2
below, it is significant that both issued registered securities. Unlike bearer securities:
Where securities are issued in definitive registered form, title to the securities
depends, not on possession of the definitive security, but on entry of the holder's
name in a register kept by the issuer or on its behalf by a registrar. The definitive
security that a holder receives is not a document of title, but merely evidence that
the holder's name has been entered in the register. Accordingly, the certificate
need not be security-printed, as the risks of fraud and theft are not so great. The
securities are transferable by execution of a written transfer instrument, and they
are not negotiable instruments under English law.104
This raises the question, in both the LuxDeco-Nivaura and Overstock-tØ case studies, of the
role of the private key where registered securities are registered to public addresses, which
are then linked to legal persons by means of a second database. In this context, the private
key, along with the ERC20 Token and Bitcoin Coloured Coin which represent dealings in the
registered security, can be said to function as the equivalent of the written transfer instrument
associated with traditional securities registers, that is, the means by which users effect
agreements to transfer the assets inter se before the registrar is notified and the register
updated. To some extent, the facts underpinning the blockchain networks render the parallel
103 Telephone conversation between R Cohen and author, 31 May 2019. 104 Fuller (n 32), [1.116].
107
not entirely on point; in the cryptographic method, the execution of the transfer ‘instrument’
and notification of the register occur almost simultaneously, or at least as part of the same
process. This characterisation is consistent with the proposition that private keys represent
the legal interest of possession, insofar as possession may be considered a right of ownership
intrinsically linked with sufficient control over the property in question to effect transfers.
Table 2. Comparison between the LuxDeco-Nivaura and Overstock- tØ solutions
LuxDeco/Nivaura Overstock/tZERO
Type of Securities Registered bond Uncertificated, Registered Stock
Definitive Register Public Blockchain (Ethereum) Internal ‘Proprietary Ledger’
Supplementary Register Nivarua internal records Bitcoin blockchain
Identifying Investors Onboarding records of the
Custodian
Personal information database of
the Sole Broker-Dealer
Trading Representation ERC20 Token Coloured Coin (most probable)
Key Storage/Custody Independent Custodian entity Pro Securities ATS, Overstock,
Sole Broker-Dealer
Investor Access Nivaura custody service PIN Online brokerage account with the
Sole Broker-Dealer
Given that both the LuxDeco-Nivaura and Overstock-tØ models purport to confer legal title on
investors via their public addresses yet, by the same token, keep private keys out the hands
of the investors, characterisation of the capacity in which the relevant intermediary holds the
private keys remains the outstanding question. In the case of LuxDeco-Nivaura, if legal title
to the bonds vests in the investor, the only solution can be that the custodian holds as bailee.
In the Overstock-tØ model, the fact that private keys are held by Overstock, Pro Securities, as
well as the Sole Broker-Dealer proves more difficult to analyse. In the case where the three
entities each hold copies of the same private key, the Sole Broker-Dealer, at least, is likely to
hold as an agent by virtue of his position as a broker-dealer. In such case, it may well be that
the agency encompasses holding as bailee,105 or at least with some fiduciary obligation as an
agent. In respect of Pro Securities ATS and Overstock holding private keys on behalf of
investors, there is a concerning lack of any documentation or formal agreement as to the basis
105 Bailment and agency often coincide; see generally N Palmer, ‘Bailment’ in A Burrows (ed), Oxford Principles of English Law: Private Law (3rd ed, OUP 2017), [16.20].
108
upon which they so hold. In these circumstances where the investor is conferred legal title, it
is submitted that a gratuitous bailment106 may be inferred.
This Part also explored the issue of personal liability where traditional intermediaries used in
the performance of payment obligations which comprise the economic value of the financial
property, such as paying agents and trustees, are replaced by smart contract code. This
remains inconclusive but it was submitted that the matter is, in the context of financial assets,
better analysed as an aspect of the commercial features of a securities issue, rather than one
which goes to its form.
106 N Palmer, ‘Bailment’ in A Burrows (ed), Oxford Principles of English Law: Private Law (3rd ed, OUP 2017) [16.35] et seq.
109
4.3. Intermezzo: The Role of the Financial Markets Infrastructure
CSDs Forced to Defend their Existence in a DLT World…
Jonathan Watkins1
The very real potential for direct issuer-investor relationships using DLT has raised ‘obvious’2
questions as to the role of traditional intermediaries and the financial markets infrastructure
more generally. In November 2018, Joseph Lubin, founder of ConsenSys and co-founder of
Ethereum, was reported to have said:
A CSD is a conceptual construct and has a physical manifestation because that’s
what we know how to build. It can continue to exist as a conceptual or logical
construct, but it can take on a decentralised implementation. Global financial
institutions can get together, define a protocol and build that system, but there
doesn’t need to be a central physical clearing house or implementation of a central
database; it can be realised as a series of nodes on a decentralised network.3
On the other hand, the case studies of direct issuer-investor issues show that there is still
some way to go before this ideal is likely to be realised. Those at Nivaura remain pragmatic
about the current limitations of smart contract technology and consider, as a result of such
limitations, that it would be commercially unviable to use smart contracts to facilitate the entire
life-cycle of securities in large-scale transactions; at least in the short to medium term.4 In
respect of Overstock, on 1 March 2018, the company announced that it was cooperating with
the SEC following its request for voluntary disclosure of certain documents for the purposes
of an investigation into an ICO issued by tZERO.5 A class action against Overstock was
1 J Watkins, ‘CSDs forced to defend their existence in a DLT World (The TRADE Crypto, 1 November 2018) <“https://www.thetradenewscrypto.com/csds-forced-defend-existence-dlt-world/ > accessed 7 June 2019. 2 International Securities Services Association (ISSA), ‘Infrastructure for Crypto-Assets: a Review for Infrastructure Providers’ (October 2018), 11. 3 Watkins (n 1). 4 R Cohen et al, ‘Automation and Blockchain in Securities Issuances,’ (2018) March JIBFL 144, 147; Telephone call between R Cohen and author 31 May 2019. 5 t0.com Inc, Amended, Supplemented, and Restated Offering Memorandum dated 1 March 2018 (SEC Ex-99.1, made available by Overstock by way of voluntary disclosure), 9.
110
subsequently filed in the US District Court of Utah, alleging that Overstock had made false
and/or misleading statements and/or failed to disclose that: (i) “Overstock’s coin offering was
highly problematic and potentially illegal;” and (ii) “the company’s Medici business was
haemorrhaging money.”6 The action was discontinued in August 2018,7 however, the case is
worth noting for the strong link between the allegation of false and/or misleading statements
and the position ultimately taken by the International Securities Services Association (‘ISSA’) as to the role of the financial markets infrastructure. The ISSA acknowledges that Nakamoto’s ideal of decentralised trust taken at its most
theoretical extreme would indeed obviate the need for any intermediaries at all, but has conceded this with a significant caveat:
In theory, a blockchain of the classic variety obviates the need for any centralized
intermediary or governing authority to police and facilitate transactions, by providing an immutable, digital audit trail of transactions that all members of the
network agree is true. In short, evangelists for the classic version of blockchain argue that it eliminates the need for trust. As Satoshi Nakamoto put it in his original paper outlining how Bitcoin would work, ‘the main benefits are lost if a trusted
third party is still required.’8
Citing a study by PwC, the ISSA continues, not without some irony, that a lack of trust amongst
industry participants remains the most significant obstacle to a truly decentralised financial
markets infrastructure which obviates the need for trust.9
Such irony is, perhaps, not surprising, given the substantive nature of a financial asset as
underpinned by an obligation. The very economic value of such assets derives from the future
6 Morris and Rossetti, Individually and on Behalf of All Others v Overstock.com.Inc. and Ors, Class Action Complaint for Violations of Federal Securities Law, Demand for Jury Trial (Filed 29 March 2018), para 4. Reported by R Kahn, ‘Shareholder Class Action’ (Court House News, 30 March 2018) < https://www.courthousenews.com/wp-content/uploads/2018/03/SCA.Overstock.pdf > accessed 4 February 2019. 7Morris and Rossetti, Individually and on Behalf of All Others v Overstock.com.Inc. and Ors, Notice of Voluntary Dismissal < http://securities.stanford.edu/filingsdocuments/1065/O00_03/2018330_f01k_18CV00271.pdf > last accessed 19 June 2019. 8 ISSA (n 2), 12. Emphasis added. 9 ISSA (n 2), 12-13.
111
performance of an obligation undertaken – or in the terms of classical contract law, ‘promised’
– at some point in the past. The considerations of trust that consequently arise are simply
distinct from those with which Nakamoto was concerned. The ‘Byzantine Generals’ problem,10
which Bitcoin was designed to overcome, is concerned with the extent to which proofs given
today of messages sent in the past can be trusted as authentic by a dispersed network of
independent peers without recourse to a trusted third party. By contrast, the owner of a
financial debt is concerned with whether the debtor can be trusted to make good on a promise
given in the past to do something in the future. These raise two very different models of trust
and obviating the need for trust in the former context does not necessarily obviate the need
for trust in the latter.
In the future-oriented property model, the key unknown is whether the debtor’s obligation will,
actually, come to be performed. If, as Aesop warned some millennia ago, not to count one’s
chickens before they are hatched, the entire object of English financial law at its most basic is
to ensure that, whatever happens, the chickens are at least effectively hatched. This
preoccupation can be traced through the development of classical contract law from the older
action of assumpsit through the late 18th and 19th centuries to accommodate a shift from a
land-based economy to modern capitalism.11 Nowhere in this development is the near-
obsession with mitigating the risk of future unknowns more clearly demonstrated than in the
doctrine of expectation damages for breach of contract. Parke B’s now-classic formulation in
Robinson v Harman12 was, in 1848, without precedent in the common law,13 designed, as it
was, to compensate loss by placing the plaintiff “so far as money can do it…in the same
situation, with respect to damages, as if the contract had been performed.”14 Such a measure
of damages means that in English law, to use Professor Atiyah’s incisive riposte to Aesop’s
fable: “a plaintiff with an egg is entitled to be treated as though he has a chicken.”15
10 Part 3.1.4 at 32 et seq above. 11 O Kahn-Freud illustrates the role for contract law: “it does not matter what the thing is: it may be a block of flats, an agricultural estate, a factory, or so many South African gold shares. The property object has become ‘capital.’ But the law of property cannot by itself endow its object with the nature of capital. It must be assisted by complementary instructions most of which are found in the law of contract”, in K Renner Institutions of Private Law and their Social Functions (Routledge & Keagan Paul, 1949, reprint ed 1976), 27 (emphasis added); also J Commons: “Modern capitalism begins with the assignment and negotiability of contracts,” J Commons, The Legal Foundations of Capitalism (The Macmillan Company 1924), 253. 12 (1848) 1 Ex Rep 850, 154 ER 363. 13 See generally PS Atiyah, The Rise and Fall of Freedom of Contract (Clarendon Press, Oxford 1979, 1986 (printing)), 414; AWB Simpson, ‘Innovation in Nineteenth Century Contract Law’ in Legal Theory and Legal History: Essays on the Common Law (The Hambledon Press, London 1987). 14 Robinson v Harman (1848) 1 Ex 850, 855; 154 ER 363, 365. 15 Atiyah, (n 13), 446.
112
Given the essential uncertainty surrounding any promise to do something in the future, it is
clear why modern finance speaks in terms of risk; why, as early as 2007, Joanna Benjamin
described the modern financial markets infrastructure as primarily a way of managing risk.
Eschewing a focus on money, one of Professor Benjamin’s central arguments in respect of
financial law was that “all financial transactions comprise one or more positions […] and the
effect of a position to transfer risk from one person to another.”16 Thus, “the business of
financial institutions is to take risks in exchange for rewards”17 in:
… a synthetic approximation of a controlled and known future [… ] created through
a system of legal rights and obligations that adjust to the future as it unfolds.
Misfortune will not be left lying where it may fall but prospectively diverted from
protection buyer to risk taker.18
Hence:
The financial system does not reduce risk; it merely diverts it from person to
person. There is no choice as to the occurrence of loss events, but only as to who
will pay for them, and someone always pays.19
It has therefore been argued that the modern financial markets infrastructure has moved well
beyond the technical efficiencies of paperless securities ownership, but has evolved into the
‘fullest development’20 of the modern risk-management project that is the “colonisation of the
future.”21 This is echoed in the ISSA’s position that, working within a framework of laws and
16 J Benjamin, Financial Law (OUP 2007), [1.25]. At [1.26] Professor Benjamin gives four reasons for emphasising risk rather than money: “(1) risk offers a sector-neutral term, given that not all financial transactions transfer money but all transfer risk; (2) money predominantly now takes form as credits standing to a bank account, rather than physical assets such as coins, and credits to a bank account necessarily involves credit risk of the bank; (3) with the rise of the derivatives market, risk management is now arguably the dominant economic function of the financial markets; (4) traders themselves speak in terms of risk: “originating risk” into the capital markets, not raising money from it” “not invest in funds, but buy ‘risk participations.’” Professor Benjamin therefore argues it may be time to “stop referring to the providers of financial market capital ‘capitalists’ (with that term’s 19th century evocation of top hats, spats, and cigars). Today, we have risk takers (and my young colleagues will tell me how risk takers dress).” 17 Benjamin (n 16), [1.28]. 18 Benjamin (n 16), [1.29]. 19 Benjamin (n 16), [1.31]. 20 Benjamin (n 16), [1.29]. 21 A Giddens, Modernity and Self-Identity, (1991, Polity Press),117 in Benjamin (n 16), [1.29].
113
regulations, “the market infrastructure is currently organised and structured to mitigate the risk
inherent in any financial market.”22
If it is accepted that financial assets bear an inherent risk in that a creditor may be prevented
from receiving the value associated with the debtor’s due performance of his promise, the
function of the financial markets infrastructure becomes clearer. A survey of some of its core
pillars demonstrates that the concerns surrounding trust in respect of a financial asset are far
from recent developments. Rather, they have attracted regulatory and legislative attention for
almost as long as transferrable promises have been recognised as a source of economic
value.
The most obvious risk – dishonesty or fraud on the part of the issuer when giving the promise
– has typically been mitigated through listing rules and disclosure requirements. In the UK,
the earliest such requirements are found in the Joint Stock Companies Act 1844, which is
widely considered the genesis of all modern UK company statute law. This Act required
issuers which had duly completed the provisional registration requirements to file a
“prospectus or circular, handbill or advertisement” before the issue of capital could be
advertised to the public.23 Requirements as to the contents were prescribed in the Companies
Act 1900, and by the time of the 1948 amendments, it was recognised that the legislative rules
on disclosure were “partly a matter of assimilating statute law to the rather more advanced
rules of the Stock Exchange.”24
Today, disclosure and listing requirements are now derived largely from EU legislation;
primarily the Market Abuse Directive,25 Prospectus Directive26 and Transparency Directive.27
22 ISSA (n 2), 5. Emphasis added. 23 Joint Stock Companies Act 1844 s 4. 24 MS Rix, ‘Company Law: 1844 and Today’, (1945) 55 (218/219) The Economic Journal 252, 247-248. 25 Directive 2014/57/EU of the European Parliament and of the Council of 16 April 2014 on criminal sanctions for market abuse [2014] OJ L 173/179. 26 Directive 2003/71/EC of the European Parliament and of the Council of 4 November 2003 on the prospectus to be published when securities are offered to the public or admitted to trading and amending Directive 2001/34/EC [2003] OJ L 345/64. 27 Directive 2013/50/EU of the European Parliament and of the Council of 22 October 2013 amending Directive 2004/109/EC of the European Parliament and of the Council on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market, Directive 2003/71/EC of the European Parliament and of the Council on the prospectus to be published when securities are offered to the public or admitted to trading and Commission Directive 2007/14/EC laying down detailed rules for the implementation of certain provisions of Directive 2004/109/EC [2013] OJ L 294/13.
114
These are implemented in the UK mostly through amendments to the Financial Services and
Markets Act 2000 and three sets of rules made pursuant to those amendments28 which fall
within the regulatory remit of the FCA. Of most present relevance is the criteria to be applied
by the FCA when approving a prospectus: whether it includes the necessary information to
enable investors to make an informed assessment of the “assets and liabilities, financial
position, profits and losses, and prospects of the issuer of the transferable securities and of
any guarantor.”29
Fraud and dishonesty in the secondary markets have an even longer history of attracting
legislative concern. On 25 November 1696, one Mr Blathwaite, of the Royal Commission
appointed to oversee trade, reported to the House of Commons on the danger of unlicensed
stock-brokers, known as stock-jobbers:
The pernicious Art of Stock-jobbing hath, of late, so wholly perverted the End and
Design of Companies and Corporations, erected for the introducing, or carrying
on, of Manufactures, to the private Profit of the first Projectors, that the Privileges
granted to them have, commonly, been made no other Use of, by the First
Procurers and Subscribers, but to sell again, with Advantage, to ignorant Men,
drawn in by the Reputation, falsly [sic] raised, and artfully spread, concerning the
thriving State of their Stock: Thus the first Undertakers, getting quit of the
Company, by selling their Shares for much more than they are really worth.30
Such concerns led to the enactment in 1687 of the ‘Act To Restrain the number and ill Practice
of Brokers and Stock-Jobbers.’ 31 This imposed registration requirements, caps on
registrations, admission fees, bonds, fines for unlicensed brokers and all who knowingly used
their services, and the requirement to record all trades in a register.32 The Act was a popular
statute; extended for a further eight years beyond its original intended expiry in 1700.33
28 The Listing Rules, Prospectus Rules, and the Disclosure and Transparency Rules are colloquially known collectively as the LPDP Rules. 29 Financial Services and Markets Act 2000 s 87A. Emphasis added. 30Journal of the House of Commons, (25 November 1696) 11 House of Commons Journal: 25 1693-1697 (London, 1803), 593-598. British History Online < http://www.british-history.ac.uk/commons-jrnl/vol11/pp593-598 > accessed 5 April 2019. 31 8 and 9 Wm III, c. 32. 32 SR Cope, ‘The Stock Exchange Revisited: a New Look at the Market in Securities in London in the Eighteenth Century,’ [1978] 45 (117) Economica, New Series 1, 2. 33 Cope (n 32), 2-3.
115
More recently, trust between traders inter se in the secondary markets was considered by the
Court of Appeal in W Nagel (a Firm) v Pluczenik Diamond Company NV.34 In respect of the
nature of an exchange, Leggatt LJ (with whom the other members of the Court agreed) said
this:
I am unable to agree with the judge [below] that an exchange in its historical and
commercial sense is simply a place for sales to take place. No one, for example,
would reasonably describe a supermarket as an exchange. Nor are the facts that
the class of persons able to buy is restricted and the process of selling regulated
sufficient to make a place where sales take place an exchange. An auction house,
for example, where only people who satisfy specified criteria are permitted to bid
and where sales are conducted in accordance with the auctioneer's rules would
not be regarded in the commercial world as an exchange. The nature of an
‘exchange” as I believe the term would generally be understood, is a place where
trading takes place among members of the exchange and subject to its rules.35
Such trading on an exchange was further found to be:
…of a nature where the identity of a counterparty is largely irrelevant. Sales are
made to whoever is able and willing to pay the agreed price. Considerations of
customer or supplier loyalty and goodwill are of little or no significance. Indeed,
the rules of an exchange are usually intended to promote this by providing
confidence that any contract made between members of the exchange will be
honoured.36
Thus, the exchange functions as a convenient solution to the problem that traders cannot trust
each other to perform their obligations without incurring significant tasks in due diligence.
Hence, rather than each trader having to form an opinion on every counterparty to a trade
individually, all traders agree to trust the rules of the exchange in a quasi-Hobbesian social
contract.
34 [2018] EWCA Civ 2640. 35 W Nagel (a Firm) (n 34), [76]. Emphasis added. 36 W Nagel (a Firm) (n 34), [80]. Emphasis added.
116
CCPs, on the other hand, are a more recent development, and are less concerned with fraud
and dishonesty but simply with the fact of potential failure of the obligor to perform. Standing
between parties to a trade through novation, clearing through a CCP promotes further trust
and confidence that a contract will be honoured by minimising general counter-party risk once
a trade has been agreed. In the EU, following the G20 Pittsburgh recommendations in 2008,37
use of a CCP is mandatory for OTC derivatives38 which, as privately negotiated contracts, are
recognised as “creat[ing] a complex web of interdependence which can make it difficult to
identify the nature and level of risks involved.”39 Here, however, the role of the intermediary
strays somewhat into macro-economics and systemic risk.
In the present context of ownership rights in financial assets, no intermediary holds as
significant a role as the custodian. Global custody traditionally provided “a service whereby a financial institution assumes responsibility for the safekeeping and administration of its client’s international portfolio,” 40 and was typically associated with the needs of large institutional investors. Unable to access, or it being impractical to access, local facilities in each jurisdiction in which it held assets, institutional investors delegated to global custodians core safekeeping, settlement, and basic, customary services such as foreign exchange. As noted in Part 2.2.2, since the shifts to issuing securities in dematerialised and immobilised
form, custodians are no longer an optional measure for those who wish to delegate the
burdens of asset administration, but a necessary feature of modern securities ownership.41
Investors, whether they wish to or not, are obliged to hold securities indirectly through a
custodian or some other account holder of the CSD. In addition, with the rise of more complex investment products and fragmentation of functions in the capital markets, custodians have taken on a new role in mitigating the conflicts of interest which arise when one party instructs and authorises another to take active strategic control and management of the first party’s financial assets. In this context, custody is recognised as “making money
safe, because a custodian separates exchanging the asset from holding the asset and
37 Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties and trade repositories [2012] OJ L 201/1 (‘EMIR’), Recital 5. 38 EMIR (n 37), Art 4(3). 39 EMIR (n 37), Recital 4 40 M Yates and G Montagu, The Law of Global Custody: Legal Risk Management in Securities Investment and Collateral (4th ed, 2013, Bloomsbury), [1.1]. 41 Part 2.2.2 fn 64 and text at 16 above.
117
distributes responsibility across different parties.”42 Thus, in the EU, fund managers are required to appoint an independent depository to hold fund assets for safekeeping43 using specified methods44 on behalf of the fund and its investors. Depositories are also themselves subject to liability to the fund investors and third parties for any loss of financial assets held in custody.45 Similar provisions are in force in the US under the Investment Companies Act 1940.46 Of the various custodian entities, the Common Depository/International Central Securities Depository pair, and Central Securities Depository (‘CSD’), are of particular significance due to their position as top-tier intermediaries in the current system of securities ownership. Practices adopted – or DLT-enabled removals – at this level necessarily have consequences for those entities lower down in the chain, such as sub-custodians and the ultimate investor and economic creditor. The broader case for and against removing the CSD and replacing it with DLT will therefore be considered.
4.3.1. The Role of a CSD
CSDs perform a number of key functions in the financial markets infrastructure. In the EU,
the Central Securities Depositories Regulation (‘CSDR’) recognises three core functions of a
CSD: (i) the initial recording of securities in a book-entry system (the ‘notary service’); (ii)
providing and maintaining securities accounts at the top tier level (the ‘central maintenance
service’); (iii) operating a securities settlement system (the ‘settlement service’).47 Thus:
42 R Verderosa, in J Watkins, Custody’s Big Moment: Cryptocurrency Custody,’ (Global Custodian Summer 2018 ), 31. 43 Directive 2014/91/EU of the European Parliament and of the Council of 23 July 2014 amending Directive 2009/65/EC on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) as regards depositary functions, remuneration policies and sanctions [2014] OJ L 257/186 (‘UCITS V’), Art 22(1); Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No 1095/2010 [2011] OJ L 174/1 (‘AIFMD’) Art 21(4) and (10). 44 UCITS V (n 43), Art 22(5); AIFMD (n 43) Art 21(8). 45 UCITS V (n 43), Art 24; AIFMD (n 43), Art 21(12)-(15). 46 SEC Rule 17f-4 [17 CFR 270.17f-4] under the Investment Companies Act 1940 15 USC §§ 80a-1–80a-64. 47 Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 [2014] OJ L 257/1 (‘CSDR’), Annex, Part A.
118
Taking into account different business models, a CSD should be defined by
reference to certain core services, which consist of settlement, implying the
operation of a securities settlement system, notary and central securities accounts
maintenance services. A CSD should at least operate a securities settlement
system and provide one other core service.48
The rationale for these requirements is then set out by reference to the main role played
by a CSD:
This combination is essential for CSDs to play their role in securities settlement
and in ensuring the integrity of a securities issue.49
The CSDR also prescribes that CSDs provide for book-entry method of settlement and
ownership, requiring issuers established in the EU or who have issued transferrable securities
to trading venues to “arrange for such securities to be represented in book-entry form.” 50
Once admitted to trading venues, book-entry form in a central securities depository is required
to enable settlement.51
4.3.2. Settlement Finality
One significant property issue to which the ISSA draws attention is settlement finality; the point
at which a buyer becomes legally the owner of any securities purchased and the seller
becomes owner of the purchase price in cash. Under the CSDR, 52 the point of settlement
finality is a construct left to CSDs to define; the only requirement is that they do so in
accordance with the Settlement Finality Directive (‘SFD’).
48 CSDR (n 47), Recital 26. Dermot Turing argues that these core functions of a CSD can be reduced substantively to only two: the “root-of-title function” and the ‘settlement function’: “The root-of-title function is a combination of the notary and safekeeping roles described, but it is misleading to suggest that these could be split apart. The issuer-facing aspect of maintaining the integrity of the issue, described as the ‘notary function’ is inseparable from safekeeping in the sense of providing a register of entitlement to the securities credited to accounts of CSD participants. Another safekeeping function may be the physical holding of a document, for example where title to the securities depends on it nut in such a case this is also a necessary component of the root of title role, and not somehow to be treated as separate”, D Turing, Clearing and Settlement (2nd ed, Bloomsbury Professional 2016), [2.17]. 49 CSDR (n 47), Recital 26. Emphasis added. 50 CSDR (n 47), Art 3 (1). 51 CSDR (n 47), Art 3(2). 52 CSDR (n 47), Art 39(2).
119
Enacted at a time when cross-border transactions were increasing, the SFD recognised that,
after a certain point, insolvency proceedings should not have a retroactive effect on the rights
and obligations of participants in a securities settlement system 53 which arise when a
participant instructs the settlement system to transfer some of its assets to another. Such
instructions are known in the SFD as ‘transfer orders’ and cannot be revoked after a point in
time defined by the settlement system.54 Such prohibition is effective even in insolvency;
transfer orders and netting provisions remain legally enforceable and binding so long as they
were entered into the settlement system before the opening of the insolvency proceedings.55
Thus, participants of a CSD settlement system benefit from the legal certainty that, after a pre-
defined point following the giving of a transfer order, the seller owns the purchase price in cash
and the buyer owns the securities.
It is worth noting that the SFD does not prescribe the point at which CSDs are to treat a transfer
order as irrevocably ‘entered’ into the system; rather, a CSD is merely to “define the moment
of entry of a transfer order into a system” in its rules of operation, with due regard to any
applicable conditions laid down in national law.56 The point at which settlement becomes
legally binding is, thus, merely a construct and, in theory, could apply to any point in the
clearing process. By contrast, the ISSA points out that settlement on a non-permissioned
blockchain is problematic because “settlement is not final but probabilistic: it simply becomes
more final the more times the transaction is committed to the ledger.”57 The ISSA further cites
several potential obstacles to consensus as to any given transaction and its inclusion on the
blockchain: forks, Sibil attacks, failure of consensus conditions such as voting by majority,
cheating, or delay due to network latency.58
Though compelling as a proposition, it is submitted that consensus failure or the fact that
settlement is “not final but only probabilistic” should not necessarily be considered an obstacle
53 Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement finality in payment and securities settlement systems [1998] OJ L 166/45 (‘SFD’) Recital 16. 54 SFD (n 53), Art 5. 55 SFD (n 53), Art 3. Judicial proceedings are defined in Art 6.1 as which is defined as the moment when the relevant administrative of judicial authority hands down its decision as to the insolvency petition. 56 SFD (n 53), Art 3(3). 57 ISSA (n 2), 19. 58 ISSA, ‘Distributed Ledger Technology: Principles for Industry-Wide Acceptance’ (June 2018), 34 < https://www.issanet.org/e/pdf/2018-06_ISSA_DLT_report_version_1.0.pdf > accessed 28 October 2018.
120
to settlement finality. Bitcoin may be an unpermissioned network, however, there is already
an agreed ‘construct’ as to the point of settlement finality: a transaction is in practical terms
and by convention considered irrevocable after six confirmations, which takes into account
any potential delays. For example, simple forks, which typically occur when two winning
blocks are near-simultaneously propagated when extending the blockchain, are relatively
common and unproblematic: the fork is typically resolved within one block, with any
transactions on the orphan block released into the mempool to be included in the next block.59
Deliberate fraud and 51% attacks, although attracting more serious consequences, are less
likely to occur given the extent to which it is computationally infeasible after six blocks to
reverse a transaction committed to the blockchain. As the network’s hashing power continues
to grow, Mr Antonopolous states that a malicious attack now would require “enormous
investment and covert planning” by a “well-funded, most likely state-sponsored, attacker.”60
Amongst the Bitcoin community, therefore, the conventional advice is that: one confirmation
suffices for small payments less than US$1,000; 3 confirmations suffice for payments
US$1,000-$10,00; 6 confirmations are sufficient for US$10,000-$1,000,000; 60 confirmations
suggested for payments greater than $1,000,000 (although less would probably still be safe).
Crucially, most exchanges require users to wait 3 confirmations before Bitcoin can be spent.61
Given that settlement finality under the SFD and CSDR is a construct determined by the CSD
upon which all settlement participants agree, it is submitted there is no reason why settlement
finality based on convention and probability should be any less valid in law. This is all the
more so, given that in both cases, challenges to settlement finality are resolved in the same
way.
The CSDR expressly recognises that the SFD should not prevent participants or third parties
from pursuing remedies to which they may be entitled in law in respect of transfer orders which
have been entered into a settlement system.62 Pursuing such claims, which may sound in
fraud or merely arise from technical error, is not hampered by the operation of the SFD insofar
as the transfer order is not revoked nor netting unwound. In practice, the remedy thus sought
59 A Antonopoulos, Mastering Bitcoin: Programming the Open Blockchain (2nd ed, O’Reilly Media 2017), 468. 60 Antonopoulos (n 59), 256. 61 Buy Bitcoin Worldwide Website < https://www.buybitcoinworldwide.com/confirmations/ > accessed 4 April 2019. 62 SFD (n 53), Recital 13; CSDR (n 47) Recital 43.
121
will most likely be satisfied by the coercive power of the court over the defendant, probably in
the form of an order requiring him effect a new transfer in compensation to reverse not the
transaction itself, but its effect. This is not technically revocation of a transfer order entered
into a settlement system nor rectification; to this extent, a CSD’s book-entry records is just as
immutable as a blockchain as a matter of law, if not as a matter of fact.
By parallel in the Bitcoin network, if Alice wished to challenge a transaction and the related
security of ownership over some chunk of UTXO currently attributed to Bob’s public address,
or Alice’s transaction is rejected by the mining nodes, thereby depriving Bob in both cases of
the benefit and security of settlement finality, such challenge to the blockchain would most
likely not involve any right to rectification of the blockchain itself. Rather, and as with the
CSDR, the likely remedy is for Alice to apply to the courts to compel Bob to reverse the effect
of the transaction by means of a new transaction altogether. The only difference with a public
blockchain is the difficulty of obtaining a court order for the new transaction in satisfaction of
whatever remedy is sought against a pseudo-anonymous defendant.
On the other hand, where Bob is deprived of settlement finality due to a 51% attack, it is
submitted that it is not appropriate to treat such risk as a characteristic of any particular
clearing technique or method of settlement. Rather, such risk represents a fundamental
breakdown in the system itself, comparable to a targeted and malicious attack on the software
underpinning a CSD’s settlement systems or into a custodian’s vaults. The argument that a
public blockchain cannot be considered as enabling settlement finality because there is the
chance of 51% attack is, it is respectfully submitted, akin to arguing that settlement by
Euroclear’s system is not final, but merely probabilistic, because there is a chance that
Euroclear’s IT systems could be hacked, or that custody of assets in the vaults of the Bank of
New York Mellon is not secure, but only probably secure, because thieves could break in. It is
submitted that comparing the potential for a 51% attack to a simple technical error in the
settlement process is neither fair nor accurate.
To some extent, these issues are largely theoretical given that ISSA’s concerns regarding
probabilistic settlement finality is expressly limited to unpermissioned networks. The ISSA
itself recognises that the role of a CSD in a DLT-oriented financial markets infrastructure will
be limited to permissioned networks,63 and in such networks, these issues simply do not arise.
63 ISSA (n 2), 8.
122
A DLT-based CSD will be free – if not required by the CSDR – to define authoritatively the
moment of finality in this novel method of clearing and settlement. All participants will be
identified and subject to admission criteria, thereby facilitating the identification of a potential
defendant. Although, therefore, the nature of a permissioned network resolves the problem
of pseudo-anonymity associated with public networks, the hierarchies inherent in
permissioned networks raise other issues.
4.3.3. Double Issuance
If settlement finality under the settlement function of a CSD operates so as to promote certainty
and trust between traders inter se, the notary function significantly enhances the trust between
the issuer and investor; described as an “essential tool to control the integrity of an issue,
hindering the undue creation or reduction of issued securities.”64 To this end, CSDs are
required to conduct reconciliation measures, at least daily, to verify that the number of
securities constituting a securities issue submitted to it is equal to the sum of securities
recorded on the securities or owner accounts of the participants of the securities settlement
system operated by or maintained by the CSD.65 Unlike lower-tier custodians, CSDs are
prohibited from securities overdrafts, debit balances or securities creation in a securities
settlement system operated by a CSD.66
Such notary protections are absent in direct issuer-investor models, and the ISSA argues that
this is one area in which the existing market infrastructure can be usefully adapted for the
crypto market.67 Given that CSDs already guarantee the “integrity” of a securities issue by
“making it difficult for issuers or third parties to damage the interests of investors by creating
additional securities or reducing the number of securities in circulation,” CSDs can adapt this
function to “obviate the “double issuance” risk in ICOs by matching the number of tokens in
issue with the number of tokens held in the accounts on the distributed ledger.”68
This however assumes that double issuance is indeed a risk - or even a possibility - within the
networks which underpin tokens issued on a blockchain. Bitcoin itself was designed to
eliminate the ‘double-spend’ problem and is pre-programmed to simulate diminishing returns
64 CSDR (n 47), Recital 2. 65 CSDR (n 47), Art 37(1). 66 CSDR (n 47), Art 37(3). 67 ISSA (n 2), 17. 68 ISSA (n 2), 17.
123
in respect of mineable new Bitcoins, which is capped at 21 million.69 Thus, the maximum
amount of new Bitcoins mined with each new block halves every 210,000 blocks
(approximately every four years); by some time in 2140, therefore, no new Bitcoins will be
created by miners who will, from that point, be incentivised by transaction fees only.70 Within
the Bitcoin network, double-issuance of Bitcoin is, therefore, impossible. In respect of
Ethereum, no cap exists, however, the total supply of Ether and its rate of issuance was fixed
by reference to its 2014 pre-sale figures: 60,000,000 Ether created for contributors to the pre-
sale; 12,000,000 created as a development fund; and the annual issuance capped at
18,000,000 per year.71
Bitcoin and Ether are, however, first and foremost a cryptocurrency and utility token and,
therefore, unlikely to be used for tokenising traditional financial assets. The notary services
of a CSD are therefore irrelevant in this context. Bitcoin coloured coins and Ethereum tokens
are more directly on point, however, in these cases, any alteration to the set of coloured coins
or of the ECR20 tokens will be visible as a recorded change in state. In both the LuxDeco-
Nivaura and Overstock-tØ issues, anyone can verify the internal records of the relevant
systems against the public blockchain.72 In this regard, the LuxDeco-Nivaura model provides
the more security, given it relies on the public network as the definitive ledger, whereas the
Overstock-tØ issue relies on its own proprietary ledger, which is broadcast to the Bitcoin
network. In both cases, however, public visibility of changes in state significantly reduces the
risk of double issuance or some other form of manipulation of an issue; transparency acts as
a broader deterrent for dishonest issuers. As with any deterrent, however, the risk is not
entirely eliminated and is particularly heightened where there is significant potential for
conflicts of interest between the issuer and software developer, or operator of the network.
69 Antonopoulos (n 59), 473. 70 Antonopoulos (n 59), 473 et seq. 71 On 1 April 2018 Ethereum founder, Vitalik Buterin, posed the question of whether a cap of 120,204,432, “or exactly 2x the amount of Ether” sold in the 2014 sale, should be implemented in a forthcoming software change. To date, no such cap has been imposed. Ethereum Github Website < https://github.com/ethereum/EIPs/issues/960 > accessed 18 June 2019. 72 Overstock Inc, Prospectus dated 9 December 2015 (Filed 11 December 2015), 36 < http://investors.overstock.com/static-files/aeb7115e-cc0c-482a-9f44-69eade872e53 > last accessed 4 June 2019. In the case of LuxDeco, this is implicit in using the blockchain as the definitive register.
124
4.3.4. Conflicts of Interest
The ISSA takes the position that, in permissioned networks, the questions of “who is admitted
to a network, who has access to which information on the network and how the activity of the
network is policed”73 raises governance issues in that:
…there is no separation between the entity responsible for establishing and
monitoring the rules by which the network on which the crypto-assets are issued
and traded are run and the operation of the network itself. In most cases, the roles
of network governor and network operator are fulfilled by the same entity. This
creates a conflict of interest.74
Going one step further, where issuers are directly involved and hold commercial interests in
developing and operating permissioned networks for the issue of their own securities, there is
a further dimension to and exacerbation of the original problem of fraud or dishonesty on the
part of an issuer when making its promises to potential investors. It is submitted that this is
one key assumption which a direct, peer-to-peer trading environment of the type Mr Lubin
envisions appears to overlook: whether an investor is actually able to trust the issuer, not
merely on its initial promises, but also into the future in performance of those promises.
Although both the Nivaura and ProSecurities platforms are ultimately based on a public
network and both enable independent verification of holdings, both cases do reflect some of
the ISSA’s concerns. In the case of Nivaura, the conflict-of-interests risk is arguably mitigated
by the fact that the developer and licensor of the system, Nivaura, is distinct from LuxDeco as
the issuer, and independent Custodians will be used outside the sandbox context to reconcile
internal records of the Nivaura platform with the underlying public blockchain. Given the clear
division of responsibilities between issuer and operator, at the very least, active collusion
would be required for the manipulation of issues.
The Overstock issue, however, is more problematic due to the close links between the issuer,
developer of the software, and the operator of the trading venue; investors simply have no
guarantee that the software itself can trusted as having been programmed not to manipulate
73 ISSA (n 2), 8. 74 ISSA (n 2),15.
125
holdings or, if having been programmed honestly at issue, will not later be manipulated. This
is significant, given the way in which the Pro Securities ATS software interacts with the Bitcoin
network: essentially, it generates the necessary trading information on the tØ software, which
is embedded into a Bitcoin transaction. Although the proprietary ledger can be verified against
the blockchain, this is presumably not much use unless investors can trust the initial data
generated and broadcast to the network. Coupled with the facts that (i) Overstock and its
close subsidiary Pro Securities LLC both hold private keys where the investors themselves do
not; and (ii) the tZERO group relies heavily on Overstock for funding, the risks of conflicts of
interest and dishonesty are significant to such an extent that it is not easy to dismiss the risks
inherent in issuers being too closely connected with the developers and operators of a DLT-
based network designed for their own securities.
4.3.5. Conclusions
The ISSA’s ultimate conclusion is that, given the inherent nature of risk in the financial
markets, the market infrastructure exists, has always existed, and can continue to exist to
create “a safe and efficient environment for companies to issue, investors to invest,
marketplaces to provide facilities for trading and financial intermediaries to service these
assets for their customers.”75 Whilst, therefore, the “market infrastructure roles and pieces of
infrastructure in support of crypto-assets are likely to be different from those in today’s
securities markets, ultimately they will seek the same objective.”76 Thus, for the ISSA, the
provision of these new kinds of market infrastructure in support of crypto assets fall ‘naturally’
within the remit of existing infrastructure entities.77 The European Securities and Markets
Authority (‘ESMA’) is of a similar view:
Importantly, ESMA sees as unlikely for DLT to eliminate the need for financial
market infrastructures, such as Central Counterparties (‘CCPs’) and Central
Securities Depositories (‘CSDs’). Yet, ESMA realises that DLT may render some
processes redundant or change the role of certain intermediaries through time. On
the one hand, some regulatory requirements could become less relevant, while,
75 ISSA (n 2), 5. 76 ISSA (n 2), 5. 77 ISSA (n 2), 5.
126
on the other hand, additional requirements may be needed to mitigate emerging
risks.78
It is submitted that, although many of the risks identified by the ISSA in a DLT-enabled market
infrastructure are not in fact problematic, the argument for an independent operator of
permissioned networks for DLT-based securities issues is convincing and should be
endorsed. This is due to the specific nature of trust inherent in a financial asset and its
potential for conflicts of interest. It is further submitted that, in agreement again with the ISSA’s
position, such a role for an independent operator falls within the natural remit of existing market
infrastructure entities, which have already earned the trust of the market. For example,
custodian entities are long accustomed to operating as one of the most “heavily scrutinised
parts of the financial sector”79 and have developed a demonstrable record for trustworthiness.
In the words of Jonathan Watkins:
Custodian banking is yet to break into Hollywood as the subject matter of a feature
film. Investment banking, hedge funds, and derivative trading have all secured
star roles over the years, where there was even a steamy bathtub scene for
mortgage-backed securities in The Big Short. For custodians though – as the
infamously un-sexy side of banking – staying out of storylines like these is part of
the business. Safety, security, and discreetness [sic] is in the DNA of a custodian
bank whose job it is to protect assets. 80
The trust instilled by custodians in traders is reflected in the wider industry, particularly at sub-
custodian level. For many industry commentators, the continued reluctance of institutional investors to enter the crypto asset market stems from the continued reluctance of established custodian entities to hold these assets in custody.81 Crypto exchanges offering custody services for private keys may well be acceptable for hedge funds and other investors with a high risk profile which fall outside regulatory oversight. However, for regulated fund managers, who have to consider compliance as well as “justify moves” to their own investors,
78 European Securities and Markets Authority, ‘The Distributed Ledger Technology Applied to Securities Markets,’ (7 February 2017), 2 < https://www.esma.europa.eu/sites/default/files/library/dlt_report_-_esma50-1121423017-285.pdf > accessd 5 January 2018. 79 Watkins (n 42), 32. 80 Watkins (n 42), 30. 81 Watkins (n 42), 30.
127
it has been argued that “an established name such as Nomura or State Street would ease safety concerns with a bank guaranteeing asset administration and fund management services.”82 Thus, the issue has been reported to be that exchange-based custodians simply do not provide institutional investors with “the security and big-name assurance which traditional custodians provide for traditional assets.”83
It is submitted that such security and assurance is simply beyond the scope of cryptographic
proofs. Hence, DLT is unlikely to be ever be a substitute for the trust which underpins the
forward-looking nature of a promise by one person to do something in a future; this, from a
human perspective, will always require some degree of faith. It does not seem likely,
therefore, that the financial markets, its infrastructure, and the laws which govern it will ever
be wholly replaced by DLT, not unless investors are willing to take the full commercial risk of
every issuer and every counterparty with whom it may wish to trade, or manage every aspect
of asset ownership individually. Such individual responsibility on the part of investors has
been demonstrated as highly unlikely and, to this extent, is incompatible with a truly peer-to-
peer decentralised financial markets infrastructure.
82 Watkins (n 42), 31. 83 Watkins (n 42), 30.
128
4.4. Top-Tier Intermediaries
Higher up in the chain of intermediaries, one ‘big-name’ entity adapting to the crypto challenge
is the Australian Securities Exchange (‘ASX’). In June 2016, the ASX made global headlines
with the announcement it was exploring a DLT solution for its plans to replace its post-trade
platform for equities, the Clearing House Electronic Subregister System (‘CHESS’). Having
selected Digital Asset LLC, a fintech company, as its technical collaborator to test whether
DLT could plausibly underpin a post-trade platform, in December 2017 the decision to proceed
with a DLT solution was announced. This has been hailed as the “world's first industrial-scale
blockchain-based system for use in financial services.”1
CHESS has been in operation since 1994 and enabled a fully dematerialised system of share
ownership in the Australian equities market. CHESS performs two main functions: (i)
maintaining an electronic sub-register for shares in listed companies; and (ii) clearing and
settlement of trades in registered shares. CHESS is, therefore, not a CSD or depository
holding bearer securities on behalf of owners, but is a title register and settlement system.
The difference is significant, because this means CHESS participants are registered legal
titleholder to the securities recorded in their accounts. As such, the DLT-enabled advantage
of investors holding title directly, as demonstrated in the Nivaura and tØ platforms, is unlikely
to be much of an improvement upon the current position in CHESS. On the other hand, there
are many similarities between CHESS and a CSD: (i) most CHESS holdings are intermediated
by use of nominees and custodians; (ii) the settlement functions are common to both CHESS
and a CSD; and (iii) a CSD also operates as a root-of-title register. Furthermore, it has been
said that the distinction between bearer and registered securities now has, in reality, little
practical effect, given that the ‘overwhelming’ majority of issues are held indirectly through the
international clearing systems.2 The ASX DLT solution is, therefore, the most useful case
study for an analysis of applications of DLT at the second level of the financial markets
infrastructure to be examined in this paper: from the top-tier intermediary down.
4.4.1. The ASX’s CHESS
Share registration in CHESS is currently structured as two sub-registers: the CHESS sub-
register, which is maintained by ASX Settlement; and an Issuer Sponsored sub-register, which
1 A Barbaschow, ‘Here’s What to Expect from ASX’s Blockchain-Based CHESS Replacement’ (ZDNet, 25 October 2018) < https://www.zdnet.com/article/heres-what-to-expect-from-asxs-blockchain-based-chess-replacement/ > accessed 19 June 2019. 2 G Fuller, The Law and Practice of International Capital Markets (3rd ed, 2012, LexisNexis), [1.109].
129
is maintained by or on behalf of the company issuing the shares.3 The two sub-registers
cumulatively constitute the principal register4 which all listed companies are required to
maintain under s 169 of the Australian Corporations Act 2001. A certificated share sub-
register is also maintained for certain classes of securities ineligible for the Issuer Sponsored
and CHESS sub-registers.5
Registration on the CHESS sub-register requires sponsorship by an authorised CHESS
participant, usually a stockbroker, their settlement agent, custodian, or trustee, who is
authorised to operate shareholdings on the owner’s behalf pursuant to a sponsorship
agreement.6 Legal title remains with the shareholder throughout, who is identified in the
CHESS sub-register by means of a Holder Identification Number (‘HIN’) allocated by ASX
Settlement.7 In the absence of a sponsorship agreement with an authorised participant, share
ownership is registered on the Issuer Sponsored sub-register by default. Each holding is
identified by a unique Security-holder Reference Number (‘SRN’) which is allocated by the
relevant issuer.8
The clearing and settlement process is roughly as follows: trades executed on an Authorised
Market Operator (for equities, currently ASX Limited and Chi-X Australia) are first registered
with CHESS, then effected by novation with ASX Clear as CCP. On the evening of Trade
Date (‘T’), ASX Clear generally replaces all eligible novated settlements with one net
settlement per settlement date, per participant, and per security,9 which occurs on DvP Model
3.10 The obligations of the trading counterparties to deliver the securities and pay for them in
cash fall due on the second business day after the trade is agreed (i.e., on the T+2 basis).11
Title to the securities, as reflected in the share registries, are then simultaneously transferred
with the cash purchase price, via an interface with the Reserve Bank of Australia, the
Australian central bank.
3 ASX, ‘CHESS: Clearing House Electronic Subregister System’ (2011), 3 < https://www.asx.com.au/documents/research/chess_brochure.pdf > accessed 30 September 2018. 4 Securities Registrars Association Website, < http://sraa.asn.au/introduction-to-chess.html > accessed 4 April 2019. 5 Ibid. 6 ASX (n 3), 4. 7 ASX (n 3), 4. 8 ASX (n 3), 4. 9 ASX, ‘CHESS Replacement: New Scope and Implementation Plan’ (Consultation Paper, April 2018), [1.1.1] < https://www.asx.com.au/documents/public-consultations/chess-replacement-new-scope-and-implementation-plan.pdf > accessed 27 June 2018. 10 Reserve Bank of Australia, ‘Review of Settlement Practices for Australian Equities’ (May 2008) < https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/clearing-and-settlement-facilities/consultations/review-practices/ > accessed 30 September 2018. 11 ASX (n 9), [1.1.2].
130
The title element of settlement occurs on the CHESS sub-register, irrespective of which sub-
register a share is registered. Where an investor has opted for registration on the CHESS sub-
register, their sponsor will execute trades on their behalf upon instructions and pursuant to the
terms set out in their sponsorship agreement.12 Where an investor has registered shares on
the Issuer Sponsored sub-register, a broker must be engaged to convert that holding to the
CHESS sub-register before the trade can be settled.13 Investors are then notified of changes
to their shareholdings by means of a holding statement in hard copy, which is mailed to their
registered address. Depending on which sub-register the holding has been registered, this
will be sent by either ASX Settlement, or by the relevant company.14
4.4.2. The ASX-Digital Asset DLT Solution
The scope of the DLT solution was defined at the end of 2017 after extensive public
consultations, engagement with issuers, meetings between the ASX’s Technical Committee
and Business Committee, six ASX-convened Working Groups, and regulatory engagement.15
Approximately 70-80 percent of the functions currently performed by CHESS were identified
as appropriate for migration into the DLT solution, with more specific changes to be delivered
through approximately 50 business requirements.16
For present purposes, the changes to account information are of particular interest: the
introduction of a Common Investor Number (‘CIN’) for both the CHESS and Issuer Sponsored
sub-registers, to be allocated and used in addition to HINs and SRNs.17 This is intended to
be used “to generate a consolidated portfolio view of holdings in which a client has an
economic interest based on a CIN specific to that client.”18 It is expected that such CIN will
be of particular value for investors not registered on the sub-register with a HIN or SRN, but
hold indirectly in the name of a settlement participant holding for multiple clients. Such
participants include nominee companies, trustee entities, and self-managed pension funds.
12 ASX (n 3), 5. 13 ASX (n 3), 5. 14 ASX (n 3), 5. 15 ASX (n 9), [1.3.1]; 5. 16 ASX (n 9), 5. 17 ASX (n 9), [2.2.1]. 18 ASX (n 9), [2.2.1].
131
Table 1. Scope of the Clearing and Settlement Software Build, identified as at 201719
Participant and
security definition The creation and maintenance of the legal entities required to facilitate the
activities of a clearing and settlement system.
Trade registration The ability to accept, register and confirm trades from market operators.
Pre-settlement
netting The netting of all market trades in each security per participant under model 3
DvP settlement.
Settlement Implementation of the settlement algorithm and DvP settlement of novated and
non-novated transactions.
Corporate actions The creation of any relevant cum entitlement balances, their management and
any consequential changes to investor holdings.
Although the CIN would increase the investors’ control over their own assets, there is some
indication that investors will continue to delegate such control to trusted intermediaries.
Although the Account Structures and Participant Models Working Group endorsed the
proposal of CINs on the basis that it will “increase timely transparency of ownership and control
of securities,”20 it also specifically requested that the new system have flexibility to “support
and enhance the current omnibus/custody model.”21 It is worth noting also that the CIN is
intended as an enhancement for investors in generating a consolidated portfolio view of
holdings across sub-registers and holding structures; it will not necessarily enhance access
to the value of the financial asset in the performance of the issuers’ obligations through direct
remittance of payments.
This is to be contrasted with the intention to enable ‘additional investor information’ (‘AII’) to
be entered on settlement accounts to “streamline” the processing of corporate action for
nominee holdings.22 Settlement accounts currently record only the registered holder’s
details,23 so it is expected that AII could be useful for issuers wishing to extend corporate
actions to shareholders who are not registered on CHESS directly, but indirectly through a
nominee company holding as custodian. For example, when the issuer decides to extend a
share purchase plan (‘SPP’), the nominee could make the AII available to the issuer’s registry
19 ASX (n 9), [1.2.1]. 20 ASX (n 9), [2.2.1]. 21 ASX (n 9), [2.2.1]. 22 ASX (n 9), [2.2.2]. 23 ASX (n 9), [2.2.2] fn 5 and text at 18.
132
so that the size of the SPP allocated to it can be determined by reference to the number of
shares the nominee actually holds on behalf of its beneficiaries.24 It is expected that the AII
will, thus, result in greater efficiency. The Account Structures and Participant Models Working
Group endorsed the proposal for AII on the same basis as it did for CINs, as well for its
potential to enhance SPPs.25
As with CINs, AII would not necessarily provide beneficial owners holding through an
intermediary with the certainty of ownership associated with legal title. Given that the ASX
anticipates that the implementation of AII will require further consideration of the consequent
privacy implications, it does not appear that AII will be entered directly on the sub-registers
themselves. The recording and storage of AII, however, as opposed to provision ad hoc, may
require reconsideration of what is formally recognised as ‘the official title register’ and how the
interest represented by registration should be characterised. This seems particularly relevant,
given that the ASX anticipates potential changes to certain regulatory requirements and
broader legislative amendments to facilitate AII.26
Under the current ASX Settlement Operating Rule 8.10.3, the ASX need not recognise any
interest or right in respect of a financial product other than the absolute right of legal ownership
by the registered holder. Furthermore, the Australian Corporations Act 2001 expressly
prohibits any notice of trust, whether express, implied or constructive, being entered on a
register, other than in limited circumstances, such as trustees on death, incapacity or
bankruptcy of shareholder or with company’s consent.27 Such provisions are common in title
registries in jurisdictions where trusts are recognised; the UK Companies Act 2006 provides
that “no notice of any trust, expressed, implied or constructive, shall be entered on the register
of members of a company registered in England and Wales or Northern Ireland, or be
receivable by the registrar.”28
Though not explicitly stated, it appears that such provisions derive from the ‘curtain principle’
first enunciated in the Australian ‘Torrens’ system of land registration, which has now spread
across much of the common law world. Under the principle, trusts are kept off the title register,
enabling third parties to transact with registered owners “safe in the assurance that trust
24 ASX (n 9), [2.2.2]. 25 ASX (n 9), [2.2.2]. 26 ASX (n 9), [2.2.2]. 27 Corporations Act 2001 s 1072E(10). 28 Companies Act 2006 s 126.
133
interests will be overreached and shifted onto the capital proceeds of the disposition.”29 A
more significant reason, however, may be that as a matter of the law of trusts, beneficial
interests are simply irrelevant at law; a beneficiary has no entitlement to deal with trust
property nor standing to sue in respect of it. Such rights vest in the trustee alone; for all the
rest of the world is concerned, the trust and beneficiary do not exist.
It is conceivable, nevertheless, that a permanent record of AII stored on-chain, perhaps as an
Oracle, and made available to an issuer’s registry could eventually be recognised as the
definitive record of title. In substance, it would be difficult to argue why not; a permanent and
reliable source of information identifying the economic owners, even if originally intended
merely for the purpose of streamlining the issuer’s performance of the underlying obligations,
arguably obviates any need for any separate record of legal title. However, the issue is, again,
that beneficiaries receiving trust property directly and being identified on a register of legal title
is inconsistent with the law of trusts. Recognition of the record of AII as the definitive register
of title will, therefore, necessitate a change from a characterisation of economic investors as
trust beneficiaries to one where they own as bailors.
Whether or not investors will wish to be registered legal titleholders, however, is another
question. It is worth noting some of the underlying psychological factors and assumptions
made in respect of intermediated securities ownership. It was demonstrated that in the context
of crypto assets, the price for decentralised access to information without a hierarchy of trust
is heightened responsibility on the individual to safeguard their private keys. Recent research
by the UK’s National Cyber Security Centre, however, suggests that even simple password
management for online accounts presents a significant security risk: ‘123456’ was the most
commonly used password in a survey of public databases for breached accounts.30 When
users demonstrate such lax attitude to security, it may well be unfair to impose liability on an
account provider for any breach or hack. Against this backdrop, Overstock’s decision not to
allow investors to manage private keys directly, on the basis they are unaccustomed to the
level of security such management requires, may well be considered prudent. Similarly, Mr
Cohen does not expect investor appetite for managing private keys directly within the Nivaura
context.31
29 Gray and Gray, Elements of Land Law (5th ed, OUP 2009), [2.2.20], citing the UK Land Registration Act 2002 s 78 and Wolfson v Registrar General (NSW) (1934) 51 CLR 300, 308 per Rich and Evatt JJ. 30 BBC News, ‘Millions Using 123456 as Password, Security Study Finds’ (BBC News, 21 April 2019) < https://www.bbc.com/news/technology-47974583 > accessed 21 April 2019. 31 Telephone conversation between R Cohen and author, 31 May 2019.
134
Another less extreme but more pervasive facet of eschewing individual responsibility is
reflected in the origins of global custody itself. Traditionally associated with institutional
investors, the service enabled institutional investors lacking the time (or inclination) to manage
every aspect of owning an international portfolio in every jurisdiction where they had holdings
to delegate key tasks to others. Hence, one key question that advocates of direct investor
holdings of financial assets appear to overlook is: do investors actually want the responsibility
of individual ownership? Current practices suggest they do not; proxy voting at the mandatory
company AGM, or reliance on the debenture trustee to monitor issuer defaults and instigate
enforcement actions, are just two ways in which economic owners of a financial asset enjoy
the benefits of ownership without the corresponding responsibilities. Although the decided
cases and commentary may suggest that investors desperately seek liberation from the
oppression of indirect holdings, the practical reality is that litigation – at least over financial
assets – usually only occurs during crises, most often insolvency, and the investor’s faith in
the promise of the debtor proves unjustified. For the vast majority of the time, however,
investors generally seem content to pay the price of forgoing legal title for the convenience of
delegating to others the responsibilities of securities ownership. This attitude is reflected in
the ASX’s DLT solution in two distinct ways: (i) in the repeated requests by the Account
Structures and Participant Models Working Group that the new system have flexibility to
“support and enhance the current omnibus/custody model;”32 and (ii) the technical
specifications of the DLT solution itself.
The new solution will be implemented through a permissioned distributed ledger in which:
(i) authorised users may participate directly in the network by operating a node;33
(ii) authorised users, alternatively, may continue to access the clearing and
settlement functions through a message-based protocol using a data API;34
(iii) ASX alone will operate a ‘mining’ node, known as a ‘Committer’ node, and
thereby have authority to commit transactions to the ledger;35
(iv) Relevant third parties, such as Approved Market Operators and the Reserve
Bank of Australia, will have access via messaging protocols and existing
interfaces.36
32 ASX (n 9), [2.2.1]; [2.4.1]. 33 ASX (n 9), [5.1]. 34 ASX (n 9), [5.1]. 35 ASX (n 9), [5.1]. 36 ASX (n 9), [5.3].
135
The new platform combines DLT and a post-trade application written in Digital Asset’s
proprietary smart contracting language, Digital Asset Modelling Language (‘DAML’). The post-
trade DAML application is used to process the business logic, which is then recorded on the
DA distributed ledger. For privacy and scalability purposes, the DA distributed ledger, like
Quorum, consists of two components: the Private Contract Store (‘PCS’) and the Global
Synchronisation Log (‘GSL’).
Figure 1. CHESS Replacement Context Diagram37
The PCS is unique to any given user participant node, and allows direct, real-time access to
structured data relevant to that user, such as positions taken by themselves and any counter-
parties in off-chain commercial transactions, and all validated contracts to which that user is
a party.38 Users can then develop interfaces between the node with their own existing systems
to create a single source of truth within their own data infrastructure, eliminating the need for
external reconciliation.39
The GSL is the shared, replicated, append-only record of immutable evidence of events,40 that
is, the ‘blockchain’ in the bare sense described in Chapter 2 as a record of changes in state
across a blockchain network. Only the ASX will be authorised to mine and commit blocks to
37 ASX (n 9), [5.1]. 38 ASX (n 9), [6.6.1]. 39 ASX (n 9), [6.6.1]. 40 ASX (n 9), [6.1].
136
the GSL, using the Committer node41 and, although this may give rise to problems of trust,
users can rely on the Committer node as secure in respect of the content of the smart contracts
because these are stored in the relevant users’ PCSs.42 The combination of the PCS and
GSL, thus, gives each node a distinct view of the distributed ledger.43
What is striking from the perspective of investor empowerment through direct ownership
rights, and vindicating the ‘eschew responsibility' theory, is that there is no requirement that
users must, nor even a presumption that users will wish, to operate a node. Speaking at
Sibos, Sydney 2018, Cliff Richards, the general manager of Equity Post-Trade Services at
ASX, confirmed that the CHESS replacement was not “forcing a change on the market” and
that authorised users will have a choice regarding whether or not to access the system directly
with a node. To support users who do wish to operate a node, the ASX will provide an on-
boarding process governed and managed by the ASX, which will offer user-nodes as a
managed service. Recognising, however, that requiring each user to operate a node as a
condition to the DLT solution would leave the ASX “waiting for 10 years…[having] to convince
the very last doubter [and] sceptical participant that they should take a node and join the
network,” participants who are not ready or unwilling to move are not required to do so.44 Such
users will continue to be able to use a standard message-based connection to the new system.
This split between node-based users and traditional messaging users adds another
perspective to the legal question of the relative weight to be given to the private key and the
blockchain. That the ASX solution does not require participants to adopt a node nor to transact
by means of a message signed cryptographically by a private key shifts the balance on the
side of the blockchain. However, the Digital Asset Non-Technical Whitepaper states that such
message-based users, defined as ‘indirect participants’ in the Whitepaper, are required to
delegate the implementation of their trading activities to a direct participant, that is, a user
operating a node directly, or to the operator of the system itself.
In any event, emphasis on the blockchain over the private key is to be expected in this context
as, unlike CSDs, title registries, even those which perform settlement functions, were and still
remain first and foremost definitive records of ownership. Traditionally, title registers do not
provide any clearing and settlement functions as such; this substantively occurs ‘off register’
41 ASX (n 9), [6.5]. 42 ASX (n 9), [6.1]. 43 ASX (n 9), [6.5]. 44 Barbaschow (n 1).
137
Figure 3. Interaction between Participant Node and ASX45
in the execution of the written transfer instrument between transferor and transferee. Hence,
questions of ‘settlement finality’ do not arise to the same extent nor in the same manner as
they do in the context of a CSD; once the transfer instrument has been effected, entry on the
definitive register is determinative of legal title. In the case of HM Land Registry, entry on the
register sometimes overrides the fact that legal title would not have otherwise vested in the
registrant:46 in such cases, registration is conclusive if there has otherwise been compliance
45 ASX (n 9), [6.8]. 46 Land Registration Act 2002 s 58(1) holds that registration is conclusive; if a person is entered in the register as the proprietor of a legal estate, but the legal estate would not otherwise be vested in that person, the result of registration is that title is deemed to vest.
138
with all registration requirements.47 Two main legal property questions then arise where the
blockchain trumps the private key as a definitive register of ownership maintained by an
intermediary.
First, the legal status of erroneous entries or entries on the blockchain procured by fraud. Part
4.4.1 considered rectification or effective rectification of the blockchain after fraudulent or
unauthorised use of a private key in an unpermissioned network and concluded that a right to
rectification was not feasible. It did, however, defer discussion of rectification in the context of
a permissioned network, especially those in which only the operator is permitted to mine
blocks. In such cases, of which the ASX DLT solution is the paradigm, there is no reason why
rectification or effective rectification would not be possible. Two methods to this end are
available.
The first reflects the current practice of the ASX and relies on the settlement aspects of
CHESS. Under the current ASX Settlement Operating Rules, where both the ‘source holding’
and ‘target holding’ of an erroneous or unauthorised transfer of assets are controlled by
CHESS participants, the participant controlling the target holding is required to “take any such
action necessary to transfer the financial products back” within two business days of receiving
advice or otherwise becoming aware of the transaction.48 The participant responsible for the
erroneous transaction is liable to indemnify ASX Settlement, the issuer, the holder/transferee,
and the participant controlling the holding for all losses, damages, costs and expense those
parties may suffer or incur by reason of the transfer.49
Alternatively, a second method draws upon the traditional power conferred on the registrar to
rectify the register, either of its own accord or by court order. For example, under the UK Land
Registration Act 2002, the registrar may make alterations for the purpose of correcting a
mistake, bringing the register up to date, or giving effect to any estate, right, or interest
excepted from the effect of registration.50 The power, however, is qualified; the proprietor’s
consent is required unless he has by fraud or lack of proper care caused or substantially
contributed to the mistake, or it would for any other reason be unjust for the alteration not to
be made.51
47 Land Registration Act 2002 s 58(2) qualifies s 58(1), which does not apply if there are other registration requirements which remain to be unmet. 48 ASX Settlement Operating Rules (1 August 2010), Rule 9.11.1 < https://www.asx.com.au/documents/rules/ASX_Settlement_Rules_Section_09.pdf > accessed 22 April 2019. 49 ASX Settlement Operating Rules (n 48), Rule 9.11.2. 50 Land Registration Act 2002 Schedule Four, ss 4 and 5. 51 Land Registration Act 2002 Schedule Four, ss 3 and 6.
139
In principle, there does not seem to be any reason why, in permissioned blockchain networks,
a power to rectify the blockchain by reversing the effect of transactions could not be conferred
upon miners, rather than requiring that users execute a new transaction. This is all the more
so in the ASX DLT solution, in which only the ASX will have the authority to commit blocks to
the GSL; no problems of consensus or authority to reverse a transaction, therefore, arise. It
is worth noting that, according to the Digital Asset Non-Technical Whitepaper, although direct
network participants cannot prevent fraud or error on the part of the Operator (that is, the role
played by ASX as the Committer Node), participants can also independently detect it in
authorising and authenticating their own transactions and validating their PCS.52 It is
submitted that the risks, however, of fraud on the part of the Operator are considerably less in
cases such as this, which makes use of an independent intermediary which already occupies
a comparable position of trust in the financial markets, and has done so for quite some time.
The second legal property question which arises where the blockchain is definitive is closely
related to erroneous entries or entries procured by fraud: the legal significance of the private
key itself. Professor Anderson et al suggested that the signing of a transaction with a private
key could be a rebuttable presumption of ownership, however, this approach is of limited
application in the context of a definitive title registry where there is no scope for any such
presumption. Rather, in this context it appears that the private key functions exactly as it is
was designed: as an identification credential to prove that any instruction to the registry to
transfer title is valid. Again, a strong correlation between private keys with the concept of
possession and control, at least in respect of the property incident of alienability, is
demonstrated.
4.4.3. Summary
This Part examined the use of DLT at the second level to be explored in this paper, at that of
the top-tier intermediary, having established in the previous Part that infrastructure
intermediaries are unlikely to be ever wholly replaced by DLT in the financial markets. Hence,
the ASX DLT solution demonstrated that where such intermediaries adopt DLT, they do not
necessarily pursue enhanced investor rights of ownership; notwithstanding the obvious
potential of DLT to enable direct securities ownership. Rather, such applications of DLT are
52 Digital Asset, ‘The Digital Asset Platform: Non-Technical White Paper’ (December 2016), [3.1.2] at 19 < https://hub.digitalasset.com/hubfs/Documents/Digital%20Asset%20Platform%20-%20Non-technical%20White%20Paper.pdf > accessed 30 September 2018.
140
far more likely to have efficiency as the overriding objective. A parallel may, thus, be drawn
with the G30’s endorsement of immobilisation and dematerialisation in the 1980s as a solution
to the inefficiencies of paper bearer instruments.
The ASX solution takes this proposition one step further, expressly aiming to implement a DLT
solution with minimal disruption to the status quo and without forcing a change on the market.
This is most evident in the option for users unwilling to participate directly in the Digital Asset
network as a node to retain a message-based method of accessing the system. Bypassing
the use of a private key altogether marks a serious challenge to the position that private keys
assume such significance that they may be considered equivalent to the crypto asset itself.
It is perhaps unsurprising that such option for investors to dispense with the private key occurs
in an application where the blockchain is intended as a register of title and the crypto asset is,
therefore, a registered security. Here, however, proposed methods of streamlining certain
functions have revealed unexpected ways in which the ASX DLT solution, for all its intention
not to force changes on the market, may well effect prompt reconsideration of norms
surrounding title by register. The proposal to store a complete record of the identities of the
economic investors within the DLT solution challenges the long-established principle that
beneficial interests are kept off-register and the very concept of holding investment securities
on trust at all. On some level, there seems to be no good reason why such record of ultimate
investors should not operate as the definitive title register. However, this would be
incompatible with the law of trusts; it is submitted that characterisation of the investor as bailor,
rather than trust beneficiary, would be an effective solution.
Fortunately, this is consonant with the proposed characterisation of crypto assets as an
abstract entitlement to participate in an unincorporated blockchain association which is bailed
to an intermediary, who holds possession represented by the private key. In this case study,
the association is formally governed by contract; complete with formal membership criteria,
operating rules, and standards of conduct. The concept of bailing such entitlement to a bailee
– with the investor remaining registered title-holder in the AII record – who holds the interest
of possession represented by the private key, is also consistent with the fact that some
investors may choose to retain the message-based system of interacting with the DLT
solution. It is also worth noting that the ASX model does not support any other characterisation
of the private key considered. The rebuttable presumption of ownership cannot apply where
entry on the register is definitive of title. As therefore, a mandate-based model of bailment,
an indirect participant of the DA network may be distinguished from the LuxDeco-Nivaura
bondholder, who has direct ‘self service’ to private keys held by the Custodian. Direct
141
participants in the DA network obviously hold the entitlement directly and do not bail at all,
although it is worth noting that node administration, like portfolio administration, is offered by
the ASX as a manged service. Intermediaries are, thus, likely to be retained in any event.
By way of conclusion, it is worth noting that Digital Asset’s position stands at the polar opposite
of the utopian advocates of lex cryptographia:
Some proponents of smart contracts have argued for the position that “the code
is the agreement.” This is to say that smart contract code is immutable and that
any outcome of the code itself is necessarily what the parties intended. It follows
that there should be no recourse to dispute resolution through existing legal
systems, centuries of common law legal precedent, nor reference to standard legal
prose contract terms (even when an outcome results from a clear bug in the smart
contract code).
Given the requirements of financial markets noted above, Digital Asset takes the
view that code used for automation must remain subservient to legal systems and
dispute resolution, market rules and commonly understood legal prose.
Consequently, we designed DAML explicitly to enable the implementation of this
hierarchy — delivering the benefit of automated workflows, while ensuring parties
continue to have the certainty afforded to them today by the common legal
foundation they all share.53
53 Digital Asset (n 52), [2.2.1] at 13. Emphasis added.
142
4.5. Intermediaries Inter Se To some extent, adoption of DLT lower down in the chain of intermediaries has been already
considered at various points throughout Chapter 4. Exchanges providing custody services
were considered in respect of crypto assets generally, whereas use of a blockchain as a
register for Asset Tokens within the current intermediated financial markets infrastructure was
seen in the context of the LuxDeco-Nivaura Control bond. As the market in crypto assets
continues to grow, particularly with the initiatives to develop a complete eco-system
comparable to the current infrastructure specifically for crypto assets,1 paradigms for lower-
tier intermediaries are likely to emerge.
A slightly different use of DLT at this level is between intermediaries inter se. As suggested
by Philip Paech:
Consortia of market players might come to build ‘crypto-enclaves’ within the current
financial markets infrastructure, setting up a DLT settlement mechanism amongst them
in which ‘their own’ crypto-securities are traded and settled. However, these crypto-
securities would be tokenised versions of existing intermediated securities, issued and
held in the existing financial markets infrastructure.2
As such, what Dr Paech defined as ‘intermediated crypto-securities’ best correspond to ISSA’s
‘Asset-Backed Token,’3 with the underlying asset an intermediated security. This classification
is preferable to FINMA’s,4 whose ‘Asset Tokens’ do not distinguish between the issuer-led
process of tokenising an intermediated security at issue (what Dr Paech calls ‘native’ crypto-
assets);5 CSD-led tokenising, which naturally occurs after issue (roughly equivalent to ’trans-
crypto assets,’ albeit with some minor differences); 6 and post-issue tokenisation by groups of
market participants, which is what is discussed here.
1 Such as the Gibraltar Blockchain Exchange < https://gbx.gi > accessed 1 February 2019; and the Swiss SIX Digital Exchange < https://www.six-group.com/en/site/digital-exchange.html > accessed 9 September 2018. 2 P Paech, ’Integrating Global Blockchain Securities Settlement with Law and Regulation - Policy Consideration and International Principles‘ (2016), [2.3] at 5 < papers.ssrn.com/sol3/papers.cfm?abstract_id=2792639> accessed 18 December 2017. 3 Table 1 at 51 above. 4 Table 2 at 51 above. 5 Paech (n 2), [2.1] at 4. 6 Paech (n 2), [2.2] at 4.
143
In this context, Corda and Quorum are both popular choices for financial institutions wishing
to experiment with DLT solutions. Here, the vast majority of use cases so far tend to be
grounded in traditional banking, such as syndicated loans,7 inter-bank reconciliation,8 and
trade finance.9 In the capital markets, one particular use case that has received significant
attention is collateral management.
4.5.1. HQLAX - Deutsche Börse
In late 2017, Global Custodian reported a widespread concern regarding the supply of
collateral eligible for posting by traders for margining purposes. This was attributed to the
accumulation of high-quality liquid assets (‘HQLA’) in banks and CCPs as a consequence of
the Basel III capital adequacy rules. The problem was, therefore, not one of collateral
shortage, but ‘collateral velocity’, particularly during periods of market stress where margin
can be called on a daily or even intra-daily margin basis.10
HQLAX is a fintech firm which has been developing a DLT solution to this problem since
February 2017,11 when it launched a prototype of its platform in collaboration with five banks
and r3.12 In March 2018, collaboration with the Deutsche Börse Group13 was announced for
“improv[ing] collateral mobility across a fragmented securities settlement eco-system”14 using
DLT. Their target operating model is built on Corda and utilises an Asset-Backed Token, called
7 Finestra-r3, ‘Case Study: How Finastra is harnessing R3’s Corda Enterprise blockchain to open up a new business line and transform transparency and efficiency in the syndicated loan market’ < https://www.r3.com/wp-content/uploads/2019/04/Finastra_CS_R32018pdf.pdf > accessed 19 May 2019. 8 ABILab et al-r3, Case Study: Italian banks pioneer the use of Corda Enterprise for interbank reconciliation—opening the way to a full production roll-out <https://www.r3.com/wp-content/uploads/2019/04/Spunt_CS_R32018.pdf > accessed 19 May 2019. 9 CryptoBLK-r3, Case Study How R3 is working with CryptoBLK, HSBC and other banks and corporates to revolutionize and revitalize trade finance letters of credit, using the power of the Corda blockchain platform’< https://www.r3.com/wp-content/uploads/2019/04/CryptoBLK_CS_Jan2019.pdf > accessed 19 May 2019. 10 J Watkins, ‘Collateral Fears Driving Direct CCP Model’ (Global Custodian, Winter 2017), 16. 11 HQLAX Website, ‘Why Us?’ < https://www.hqla-x.com/overview/#1504943598221-adfa7134-5c49 > accessed 16 June 2019. 12 HQLAX Website, ‘From Concept to Reality’< https://www.hqla-x.com/overview/#1559719016778-6697e189-c5e9 > accessed 15 June 2019. 13 Deutsche Börse, ‘Deutsche Börse and HQLA make significant progress on blockchain securities lending solution,’ (Press Release, 29 January 2019) < https://www.deutsche-boerse.com/dbg-en/media/press-releases/Deutsche-B-rse-and-HQLAX-make-significant-progress-on-blockchain-securities-lending-solution--1413678 > accessed 19 December 2018. The exchange conglomerate acquired a minority stake in HQLAX in August 2018 and a second tranche of shares in December 2018. 14 HQLAX Website < https://www.hqla-x.com/ > accessed 14 June 2019.
144
a Digital Collateral Record (‘DCR’), to represent pre-defined baskets of eligible HQLA and
non-HQLA collateral held with a custodian in traditional intermediated form. These underlying
assets remain off chain and ‘static’ in a single segregated account of the collateral giver at a
trusted third-party custodian; thus, transfers of DCRs within the HQLAX platform do not involve
any transfer of the underlying securities.15 The DCRs, however, can be used to exchange
“legal title”16 over these baskets in transactions such as collateral upgrade/downgrades or
pledging collateral to meet initial or variation margin requirements of derivative products.17
The platform itself is structured in four layers (Figure 1): (i) access is granted through Deutsche
Börse’s Eurex Repo electronic trading system; (ii) market participants create and trade DCRs,
which are managed by HQLAX and recorded on the Corda blockchain; (iii) the DLT platform
interfaces with the existing market infrastructure via Deutsche Börse as the Trusted Third
Party (‘TTP’); (iv) tri-party agents and other custodian entities hold the underlying baskets of
collateral in the international settlement system on behalf of Deutsche Börse as TTP, which in
turn holds on behalf of the users of the HQLAX platform.
It is expected that keeping the underlying securities ‘static’ in the segregated securities
account of a tri-party agent will facilitate improved collateral ‘fluidity’ across various systems
and jurisdictions. 18 The underlying concept is, thus, identical to that which underpinned
immobilisation of bearer securities;19 the same benefits of efficiency are sought by keeping
the underlying asset immobilised, whilst the abstract entitlement to the asset is freely traded
by means of a new and novel method. Whereas immobilisation dispensed with legal transfer
by way of physical delivery of bearer paper instruments, HQLAX’s blockchain solution offers
to dispense with legal transfer by way of book entries within a T+1, T+2, or T+3 framework in
the international settlement systems.
15 HQLAX Website < https://www.hqla-x.com/overview/ > accessed 14 June 2019. 16 This was stated on the former website of HQLAX which has since been updated < https://www.hqla-x.com/operating-modell/ > last accessed 17 April 2019. Although the new website does not refer to DCRs as transferring legal title, references remain on HQLAX’s page on the r3 website, which states “DCRs (Digital Collateral Records) will represent baskets of securities held for safekeeping at a trusted third party. The free exchange of DCRs will affect legal title transfer of the underlying securities that comprise the DCRs, thereby facilitating liquidity transfers without the operationally onerous requirement to move securities” < https://marketplace.r3.com/solutions/hqlax > accessed 12 June 2019. Reference to legal title is also made in the HQLAX promotional video at 1:31 < https://www.hqla-x.com/ > accessed 12 June 2019. 17 HQLAX Website, ‘Use Cases’ < https://www.hqla-x.com/overview/ > accessed 18 June 2019. 18 Deutsche Börse (n 13). 19 Part 2.2.2 at 12 et seq above.
145
Figure 1. HQLAx & Deutsche Börse Group - Target Operating Model20
The key practical difference with immobilisation, however, lies in the limited application and use of DCRs across the market as a whole: transfers of legal title to securities represented by
a DCR are recognised only within what Dr Paech called the ‘crypto-enclave’ within the wider
market. By contrast, the G30’s endorsement of immobilisation and dematerialisation of
securities in 1980s was premised on national CSDs established for all issues in a jurisdiction.21
Although, therefore, HQLAX has described the current system of intermediated holdings as
‘legacy’ 22 infrastructure, the fact remains that the platform will remain premised on the
intermediated structure of ownership.
Dr Paech draws a parallel between such crypto-enclaves and the existing intermediated
system, noting that crypto-enclaves give rise to similar risks of conflict and mismatch “because
different legal positions ultimately link to the same underlying asset, and the avoidance of
conflicts entirely depends on the compliance of the intermediary.”23 The HQLAX model,
20 HQLAx & Deutsche Börse Group, ‘Target Operating Model’ < https://www.deutsche-boerse.com/resource/blob/1413686/d0619e3c15e557a8f566845c516db169/data/29jan2019-hqlax_en.pdf > accessed 1 May 2019. 21 Group of Thirty, ‘Clearance and Settlement in the World’s Securities Markets’ (1989), Recommendation 3 at 7; 51-55. 22 HQLAX Former Website, < https://www.hqla-x.com/operating-modell/ > last accessed 17 April 2019. 23 Paech (n 2), [2.3] at 4-5.
146
however, either by coincidence or design, insulates against this risk though a number of its
features. First, the use of tri-party agents at a relatively ‘high’ level of the chain of
intermediaries, that is, those which are an ICSD or a direct subsidiary24 (Table 1). Second,
these tri-party agents hold the securities in segregated accounts. Third, from the inverse
perspective, there is common point of entry and trading through Deutsche Börse’s Eurex Repo
platform. Taking these factors together, there seems to be minimal risk of mismatch between
securities represented by the DCR and those in general circulation in the markets. As a result,
the crypto-enclave in this particular case study may well be said to operate parallel to the
intermediated system, rather than within it. Where, however, enclaves are truly integrated at
a lower level of the chain of intermediaries, the risks will be considerably greater; the legal
analysis will be much more premised upon and limited by particular legal characterisation of
the intermediated system in question.
Table 1. Tri-Party Agents eligible in the Eurosystem credit operations.
Domestic Use25 Cross-Border Use (Correspondent Central Banking Model)26
Belgium: Euroclear Bank Belgium: Euroclear Bank (Model 3)
Germany: Clearstream Banking AG Germany: Clearstream Banking AG (Model 1)
France: Euroclear France France: Euroclear France (Model 3)
Luxembourg: Clearstream Banking SA Luxembourg: Clearstream Banking SA (Model 2)
Italy: Monte Titoli
This raises a different, but even more significant issue. As noted above, HQLAX states that
DCRs can be used to exchange “legal title ownership” in respect of the underlying basket of
securities. Obviously, this cannot be taken as a definitive statement of law or contractual
representation as to the legal property rights in a DCR, but merely as evidence of the parties’
intention that title is so conferred. However, it nevertheless draws attention to the fundamental
property question of what the owner of a DCR actually will own.
24 Clearsteam Banking SA and Euroclear Bank are the two ICSDs. See further Clearstream Banking SA, ‘Customer Handbook’, (Document No 0021, Version 27 May 2019) and Euroclear Bank Website < https://www.euroclear.com/services/en/banking-services-all-providers.html > last accessed 28 June 2019 for further information on the corporate structures. 25 European Central Bank: Eurosystem Website, ‘List of TPAs eligible for domestic use’ < https://www.ecb.europa.eu/paym/coll/coll/triparty/html/index.en.html > accessed 1 June 2019. 26 European Central Bank: Eurosystem Website, ‘List of TPAs eligible for cross-border use via the CCBM’ < https://www.ecb.europa.eu/paym/coll/coll/triparty/html/index.en.html > accessed 1 June 2019.
147
The legal nature of ownership in respect of an intermediated security varies considerably
between jurisdictions, but the most relevant distinction to be drawn for present purposes is
between direct and indirect methods of holdings. In all common law jurisdictions, and some
civil law jurisdictions, notably Belgium and Luxembourg where the two ICSDs are
headquartered, investors hold indirectly: in English law, intermediated securities are formally
beneficial interests under a sub-trust;27 in Belgium28 and Luxembourg,29 primary legislation
converts what would be a contractual claim against the intermediary into a co-proprietary right
in the intermediary’s pool of fungible securities. It follows that investors holding such rights
have no legal entitlement to enforce the financial asset directly against the issuer; nor the right
to bring a claim against higher tier intermediaries. Instead, investors must rely on the
contractual and fiduciary obligations of the intermediary with which it maintains an account to
pursue such claims.
In direct holdings, the investor itself enjoys both the right to transfer its entitlement as well as
the right to exercise the terms of the securities; the investor can sue an issuer in default and
obtain a judgment directly enforceable against it. 30 In the domestic German securities
settlement system and holding structure, securities are normally issued as global certificates
which are deposited with the CSD.31 Unlike the common law position, however, title is held
by the ultimate investor. This is effected through a legal mechanism called ‘indirect
possession’ (mittelbarer Eigenbesitzer) whereby the CSD is the direct bailee (unmittelbarer
Fremdbesitzer)32 and the intermediaries indirect bailees (mittelbarer Fremdbesitzer) of the
investor.33 These entities normally exercise rights over the securities on the investor’s behalf
as its authorised attorney and do not have any legal interest in the securities in their own
right.34
27 Re Lehman Brothers International (Europe), also known as Lomas v RAB Market Cycles (Master) Fund Ltd [2009] EWHC 2545 (Ch); Re Lehman Brothers International (Europe), also known as Pearson v Lehman Brothers Finance SA (RASCALS) [2010] EWHC 2914 (Ch). 28 Articles 2, 12, and 13, Belgium Royal Decree No 62 of 10 November 1967; Euroclear, ‘Rights of Participants to Securities deposited in the Euroclear System (July 2017), [2.2.3] < https://ecsda.eu/wp-content/uploads/BE_Euroclear_Bank.pdf > accessed 4 May 2019. 29 Article 3, Law of 1 August 2001 on the circulation of securities, as amended (Mém. A 2001, No 106). 30 Law Commission of England and Wales, ‘The UNIDOIT Convention on Substantive Rules Regarding Intermediated Securities: Further Updated Advice to HM Treasury’ (May 2008), [2.38]. 31Law Commission of England and Wales (n 30), [2.36]. 32 § 868 Bürgerliches Gesetzbuch. 33 § 871 Bürgerliches Gesetzbuch. 34 § 185 Bürgerliches Gesetzbuch.
148
Hence, what owners of a DCR actually own will be premised on the question of ‘at what end’
of the intermediary chain legal title is located. Systems in which legal title of the intermediated
security is held by the investor, such as the German domestic CSD, are relatively simple; no
conflicts of title arise because the DCR created by the investor represents the security to which
the investor already holds legal title. By contrast, where investors hold indirectly, there is
considerable scope for conflict between legal title to the DCR, purportedly vested in the
investor, and legal title to the HQLA that the DCR represents, which is vested in the common
depository holding for the ICSD, or depository for the domestic CSD. In the HQLAX model, at
least where Euroclear Bank and Clearstream Banking SA are used as tri-party agents,
investors cannot hold title to a DCR where the DCR is intended to represent the underlying
security. Owing to the fact that both ICSDs make use of an indirect system of holding,
Deutsche Börse as the TTP will only hold an co-proprietary interest in the underlying baskets
of HQLA; it follows that users of the HQLAX cannot hold title to the DCR if it is intended that
DCRs represent the HQLA itself.
One solution to this problem is to consider the DCR as representing, not the underlying
security, but the investor’s beneficial entitlement against its immediate custodian in respect of
the underlying HQLA. This would essentially involve a process of reification; turning the
equitable obligation owed by the intermediary into a tradeable asset in its own right and
represented by a DCR. Such process of reification is the very essence of financial property;
it is none other than that through which a contractual obligation to repay a debt became a
tradeable asset in its own right, taking form as a negotiable bearer bond. A notable difference
in this context is, however, that the DCR asset is the result of at least two reifications of two
different obligations: the DCR represents (i) the equitable obligation owed to the investor by
the custodian, through a chain of sub-trusts to the common depository; who is owed (ii) a
contractual obligation to be paid by the issuer under the terms of the bond. Such degrees of
abstraction in proprietary rights and interests are unprecedented in English personal property
law, yet the principle is not dissimilar to the doctrine of estates in the context of land:
At the heart of medieval theory lay the proposition that there could be no ownership of
land, as such, outside the allodium – or prerogatival title – of the crown. The object of
each tenant’s ownership was instead an artificial proprietary construct called an ‘estate’.
The notional entity of the estate was interposed between the tenant and the land, with
the consequence that each tenant owned (and still owns) not the land itself but an estate
149
in land, each estate being graded with reference to its temporal duration. Consonantly
with the feudal theory of ultimate sovereign title, some form of abstract estate constitutes
the maximum interest which any subject – we should nowadays say citizen – may ever
hold in respect of land. All proprietary relationships with land thus fall to be analysed at
one remove – through the intermediacy of an estate – the tenant always having
ownership of an intangible right (i.e., an estate) rather than ownership of a tangible thing
(i.e., the land). At this point the law of real property becomes distanced from the physical
reality of land and enters a world of considerable conceptual abstraction.35
Although, therefore, the increasingly reified and abstract nature of financial property may
well seem without precedent, it is submitted that broadening the scope of precedents
considered beyond personal property law is highly useful and rewarding. Thus, the law of
real property may well prove a more useful and appropriate source of guidance for a
property characterisation of crypto assets, and rights in crypto assets traded ‘at one
remove’ or more as valuable property in their own right.
4.5.2 Summary
This section examined the use of DLT at the third and final level of the existing market
infrastructure to be explored in this paper: between lower-tier intermediaries inter se. It found
that many of the property issues which arise will be premised on the law of intermediated
securities. Although detailed consideration of these issues is, therefore, beyond the scope of
this paper, for present purposes, it is worth noting that a DLT-enabled financial markets
infrastructure is likely to require not only consideration of digital assets, but a significant and
systematic reconsideration of the law on intermediated securities.
This area of financial property law has been largely neglected by the legislature,
notwithstanding the recognition by the Financial Markets Law Committee as early as 2002 that
proprietary interests in investment securities required clarification, subsequent
recommendations for legislation or regulation,36 and publication of a proposed draft domestic
35 Gray and Gray, Elements of Land Law (5th ed, OUP 2009), [1.3.5]; generally [1.3.1]-[1.3.5]. 36 Law Commission, ‘Fiduciary Duties of Investment Intermediaries’ (Law Comm No 350, 2014), [11.144]; [11.153]. The Law Commission had advised HM Treasury in 2008 that the UNIDOIT Convention on Substantive Rights Regarding Intermediated Securities should be ratified in ‘The
150
statute.37 Unhappily, these were unheeded in time to anticipate the insolvent collapse of the
Lehman Brothers Group in September 2008 and the challenge to English property law posed
by the subsequent litigation before the English courts. Although it has been argued that the
‘vigour and flexibility’ of the English law of trusts proved equal to this challenging and
unexpected application in high finance,38 a closer examination of the decisions of the courts
casts serious doubt over the extent to which the solutions then adopted are conceptually
robust, and therefore, viable long-term. 39 Superimposing DLT-enabled crypto-trading
practices, complete with their own set of legal challenges and uncertainties, upon the present
intermediated system, without more, therefore represents a high, arguably unacceptable, risk
of further legal uncertainty.
UNIDOIT Convention on Substantive Rules Regarding Intermediated Securities: Further Updated Advice to HM Treasury’ (May 2008), [3.36]. Having noted in 2014 that no progress had been made to do so, the Law Commission recommended that the UK government review the issue with a view to taking the lead in EU negotiations. 37 Financial Markets Law Committee, ‘Proprietary Interests in Investment Securities’ (Issue 3, July 2004). 38 MJ Briggs, ‘Has English Law Coped With the Lehman Collapse?’ [2013] 28 JIBFL 131. 39 This was the subject of a past paper, ‘Intermediation, Custody, and the Law of Trusts: Did English Law Cope with the Lehman Insolvency?’ (LL.M Research Paper, Commercial Law: Issues and Policies, Melbourne Law School, December 2017).
151
5. CONCLUSIONS
Simply saying ‘you should have chosen a better password’ won’t do; neither will ‘the
blockchain now says that your money belongs to Fred.’
Ross Anderson, Ilia Shumailov, Mansoor Ahmed and Alessandro Rietmann1
It has been written in the context of English real property law that “the world of the common
lawyer has always been a curious blend of the physical and the abstract, a commixture of the
earthily pragmatic and the deeply conceptual:”2
At one level, the common lawyer’s primary concern is with the observable
phenomenon of de facto possessory control as exercised over physically
identifiable terrain or premises. What actually happens on the ground – whether
rightly or wrongly – has always constituted a powerful determinant of entitlement
in English land law. The normative tug of sheer physical fact should never be
underestimated. Yet, at another level, the common law perception of property
embodies an obsession with the rational manipulation of abstract concepts and
with the careful outworking of axiomatic truths. Nowhere is this fascination with
the naked force of reason more apparent than in the law of land….in the hands of
the common lawyer, land law became a field of highly artificial concepts, each
defined with meticulous – almost mathematical – precision.3
Since Professor Gray et al were writing in 2007, intangible property has given common lawyers
a new subject of property upon which to focus the ‘fascination with the naked force of reason’
that may well surpass land in its complexity. If ‘the world of the common law’ has always
been a ‘commixture of the earthily pragmatic and the deeply conceptual,’ personal property
law has hitherto emphasised the former, arguably because it developed to accommodate the
1 R Anderson et al, ‘Bitcoin Redux’ (28 May 2018), [6.1] at 20. <https://weis2018.econinfosec.org/wcontent/uploads/sites/5/2018/05/WEIS_2018_paper_38.pdfblockchain.info > accessed 17 September 2018. 2 Gray and Gray, Elements of Land Law (5th ed, OUP 2009), [1.1.10]. 3 Gray and Gray (n 2), [1.1.11].
152
rise of international trade in goods and commodities from the 19th century.4 Whilst such
emphasis on the empirical and physical may not be problematic in itself, when combined with
the ‘repository’ nature of the English property taxonomy, such emphasis has unacceptably
hindered the development of intangible property law. It is submitted that the commercial
emphasis on tangible goods as the paradigm for personal property has obscured the basic
truth that ‘property’ in the legal sense is not concerned with things, but “a relationship of
socially approved control over a valued resource.”5
5.1. The Primary Question
Bitcoin arguably represents most faithfully this proposition; in the ‘curious blend’ of the physical
and abstract, there is very little of the physical to guide legal analysis by way of arguable
precedent. Both the private key and blockchain are highly abstract concepts with no definitive
physical existence factually comparable to traditional chattels or a title register. Nor is there
any precedent in law or fact of a subject of property which is characterised by, not one, but
two apparently competing incidents of property: the private key as the sole means of use,
benefit, and transfer of the asset; and the blockchain as the means to determining its value.
Hence, the primary property question arising with crypto assets: the relative weight to be given
to each of the private key and the blockchain as constituent parts of a comprehensive whole.
This study has shown that commercial practice and industry opinion on this point varies
considerably.
For some, such as Mr Antonopolous, Ms Kaminsky, the coding community, and the insurance
and custody sectors, the private key assumes such significance that it is taken as representing
the crypto property itself as a bearer asset. Such emphasis on the private key is readily
understood by reference to the ‘normative tug’ of sheer physical practice – if not quite ‘physical
fact’ – of control over the value allocated to public addresses. It was noted in Chapter 2 that
transferability is widely emphasised as the defining characteristic of property; indeed, it was
adopted as definitive for the purposes of this paper. Nevertheless, as a matter of fact, crypto
4 The preoccupation with tangible goods in the commercial context during this period can be seen in the Sale of Goods Act 1893, which codified the existing law, followed by the development of classical contract in the 20th century as an action its own right. 5 Gray and Gray (n 2), [9.1.15]; [1.5.11]. Also J Benjamin, Financial Law (OUP 2007), [16.03]: “all rights are rights against persons. Personal rights can be asserted only against particular persons…in contrast, property rights are rights, in respect of assets, which can be asserted against all persons generally. The phrase in rem denotes the compass, and not the subject of the right. It denotes that the right in question avails against persons generally.”
153
assets cannot be conflated with the private key for several reasons. First, such emphasis
does not give sufficient consideration to the fact that the value associated with the public
address is determined by cryptographic proofs underpinning clearing and settlement by the
blockchain. Second, there is no ‘coin’ or even value to be ‘transferred’ between users; the
blockchain records changes as to the distribution of value across the network. Hence, the
private key cannot be a bearer asset in the sense that, as a large and random number, it is
the asset which is transferred from one user to another.
By contrast, the Nivaura, Overstock, and ASX case studies have demonstrated that the
blockchain is often expressly intended to function as a definitive register of title. Crypto assets,
on this analysis, are registered property. This too is intuitive, especially given the clear
precedent that the transaction ledgers of a settlement system can serve as definitive record
of ownership, and the practical benefits which arise from relying on the blockchain as a single,
decentralised version of truth. However, the blockchain differs from all known title registers
and settlement systems in that the mechanisms for effecting entry on the register depend on
the pseudo-anonymous cryptography underpinning four numbers derived from the private key.
In addition, no other title register utilises a system in which applications to effect an entry on
the register are made through the ‘one time’ use of a private key which, having passed the
cryptographic proofs, are automatically and irreversibly registered. There is, therefore, no
room for rectification or amending a register underpinned by an unpermissioned network,
irrespective of whether an entry was procured by fraud or theft.
Given that the functions of the private key and the blockchain are interdependent, it is
submitted that exclusive emphasis on one or the other is insufficient for the purpose of legal
analysis. Critically, none of the positions examined, with the exception of that of Professor
Anderson et al, attempt to contextualise the chosen emphasis on either the blockchain or
private key within the operation of the network as a whole. Such an approach will result in a
fragmented system of legal property in crypto assets which lacks internal consistency. This is
plainly undesirable, especially given that another basic distinction – between unpermissioned
and permissioned networks – adds another fault line along which further fragmentation may
potentially develop.
In this regard, unpermissioned networks represent the more difficult challenge: theoretically,
due to the absence of any express agreements between users; practically, due to the pseudo-
anonymity of the networks and the difficulty in identifying and tracking down a defendant to
154
any potential claim. It is submitted that the latter issue is more appropriate for regulatory,
rather than private law, oversight. For the present private property law purposes, any
proposed system of ownership in crypto assets should be comprehensive; capable of
applying, in principle, to the vast range of blockchain applications seen in practice. Given that
the underlying code in all blockchain applications remain premised on the principles first used
in Bitcoin and Ethereum, it is submitted that the analysis must begin there.
Eschewing the intuitive emphasis on the private key, it was proposed that a collective
participation model encompassing all nodes best captured the ideology of users informally
subscribing to a system of decentralised trust. In the absence of express agreements between
such subscribers, the unincorporated association was identified as the most appropriate
vehicle to characterise an unpermissioned network. From this, it was proposed that adapting
the concept of shares or units in the more formalised associations, such as company or
investment fund, is useful for characterising the abstract entitlements which are attributed to
users. Whereas in the case of a financial asset, such abstract entitlement is the right to receive
a payment from the debtor, in Bitcoin or Ethereum, the entitlement is membership of or
participation in the ‘blockchain unincorporated association.’ Inextricable from this right is the
recognition by the unincorporated association that any given public address is allocated or
associated with a quantum of value. Users impliedly agree that the distribution of value across
the network of public addresses is determined by the rules of consensus implemented by and
recorded on the blockchain. In most cases, deterministic mathematical necessity and legal
entitlements will coincide, but as a matter of legal principle, the two should be considered
distinct. This is necessary, not least because the blockchain does not ascribe participation
values to legal persons, but to pseudo-anonymous key pairs.
Within this context, the blockchain simply functions as the clearing and settlement system
determining the distribution of value across public addresses according to the consensus
mechanism users implicitly agree will be used. The private key, on the other hand, functions
as an ID credential fundamental to exercising rights of ownership over any given quantum of
value ascribed to a public address. As such, it was proposed that the private key is most
appropriately characterised as definitive of the legal interest of possession in respect of the
underlying participation value in the ‘blockchain unincorporated association.’ Although the
characterisation of the private key as a rebuttable presumption of ownership, proposed by
Professor Anderson et al, was compelling, this proved inappropriate for applications where
the blockchain is expressly intended to be a register of title. Adopting the principle, though
155
workable for a bearer asset characterisation, would, therefore, risk internal inconsistency in a
broader, comprehensive system of property in cryptographic assets.
The consequent proposed private law characterisation of a crypto asset, therefore comprises
three distinct aspects: (i) an overarching ‘membership’ or ‘participation’ in a collective, which
in Bitcoin and Ethereum, is an unincorporated association; (ii) recognition within the
unincorporated association that participation involves value ascribed to individual members’
public addresses, which could called a ‘participation value’ and broadly classed alongside
company shares or units in a collective investment scheme; (iii) use of a private key to exercise
ownership rights of benefit, use, and transfer over such participation values, with the private
key representing the legal interest of possession in respect of these participation values. It is
submitted that this basic framework can apply, at least in principle, to all case studies
examined in this paper, irrespective of whether the network is open or closed, or whether the
crypto asset in question is expressly defined as registered or bearer property. Superimposing
a system of identifying legal persons with key pairs upon this theoretical construct is, it was
submitted, more properly within the remit of regulation or statute.
The obvious obstacle to such characterisation is the English common law resistance to the
propositions that intangibles, such as rights to recognition by a blockchain unincorporated
association of participation values, can be the subject of legal possession. Further complexity
is added by the fact that the interest of legal possession – itself a property interest in its own
right – is ultimately also an intangible, which further takes form as an intangible private key.
Such resistance, however, remains disappointing, and it is submitted, without any real legal
basis;6 there are ample precedents – in modern7 and historic8 common law authority, modern
6 This was a major thesis in a past paper, where further detail can be found: ‘Intermediation, Custody, and the Law of Trusts: Did English Law Cope with the Lehman Insolvency?’ (LL.M Research Paper, Commercial Law: Issues and Policies, Melbourne Law School, December 2017). 7 A Pye (Oxford) Ltd v Graham [2002] UKHL 30; [2003] 1 AC 419. Though that case concerned realty, the House of Lords, per Lord Browne-Wilkinson, applied the ordinary meaning of ‘possession,’ that is, “being the same in the law of trespass or conversion,” (paragraph 42) to hold that “it is not the nature of the acts which A does but the intention with which he does them which determines whether or not he is in possession” (paragraph 40). 8 Bevil’s Case, 4 Co Rep [8a]; JH Thomas (ed), The Reports of Sir Edward Coke in Thirteen Parts, Vol II (1826, Joseph Butterworth and Son, London), 268. The case concerned seisin, the ancient concept of possession in respect of land, of the tenurial services owed by the tenant to the lord as an incidental right owed under the lease. The Common Pleas found, at 4 Co Rep [10a] that “this word seisin should be construed according to the subject matter, sometimes for actual seisin, and sometimes for seisin in law.”
156
judicial attitudes,9 and modern10 and historic11 academic commentary – that such distinction
is not, or should no longer be, relevant for the purposes of property law. In comparative law,
EU legislation12 and the UNCITRAL Model Law on Electronic Transferrable Records 2017
recognise that possession can be used as an alternative to ‘control,’ and the German principle
of indirect possession is strikingly similar to the ancient English concept of ‘seisin in law.’13 If
possession is taken, therefore, as a concept of exercising control over the basic property rights
to transfer, use, and exclude, rather than as rooted in physical fact, it is submitted there is no
reason why the legal concept of possession could not be applied to abstract participation
values in a decentralised blockchain association. As has been recognised in English law as
recently as the 19th century in what remains one of the most authoritative treatises on the legal
interest of possession:
…the Subject matter of Possession is either capable or incapable […] of a complete
physical control applied to the thing as a whole […] It is not possible, as matter of fact,
to possess a house, a wood, or a field in the same manner as we possess the money in
our pockets, or the owner of a cart and horse possesses them when he is driving the horse in the cart […] What kind of acts, and how many, can be accepted as proof of
exclusive use, must depend to a great extent on the manner in which the particular kind
9 Re Lehman Brothers International (Europe) (Extended Liens) [2012] EWHC 2997 (Ch); [2014] 2 BCLC 295. The case concerned a purported lien over intangibles, and the judge was plainly of the view that the nature of the transaction and “clear desire of the [parties] to confer upon LBIE a general lien over assets comprised largely of intangibles.” Citing Lord Hoffmann on the ‘conceptually impossible’ in Re BCCI (No 8), the judge invited the parties to consider “whether the time had come for English property law to take a wider view of the [possession] matter.” The parties, however, unanimously declined. 10 Gray and Gray (n 2) at [2.1.7] suggest that “possession is an inherently behavioural phenomenon which incorporates a particular mind-set” and that “the former emphasis on exclusory intent has been commuted, in a large degree into a concern whether [a person] has engaged in a conscious furtherance of his own self-interest.” Similarly, Professor Palmer recognised that “possession itself is a relative phenomenon, scaled to the capacity of the subject matter to be possessed…in an extreme or novel case possession might even be equated with intellectual enjoyment or exploitation rather than with any physical dominion” in NE Palmer, Palmer on Bailment (3rd ed, 2009 Sweet and Maxwell), [30-034]. Professor Palmer cites the references to ‘quiet possession’ in the Sale of Goods Act 1979 s12(2)(b) and the Sale of Goods and Services Act 1982 s 7(2). The issue is also considered in AW Beaves, ‘Global Custody – A Tentative Analysis of Property and Contract’ in N Palmer and E McKendrick (eds) Interests in Goods (2nd ed, LLP 1998). 11 See, for example, F Pollock and RS Wright, Possession in the Common Law (Clarendon Press 1888). Pollock, too, recognised that the acts or facts proving ‘physical control’ were relative to the object; see text to fn 14 at 157 below. 12 Directive of the European Parliament and of the Council 2002/47/EC of 6 June 2002 on Financial Collateral Arrangements [2002] OJ L168/0043 Art 2(2) recognises that financial collateral may be ”delivered, transferred, held, registered or otherwise designated so as to be in the possession or under the control of the collateral taker.” 13 See fn 8 at 155 above.
157
of property is commonly used. When the object is as a whole incapable of manual
control, and the question is merely who has de facto possession, all that a claimant can do is to show that he…has been dealing with that object as an occupying owner might
be expected to deal with it, and that no one else has done so.14
Given the increasing treads toward digitisation of social and economic life where ID credentials
are a significant source of economic value and wealth, it is submitted that a return to a more
rational and abstract concept of possession is imperative for broader purposes beyond the
present context of property in crypto assets.
5.2. Cryptographic Financial Form
Cryptographic financial assets used in applications of DLT in the financial markets are, on
some level, easier subjects of legal property analyses. It is noteworthy that each case study
examined explicitly utilised the blockchain as a definitive register of title. Furthermore,
identified hierarchies of authority and express legal contracts renders recourse to implied
obligations and entitlements unnecessary. The need to undertake a more creative (and
contentious) property analysis is, thus, avoided: financial assets taking cryptographic form, as
surveyed, are simply registered property.
On a broader level, cryptographic form may seem to solve many of the problems of ownership
which arise in intermediated holdings. However, it has been shown that the ideal of
cryptographic financial assets as giving rise to a truly decentralised, disintermediated, peer-
to-peer financial markets is unlikely to be realised. This was found to be largely due to the
fact that the trust underpinning a financial asset – faith in a debtor’s promise to perform in the
unknown future – is of a different kind to that with which decentralised ledgers are concerned.
It was also found that there are two further significant reasons why use of intermediaries and
some form of centralised trust in the financial markets are likely to be retained. First, the
psychological tendency to delegate responsibilities associated with ownership of financial
property. It is worth noting that most of the case studies surveyed implement some form of
private key custody or node administration. LuxDeco-Nivaura makes use of a Key Custodian,
albeit on a ‘bare bailment’ model of self service through a PIN, which nevertheless shifts the
14 F Pollock and RS Wright, Possession in the Common Law (1888, Clarendon Press) [29] – [30]. Emphasis added.
158
responsibility of keeping private keys secure to cryptographic standards from users to the
custodian. The same security reasons were cited for the active decision to keep private keys
out of the hands of the investors the Overstock-tØ model. Here, private keys are held by
Overstock, Pro Securities, and the Sole Broker-Dealer, and investors give mandates through
the Sole Broker-Dealer to effect transfers through their online brokerage account. The ASX
offers managed nodes, and also likely holds private keys on behalf of indirect network
participants who wish to remain ‘off chain’ and continue to use the message-based system.
The second reason why intermediaries and centralised trust are likely to be retained stems
from the problems of pseudo-anonymity associated with truly decentralised unpermissioned
networks. Significantly, all case studies using public networks include some method for
identifying nodes with legal identities off-chain. In the LuxDeco-Nivaura model, the Key
Custodian’s records were anticipated as serving as an ID register. In the Overstock-tØ model,
the Sole Broker-Dealer is contractually obliged to share its database of client information with
the issuer and its agents. On the other hand, the ASX and the Eurex Repo system used in
the HQLAX solution are both established and permissioned platforms to which access is by
application and/or legal persons setting up an account.
Retention of intermediaries, however, need not mean any dilution of investors’ property rights
in financial assets. The assumption that intermediation necessarily results in lesser property
rights is arguably idiosyncratic to English law, arising as a result of the trusts law
characterisation of dematerialised and immobilised securities. The applications of DLT
surveyed, however, demonstrate clearly that intermediation need not mean any loss of rights
for investors: in the LuxDeco-Nivaura, HQLAX, Gemini Custody Account, and ASX DLT
solution case studies, investors are expressly conferred legal title to their crypto assets.
Similarly, in the Overstock-tØ application, entitlements as against the issuer are expressed as
being entered in the books of the Sole Broker-Dealer, not in ‘street name,’ but in the names of
individual investors.
Such intermediated holdings in which legal title is retained by investors is possible only if the
crypto asset is characterised as a right to registration on or recognition by the blockchain15
15 A similar concept has been proposed by KFK Low and E Teo in ‘Bitcoins and Other Cryptocurrencies as Property?’ (2017) 9(2) Law, Innovation and Technology 235. At [4.3], the authors suggest that ownership of a bitcoin could be conceived of as “the right to have one’s public bitcoin address appear as the last entry in the blockchain in relation to a particular bitcoin.” Many thanks to David Kreltszheim for drawing this article to my attention.
159
with a defined participation value; which is bailed to an intermediary through custody of the
private key. Such characterisation would, furthermore, be desirable from a policy perspective,
as investors holding title directly is a significant advance upon the strength of property rights
which investors currently enjoy in their financial assets. Given that modern commercial
trustees are typically exempted from the traditionally strict obligations and harsh personal
liability in respect of trust property, characterisation of the intermediary as a bailee for reward
does not disadvantage the investor in terms of the personal obligations owed under the
bailment agreement.
Such characterisation of intermediaries as bailees of recognition rights is premised upon the
proposal that crypto assets are essentially rights of participation in and recognition by a
collective association. This proposal is not inconsistent with the case studies examined. In
all but the LuxDeco bond, each case study utilised the familiar formalised collective vehicles
which have developed beyond the informal agreements of the unincorporated association and
are now rooted in express contracts or statutory regimes. For the Overstock preferred stock,
the vehicle is the familiar company or, alternatively, membership of the Pro Securities ATS.
Similarly, membership or access to the settlement system or trading platform in the ASX DLT
solution and HQLAx target operating model. In respect of LuxDeco, the apparent outlier, it is
worth noting that the traditional image of bondholders as dispersed and anonymous individuals
who trade their way out of a bad investment, rather than renegotiate the terms of a bond as a
collective16 is no longer entirely accurate. With the rise instruments such as co-co bonds,17
sovereign debt restructuring and bondholder activism,18 provisions for noteholder meetings in
bond documentation,19 and calls for the same fiduciary duties owed by company directors to
shareholders be also owed to bondholders,20 it is arguable that there is some recognition of
bondholders as a collective in commercial practice and in law.
16 P Wood, ‘Bondholders and Banks: Why the Difference in Protections?’ (2011) 6(2) CMLJ 188, 194. 17 ‘Contingent Convertible’ bonds convert to equity on defined triggers. 18 NML v Argentina remains the most high-profile case to date; see generally N Harrison and F Huntriss, ‘Hedge Funds and Litigation: a Brave New World’ (2015) 10(2) CMLJ 135. 19 For example, the German ‘Bond Law’ 2009 provides, in §7, for a ‘common representative’ (Gemeinsamer Vertreter) who owes the standard of care of ‘prudent business manager’ (ordentlichen und gewissenhaften Geschäftsleiters). See further Schuldverschreibungsgesetz vom 31 Juli 2009 (BGBl I S 2512), explored in a past paper, ‘The Legal Structures of Securitisation,’ (LL.M Research Paper, Debt Capital Markets, Melbourne Law School, June 2017). 20 AA Berle, ‘For Whom Corporate Managers Are Trustees: A Note’ (1932) 45 Harv LRev 1365, 1367-70; MW McDaniel, ‘Bondholders and Corporate Governance’ (1986) 41 Bus Law 413; H Kripke, ‘The SEC, Corporate Governance, and the Real Issues’ (1981) 36 Bus Law 173, 177; DR Fischel, The Corporate Governance Movement’ (1982) 35 Vand L Rev 1259, 1262; FH Easterbrook and DR
160
The obstacle, however, to such a fitting property characterisation is, yet again, the common
law insistence that abstract rights cannot be the subject of possession. It is submitted that
such insistence only strengthens the case for a more rational concept of possession which
recognises, as it once did, that possession should be construed in accordance with its subject
matter.
This is all the more pressing, given the extent to which the case studies have revealed the
extent of double reification of abstract obligations in crypto practice, that is, personal claims
against crypto intermediaries treated as transferrable and valuable economic assets in their
own right. This was demonstrated most explicitly by the HQLAX DCR, which is essentially a
tradeable cryptographic representation of an abstract entitlement relating to a traditional
intermediated security held ultimately with a tri-party agent, which itself holds the security
indirectly. Double reification is also apparent in the Coinbase User Agreement and Gemini
Depository Account, where the exchange users’ interests in the exchange’s own participation
values – associated with the exchange’s public address within the relevant network – are
traded amongst exchange members as freely transferrable assets. This degree of abstraction
is unprecedented in personal property law, yet the concept was noted as not dissimilar to the
doctrine of estates in real property. Interestingly, the concept is also apparent in financial
products such as securitisations: a single debt giving rise to a CDO, to a CDO2 and CDO3 and
so on. It is worth noting that such products were also traded as freely transferrable assets.
Two further property considerations which have arisen in the course of the study merit mention
here. First, potential changes in the norms surrounding title by register. The ASX DLT solution
anticipates that investor information stored potentially on-chain to streamline corporate actions
will necessitate potential changes to the ASX operating rules and statutory provisions which
expressly keep beneficial interests off-register. It is submitted that, although it is difficult to
argue why such records could not ultimately be considered the definitive register of title, this
would also be inconsistent with the law of trusts. It was submitted that a bailment
characterisation for the right conferred by entry on the register would be an appropriate
solution. Second, the HQLAX case study demonstrated that the law of intermediated securities
Fischel, ‘Voting in Corporate Law’ (1983) 26 JL&Econ 395, 396; BD Baysinger and HN Butler, ‘Race For the Bottom v.Climb to the Top: The ALl Project and Uniformity in Corporate Law’ (1985) 10 JCorpnL 431, 433. Explored in a past paper, ‘The Legal Structures of Securitisation,’ (LL.M Research Paper, Debt Capital Markets, Melbourne Law School, June 2017).
161
will also require reconsideration. If ‘crypto-enclaves’ are established between lower-tier
intermediaries, the characterisation of crypto assets traded at this level will necessarily be
premised upon the intermediated system. It is submitted that the shifts towards cryptographic
financial forms invite a welcome opportunity to clarify and refine of the law of intermediated
securities.
Finally, cryptographic financial assets which make use of smart contracts have raised novel
questions of personal liability which go to the heart of the first proposition with which this paper
began: that all financial assets are, in legal terms, substantively rights against other parties to enforce payment obligations. As was seen in the LuxDeco-Nivaura bond, replacing the
intermediaries associated with the performance of such payment obligations with smart
contracts gives rise to the potential for loss as a result of some unforeseeable and unexpected
programming error or flaw. It is not without some irony that the potential for the economic
value of a financial asset to be lost irrevocably through automated performance of the
obligation arises in a context where there are serious difficulties in identifying a defendant to
whom liability can be ascribed. This may, on the one hand, be more appropriately considered
a question of the commercial features of the financial asset, grounded in the law of obligations
and the novel question of personal liability for artificial intelligence and deterministic code.
Nevertheless, it is submitted that the issue is not wholly divorced from the issues of property
in cryptographic financial assets. Given that all financial assets are ultimately premised upon
a personal obligation, clarity in the framework of such personal obligations can only be
welcome as a useful complement to the law of property as a network of jural relationships over
a valued resource.
5.3. Final Conclusions
Financial assets have long suffered as the subject of property law, underpinned as they are,
by the abstract notion of a promise or obligation. Initially relegated to the final ‘left over’
category of ‘chose in action’ within the category for whatever was not a real interest in land,
the rise of the capitalist economy has in the past three centuries forced a social, political,
economic, and legal reconsideration as to the status of a mere promise as a source of
economic value. In the law of property, although makeshift property solutions by recourse to
the form in which financial obligations were recorded have been adopted to varying degrees
of legal and commercial success, such solutions have been ill-fit for purpose since at least the
162
1980s when immobilised and dematerialised forms became widespread in the financial
markets.
This legal analysis of modern financial forms has demonstrated the extent to which
cryptographic assets challenge common law concepts of ownership and property rights. The
apparent deficiencies in the law, most notably in the concept of possession, are arguably not
inherent in English property law generally; rather, they may be attributed to the rise of
international trade in goods and the consequent deeply empirical attitude to personal property
law. To remedy the resulting lacuna in the law, guidance should be taken from of a wealth of
precedents in diverse areas of law which, although not prima facie relevant to high finance or
fintech, upon substantive analysis are often more directly on point than personal property law
or financial regulation. In this study alone, such precedents have been drawn from areas of
law as varied as intellectual property, alternative investment funds, unincorporated
associations, and real property.
There is no doubt that cryptographic form of abstract financial obligations poses a unique
challenge for property law; perhaps one even greater than that posed by land as a socially
significant resource with physical and temporal dimensions beyond the human measure. On
one level, the absence of any obvious precedent may be daunting. On the other, the modern
the challenges for the law of property may be seen as a rare opportunity for the common law
to demonstrate its continued flexibility and creativity in adapting to novel challenges, not
through wholesale statutory interventions, but through centuries of established and continuous
precedent.
i
BIBLIOGRAPHY
Books
Atiyah PS, The Rise and Fall of Freedom of Contract (Clarendon Press, 1979; 1986 (printing)) Beaves AW, ‘Global Custody – A Tentative Analysis of Property and Contract,’ in N Palmer and E McKendrick (eds), Interests in Goods (2nd ed, LLP 1998) Benjamin J, Financial Law (OUP 2007) Blackett-Ord M and Haren S, Partnership Law (5th ed, Bloomsbury Professional 2015) Blackstone W, Commentaries on the Laws of England (W Prest (ed), OUP 2016) Braudel F (trans S Reynolds), Civilisation and Capitalism 15th-18 Century Vol II: The Wheels of Commerce (Book Club Associates (by arrangement with William Collins Sons & Co) 1983) Bridge M et al (eds), The Law of Personal Property (2nd ed, Sweet and Maxwell 2018) Commons J, The Legal Foundations of Capitalism (The Macmillan Company 1924) Ellinger EP et al, Ellinger’s Modern Banking Law (5th ed, OUP 2011) Fox D, ‘Cryptocurrencies in the Common Law of Property,’ in Fox D and Green S (eds) Cryptocurrencies in Private and Public law (OUP 2019) Fuller G, The Law and Practice of International Capital Markets (3rd ed, Lexis Nexis 2012) Gray K and Gray SF, Elements of Land Law (5th ed, OUP 2009) Gullifer L and Payne J (eds), Intermediated Securities (Hart 2010) Hill J and Bowes-Smith E, ‘Joint Ownership of Chattels’ in Palmer N and McKendrick E (eds), Interests in Goods (2nd ed, LLP 1998) Maitland F, Equity and The Forms of Action: Two Courses of Lectures (AH Chaytor and WJ Whittaker ed, CUP 1910) McKendrick E (ed), Goode on Commercial Law (5th ed 2016) Moss G, ‘Intermediated Securities; Issues Arising on Insolvency’ in L Gullifer and J Payne (eds), Intermediated Securities (Hart 2010) Nolan D and Davies J, ‘Torts and Equitable Wrongs’, in Burrows A (ed), English Private Law (3rd ed, OUP 2013) Palmer N, Palmer on Bailment (3rd ed, Sweet and Maxwell 2009)
-- and McKendrick E (eds), Interests in Goods (2nd ed, 1998, LLP)
ii
-- ‘Bailment,’ in A Burrows (ed), Oxford Principles of English Law: Private Law (3rd ed OUP 2013)
Palmer VV, The Paths to Privity: The History of Third Party Beneficiary Contracts at English Law (Austin & Winfield 1992) Pollock F and Wright RS, Possession in the Common Law (Clarendon Press 1888) Renner K, Institutions of Private Law and their Social Functions (Routledge & Keagan Paul, 1949, reprint ed 1976) Simpson AWB, A History of the Common Law of Contract: The Rise of the Action of Assumpsit (Clarendon Press 1975, (1987 printing))
-- ‘Innovation in Nineteenth Century Contract Law,’ in Legal Theory and Legal History: Essays on the Common Law (The Hambledon Press 1987)
Swadling W, ‘Property’ in A Burrows (ed), Oxford Principles of English Law: Private Law (3rd ed, OUP 2013)
Tucker L et al (eds), Lewin on Trusts (19th ed, 2015, Sweet and Maxwell)
Turing D, Clearing and Settlement (2nd ed, Bloomsbury Professional 2016) Yates M, International Settlement’ in Blair M et al (eds), Financial Markets and Exchanges Law (2nd ed, OUP 2012)
-- and Montagu G, The Law of Global Custody: Legal Risk Management in Securities Investment and Collateral (4th ed, Bloomsbury 2013)
Academic Articles Benjamin J, ‘Stewardship and Collateral,’ (LSE Law, Society and Economy Working Papers 7/2017) < https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2969829 > Briggs MJ, ‘Has English Law Coped With the Lehman Collapse?’ [2013] 28 JIBFL 131 Cohen R et al, ‘Automation and Blockchain in Securities Issuances,’ (2018) 3 JIBFL 144 Cope SR, ‘The Stock Exchange Revisited: a New Look at the Market in Securities in London in the Eighteenth Century,’ [1978] 45 (117) Economica, New Series 1 Low KFK and Teo E in ‘Bitcoins and Other Cryptocurrencies as Property?’ (2017) 9(2) Law, Innovation and Technology 235 Paech P, ‘The Governance of Blockchain Financial Networks’ (2017) < https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2875487 > accessed 18 December 2017
-- ’Integrating Global Blockchain Securities Settlement with Law and Regulation - Policy Consideration and International Principles‘ (2016)
iii
<papers.ssrn.com/sol3/papers.cfm?abstract_id=2792639> accessed 18 December 2017
Rix MS, ‘Company Law: 1844 and Today,’ (1945) 55 (218/219) The Economic Journal 252 Talbot L, ‘Enumerating Old Themes? Berle’s Concept of Ownership and the Historical Development of English Company Law in Context,’ [2010] 33(4) Seattle U L Rev 1201 Walch A, ‘The Bitcoin Blockchain as Financial Market Infrastructure: a Consideration of Operational Risk,’ (2015) 18(837) Legislation and Public Policy, 872-7 Winn JK, ‘Electronic Chattel Paper: Invitation Accepted,’ (25 September 2010), 5. Available at < https://ssrn.com/abstract=1682783 > or < http://dx.doi.org/10.2139/ssrn.1682783 > accessed 30 January 2020 Wood P, ‘Bondholders and Banks: Why the Difference in Protections?’ (2011) 6(2) CMLJ 188 Wright A and Filippi P, ‘Decentralised Blockchain Technology and the Rise of Lex Cryptographia’ (2015) < http://ssrn.com/abstract=2580664 > accessed 19 December 2017 Cases Agnew v Commissioners of Inland Revenue, also known as Re Brumark Investments Ltd [2001] UKPC 28 Armitage v Nurse [1998] Ch 241 B2C2 Ltd v Quoine Pte Ltd [2019] SGHC (I) 03 Barclays Bank Ltd v Quistclose Investments Ltd [1970] AC 567 (HL) Bourne v Mason (1669) 2 Keb 454, 457, 527; 1 Vent 6; 86 ER 5 Bristol and West Building Society v Mothew [1996] EWCA Civ 533 Caparo Industries Plc v Dickman [1990] 2 AC 605 (HL) Clypsam v Morris (1669) 2 Keb 401, 443, 453; 84 ER 278 Conservative and Unionist Central Office v Burrell [1982] WLR 522 Donoghue v Stevenson [1932] AC 562 (HL); [1932] UKHL 100 Fouldes v Willoughby (1841) 81 M & W 540; 151 ER 1153 Hardy v Hoade [2017] EWHC 2476 (Ch) Hedley Byrne & Co Ltd v Heller Partners Ltd [1964] AC 465 (HL) Hunter v Moss [1994] 1 WLR 452; [1994] 3 All ER 215 (CA); [1993] 1 WLR 934 (Ch) Longman v Bath Electric Tramways, Limited [1905] 1 Ch 646
iv
MCC Proceeds Inc v Lehman Brothers International (Europe) [1998] 4 All ER (CA) 675; [1998] 2 BCLC 659 W Nagel (a Firm) v Pluczenik Diamond Company NV [2018] EWCA Civ 2640 National Provincial Bank Ltd v Ainsworth [1965] AC 1175 (HL) OBG Ltd v Allan [2007] UKHL 21; [2008] 1 AC 1 Re Goldcorp Exchange Ltd [1995] 1 AC 74 Re Hudson (1885) 54 LJ Ch 881 Re Lehman Brothers International (Europe) (In Administration), also known as Lomas v RAB Market Cycles (Master) Fund Ltd [2009] EWHC 2545 (Ch) Re Lehman Brothers International (Europe) (In Administration), also known as Pearson v Lehman Brothers Finance SA (Lehman RASCALS) [2010] EWHC 2914 Re Lehman Brothers International (Europe) (In Administration) [2011] EWCA Civ 1544 Re Lehman Brothers International (Europe) (In Administration) (Extended Liens) [2012] EWHC 2997 (Ch); [2014] 2 BCLC 295 Re London Wine Company (Shippers) Limited [1986] PCC 121 Robinson v Harman (1848) 1 Ex 850; 154 ER 363 Rolls Royce Ltd v Jeffrey (Inspector of Taxes) [1962] 1 WLR 425 R v West, Southwark Crown Court, 14 December 2017 (unreported) Secure Capital SA v Credit Suisse AG [2017] EWCA Civ 1486 Smith v Hughes (1871) LR 6 QB 597 Spartan Steel and Alloys Ltd v Martin & Co Ltd [1973] QB 27 (CA) Speechley v Allott [2014] EWCA Civ 230 Tailby v Official Receiver (1888) 13 App Cas 523 Thomas v Thomas (1842) 2 QB 851 Warner-Lambert Co Ltd v Generics (UK) Ltd [2018] UKSC 56
UK Primary Legislation
Act To Restrain the number and ill Practice of Brokers and Stock-Jobbers 8 and 9 Wm III c 32 Companies Act 2006
v
Computer Misuse Act 1990 Financial Services and Markets Act 2000 Joint Stock Companies Act 1844 Land Registration Act 2002 Law of Property Act 1925 Partnerships Act 1890 Torts (Interference with Goods) Act 1977
EU Primary Legislation
Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties and trade repositories [2012] OJ L 201/1 Directive of the European Parliament and of the Council 98/26/EC of 19 May 1998 on Settlement Finality in Payment and Securities Settlement Systems [1998] OJ L166/45 Directive of the European Parliament and of the Council 2002/47/EC of 6 June 2002 on Financial Collateral Arrangements [2002] OJ L168/43 Directive 2003/71/EC of the European Parliament and of the Council of 4 November 2003 on the prospectus to be published when securities are offered to the public or admitted to trading and amending Directive 2001/34/EC [2003] OJ L 345/64 Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No 1095/2010 [2011] OJ L 174/1 Directive 2013/50/EU of the European Parliament and of the Council of 22 October 2013 amending Directive 2004/109/EC of the European Parliament and of the Council on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market, Directive 2003/71/EC of the European Parliament and of the Council on the prospectus to be published when securities are offered to the public or admitted to trading and Commission Directive 2007/14/EC laying down detailed rules for the implementation of certain provisions of Directive 2004/109/EC [2013] OJ L 294/13 Directive 2014/57/EU of the European Parliament and of the Council of 16 April 2014 on criminal sanctions for market abuse [2014] OJ L 173/179 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU [2014] OJ L 173/349 Directive 2014/91/EU of the European Parliament and of the Council of 23 July 2014 amending Directive 2009/65/EC on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) as regards depositary functions, remuneration policies and sanctions [2014] OJ L 257/186
vi
Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC [2015] OJ L 141/73 Directive 2015/2366/EU of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC [2015] OJ L 337/35 Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU [2018] OJ L 156/43
International and Other Jurisdictions
International UNCITRAL Model Law on Electronic Transferrable Records (2017)
Australia
Crimes Act 1958 (Vic) Partnerships Act 1958 (Vic) Property Law Act 1958 (Vic) Corporations Act 2001 Anti-Money Laundering and Counter Terrorism Financing Act 2006
Belgium Royal Decree No 62 of 10 November 1967
Germany
Civil Code Luxembourg
Law of 1 August 2001 on the circulation of securities, as amended, Mém. A 2001, No 106
vii
Spain
Consolidated Text of the Regulation of Sociedad de Sistemas (‘Iberclear Regulation’) as at 6 September 2017 < http://www.iberclear.es/ing/Regulations/Legal-Framework > accessed 9 April 2019.
United States of America
Trust Indenture Act 1939 15 USC §§77aaa-77bbbb (2012)
Investment Companies Act 1940 15 USC §§ 80a-1–80a-64 (2012) Uniform Commercial Code (UCC)
Policy and Other Reports ASIC’s Information Sheet 225, ‘Initial Coin Offerings and Crypto-Assets’ (May 2019 Update) < https://asic.gov.au/regulatory-resources/digital-transformation/initial-coin-offerings-and-crypto-assets/ > accessed 31 January 2020 Bank of International Settlements, Committee on Payments and Market Infrastructures Markets Committee, ‘Distributed Ledger Technology in Payment, Clearing, and Settlement: An Analytical Framework’ (February 2017, CPMI Paper No 157) < https://www.bis.org/cpmi/publ/d157.htm > accessed 3 November 2018
-- ‘Central Bank Digital Currencies’ (March 2018, CPMI Paper No 174) < https://www.bis.org/cpmi/publ/d174.htm > accessed 3 November 2018
European Securities and Markets Authority, ‘The Distributed Ledger Technology Applied to Securities Markets,’ (7 February 2017) < https://www.esma.europa.eu/sites/default/files/library/dlt_report_-_esma50-1121423017-285.pdf > accessed 5 January 2018 Financial Markets Law Committee, ‘Trustee Exemption Clauses: Analysis of the Role of the Trustee in the Wholesale Financial Markets and of the Proposals Contained in the Law Commission's Consultation Paper No 117’ (FMLC Issue 62, May 2004)
-- ‘Proprietary Interests in Investment Securities’ (Issue 3, July 2004) < www.fmlc.org > accessed 6 September 2017
-- ‘Issues of Legal Uncertainty Arising in the Context of Virtual Currencies’ (July 2016) < www.fmlc.org > accessed 18 June 2018
FINMA, ‘Guidelines for enquiries regarding the regulatory framework for initial coin offerings (ICOs),’ (16 February 2018) < https://www.finma.ch/en/news/2018/02/20180216-mm-ico-wegleitung/ > accessed 1 December 2018 Group of Thirty, ‘Clearance and Settlement in the World’s Securities Markets’ (1989)
viii
Journal of the House of Commons, ‘25 November 1696,’ 11 House of Commons Journal: 25 1693-1697 (London 1803), 593-598 < http://www.british-history.ac.uk/commons-jrnl/vol11/pp593-598 > accessed 5 April 2019 Law Commission of England and Wales, ‘Trustee Exemption Clauses’ (Law Com No 301 Cmmd 6874, 2006)
-- ‘The UNIDOIT Convention on Substantive Rules Regarding Intermediated Securities: Further Updated Advice to HM Treasury’ (May 2008)
-- ‘Fiduciary Duties of Investment Intermediaries’ (Law Comm No 350, 2014)
Reserve Bank of Australia, ‘Review of Settlement Practices for Australian Equities’ (May 2008) < https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/clearing-and-settlement-facilities/consultations/review-practices/ > accessed 30 September 2018 Regulatory Filings and Legal Agreements ASX Settlement Operating Rules (1 August 2010) < https://www.asx.com.au/documents/rules/ASX_Settlement_Rules_Section_09.pdf > accessed 22 April 2019 Bitcoin Core User Licence < https://bitcoincore.org/en/download/ > accessed 15 July 201 Coinbase User Agreement < www.coinbase.com > accessed 20 January 2018 Ethereum Licencing < https://github.com/Ethereum/wiki/wiki/Licensing > accessed 18 June
2019
Gemini Custody Agreement < https://gemini.com/custody-agreement/> accessed 15 April 2019 Gemini User Agreement < www.gemini.com > accessed 20 January 2018 Morris and Rossetti, Individually and on Behalf of All Others v Overstock.com.Inc. and Ors, Class Action Complaint for Violations of Federal Securities Law, Demand for Jury Trial (Filed 29 March 2018), para 4. Reported by R Kahn, ‘Shareholder Class Action’ (Court House News, 30 March 2018) < https://www.courthousenews.com/wp-content/uploads/2018/03/SCA.Overstock.pdf > accessed 4 February 2019 Morris and Rossetti, Individually and on Behalf of All Others v Overstock.com.Inc. and Ors, Notice of Voluntary Dismissal <http://securities.stanford.edu/filingsdocuments/1065/O00_03/2018330_f01k_18CV00271.pdf > last accessed 19 June 2019 Open Source Initiative MIT Licence < https://opensource.org/licenses/mit-license.php > accessed 15 July 2018 Overstock Inc, Prospectus dated 9 December 2015 (Filed 11 December 2015)
ix
< http://investors.overstock.com/static-files/aeb7115e-cc0c-482a-9f44-69eade872e53 > last accessed 4 June 2019 Overstock Inc, Prospectus Supplement (To Prospectus dated 9 December 2015) dated 14 November 2016 (Filed 14 November 2016) < http://investors.overstock.com/static-files/39d5b2c0-1c69-4112-b0a5-552edd2a9a4c > last accessed 22 June 2019 t0.com Inc, Amended, Supplemented, and Restated Offering Memorandum dated 1 March 2018 < https://www.sec.gov/Archives/edgar/data/1130713/000110465918013731/a18-7242_1ex99d1.htm > accessed 1 April 2019
Programming Documents and Websites Antonopoulos A, Mastering Bitcoin: Programming the Open Blockchain (2nd ed, O’Reilly Media 2017)
-- and Wood G, Mastering Ethereum: Building Smart Contracts and DApps (O’Reilly Media 2019)
Beefchain Website < https://beefchain.com/ > accessed 18 January 2019 Brown G, ‘The Corda Platform: An Introduction,’ (May 2018, Version 2) < https://docs.corda.net/_static/corda-platform-whitepaper.pdf > accessed 13 October 2018 Corda Network Foundation Website < https://corda.network/ > accessed 18 April 2019 Digital Asset, ‘The Digital Asset Platform: Non-Technical White Paper’ (December 2016) < https://hub.digitalasset.com/hubfs/Documents/Digital%20Asset%20Platform%20-%20Non-technical%20White%20Paper.pdf > accessed 30 September 2018 Everledger Diamond Platform Website < https://diamonds.everledger.io/ > accessed 20 March 2018 Ethereum Github Website < https://github.com/ethereum > accessed 18 June 2019 Gibraltar Blockchain Exchange < https://gbx.gi > accessed 1 February 2019 JP Morgan, ‘Quorum White Paper’ (Version 2, 24 August 2018) <https://github.com/jpmorganchase/quorum/blob/master/docs/Quorum%20Whitepaper%20v02.pdf > accessed 17 March 2019 Lamport L et al, ‘The Byzantine Generals Problem’ (SRI International 1982) < https://people.eecs.berkeley.edu/~luca/cs174/byzantine.pdf > accessed 4 April 2019 Nakamoto S, ‘Bitcoin: A Peer-to-Peer Electronic Cash System’ (2008) <http://nakamotoinstitute.org/bitcoin/> accessed 5 January 2018 r3 Website < https://www.r3.com/ > accessed 8 August 2018 Swiss SIX Digital Exchange < https://www.six-group.com/en/site/digital-exchange.html > last accessed 26 June 2018
x
Wood G, ‘Ethereum: A Secure Decentralised Generalised Transaction Ledger,’ (‘the Yellow Paper, Byzantium Version 4e05aa0 4 March 2019) < https://github.com/ethereum/yellowpaper > accessed 24 March 2019
Industry Documents and Resources
ABILab et al – r3, Case Study: Italian banks pioneer the use of Corda Enterprise for interbank reconciliation—opening the way to a full production roll-out <https://www.r3.com/wp-content/uploads/2019/04/Spunt_CS_R32018.pdf > accessed 19 May 2019 Anderson R et al, ‘Bitcoin Redux’ (28 May 2018) <https://weis2018.econinfosec.org/wcontent/uploads/sites/5/2018/05/WEIS_2018_paper_38.pdfblockchain.info > accessed 17 September 2018 A Barbaschow, ‘Here’s What to Expect from ASX’s Blockchain-Based CHESS Replacement’ (ZDNet, 25 October 2018) < https://www.zdnet.com/article/heres-what-to-expect-from-asxs-blockchain-based-chess-replacement/ > accessed 19 June 2019 Buy Bitcoin Worldwide Website < https://www.buybitcoinworldwide.com/confirmations/ > accessed 4 April 2019 Clearstream Banking SA, ‘Customer Handbook’, (Document No 0021, Version 27 May 2019) CMS Legal Services EEIG, ‘Initial Coin Offerings: New Means of Fundraising,’ (March 2018) <https://cms.law/en/INT/Publication/Initial-Coin-Offerings-New-means-of-fundraising > accessed 19 April 2019 Cohen R et al, ‘Banking on the Blockchain,’ (February 2018) IFLR 24, < http://www.allenovery.com/SiteCollectionDocuments/Banking_On_The_Blockchain.pdf > accessed 30 March 2019 Coindesk Website < https://www.coindesk.com/price/Bitcoin > accessed 17 December 2018 Crown Prosecution Service News Centre, ‘Prolific Computer Hacker Jailed for 10 Years’ (25 May 2018) < https://www.cps.gov.uk/cps-london-north-london-south/news/prolific-computer-hacker-jailed-10-years > accessed 29 August 2018 CryptoBLK-r3, Case Study How R3 is working with CryptoBLK, HSBC and other banks and corporates to revolutionize and revitalize trade finance letters of credit, using the power of the Corda blockchain platform’< https://www.r3.com/wp-content/uploads/2019/04/CryptoBLK_CS_Jan2019.pdf > accessed 19 May 2019 Deutsche Börse, ‘Deutsche Börse and HQLA make significant progress on blockchain securities lending solution’ (Press Release, 29 January 2019) < https://www.deutsche-boerse.com/dbg-en/media/press-releases/Deutsche-B-rse-and-HQLAX-make-significant-progress-on-blockchain-securities-lending-solution--1413678 > accessed 19 December 2018 Euroclear Bank, ‘Rights of Participants to Securities deposited in the Euroclear System (July 2017) < https://ecsda.eu/wp-content/uploads/BE_Euroclear_Bank.pdf > accessed 4 May 2019
xi
Euroclear Bank Website < https://www.euroclear.com/services/en/banking-services-all-providers.html > last accessed 28 June 2019 European Central Bank: Eurosystem Website, < https://www.ecb.europa.eu/paym/coll/coll/triparty/html/index.en.html > accessed 1 June 2019 FCA Regulatory Sandbox Website < https://www.fca.org.uk/firms/regulatory-sandbox > last accessed 19 June 2019 Finestra-r3, ‘Case Study: How Finastra is harnessing R3’s Corda Enterprise blockchain to open up a new business line and transform transparency and efficiency in the syndicated loan market’ < https://www.r3.com/wp-content/uploads/2019/04/Finastra_CS_R32018pdf.pdf > accessed 19 May 2019 HQLAX Website < https://www.hqla-x.com/ > last accessed 26 June 2019 HQLAx & Deutsche Börse Group, ‘Target Operating Model’ < https://www.deutsche-boerse.com/resource/blob/1413686/d0619e3c15e557a8f566845c516db169/data/29jan2019-hqlax_en.pdf > accessed 1 May 2019 ISDA and Linklaters, ‘Whitepaper: Smart Contracts and Distributed Ledgers - A Legal Perspective’ (August 2017). Available at < https://lpslive.linklaters.com/en/about-us/news-and-deals/news/2017/smart-contracts-and-distributed-ledger--a-legal-perspective > accessed 18 December 2017 ISSA, ‘Distributed Ledger Technology: Principles for Industry-Wide Acceptance’ (June 2018) < https://www.issanet.org/e/pdf/2018-06_ISSA_DLT_report_version_1.0.pdf > accessed 28 October 2018
-- ‘Infrastructure for Crypto-Assets: A Review by Infrastructure Providers’ (October 2018) < https://www.issanet.org/e/pdf/2018-10_ISSA_report_Infrastructure_for_Crypto-Assets.pdf> accessed 28 October 2018
Kelly J, ‘Nine of the World’s Biggest Banks Join to From Blockchain Partnership’ (Reuters London 15 September 2015) < https://www.reuters.com/article/us-banks-blockchain/nine-of-worlds-biggest-banks-join-to-form-blockchain-partnership-idUSKCN0RF24M20150915 > accessed 8 August 2018 Kemp R, ‘The Fourth Industrial Revolution: Blockchain and Smart Contracts,’ (The Lawyer 6 June 2016) < https://www.thelawyer.com/issues/6-june-2016/the-fourth-industrial-revolution-blockchain-and-smart-contracts/ > accessed 9 September 2017 Kharti Y, ‘Craig Wright Ordered to Disclose Bitcoin Addresses in Kleiman Court Case,’ (Coindesk, 6 May 2019) < https://www.coindesk.com/craig-wright-ordered-to-disclose-bitcoin-addresses-in-kleiman-court-case > last accessed 2 June 2019 Ledger Website <https://www.ledger.com/ > accessed 4 April 2019 Leung J, ‘7 Legal Questions That Will Define Blockchain in 2019,’ (Coindesk, 3 January 2019) < https://www.coindesk.com/7-legal-questions-that-will-define-blockchain-in-2019 > accessed 4 January 2019
xii
Lloyd’s, ‘Bitcoin: Risk Factors for Insurance’ (2015, Lloyd’s Emerging Risk Report). Available at < www.lloyds.com > accessed 4 June 2018 Medici Website < https://www.mediciventures.com/ > last accessed 18 June 2019 Metz C, ‘Overstock.com Assembles Coders to Build a Bitcoin-ike Stock Market’ (Wired, 10 June 2014) < https://www.wired.com/2014/10/overstock-com-assembles-coders-build-bitcoin-like-stock-market/ > accessed 1 June 2019 Oliver Wyman and Euroclear, ‘Blockchain in Capital Markets: The Prize and the Journey’ (February 2016) < https://www.oliverwyman.com/content/dam/oliver-wyman/global/en/2016/feb/BlockChain-In-Capital-Markets.pdf > accessed 29 July 2018 Parker L, ‘Overstock Announces Cryptosecurity Exchange And World's First Crypto Bond (Brave New Coin, 7 June 2015) < https://bravenewcoin.com/insights/overstock-announces-cryptosecurity-exchange-and-worlds-first-crypto-bond > last accessed 2 June 2019 Quintez B, ‘Remarks at the 38th Annual GITEX Technology Week Conference,’ (October 2018) < https://www.cftc.gov/PressRoom/SpeechesTestimony/opaquintenz16 > accessed 4 January 2019 Securities Registrars Association Website, < http://sraa.asn.au/introduction-to-chess.html > accessed 4 April 2019 SEC Alternative Trading System (“ATS”) List Website, < https://www.sec.gov/foia/docs/atslist.htm > last accessed 2 June 2019 Thompson Reuters BlockOne IQ Website < https://blockoneiq.thomsonreuters.com/ > accessed 1 May 2019 Trezor Website < https://trezor.io/ > accessed 4 April 2019 Valkenburgh P, ‘Framework for Securities Regulation of Cryptocurrencies,’ (Version 2, Coin Centre August 2018) <https://coincenter.org/files/securities-cryptocurrency-framework-v2.1.pdf > accessed 24 November 2018 Vries A, ‘Bitcoin’s Growing Energy Problem’ (16 May 2018) Joule 2, 801–809 < https://www.cell.com/joule/fulltext/S2542-4351(18)30177-6 > accessed 30 June 2018 Watkins J, ‘Collateral Fears Driving Direct CCP Model’ Global Custodian (Winter 2017), 16
-- ‘Custody’s Big Moment: Cryptocurrency Custody,’ Global Custodian (Summer 2018), 30 -- ‘CSDs forced to defend their existence in a DLT World’ (The TRADE Crypto, 1 November 2018) <“https://www.thetradenewscrypto.com/csds-forced-defend-existence-dlt-world/ > accessed 7 June 2019
Wilmoth J, ‘Parity’s $150 Million Wallet Bug’ (CCN, 11 September 2017) < https://www.ccn.com/i-accidentally-killed-it-parity-wallet-bug-locks-150-million-in-ether > accessed 19 April 2019
xiii
Other BBC News, ‘Millions Using 123456 as Password, Security Study finds’ (BBC News, 21 April 2019) < https://www.bbc.com/news/technology-47974583 > accessed 21 April 2019 Graeber D, Debt: the First 5000 Years (Melville House 2011) Held A, Past Academic Papers:
-- ‘Privity of Contract and Contract Theory,’ (LL.B Dissertation, University of London, May 2015)
-- ‘The Legal Structures of Securitisation,’ (LL.M Research Paper, Debt Capital Markets, Melbourne Law School, June 2017) -- ‘Financial Fiduciaries,’ (LL.M Research Paper, Commercial Applications of Equity, Melbourne Law School, November 2017). -- ‘Intermediation, Custody, and the Law of Trusts: Did English Law Cope with the Lehman Insolvency?’ (LL.M Research Paper, Commercial Law: Issues and Policies, Melbourne Law School, December 2017)
-- ‘Bitcoins, Blockchains, and Decentralised Ledgers: Does Situs Actually Matter? (LL.M Dissertation, City Law School, City, University of London, September 2018)
Telephone conversation between R Cohen and author, 31 May 2019
Minerva Access is the Institutional Repository of The University of Melbourne
Author/s:
Held, Amy
Title:
Crypto-Financial Assets in a DLT-Based Market Infrastructure: Legal Principles of Ownership
and Obligation
Date:
2019
Persistent Link:
http://hdl.handle.net/11343/274809
File Description:
Complete Thesis, Library Copy
Terms and Conditions:
Terms and Conditions: Copyright in works deposited in Minerva Access is retained by the
copyright owner. The work may not be altered without permission from the copyright owner.
Readers may only download, print and save electronic copies of whole works for their own
personal non-commercial use. Any use that exceeds these limits requires permission from
the copyright owner. Attribution is essential when quoting or paraphrasing from these works.
