Ebenhoch: Blockchain Compliance

# Blockchain Compliance
Dr. Peter Ebenhoch

![Shimano Chain](shimano2-circle.png)

.footnote[IRIS  Internationales Rechtsinformatik Symposium, Salzburg 2018  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

---

# May you live in exciting times…
宁为太平狗，不做乱世人

.footnote[Ebenhoch: Blockchain Compliance, IRIS 2018  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

---
class:left

# Actual blockchain crimes

February 15, 2018: Optioment

- Claim: «Optioment basiert auf einem Bitcoin-Arbitrage-Tradingroboter.»
- Type: Fraud (Ponzi Scheme)
- Location: Austria
- Reported damage: 80 Mio EUR

???
- https://derstandard.at/2000074322828/Pyramidenspiel-12-000-Bitcoins-weg-hunderte-Oesterreicher-betroffen
- https://diepresse.com/home/wirtschaft/economist/5371989/Kriminalfall-um-BitcoinSekte-aus-Oesterreich

January 30, 2018: Coincheck

- Claim: «Easiest way to buy and sell BTC.»
- Type: Hot wallet cleared (Robbery)
- Location: Japan
- Reported damage: 500 Mio USD

???
- https://bitcoinblog.de/2018/01/30/groesster-krypto-hack-aller-zeiten-bitcoin-nicht-beteiligt/

January 22, 2018: IOTA-Hack

- Claim: «Since inception, we have unabashedly done things differently.»
- Type: External private key generation (Phishing)
- Location: Norway
- Reported damage: 4 Mio USD

???

- https://news.bitcoin.com/iota-attacked-for-subpar-wallet-security-following-4m-hack/

.footnote[Ebenhoch: Blockchain Compliance, IRIS 2018, Salzburg  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

---
class:left

# Prior blockchain incidents

June 2016: The DAO «Hack»

- Claim: «The steadfast iron of unstoppable code.»
- Location: Germany
- Type: Recursive use of withdrawal function 
- Damage: ~ 50 Mio USD (3.6 Mio ETH)
.bildrechts[![Mt. Gox damaged party](DSCF4055.0-small.jpg)]

???
- https://www.wired.de/collection/business/wie-aus-dem-hack-des-blockchain-fonds-dao-ein-wirtschaftskrimi-wurde

February 2014: Mt. Gox files for bankruptcy

- Claim: «Bitcoin eliminates intermediaries.»
- Location: Japan
- Type: Poor IT-security 
- Damage: ~ 450 Mio USD (850.000 BTC, today ~ 9 Mrd USD)

Ernst & Young reports (January 22, 2018):

`10% of ICO funds are  lost or stolen`

- _“Fear of Missing Out” (FOMO)_ drives token valuations without any connection to market fundamentals.

???
- http://www.ey.com/gl/en/newsroom/news-releases/news-ey-big-risks-in-ico-market-flawed-token-valuations-unclear-regulations-heightened-hacker-attention-and-congested-networks

???
- https://en.wikipedia.org/wiki/Mt._Gox

.footnote[Ebenhoch: Blockchain Compliance  IRIS 2018, Salzburg  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

---

class:left

# Blockchain Compliance

### Is there a need for blockchain regulation?

→ _Yes!_

### Delimitation

A. This presentation: Regulation → Blockchains

B. Also of interest: Blockchains → Regulation (Regulatory Tech/RegTech)

.footnote[Ebenhoch: Blockchain Compliance  IRIS 2018, Salzburg  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

---

# How to regulate blockchains

.footnote[Ebenhoch: Blockchain Compliance, IRIS 2018  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

---
class:left, small

# What is a blockchain?

`A blockchain is a distributed database which introduces analog scarcity into digital abundance.`

`A blockchain requires an IT-operation system and (public) access points.`

`All public blockchain-transactions are transparent, actors can potentially be uncovered.`

`The consensus mechanism prevents later change of records and consumes enormous amounts of electrical energy.`

.footnote[Ebenhoch: Blockchain Compliance  IRIS 2018, Salzburg  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

---

# Blockchain fallacies

A. ~~Blockchains need no intermediary~~ BC require IT-infrastructures → cf.  wallets & exchange sites

--
 
B. ~~Blockchains cannot be regulated~~  IT-operation & access can be regulated → cf. China

C. ~~Blockchains are error-free~~
Software is always error prone → eg. the DAO or Mt. Cox hack

D. ~~Blockchains are always right~~
Errors in blockchains are difficult to correct → inclusive link to digital twin

E. ~~Blockchain transactions are strictly confidential~~ → Actors of blockchain transactions can be uncovered

F. ~~Blockchains scale well~~ → Public blockchains are slow and power consuming (~4 transactions/s BTC, ~20 ETH)

.footnote[Literature: _Gerard_, [Attack of the 50 Foot Blockchain](https://www.amazon.de/Attack-50-Foot-Blockchain-Contracts-ebook/dp/B073CPP581)]

---
.logo[![Chain](shimano2-circle-handout.png)]

#  Blockchains _are_ regulated

_Blockchains are de lege lata regulated. Existing norms and laws are applicable, admittedly with some scope._

`Blockchain-applications have to be fully compliant with legal regulation in force.`

`The utilization of blockchains is no excuse for criminal behaviour.`

Despite the actual «fear of missing out» hysteria:

- scams/fraud
- ponzi schemes
- illegal trades
- money laundering
- …

are not allowed … _even if you use a blockchain._

.footnote[Ebenhoch: Blockchain Compliance  IRIS 2018  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

---

# Regulation areas
改善

_We are here to make another world._

W. Edwards Deming

.footnote[Ebenhoch: Blockchain Compliance, IRIS 2018  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

---
class:left

# Global regulation 1/3

Switzerland / Kanton Zug

- Partly local regulation (eg. tax paying and customer identification with Bitcoin in Zug
   - FINMA guidelines for ICO-assessment
   
--

South Korea

- «(The government) is considering both shutting down all local virtual currency exchanges» (2018-01-25)
 
--

China

- Ban of ICOs as of 2017-09-04
   - Discourage of bitcoin mining due to high power consumption

.footnote[Ebenhoch: Blockchain Compliance, IRIS 2018, Salzburg  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

???

https://hackernoon.com/state-of-global-cryptocurrency-regulation-january-2018-6e03dea0f036
 https://www.forbes.com/sites/sarahsu/2018/01/15/chinas-shutdown-of-bitcoin-miners-isnt-just-about-electricity/#4d2e1f81369b
 
 https://www.coindesk.com/report-south-korea-to-decide-thursday-on-crypto-exchange-regulation/

---
class:left

# Global regulation 2/3

Canada

- Blockchain regulatory 
   - is favorable but 
   - still needs improvement.

USA

- Arizona (recognition of smart contracts)
   - Vermont (blockchain as evidence)
   - Chicago (real estate records)
   - Delaware (pending initiative authorizing registration of shares of Delaware companies in blockchain form)

---

# Global regulation 3/3

European Union

`It makes sense to discuss the speculative risks of virtual currencies and their impact on the financial system at international level`, the Finance Ministry in Berlin said in an emailed response to questions. The next meeting of G-20 finance ministers and central bank governors would be «a good opportunity to do so.»

Valdis Dombrovskis – VP of financial stability, financial services and capital markets at the European Commission: `In recent weeks, bitcoin has our heightened attention.`

???

`We looked at that [bitcoin], we analyzed the fundamentals but we don’t think we have to react at this stage as a political and technical body.`

???

Pierre Moscovici – EU Commissioner for economic, financial affairs, taxation and customs

Valdis Dombrovskis – VP of financial stability, financial services and capital markets at the European Commission: `In recent weeks, bitcoin has our heightened attention.`

???

https://www.bloomberg.com/news/articles/2017-12-18/europe-wants-to-regulate-bitcoin-to-clamp-down-on-illegal-risks

https://www.ccn.com/arent-looking-regulate-bitcoin-eu-commissioner/
https://www.coindesk.com/canada-approves-countrys-first-blockchain-etf/
https://techvibes.com/2017/12/15/how-future-regulation-will-shape-canadas-blockchain-environment
https://hackernoon.com/state-of-global-cryptocurrency-regulation-january-2018-6e03dea0f036
---

#  Areas of regulation 1/2

- KYC – Know Your Customer

- Trust level for identity assessment
   - Anti-money laundering: `When establishing a business relationship, the financial intermediary must verify the identity of the customer on the basis of a document of evidentiary value.`

- KYO – Know Your Organization
![Republik Österreich](repulik.png)

- Legal entity who operates the blockchain
   - «Impressum»
   - Institutional duties

.footnote[Ebenhoch: Blockchain Compliance  IRIS 2018  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

???
https://www.finma.ch/en/documentation/legal-basis/laws-and-ordinances/anti-money-laundering-act-(amla)/
https://derstandard.at/2000074509351/Repulik-Oesterreich-und-Zertifikatsfehler-beim-Innenministerium

---
.logo[![Chain](shimano2-circle-handout.png)]

#  Areas of regulation 2/2

- KYS – Know Your System

- Matureness of the IT-system
  - Level of service quality
  - Upfront security assessment
--

- KYB – Know Your Business

- Establishment of token types
   - Reproducable business model in alignment with market fundamentals
   - ICO: `Differentiate functions of the blockchain tokens  security, currency, usage/utility` 
  - ICO: Prospektpflicht / prospectus 
   - Cyberphysical relationship / alignment with «digital twin» (traditional currency, land property).

- Power consumption

- Major shortcoming - regulation is very likely.

.footnote[Ebenhoch: Blockchain Compliance  IRIS 2018  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

---

#  Implementation Results

Impact assessment on cases at stake:

![Compliance-Massnahmen](21-02-_2018_16-01-32.png)

---

#  Call for legal confidence

Blockchains can and have to be regulated!

Relevant regulation areas are

1. Know Your Customer: Determine personal identification level & anonymity needs
2. Know Your Organisation: Determine requirements for organisations operating blockchains
3. Know Your System: Determine interfaces to public ledgers / Clarify linking with real artefacts
4. Know Your Business: Elaborate business domain specific requirements to utilize blockchains and digital tokens / demand startup stages
5. Power Consumption: Restrict power consumption

International blockchain regulation should gain momentum to provide a legal frame and to protect investments.

.footnote[Ebenhoch: Blockchain Compliance  IRIS 2018  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]
---

# Take aways

現場

.footnote[Ebenhoch: Blockchain Compliance, IRIS 2018  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]

---
.logo[![Chain](shimano2-circle-handout.png)]

# How to deal with ICOs 1/2

How do Venture Capitalists handle blockchain projects? 
`By applying common sense and differentiating according to business value:`

- Crypto Coins (new currency=altcoin), vs.
- Crypto Equity (for crowdfunding)

####VC evaluation checklist

1. Company & Team Profile (development & advisory board)
2. Whitepaper Evaluation (seriousness, viability, sustainability) 
3. Purpose (usage and feature of tokens and blockchain-technology)
4. Clarify community assessment (eg. bitcointalk.org)
5. Clarify community and media-response
6. Verify roadmap and stages of the project, evaluate source code if applicable
7. Financial backing / Interest of other ventura capitalists
8. Open Cap & Hard Cap to verify later increase options
9. Distribution of Tokens in alignment with project stages

???

https://medium.com/@charmainemaravilla/checklist-on-evaluating-initial-coin-offering-ico-2ef43f92f179

---
.logo[![Chain](shimano2-circle-handout.png)]

# How to deal with ICOs 1/2

__FINMA «Wegleitung» (Guide)__ (February 16, 2018)

`Applying common law according to token-functions:`

- Payment [Coins] = Cryptocoins → Geldwäscherei-Gesetz [GWG]
- Usage = [Access] for usage or service
- Security [Equity]= Shares of enterprises or entitlement to dividends

#### __Token does not yet exist, but claim for transfer__

- → security-token

#### __Token does exist__

- payment-token → currency
- investment-token → security 
- usage-token → depending on concrete design

---
.logo[![Chain](shimano2-circle-handout.png)]

# Resources

* Burgwinkel (Hrsg.): Blockchain Technologie, deGruyter, 2016
* Berentsen/Schär: Bitcoin, Blockchain und Kryptoassets, Basel, 2017
* Heckmann/Kaulartz: Selbsterfüllende Verträge, c't 24/2016: 138-140
* Shimano: HG701 Ultegra 6800 / XT M8000 11 Speed Chain: https://www.evanscycles.com/shimano-hg701-ultegra-6800-xt-m8000-11-speed-chain-EV268364
* The Economist: The trust machine, 2015: http: https://www.economist.com/printedition/2015-10-31
* Zug: http://www.cryptovalley.swiss
* Gerard, David: Attack of the 50 foot blockchain, 2017

This presentation (upcoming 2018-02-26):

- http://lean-grc.com

Contact

- Dr. Peter Ebenhoch, effectas GmbH, 6300 Zug, Switzerland,  peter.ebenhoch@effectas.com

.footnote[Ebenhoch: Blockchain Compliance, IRIS 2018, Salzburg  peter.ebenhoch@effectas.com 	 http://lean-grc.com ]