Distributed ledger technology ("DLT") may expose securities markets to the risk of money laundering and terrorist financing, the European Securities and Markets Authority ("ESMA") has warned banks, asset managers and central counterparties.
The risk stemmed largely from the fact that the use of public/private keys, a computer-based encryption technique, might make it easier to conceal identities and to hide the history of transactions, ESMA said in a discussion paper, "The Distributed Ledger Technology Applied to Securities Markets", aimed at financial institutions interested in the use of DLT for securities markets.
Moreover, the private/public keys might potentially be lost or stolen, and used fraudulently to record fictitious transactions, ESMA said in the paper: "In the absence of a sufficiently robust governance framework, dishonest nodes might also take control of the network, even temporarily, and alter the consensus process."
ESMA pointed to an additional risk that network participants might be able to exploit information recorded, such as recent trades made by competitors, to front-run them or manipulate the market.
"The lower the levels of privacy level of the network or the lower the safeguards attached to it, the higher the risk would be," ESMA said.
According to ESMA, a flaw in the system might have wider consequences. "Indeed if someone was to break into the system, he/she might have access not only to the information stored at the point of attack but to the full breadth of information recorded on the ledgers. This could have extensive negative consequences on the confidentiality of information and the integrity of data."
ESMA said that if the encryption techniques were to be hacked, the risk of contagion might extend beyond the single DLT network under attack, since the protocols used by different DLT networks tend to be similar.
The regulator said that although proponents of the DLT believed it would help mitigate operational risks by increasing automation, a glitch in the system might have far-reaching consequences. The use of smart contracts might create additional risks in the absence of adequate controls, for example if the coding was erroneous. The incidence of errors might be lower but their impact might be more serious.
Through more automated and harmonised processes across participants and asset classes, the DLT might increase interconnectedness between market participants, which might increase the spreading of shocks, the paper said.
The paper said the DLT might add another layer of complexity to securities markets because of the use of complex encryption techniques, with potentially negative implications from an oversight perspective. The encryption of information might make it harder to disentangle, which in turn would make supervisory work more challenging.
In general, the more changes the DLT brings to the functioning of securities markets, the more likely it will be to raise regulatory challenges. The DLT's aim of changing or replacing the current set-up of market participants and market infrastructures may create challenges with respect to safeguards brought by recent securities markets regulations, for example if new risks are not addressed by the existing regulatory framework, ESMA said.
ESMA has said it will use feedback received to develop a position on the use of the DLT in securities markets and in particular to assess whether a regulatory response is needed.
The deadline for comments is 2 September 2016.