Opinions presented in this paper belong solely to the Authors and do not represent any positions of the organizations to which they belong.
Financial regulators around the world regulate financial intermediaries and activities to achieve their regulatory goals including investor/consumer protection, financial stability and prevention of financial crimes, and in so doing address various market failures. These objectives are needed in the social interest regardless of the technologies used by the financial system.
Blockchain technology and any financial ecosystem based on it have technical characteristics including decentralization, autonomization, anonymization and globalization, which could undermine the ability of regulators to achieve regulatory goals. Especially when it comes to preventing financial crimes, these characteristics could have significant negative impact on the ability of regulators. The intergovernmental Financial Action Task Force (“FATF”) recognizes these issues and is tackling them by issuing multiple guidelines; however, it seems that such efforts are falling behind rapid technological developments. Thus, financial regulators must discover ways to achieve regulatory goals even in a blockchain-based financial ecosystem. This situation is similar to the case of telecommunication regulators during the rise of the Internet. The Internet complicated their regulatory goals including intellectual property rights protection and contents regulation. Thus, their relevant experiences provide a good reference. In the face of such difficulties in cyberspace, it was suggested to invoke not just law but also social norms, market mechanisms and architecture (software and hardware) to achieve a certain level of oversight. In fact, various stakeholders cooperated towards utilizing these modes of oversight in order to address issues brought by the Internet. Based on the lessons from the Internet, financial regulators should recognize that cooperation between multi-stakeholders would be beneficial for them, and they should actively play a role towards establishing a cooperative environment among stakeholders. Especially because code embedded in a blockchain system could determine the level of oversight on the activities within a blockchain-based financial ecosystem, regulators should consider ways to cooperate with engineering communities developing code despite often disparate incentives and mindsets. Once regulators successfully establish a cooperative relationship with the engineering community and can together develop code that facilitates mechanisms to achieve regulatory goals, they still must empower society to use such code in order to actually achieve regulatory goals, which requires consideration on alignment with social norms and market competitiveness; thus, regulators must cooperate with other stakeholders including businesses and users.
Through these considerations, this paper concludes that regulators should establish multi-stakeholder governance mechanisms within a blockchain-based financial ecosystem by improving cooperation among stakeholders. The final part of this paper provides some thoughts on relevant open questions, which we will continue to work on.
4. The Internet as a Reference Point
Before the Internet, information sharing and communication were conducted through services provided by select large businesses including telecommunication companies, newspapers, and TV and radio broadcasting companies. These businesses were heavily regulated by traditional telecommunication regulators such as the Federal Communications Commission in the US to achieve regulatory goals such as content control.1  The current landscape of financial regulation is akin to this situation. In the context of cross-border activities, the International Telecommunication Union (“ITU”) under the United Nations provides a place for international telecommunication regulations and technical standards in a manner similar to the FSB under the G20, which currently provides a place for international coordination of financial regulations. However, the advent of the Internet heavily affected the ability of the telecommunication regulators to achieve their regulatory goals. And when the Internet further became available to the greater global society and economy, telecommunication regulators faced several difficult issues such as intellectual property protection and content regulation, which will be discussed in this section.
4.1 Regulability of activities on the Internet
Lawrence Lessig asserts that “to regulate well, regulators need to know (1) who someone is, (2) where they are, and (3) what they’re doing.”2 Then he argues that the original design of the Internet reflected the concept of End-to-End principle,3 complicating collection of the above information by regulators, which reduced regulability.4
Another example is offered by Milton Mueller, who points out the following characteristics as factors that affect the ability of information and communication regulators to achieve regulatory goals:5
The global scope of the communication: Because the Internet is a global network, communication via the Internet is by default global. Thus, any attempt to impose regulatory oversight on activities on the Internet requires cross-jurisdictional cooperation, which is very costly and slow.
The large scale of communication: With the Internet’s ability to facilitate a large amount of communication, the scale of information sharing is tremendously expanded. On the Internet, anyone can create content and share it globally with a very low marginal cost. The huge volume of information communication and transactions could easily overwhelm the capacity of traditional regulatory processes to impose oversight.
Distributed control and new institutions: The decision-making processes over the operation of the Internet and the standards of Internet technology including its protocols are developed not through processes governed by the traditional nation-states system, but through the organic process within global network actors. Such global network actors comprise several new important institutions such as the Internet Corporation for Assigned Names and Numbers (“ICANN”) and the Internet Engineering Task Force (“IETF”). Thus, regulators cannot unilaterally impose oversight on either the Internet’s day-to-day operation or technical standards.
The Internet dramatically reduces cost and increase the capability of collective actions including advocacy groups and social activist groups to establish new forms of collaboration, discourse, and organizations, which affects the traditional form of polity.
Although not all of the above characteristics of the Internet overlap with those of blockchains, we can see certain similarities.
4.2 A high-level concept for the control mechanism in cyberspace activities—Lessig’s four modes of governance
Lessig points out that “Regulability is… a function of design,” and “different design reflects different values the designer embraces.”6 Here “design” refers to the code that shapes the system. On the basis of this basic understanding, he presents a general framework7 to govern cyberspace, the so-called “pathetic dot theory.” Lessig does not argue that the government should control everything (dystopia) or should not control anything (perfect freedom), but rather he tries to reconcile these two.8
Fig 2 shows the concept of the pathetic dot theory. In cyberspace, the dot, a target to regulate, is controlled by the four constraints of law, norm, market, and architecture. Certainly, the law imposes certain constraints on the target, but it is not the only constraint on a target’s conduct in cyberspace. Social norms would also impose constraints on the target’s behavior via, for example, a request from others in the community on do’s and don'ts. If the behavior is associated with economic activities, market mechanisms such as cost and benefit will affect the target’s behavior. Beyond the law, norms and market architecture9 will also affect the target’s behavior by defining technological capabilities and limitations. These constraints affect each other, and change in one constraint could alter the effectiveness of others.
Fig 2. Lessig's four modes of regulation
Through these four factors, Lessig stipulates that “a code of cyberspace, defining the freedoms and controls for cyberspace, will be built. About that there can be no debate.” Then he asks, “What values should be protected there? What values should be built into the space to encourage what forms of life?” The development of code itself is a process to choose some values over others, which we can simply call “politics.”10 For example, the government has its mission and values that would push them to introduce more control into the system,11 while hackers working on Internet protocols would resist it. These politics are dynamic and evolve over time. Indeed, when Internet code was developed by West Coast-based hackers in the U.S., the government could do little to influence the architecture,12 but as commercial entities increasingly took over as developers of Internet protocols, the ability of the government to influence the architecture increased.13
When it comes to approaches to actual social problems, however, responsively designing code, norms, markets, and law from scratch can prove too belated, and these factors change in a complicated manner over time.
4.3 A problematic Internet and the Internet community’s responses
We are not aiming to explain issues holistically, but to describe examples and draw lessons from the experience of telecommunication regulators in dealing with social problems caused by the Internet.
4.3.1 Internet governance
Internet Society (“ISOC”) explains that “[s]ince these early beginnings, management of the Internet and global Internet resources (e.g., the Domain Name System) has relied heavily upon bottom-up coordination and direct participation by those interested in and impacted by related decisions.”14
However, as the Internet grew to become an important social and economic infrastructure, some nation-state actors attempted to wrest control over it through a United Nation process. This attempt eventually failed, and governments during the two World Summit on the Information Society (“WSIS”) sessions accepted the concept of multistakeholderism and roles of the private sector stakeholders in managing the Internet.15 A non-binding forum called the Internet Governance Forum (“IGF”) was established to discuss policy issues. Some critics argued that simply gathering stakeholders in one place to discuss issues would create no real impact.16
Today, the Internet is managed by several different public and private multi-stakeholder organizations/activities as illustrated in Figure 3. Some of the organizations such as IETF and W3C are working on technical standards related to the Internet while other organizations such as ICANN mainly manage critical Internet resources and related policies. Each of these organizations and activities has different roles, structures, and governance mechanisms; however, they collectively work to maintain the Internet as an open and consistent network facilitating global-scale communications.17
Because the regulators alone cannot address the issues brought by the Internet discussed above, these stakeholders play important roles in the effort to address social problems. In the following sections, we will address how regulators and participants of Internet governance tackle actual social problems, and draw lessons that can be applied to the achievement of the regulatory goals described in Part I of this paper.
Fig 3. The Internet’s governance as an ecosystem18
4.3.2 Intellectual property rights protection
Traditionally, intellectual property rights19 were protected through regulations and their enforcement by the government. However, because the advent of the computer and the Internet has enabled users to copy digital data almost infinitely and distribute it globally 24/7 without a marginal cost, regulators’ knowledge, or surrender of possession of original data, protecting intellectual property through the traditional approach has become less effective20 and cause for serious concern.
For example, the illegal distribution of music and movie files through the Internet damaged the business of multimedia companies. Taking actions on the basis of the breach of copyright law on individuals has proven labor-intensive and ineffective in solving the root of the issue.21 In 1998, the US passed new legislation called the Digital Millennium Copyright Act (“DMCA”), which prohibits the circumvention of technologies that protect intellectual property rights and exemption of information intermediaries from liabilities for their users’ intellectual property right infringement under certain conditions.
Despite some critical views regarding the DMCA’s legislative process,22 the “notice and takedown” condition of exemption has been playing an important role in establishing workable mechanisms to combat misuse of technologies. In essence, notice and takedown requires information intermediaries to take down from the Internet digital material shared illegally upon notification of the existence of such material from the IP holders, as well as to eliminate user accounts that repeatedly commit IP infringement, in order to avoid liabilities for their users.23 Europe took a similar approach.24 This is an example of a holistic approach combining law, market, and norms to address issues.25 The government crafts laws to give incentives to stakeholders to cooperate, to encourage those who have the economic incentives to take the lead in establishing norms and practices for dealing with a problem. It is worth pointing out that even when authorities’ enforcement against individual breach becomes difficult due to the large scale of activities on the Internet, the government still can delegate the policing function by giving incentives to information intermediaries and other stakeholders to police privately.
Another illustrative example is found in the peer-to-peer (“P2P”) file-sharing protocol, which became a major threat to copyright holders after 1999 when Napster, the first widely used P2P file sharing program, was developed.26 Napster relied on a centralized indexing system to facilitate exchanges of files, which allowed the company to track files and prevent users from committing illegal activities, which in turn eventually led to the company being deemed contributory and vicariously liable for copyright infringement.27 However, platforms evolved by avoiding centralized indexing servers and distributing entities that provide services across countries other than the US,28 and newer P2P file-sharing protocols such as BitTorrent do not rely on any single organization for its operation,29 complicating government oversight. When copyright holders shifted to take actions against individual users committing illegal file sharing, cases of infringement did not decrease.30 Hence, regulators failed to address the problem solely with laws and their enforcement. Technology often develops in a direction opposite from the goals of regulators.
From 2006, copyright holders countered by calling for Internet Service Provider (“ISP”) responsibility and advocated deployment of a technology called deep packet inspection (“DPI”) to actively monitor the flow of data and block suspicious access from their users.31 However, ISPs’ active monitoring of information communication of their users with DPI technology has had profound implications for freedom of expression. In response to this concern, transnational resistance movements such as A2K (“Access to Knowledge”) embrace fairness and access to knowledge.32 We believe this undesirable situation was caused in part by the failure of the community to create a cooperative environment among stakeholders.
In the final part of this section, we discuss legally compliant alternatives to the P2P file-sharing services. One could imagine that in the presence of affordable legally compliant alternatives for consumers to consume copyrighted materials, consumers may choose these alternatives. And it is true that network traffic from P2P file-sharing services declined sharply as legal alternatives such as iTunes and Netflix gained popularity within the US.33 New business models could compete with services facilitating illegal activities by providing good alternatives for those who once committed illegal activities. This serves as an example of market development in cooperation with law and norms playing a key role to solve social problems.
The Internet also affected the traditional regime for trademark protection through the domain name registration process. With the use of domain names as a global identifier, issues arose with respect to protecting trademarks. Especially in the early days of the Internet, domain name registry operated on a first-come, first-serve basis,34 and thus trademark infringement proved easy to commit. The traditional legal process of trademark protection was deemed too slow, too expensive and too narrow in the sense of jurisdictional barriers.35 In response to this issue, trademark holders sought to hold the domain name registry liable for trademark-infringing registration; however, courts rejected this approach.36
Then ICANN decided to establish a globally applicable private (extra-judicial) arbitration process that enabled trademark holders to challenge and recover domain name registration, along with the Uniform Domain Name Dispute Resolution Policy (“UDRP”), in 1999.37 This policy requires all domain name registry and registrars to follow the arbitration procedure. The procedure is also employed in most of the major country code domain registries.
The Whois service is another important function that ICANN developed in response to the trademark issue. With the Whois service (established in 1998), any Internet user can obtain the information of a domain name holder, including name and contact details.38 Following Whois’ establishment, ICANN continuously reviewed the mechanism and made improvements.39
Furthermore, trademark holders pushed the idea to introduce a trademark clearinghouse, which basically manages a list of existing trademarks, mandate registries, and registrars to check if new domain name registration matches up with the list.40 ICANN also provided governments the rights over pertinent geographical names and certain sub-national location names that allow a government to use veto power in the domain name registration process.41 This is an example of an Internet governance organization playing a leading role in the effort to solve issues created by the Internet.
4.3.3 Child pornography/Content regulation
On one hand, the Internet enhanced freedom of expression on a global scale; however, on the other hand, this change at the same time disrupted the traditional regime for content regulation that relied mainly on oversight over a few large information intermediaries that functioned as gatekeepers.
Although the Internet embraces the philosophy of freedom of expression, there is a need to designate as unacceptable certain type of contents such as images or movies that sexually abuse children. Governments established regulations to protect children from sexual predators, including the US Protection of Children From Sexual Predators Act in 1998 that requires ISPs to report child pornography to regulators.42 The law, however, does not require ISPs to actively monitor their customers’ activities.43
In conjunction with efforts made by governments, private actors play an important role in content regulation. For example, the Internet Watch Foundation (“IWF”) established in 1996 by the UK Internet community provides a hotline for the public to report any potentially illegal online content.44 IWF assesses the reports and identifies URLs containing potentially illegal content to facilitate takedown by ISPs and prosecution by the police agency. The Internet enables a massive scale of content generation by users that makes it difficult for regulators to impose oversight; however, at the same time, the massive scale of the user base can itself be mobilized to identify potentially illegal online contents. This is an example of Internet community norms in conjunction with the law leading to the development of private mechanisms to address a problem.
Moreover, self-regulatory bodies gradually shifted their focus from the hotline and takedown approach to the blacklist and blocking approach because in many cases, the source of the content exists outside of one country’s jurisdiction. IWF began generating a list of URLs that contain potentially illegal content to help ISPs block access to them.45 While several other private organizations are working to develop similar blacklists and cooperate with each other, in some countries the list is managed by a police agency.46 In this manner, private stakeholders play an important role in shaping public policies and their implementation. However, Milton Mueller points out four problems associated with the blacklist approach: a) transparency and due process, b) over blocking, c) catching criminals, and d) extraterritorial effects.47 This is an example wherein changing the balance between competing norms/values creates “politics” and questions regarding the legitimacy of privately owned governance mechanisms.
4.4 Implications for governance of a blockchain-based financial ecosystem from the experience of the Internet
The first lesson from the Internet’s history is that it is important for the community to create a cooperative environment among stakeholders, as we saw in the case of the DMCA. On the other hand, as we saw in the case of P2P file sharing, failure to establish appropriate cooperation could make it even more difficult to address issues. In the worst-case scenario, such technical development could lead to a counter development of technology that eventually alters fundamental characteristics, as we see in the case of DPI. Thus, regulatory and other stakeholders should cooperate and make every effort to avoid this scenario in the case of the blockchain-based financial ecosystem. In effect, multi-stakeholders should establish a cooperative relationship and strive to understand each other. Unfortunately, at this moment, there seems to exist no such cooperative relationship among disparate stakeholders involved in the emerging blockchain-based financial ecosystem, which is a major risk for healthy development of the technology and its ecosystem.
The second lesson is that regulators clearly benefit from having solid governance mechanisms that play a leading role in addressing issues. Depending on the cause and nature of a given issue, governance organizations that are closer to the ground may be the best player to tackle it. In the case of trademark infringement, without ICANN, the government would have faced a far more difficult situation. Thus, for a blockchain-based financial ecosystem, financial regulators would benefit from well-established governance mechanisms that could achieve regulatory goals. However, no such governance mechanism exists to date within the ecosystem—efforts should be made towards its creation.
Yet the question remains, how might we develop a governance mechanism for a blockchain-based financial ecosystem? In the case of the Internet, private sector stakeholders—prior to the involvement of public sector actors—convened to help develop the Internet into a globally consistent open network. Thus, the governance structure organically developed within the private sector. However, at this moment after ten years since its birth, the greater blockchain community is still fragmented, with little organic emergence of a governance structure across projects and communities.48 This indicates the existence of a key difference between the Internet and the blockchain space. Thus, we need to identify key differences between the Internet and a blockchain-based financial ecosystem in order to help trigger the development of the governance mechanism.
Fourth, as we see in the case of the IGF in which there is no incentive for participants to follow a discussion’s findings, simply gathering different stakeholders in one place does not necessarily ensure an effective outcome from their activities. On the other hand, in the case of ICANN, it is able to effectively force the Internet community to follow a consensus because it manages the single point of control of the network and establishes a strong governance mechanism internal to it.49 Thus, another key implication for the governance of a blockchain-based financial ecosystem is that we need to pay particular attention to the provision of sufficient incentives and/or reasons for each stakeholder to abide by the outcome of governance activities.
Finally, it is also important to pay attention to the possibility of questions regarding the legitimacy of privately owned governance mechanisms. As we see in the case of content regulation, ultimately the private governing organizations can bypass the normal democratic process to overcome a political conflict. Especially in the case of a blockchain-based financial ecosystem, any decision made by the governance mechanism could affect the economic stakes of community participants, which may render decision-making more difficult than in the case of the Internet. Thus, we need to pay particular attention to the manner in which a governance mechanism makes decisions and how best to legitimate it for the ecosystem.
In the next section, we will discuss our potential governance mechanism for a blockchain-based financial ecosystem with the above key implications in mind.
5. Possible Governance Model for a Blockchain-Based Financial Ecosystem
In this section, we will discuss a possible governance mechanism for a blockchain-based financial ecosystem. Our aim is to convince readers that regulators and other stakeholders need to cooperate to establish multi-stakeholder governance mechanisms for a blockchain-based financial ecosystem—to achieve a certain level of control within the ecosystem, which we believe is important to fully enjoy innovation’s benefits while mitigating the risks that it could bring.
5.1 Starting point: Lessig’s four modes of governance in a blockchain-based financial ecosystem
As we saw in Section 4, Lessig’s four modes of control could prove to be a starting point for us. In fact, De Filippi and Wright elaborate on what regulators can do to provide a level of control over a blockchain-based network utilizing four different modes of control.50 Below we introduce part of the discussion set forth by De Filippi and Wright and the limitations of each approach.
5.1.1 Laws and regulations
Even in a blockchain-based financial ecosystem, regulators can still utilize law and regulation.51 For example, they can impose regulations on individual users, Internet-related entities including ISPs and search engines, miners/mining pools and other transaction processors within the blockchain network and, in extreme cases, technology developers.52
However, this approach clearly has certain limitations. For example, individual users may deploy anonymizing techniques to hide from regulators. ISPs could take measures to circumvent regulations. Regulation on ISPs itself could raise difficult questions regarding freedom of speech, privacy protection and secrecy of communication,53 as we noted in Section 4. Regulation of miners and developers of technologies may not be sufficiently effective because of the global nature of a blockchain-based financial ecosystem.54 Only a single loophole such as a jurisdiction taking a “crypto-haven” strategy would cause a significant reduction in effectiveness of the regulation.
Some may think that regulators should follow certain jurisdictions in simply making crypto asset transactions illegal.55 Doing so in practice could have a devastating impact on activities involving blockchains.
First, such an action would strongly discourage innovators to take risks and could eventually seriously harm the future of economic development. Given the impact of such unintended consequences, regulators at least would need to have convincing justifications to take this approach; however, the current blockchain-based financial ecosystem is still too small to justify such a drastic action with its immense negative consequences. Thus, this option may be politically difficult to take for many jurisdictions. On the other hand, once the blockchain-based financial ecosystem reaches critical mass to potentially justify such an option, it would be too late to destroy given the importance of the system. This story is similar to that of the Internet’s progression.
Second, regulators with the strictest regulations still may fail to completely eradicate financial activities on the blockchain, especially those conducted by criminals. Because of the technical characteristics discussed previously, regardless of the law and regulation, criminals would continue their activities underground with a veil of anonymity, and regulators cannot forcibly stop them even upon identification of the activities’ existence. Even worse, some state actors could secretly support or commit criminal activities on blockchains, which jurisdictional power from countries with the strictest regulation could not reach. This means that regulators could destroy much of the ecosystem for good actors and yet would fail to prevent its use by bad actors, which is the worst-case scenario for us.
As cost and economic incentives can influence the behavior of the network,56 regulators may be able to influence it via intervention in the network’s economic mechanism by, for example, influencing market prices of crypto assets and/or participating in mining.57
However, doing so would not be as effective as it should be because network participants can abandon a network which is “invaded” by regulators and create a new network by writing code with a different mechanism, for which regulators would require time to invest in appropriate mining tools.58 Furthermore, regulators’ ability to control the price of a token and its mining process could become weaker as the market grows.59
Social norms influence the way blockchain-based communities function. For example, each blockchain-based community has different norms around the hard fork. De Filippi and Wright illustrate an example—the Bitcoin community prizes the notion of “immutability,” while the Ethereum community decided to implement a hard fork to modify data on the blockchain as a countermeasure to The DAO incident.60 As this exemplifies, social norms have a profound impact on the direction of the community. Thus, regulators may consider influencing the social norms of the ecosystem by, for example, establishing a formal communication channel.
However, the ability of regulators to influence social norms is limited as they are only one part of the ecosystem. And even when they succeed in establishing the norms that they seek, De Filippi and Wright argue that it has only an indirect impact on the activities of the participants who share the norms.61
Per our reference to the work of Lessig in the previous section, in a code-based system, ultimately code determines the courses of action that users of the system can take and thus determines the level of control. As opposed to law and regulation that ultimately cannot prevent people from taking any actions, code can be a rigid rule that strictly constraints users’ behavior within the system.62 Thus, De Filippi and Hassan articulate that “code is increasingly employed in a wide variety of sectors to regulate behaviors—either jointly with, or in addition to, existing laws.”63 They call this notion “Code as Law.” Similarly, De Filippi and Wright point out that within a blockchain-based financial ecosystem, regulators can utilize code to regulate the behavior of the participants of the ecosystem.64 Ultimately, regulability of the blockchain-based financial ecosystem is defined by how the underlying code of the blockchain is designed. Depending on the code that a particular blockchain deploys, the level of anonymity and traceability of a transaction could differ significantly. For example, as we already saw in Section 3, some cryptocurrency projects deploy certain cryptographic technologies to hide part of the identity of a transaction.
However, if any code that facilitates greater oversight is deployed in a given project, participants in the ecosystem can still choose not to use that code and instead use or develop other code with lower oversight. It is also important to point out that some may deem it inappropriate for regulators to directly intervene in the technology itself; we discuss appropriateness in the Appendix, with a consideration given to the concept of technology neutrality.
5.2 A way to achieve regulatory goals within a blockchain-based financial ecosystem
While law and regulation alone may achieve a certain level of oversight even in a blockchain-based financial ecosystem, this is not to say that they should be precluded from the above alternative approaches alongside traditional regulations on financial intermediaries. It is particularly important for regulators to understand the limitations of their ability to achieve goals in certain contexts.
Taking the above discussion into consideration, the simplest solution for our stated goals is to lead the development of code that allows regulators and ecosystem participants to achieve regulatory goals, and also encourage community participants to use that code. As opposed to the case of the Internet, most blockchain technologies are still very early-stage in their development, and there is no single widely used technical standard as of now. Thus, we should be able to encourage early development of the code, norms and the market with a by-design mindset65 in order to ensure the achievement of regulatory goals while maintaining key benefits of the technology. The sooner the better for regulators to start taking actions in order to wield sufficient flexibility to influence Lessig’s four factors within a blockchain-based financial ecosystem.66 In the following section, we will discuss a possible approach that regulators can pursue.
5.3 Considerations around four factors in a blockchain-based financial ecosystem
5.3.1 Dynamics of code development and the need for cooperation with the engineering community
If the code underlying blockchain technology were to include a backdoor for the government, it could facilitate nearly perfect oversight from the government within the network. However, given that much of the underlying code of blockchains is developed by open-source engineering communities whose participants spread around the globe,67 it is quite difficult for regulators to impose direct oversight on the code’s development itself; especially because blockchain open-source engineering communities often tilt towards ideologies embracing freedom (including anarchism for some), although there is variance depending on the community.68 As discussed above, regulation of engineers would not only be difficult to enforce but also inappropriate, as regulators have little to no technical specialty to decide which technologies are deserved high performers, and sometimes seek too much control relative to what may be optimal for an ecosystem. This point is discussed in the Appendix in relation to the concept of technology neutrality.
Thus, in reality, regulators alone cannot and should not dictate code development. Rather, regulators may wish to seek cooperation from engineering communities developing blockchains69 in order to influence code development.70 This would be a situation similar to that of the regulators in the WSIS sessions discussed in Section 4. So, we should reiterate that “code development is politics.” The important thing here is to establish cooperation but not control in code development. Regulators should work together with other stakeholders including the engineering community in a cooperative environment to ensure that those who develop code take concerns and desires from other stakeholders into consideration within their respective roles.71
FSB and G20 leaders also see the importance of enhancing dialogue and cooperation with other stakeholders and encouraging them to take public policy objectives into consideration in early design of protocols and applications.72 Finck also proposes the concept of “Polycentric Co-Regulation”73 that essentially equates to co-regulation74 with multi-stakeholder involvement in the context of blockchains.75
5.3.2 Code development and other factors
Once regulators succeed in establishing cooperation with engineering communities, they need to pay attention to the alignment of the code developed with regulations and norms as well as its competitiveness in the markets, to let community participants use code that addresses their concerns. The engineering community is not the only stakeholder with whom regulators should seek cooperation.
When it comes to norms, it is important to understand that different stakeholders naturally have radically different norms with respect to technology and social benefits, and sometimes they are competing with each other. Thus, it is not that simple in reality to align codes with norms. With whose norms should code be aligned, and how? The answer to this question could differ on a case-by-case basis; however, if different stakeholders convene to develop certain common norms, the task of aligning code accordingly could become feasible.
Even if code is aligned with norms, it still may be ignored if the code is not competitive in the market. Although code is usually developed in the engineering community, businesses play an important role in distributing it with services in the market. In so doing, businesses analyze the market competitiveness of the code and their services. Thus, regulators need to take businesses and the market into consideration, as well.76
In reality, without coordination, all stakeholders could act out their own respective agendas and pursue different goals, which would undermine those selfsame efforts or, in the worst case scenario, lead to unintended consequences including over-regulation and development of socially harmful technology. Thus, it is important for stakeholders to work together to find common ground among them.
All in all, in order to align code with norms and render it more competitive in the market, stakeholders spanning regulators, the engineering community, businesses and civil society including consumers should seek cooperation to find an optimal solution by developing a cooperative environment. However, at this moment, there is no formal forum to facilitate such communications among multi-stakeholders as indicated. Taking this situation into consideration, the next section will discuss a possible multi-stakeholder approach to establishing a governance mechanism in the emerging blockchain-based financial ecosystem.
5.4 Multi-stakeholder approach for a blockchain-based financial ecosystem
5.4.1 Proposal: Multi-stakeholder governance mechanism
We have discussed that aligning the aforementioned four factors is essential, and multi-stakeholders should cooperate to achieve this. But how could the multi-stakeholders align across all four factors? Our proposal is to establish a forum as the first step toward creating a healthy governance mechanism where all of the stakeholders convene to discuss ways to develop code, regulatory policies, businesses, and norms. For example, regulators provide their regulatory and social perspectives, businesses explain their business needs, users relay their wishes, and civil society provides broader social issues and concerns to the engineering community to encourage code with these different perspectives taken into consideration. In turn, the engineering community and other stakeholders would relay their perspectives to regulators for the calibration of regulatory policies.
It should be noted that this process should encourage/incentivize participants to communicate with other stakeholders to understand their perspectives, keeping societal acceptance in mind. As seen in the DMCA case, if this mechanism works well, regulators may consider setting regulatory safe harbors taking into consideration technologies and practices within the ecosystem. The key is for stakeholders to establish common ground and shared values, which would eventually generate trust-based relationships among them. This goal may sound too idealistic, but we should pursue it nonetheless in order to achieve a healthy governance mechanism.
In addition, the governance mechanism must be regularly reviewed with respect to the four aforementioned factors because technology and society continuously change, influencing the relationship between the factors. If and when the stakeholders find newly emergent issues, the governance mechanism should provide an appropriate venue to discuss how the ecosystem should invoke the four factors in response. In some cases, regulation may best address an issue while in others, technology may address it best, or a combination thereof. Or as seen in the case of P2P file sharing, a new business model could address the issue. This flexible and dynamic process is achievable not through individual efforts by any single stakeholder, but via a multi-stakeholder governance mechanism.
5.4.2 How to achieve multi-stakeholder governance
As indicated in the latter part of Section 4, the necessary governance mechanism may not emerge organically, at least for the time being. Thus, regulators should consider playing an active role as an impetus for it.
Accordingly, regulators must give careful consideration to the details underlying the governance mechanism and the process to effectuate it. In this section, we list some practical issues for consideration before moving ahead. All of them require careful consideration while designing a multi-stakeholder governance mechanism and remain open questions at this moment:
A. Possible agendas to address
B. Incentives for each stakeholder to participate in the governance mechanism
C. How to legitimate a governance mechanism
D. Relationships with existing governance mechanisms in the financial sector
E. How to have participants abide by the outcome of activities
22.214.171.124 Possible agendas to address in the governance mechanism
The governance mechanism’s agenda will change over time depending on the development of the ecosystem and the surrounding world at large. And participants in the governance mechanism should actively engage in the process to decide an agenda; below are examples of agendas for illustrative purposes.
Some issues are interrelated to technology and regulation. One issue regarding the interrelation of technology and regulation involves the balance between privacy and traceability of blockchain-based financial activities. As we have seen previously, both privacy and traceability have important social values, and there are no black-and-white answers. Stakeholders participating in the governance mechanism must together find an optimal level of privacy and traceability and ways to achieve it, while cognizant that an optimal solution is subject to change depending on available technologies. Although this agenda mainly deals with technology and regulation, decisions of governance mechanisms require input from businesses and users, since their acceptability will in part determine their effectiveness.
Other issues are more related to technology itself—for example, the need for interoperability and the way to ensure security. Even though this issue deals with technology alone, input from all other stakeholders would be necessary here because of a given technology’s influence on the effectiveness/needs of regulation, business decisions, and usability. This discussion may deal with technical architecture such as horizontal layering of technology in order to standardize a fundamental protocol, and the possible combination of public and permissioned blockchains.
In the early days of the Internet’s technical development, a few large players dominated the market with a vertically integrated model; however, as the technology and the market become mature, it was unbundled, and some parts of were horizontally integrated into interoperable protocols at non-profit organizations such as IETF.77 As blockchain technology is still in its infancy, technical architecture would be an important topic to address in the governance mechanism, which would in turn help innovation in technology and business models.
126.96.36.199 Incentives for stakeholders to participate in the governance mechanism
We have discussed the reason why regulators might wish to have a multi-stakeholder governance mechanism thus far. For a multi-stakeholder governance mechanism to be successful, stakeholders require incentives to participate. Especially, a segment of the engineering community working on blockchain protocols has a strong mindset of freedom from control, often associated with the cypherpunk philosophy.78 Regulators will fail to incentivize other stakeholders to participate if they just push a need for control.
In considering incentive mechanisms for the engineering community, it would be helpful to understand how open source software (“OSS”) communities operate. There are existing works dealing with incentive mechanisms for individual engineers participating in the community, along with governance mechanisms suitable for them.79
Additionally, we believe that if outcomes of governance activities generate real impact in the community, eventually everyone should want to join the decision-making process with respect to the activity. Whereas if many of the major stakeholders don’t participate in the process, the community participants likely would ignore its outcomes, presenting a kind of chicken-and-egg dilemma for considerations A and C.
188.8.131.52 How to legitimate a governance mechanism
While there are many different blockchain projects such as Bitcoin and Ethereum, the multi-stakeholder governance mechanism for a blockchain-based financial ecosystem should span the different projects. Thus, it is important to consider ways to legitimate the mechanism as an ecosystem-wide activity. Beyond different projects, the mechanism also must be legitimated across all kinds of different stakeholders. To legitimate the mechanism, we should take heed of the proverb, “God is in the details,” meaning that fairness and openness in the organizational structure including membership, decision-making process, funding and agenda are of great significance. In fact, the recommended guiding principles of Internet governance set by the Internet Society include “Open, inclusive, and transparent participation,” “Consensus-based decision making,” and “Collective stewardship and empowerment” to ensure the continuous innovation and growth of the Internet.80 These principles likewise hold true for a governance mechanism for the blockchain-based financial ecosystem, and the details of the organizational structure would be the key to upholding them.
In addition to these matters, we should pay attention to neutrality in a governance mechanism. As pointed out above, currently there does not exist mutual trust nor a firm relationship between different stakeholders. Reflecting this undesirable situation, some stakeholders such as the engineering community may be reluctant to work with regulators. Thus, it would be important to render the governance structure as neutral as possible to help stakeholders feel sufficiently comfortable to participate. To this end, we consider academia to be a suitable preliminary neutral forum, providing a safe and common ground for all stakeholders to convene and collaborate.
184.108.40.206 Relationships with existing governance mechanisms
We should give consideration to the relationship between the governance mechanism in discussion and existing structures such as international regulatory fora and blockchain engineering communities. For example, currently international financial regulations are developed within international fora such as the Financial Stability Board and Basel Committee on Banking Supervision and are implemented by each jurisdiction. The key question we need to consider is whether the governance mechanism should directly deal with regulation or not. It is up to discussion among stakeholders including regulators to answer this question; however, at this moment, we believe it is highly unlikely that regulators would decide to delegate all standard-setting power to a private multi-stakeholder governance mechanism in the near future as there is no long- or well-established relationship among stakeholders. If we try to force regulators to give up their power to set regulation at the onset, they likely would be reluctant to support the new initiative.
On the other hand, existing governance mechanisms solely in the engineering communities vary depending on the community, some of which have a company or established entity at their core81 while others have no centralized entity and are mainly developed through grassroots activities of individuals working online.82 These differences matter when it comes to considering possible cooperation with these communities. It is also important to give careful consideration to ways for other stakeholders to engage in the process of forking, especially hard forking, which is a culmination of political discourse and/or tension within the community.83 In the development of technology in the OSS community, everyone can conduct code forking, but in the case of a blockchain-based financial ecosystem, hard forking could cause acute economic and philosophical conflict within the community.84 If stakeholders wish to influence technological development in a blockchain-based financial ecosystem, they ultimately need to ponder ways to influence forking, although the optimal way to do so or even whether it is possible/appropriate would differ on a case-by-case basis.
Thus our preliminary idea, at the onset, is for stakeholders to together discuss issues and develop recommendations to take back to each’s respective existing structure, for the purpose of reaching decisions on their own. Because the outcome is developed in the governance mechanism in which each stakeholder participates, the existing structure is required to keep their decisions accountable. This is true for regulators and the engineering community, as well. If regulators decide to develop regulations that contradict with the governance mechanism’s outcome, they need to explain the reason well enough to convince other stakeholders and the general public. The same is true for the engineering community.
220.127.116.11 How to have participants abide by the outcome of activities
As indicated in the latter part of Section 4, simply convening different stakeholders would be insufficient to make real progress on any of the issues that the governance mechanism should engage in. Instead, it is important to incorporate certain mechanisms that ensure the outcome from a given governance activity has real impact. In fact, several institutions have already worked on issues related to governance, providing useful references,85 and thus it is important that wider community participants actually regard these materials as guiding principles in day-to-day decision-making to generate real impact.
For example, if participants truly seek interoperability among different protocols, engineers must convene to discuss a standard and agree on a single standard even when they have different opinions and different purposes. On the contrary, if they do not require a single standard, they do not need to make a compromise, and eventually can walk away from the governance structure without harm. In the Internet’s case, as its critical resource management mainly rests on ICANN and related entities, once ICANN decides rules, all of the network participants utilizing the Internet protocol must follow the rule. In this way, successful governance structure in the Internet’s case seemingly has an inherent nature wherein participants abide by the outcome of governance activities.
As opposed to the Internet, given that there seems to be no strong desire for interoperability among different blockchain protocols at this moment, and day-to-day operations of the blockchain network are distributed to a large number of nodes, it would not be easy to copy the model of IETF, ICANN and other Internet governance mechanisms wherein participants abide by the outcome. We in fact have no clear idea of how to solve this issue with a model different from that of the Internet; however, it is certainly important to continue exploring possible avenues.
As blockchain technology is in its early stage of development at this point, how much disintermediation and utilization of privacy-enhancing technologies will be seen in the future is highly unclear. Thus, its implications for financial regulation and governance are also still unpredictable. However, as we have seen in this paper, public blockchains have the potential to allow users to bypass current regulatory regimes that are mainly implemented through regulated financial intermediaries, although achievement of regulatory goals are necessary in the social interest regardless of the technologies used in the financial system.
In reality, especially in the case of preventing financial crimes such as money laundering, we have already seen undesirable developments related to applications of blockchain technology in the financial system, and enforcement of regulations is becoming increasingly difficult. Thus, regulators are urged to consider ways to attain regulatory objectives.
In so doing, financial regulators could benefit from lessons learned from the experiences of the Internet and its governance. The Internet also heavily affected the ability of telecommunication regulators to achieve their regulatory goals, and they finally accepted the concept of multi-stakeholder governance. Although the blockchain-based financial ecosystem and the Internet have certain differences such as architecture, historical development, and incentives among participants, financial regulators would benefit from serious consideration of multi-stakeholder governance.
Alignment of Lawrence Lessig’s four factors—law, norms, market, and architecture—is essential in achieving regulatory goals. However, regulators alone cannot do so in a blockchain-based financial ecosystem. In this ecosystem, utilizing underlying code (architecture) as a means to achieve regulatory goals would be inevitable (“code as law”), but whether the code is accepted in the ecosystem would depend on how well it aligns with law and norms as well as the extent to which it is competitive in the market. Of course, regulators alone cannot and should not impose oversight on code, norms and the market in a top-down manner, and thus they should seek cooperation from other stakeholders.
As Section 5 discusses, we require careful consideration of the details of any mechanism and the process to realize multi-stakeholder governance for a blockchain-based ecosystem. The issues raised in Section 5.4 are not exhaustive, and there remain open questions; however, we cannot simply wait until circumstances become clearer. The more widespread a technology and services based on it become, the more difficult it will be to modify technical design and governance structures of the ecosystem.
In conclusion, regulators should take a proactive role in establishing a multi-stakeholder governance mechanism within the emerging blockchain-based financial ecosystem as soon as possible in order to ensure achievement of regulatory goals that will benefit society. In so doing, as a first step, regulators should invite other stakeholders to share their thoughts and encourage discussion on the above practical questions to render the governance mechanisms workable. The process of establishing self-sustaining governance mechanisms will take a considerable amount of time, i.e. at least a few years; however, a journey of a thousand miles begins with a single step. It is time to take the first step.
Currently, many of regulators view a technology-neutral approach as one of the important guiding principles in regulating new technologies in the financial sector to foster innovation. For example, the Hong Kong Securities and Futures Commission (“SFC”) desires rules that are principles-based and technologically neutral.86 And one of the greatest “challenges is how to apply consistent principles of investor protection and provide useful, detailed guidance on the use of innovative technology in this new, fast-moving environment.”87
While much of this paper has focused on preventing criminal activities, it has not equally discussed how to foster innovation. However, in reality, regulators must find the right balance between regulation and innovation.
The term “technology neutral” originally comes from the regulatory approach for Information Communication Technology (“ICT”). Although it is not necessarily clear what the term means,88 in summary, it mainly contains three similar but different meanings:89
A. Regulate outcome but not the technology itself
B. Same regulation for the same activities regardless of the technology used
C. Regulation should not be used to discriminate against one technology over another
In academic literature, several benefits associated with a technology-neutral approach are discussed. The first benefit is that regulators do not need to change regulations too often to keep up with technological development, which is called future-proofing regulation.90 This saves on social costs that regulatory change may cause. The second benefit is that technology-neutral regulation gives certain clarity to investors and users of new technology regarding how it will be addressed by regulation.91 This encourages innovation; on the other hand, the regulatory scope may become too vague and heighten uncertainty depending on the wording of the regulation.92 The third benefit is that regulators can avoid making mistakes. Usually, regulators are not technical experts and not in the best position to decide which technology should win in the market, especially when there is much uncertainty around a technology and its usage.93 A technology-neutral approach enables regulators to regulate outcome and activities while avoiding halting innovation by misjudging technologies.
Given the above benefits, a carefully deployed technology-neutral approach sounds appropriate to foster innovation. However, given the technological characteristics we have already discussed, to prevent criminal activities in a blockchain-based financial ecosystem a technology-neutral approach alone is insufficient for the following reasons.
With respect to point A above, regulators need to verify compliance by monitoring who does what, but as shown previously, regulators cannot do so in a decentralized financial ecosystem when users utilize decentralization and anonymization. In the same way, with respect to point B, regulators cannot apply regulation because monitoring activities associated with a specific person within a blockchain-based financial ecosystem can be very difficult. With respect to point C, considering that technological development and its usage involve significant uncertainty, non-discriminatory regulation seems appropriate, but if negative externalities such as illegal activities are clearly associated with specific technology, regulators should address such externalities by regulating the technology itself.
On one hand, a technology-neutral approach would foster innovations in many areas; however, at the same time, some aspects of blockchain technology call for careful consideration of the appropriateness of a technology-neutral approach especially when it comes to preventing financial crimes. The ideal scenario would be for private parties to encourage the engineering community, businesses, and users themselves to find clever solutions that address potential risks, and regulators can help create a conducive environment. However, if such an effort fails, partial diversion from a technology-neutral approach in limited situations where there exists clear reasons may be appropriate to ensure that financial regulatory goals are met. Even in such cases, it is important for regulators to clarify in what situation and in what aspect they will intervene in technological development, and for what reasons, in order not to cause uncertainty that could hamper a healthy environment of innovation.