Regulating Anonymity, Balancing Opposite Ends of The Spectrum

Originally written by Michael Holdman, Founder & CEO of Prasaga

In July 2019 we were asked for comment from Malta Financial Services Agency (MFSA), we focused on questions 10 ,12 and general comments as they most pertained to our platform capabilities, in the MFSA Security Token Offering Consultation Doc. July 19, 2019 https://www.mfsa.mt/wp-content/uploads/2019/07/20190719_Security-Token-Offering-Consultation-Document.pdf.

We thought we would share our comments with the community as we are now engaging with several nations regulatory bodies based on our technologies capabilities. This will give a little insight into our approach and strong belief in regulatory necessity both consumer and business protection and balancing with the basic right to privacy and anonymity in everyday transaction as is afforded by fiat while enhancing KYC, AML.

We have released pre-alpha code of one technology innovation, the eXtensible Blockchain Object Model (XBOM), which has been integrated into Hyperledger Fabric v1.4.3 and v2.0 for Enterprise subscription service and will be a ongoing revenue stream for the Prasaga Foundation. This will allow development of the open, permissionless, trustless, scalable, secure, DataGrid Blockchain, launch of the DGT and granting of all technologies under the Foundation to the world.

Prasaga Response

Thank you for preparing this paper and the request for comments.

Q10 — Do you agree that a permission-less decentralized exchange could pose difficulties in ensuring compliance with the transaction reporting requirements contained in MiFIR?

Q12 — From the general findings, it appears that a trading platform operating a permission-less decentralized exchange will pose various difficulties from a regulatory point of view. Would you agree? How do you believe that such difficulties can be overcome?

Prasaga Foundation’s full open project is to develop our Pat. Pend. blockchain technologies which include concepts aimed at decentralized permissionless markets for various types of assets including securities.

The technology can support decentralized non-custodial markets, centralized custodial markets, and variations.

We believe that a lot of the issues being raised in the paper can be dealt with using an alternative blockchain architecture we are developing, reducing or eliminating the dependency on permissioned blockchains, intermediaries etc.

We would note that the technology we are developing is a new approach to how assets are managed on a blockchain, how they are priced and traded, etc.

We fully agree with the underlying concerns about avoiding fraud, money laundering, general criminal activity and a variety of other issues. However, we believe our technology approach can address these issues without resorting to permissioned blockchains and/or broker intermediaries. We would also note that our technology does not prevent the use of permissioned blockchains and broker intermediaries. That is, it is not mutually exclusive.

To give you some idea of how we address most of the problems listed regarding regulatory aspects, the approach we are using is that each individual account on our blockchain contains within it a variety authorizations for the type of assets it is allowed to own, types of trades and similar.

A buyer and seller directly attempting a transaction of transferring a security asset between accounts will only succeed if the seller is authorized to sell to the buyer, and the buyer is authorized to buy from the seller. Further the transaction also checks if the buyer is authorized to own the asset. These checks are automatically enforced by the code executing on the blockchain for the transfer.

This can be easily extended to support a 3rd party intermediary, which essentially requires to direct checks: from seller to intermediary and from intermediary to buyer. It can be extended further with multiparty signatures. We’re sure many more models can be developed. Essentially what this does is move the authorization checks to the buyers and sellers automatically, which we believe is the real intent of the regulations.

A critical point is that the checking of authorization is not under the control of any parties to the transfer. It is built in to what we term “smart asset objects”. This is based on our blockchain object-oriented technology.

Because there is a strong desire to maintain pseudo-anonymous accounts on the blockchain, all authorizations take the form of certificates signed by the account public key, issued by certificate authorities. The certificate authorities can be registered with the appropriate national regulatory bodies, and be used to unmask accounts if needed (assumed to be via a court order or similar).

This approach can be used to automate KYC issues with respect to issues such as verifying a buyer for a new unregistered security is an accredited investor for example under USA law. (We’re not familiar with the regs for Malta yet).

With respect to the tracking of ownership of securities (or for that matter any other assets), in our model, each account includes in its state on the blockchain, lists of assets that it owns. As this is a replicated blockchain, with respect to the CSD issue, the state information can be downloaded and stored by anyone at anytime. This could include a government state function just as easily as a private sector function.

Rather than having an individual company track the ownership of its securities, each account that owns a security has a direct reference to the company that issued the security. This is maintained across all trading of the security across all accounts. Thus, the ownership can be easily tracked by any system monitoring the blockchain — using pseudo-anonymous account addresses, which again can be unmasked when legally necessary.

Regarding jurisdictional boundaries: the certificate authorization model can be used to prevent trading between jurisdictional boundaries where prohibited based on the account owners and/or the asset type. Thus in terms of section 6.2, we can not resolve the question of which jurisdiction takes precedence, but we can enable the mechanism to implement the policy decisions that are reached such that enforcement is automated on the blockchain.

The important difference here is that it is not material where the DLT (i.e. blockchain) is, what is material is the authorization of the accounts with respect to ownership and trade, and with respect to their national laws and regulations. It is possible and expected that accounts with authorizations from various jurisdictions will all be present on the blockchain continuously. The enforcement of the authorization tracking as described continuously applies such laws and regulations.

(Note: the above assumes that an authorized certificate authority performs KYC and any other requirements according to its jurisdiction. This is no different than the trust placed in brokers, exchanges or similar. It may turn out that the certificate authority operator is more easily audited).

The underlying issues are that the DLT is considered immutable and continuously available, but what happens if it is not. Three solutions to that: First, every company issuing security assets on the blockchain, can directly monitor the blockchain for all transactions related to their specific security assets. This enables the company to maintain its own copy of all transactions and ownership; Second, any third party business can offer services to provide such tracking and offline logging; Third, one or more government agencies can provide the same service since the accounts are pseudo-anonymous. That is, by separating the question of authorization of ownership and trading from the question of identity, separate agencies can perform these functions.

With respect to court orders, such as reversing a trade by court order, there is a possible means to implement this. The company account that issued the securities can be authorized to invalidate existing securities that have been issued thus rendering all references to those securities invalid. The company would then be authorized to issue replacement securities by the court.

(We would note that any type of asset can be managed this way, but that reversing the movement of cryptocurrency itself would require the recipient to use their private key directly. However, authorizations for an account can be rescinded, which can have the affect of freezing assets and cryptocurrency).

We’ve tried to touch on a variety of mechanisms we have been developing to address the issues that the Offering Consultation paper raises.

Our request is that any proposed regulations be written more broadly such that provided various regulatory requirements are met, solutions such as permission-less, non-intermediated transactions are allowed instead of being explicitly prohibited.

As a final comment, we would like to understand the MFSA’s thinking on what was termed “other STO”’s. Our blockchain technology can support ownership and management of virtually unlimited types of digital assets, and is extensible by application developers.

We are now working with numerous nations financial agencies to participate in defining guidelines that enable innovation and technology improvements while limiting the opportunity for crime, fraud, etc.