Search This Blog

Wednesday, 9 December 2015

UK Continues To Clear The Path For Growth Of Alternative Finance

Draft legislation has now been published to allow bad debt relief for investors in peer to peer loans, in addition to the new Personal Savings Allowance announced in the Summer Budget.

These measures are among those that address the key regulatory problems and perverse incentives that have been preventing the flow of finance to people and businesses who need it and improved returns to savers and investors. The first regulatory initiative was to regulate P2P lending, announced in 2013; while the first step in addressing incentives was to include P2P loans in ISAs - first announced in 2014.

In introducing the latest incentive measures the government says it remains "determined to increase competition in the financial sector, where new firms such as P2P platforms can thrive alongside the established players and compete to offer new and improved services to customers. This new relief will create a level playing field for the taxation of income from P2P lending when compared to the taxation of traditional forms of retail investment available from those established players."

The government's commitment is critical, given that the financial system is now less diverse than before the financial crisis blew up in 2008. Few bank reforms have actually taken effect - and some are being watered down. Recent fines and scandals also reveal little change in mainstream financial services culture from that described in the report of the Parliamentary Commission on Banking Standards and most recently in the damning report into the failure of HBOS.

From 6 April 2016, individuals investing in certain P2P loans will be able to set-off the losses they incur from loans in default against income they receive from other P2P loans, when calculating their savings income for tax purposes. 

In addition, under the Personal Savings Allowance announced in the Summer Budget 2015, the first £1,000 of savings income will be exempt from tax for basic rate taxpayers and the first £500 for higher rate taxpayers. An individual’s PSA will apply to interest they receive from P2P lending after any relief for bad debts. 

Wednesday, 2 December 2015

Isle of Man Goes Crypto-Crazy

I'm indebted to my colleagues in the Isle of Man for pointing me to the IoM's recent Designated Businesses (Registration and Oversight Act 2015, which imposes various registration and anti-money laundering requirements on distributed ledger technology. Do we have a poster-child for how regulation of new technology can go way too far?

The IoM compliance obligations are aimed at: 
"the business of issuing, transmitting, transferring, providing safe custody or storage of, administering, managing, lending, buying, selling, exchanging or otherwise trading or intermediating convertible virtual currencies, including crypto-currencies or similar concepts where the concept is accepted by persons as a means of payment for goods or services, a unit of account, a store of value or a commodity;"
This seems likely to be counter-productive, to say the least, given that the 'currency' aspect of distributed ledgers is often merely there to reward the 'miner' or processor of transactions or events that occur on the ledger, regardless of whether those events are themselves financial in nature - financial services being merely one of many different potential applications.

So, should every business on the IoM that uses, or might wish to use, distributed ledgers register with the authorities and introduce AML controls on everyone it deals with, just in case? Maybe so...

Two specific points to make:

1. ‘convertible virtual currencies’ are defined more broadly than one would expect:
“including crypto-currencies or similar concepts [neither term being defined, except by what follows…] where the concept is accepted by persons as a means of payment for goods or services, a unit of account, a store of value or a commodity”, 
Most definitions of a ‘currency’ require all these criteria to be met, not just any one of them. Imagine what would happen to the US Dollar, for example, if suddenly it was not accepted as meeting just one of the above criteria...  Indeed, for this reason many people disagree that Bitcoin - the most widely used form of 'crypto-currency' - is still nothing more than a commodity.

In addition, none of the typical exemptions under payment services regulations seem to be imported here. To take but one relevant example: consumer loyalty/rewards programmes are typically exempt on the basis that the rewards are only accepted as a means of payment within a 'limited network'. Do the local authorities really want every business participating in a loyalty scheme on the Isle of Man to register and apply AML controls just because the scheme involves distributed ledger technology? Maybe so...

2.  Similarly, the list of activities that trigger the relevant compliance obligations would seem to cover a vast array of potential services and their providers/users - recognising that these are distributed ledgers to which all computers running the protocol have the same access. Again, just think of consumer loyalty programmes as you go through the list:
the business of issuing, transmitting, transferring, providing safe custody or storage of, administering, managing, lending, buying, selling, exchanging or otherwise trading or intermediating...
Even payment services regulation, for instance, exempts technology services that support transactions without the service provider handling funds. And the whole point of the ledger is that no intermediary is actually handling funds - its all happening peer-to-peer amongst machines - indeed perhaps everyone's device is handling the funds. Furthermore, there will be instances where access to a distributed ledger is just one element of a wider system - as in the car-rental example, or tracking shipping containers - and it may not be clear to everyone that a distributed ledger is involved if it's just to share the location or state of a vehicle or container.

Still, the Isle of Man's approach might at least be useful in demonstrating how regulation in this area can go too far...

Thursday, 19 November 2015

P2P #ISAs: FCA's Approach

Although we are yet to see the legislative changes required to include peer-to-peer loans in the new Innovative Finance ISA from April 2016 and regulate advice on P2P loans, the Financial Conduct Authority has helpfully set out its proposed approach for when the law does change. We have until 31 December to respond. Broadly, the FCA proposes to:
  • give guidance on how disclosure rules will apply to including P2P loans in an IFISA - particularly where the P2P platform only has interim permission (pre-April 2016) and risks arising if the firm does not get full authorisation;
  • consult on applying suitability rules to advice on P2P loans, including changing the application of the rules and banning the payment or receipt of commission in relation to making P2P loans (note that the regulation of advice generally is being reviewed, so those rules could also change in due course anyway); however, because direct holdings of shares and other investment instruments are not included in the list of products that independent financial advisers must consider when making recommendations, P2P loans will also be excluded from that list; and
  • ensure any risks related to IFISA inclusion are disclosed, like whether they can be transferred or sold (the FCA considers P2P loans to be "a much higher-risk alternative to buying an annuity" but doesn't mention the risk compared to buying a Lamborghini other types of investment that also compete with annuities).

Thursday, 15 October 2015

Keeping Humans At The Heart Of Technology: Conference Wrap

This is a long overdue summary of my closing remarks at the SCL Technology Law Futures Conference on whether humans can survive the advent of super-intelligent machines. The podcasts for each session are available on the SCL site.

I am confident that we can keep humans at the heart of technology during the current era of artificial narrow intelligence.  It seems we are a long way into the process of coping with computers being better than us at certain things in some contexts. The sense was that the dawn of artificial general intelligence, where computers can do anything a human can, is 20-40 years away. It's also possible, of course, that the machines may never completely exceed human capabilities - more a matter of faith, in any event, as it would only be us who judged that to be the case. 

There are clear signs that humans are using computers to enhance the human experience, rather than replace it. E-commerce marketplaces for everything from secondhand goods, to lending and borrowing, to outsourcing household tasks and spare rooms show that humans are working together directly to remove intermediaries by relying on faciltators who add significant value to that human-to-human experience. 

This underscores the fact that computers' lack of 'common sense' will severely limit their ability to replace us – not just rationally speaking but also in terms of a shared understanding of our own five senses, and how we co-operate and use that shared understanding with each other in subtle yet important and uniquely human ways, for example, simply to summon the smell of freshly cut grass. 

Misuse of machines by humans - to constrain choice, for example - will also hold back development or lead humans to develop alternatives. We have worked around technology-based monopolies in various industries, such as music, but we also heard how the few major mobile 'app stores' are not only becoming the preferred distribution platforms for software, but also choke points to throttle competition. Such attempts at control will prove futile if those platforms do not give us what we want or are not aligned with how we behave or fail to reinforce the shared sense of community that is a feature of, say, peer-to-peer marketplaces and the new distributed ledgers.

The point was also made that we should recognise the value in our freedom to make mistakes or to simply forget or fail to do something – indeed the fact that someone else has forgotten or failed presents an opportunity for someone else. Perhaps this is the key driver of competition and innovation in the first place. [So, would machines evolve to be so efficient that change would no longer be necessary? Superintelligence could be a dull experience!]

Yet it is human fallibility, not that of machines, which is behind most online fraud. Turns out that it's simpler and cheaper to hack the human operating system with confidence tricks than it is to cut through the security systems themselves. Ironically, in this context, it seems there’s more a role for machines to help us avoid being fooled by other humans into giving out sensitive information, rather than to evolve ever more sophisticated encryption, for example.

A key issue is that the evolution of machine ability and interoperability is adding vast complexity to the rules and contracts that govern their use. Layers and layers of rules, terms and conditions must knit together to ensure effective governance of even the humble home entertainment network. Of course, the earlier the lawyers, legislators and regulators are involved in this, the easier it is for governance infrastructure to keep up.  That point is often made by lawyers, but it was also very heartening to hear the direct invitation for more lawyers to be involved directly with engineers in the step-by-step development of driverless cars, so they are aligned with how we humans want them to work on our roads. 

Yet the speed of technological development versus the speed at which the law moves make it unlikely that the law and rules alone will be effective in directly controlling the development of machines, whereas incentives such as commission, fees and fines will likely prove more useful in nudging behaviour in the right direction and keeping interests aligned. How the economic models evolve is therefore critical - and a good area for less direct legal control of machines, particularly through the apportionment of liability and theregulation of markets and competition.

Economically speaking, however, it was pointed out that we are prone to overstating the impact of technology has had in the past, and overestimating its effect in the future. In terms of GDP growth, for example, it turns out there was no industrial 'revolution' but merely a steady increase in output in parallel with various technological improvements. Tech booms and busts are also evidence of this.

We also tend to get hung up on globalisation and the need for harmonious rules across regions, yet much of the benefit of the internet, for example, has actually occurred at local level, and most of us use our phones and email to stay in touch with local people. 

Against this background, the conference keynote speech provided an entertaining overview of artificial intelligence and the community behind it, finishing nicely with a list of the top priorities for urgent human attention. The 'Internet of things' - 50 billion connected devices by 2020 - clearly covers a vast area, so it's important to bring it down to specific scenarios, such as the home, the car, the streets and how sensors, software and machines in each context inter-operate. Other critical developments and scenarios deserving our attention are driverless cars; the use of drones in the context of both civil surveillance and warfare; and applications that control or monitor our health.

More on those fronts in due course, no doubt.

Thanks again to all the speakers for such a thought provoking series of presentations.

Friday, 9 October 2015

Can It Really Be #PSD2?!

The new Payment Services Directive (PSD2) has been approved by the European Parliament. Following the Parliament’s vote, in order to take effect, the Directive must be formally adopted by the EU Council of Ministers and published in the Official Journal of the EU. This is explained by the European Commission here. I understand that should be done by sometime in November. In the meantime, the official version is published by the European Parliament here. From that date of publication in the Official Journal, Member States will have two years to introduce the necessary changes in their national laws in order to comply with the Directive.

I have updated my note for SCL on PSD2 accordingly.

Monday, 5 October 2015

PSD2 - EU Sleight of Hand?

True to form, the EU Parliamentary process threw up an amended proposal for the new Payment Services Directive last Tuesday, leaving everyone two business days to consider it before this week's Parliamentary session. Conspiracy theorists will wonder what last minute lobbying victories were secured and what might have been different with a few weeks to consider them.

It seems pointless to review the draft, let alone summarise any changes, since further changes may well emerge this week from lurking MEPs. Who knows what will finally pop out in the Journal? Only those swimming in the primordial soup.

Tuesday, 21 July 2015

The Innovative Finance #ISA

The Treasury has announced the details of its commitment to extend tax-free Individual Savings Accounts (ISAs) to include peer-to-peer loans from 6 April 2016, effectively adding a third basket for your nest eggs. The enabling regulations will be published later this year. In the meantime, the government is also consulting on adding certain 'crowd-investment' instruments to ISAs in due course.

From April 2016, there will be a new "Innovative Finance ISA" in which individual investors will be able to hold P2P loans (formally known as 'article 36H agreements' in article 36H of the FSMA (Regulated Activities) Order 2001, and "P2P agreements" in the FCA's Handbook).

Advisers will be able to advise on P2P loans within the scope of their existing FCA advisory authorisation.

For ease of administration, each P2P lending platform is likely to become the ISA Manager for the Innovative Finance ISA that covers P2P loans agreed on its platform. 

P2P platforms (and other relevant ISA managers) will not be required to enable customers to sell their loans or to move their loans to another platform. But platforms may, if they wish, facilitate the sale of loans on their own secondary markets (as some do already) and enable the transfer of the cash proceeds to another ISA manager - indeed customers must be able to withdraw un-lent cash withdrawn within 30 days. However, it won't be possible for you to transfer only part of the money you subscribed in that tax year.

The different rules for P2P loans mean that they won't qualify for Junior ISAs or Child Trust Funds, which are less flexible than adult ISAs.

Tuesday, 7 July 2015

FCA Clarifies (A Few) Misunderstandings On #ConsumerCredit

The Financial Conduct Authority has attempted to clarify some of the misunderstandings about who needs consumer credit permission and the interpretation of its rules and guidance on assessing creditworthiness and affordability. This is very helpful, but frankly has barely scratched the surface.

Long standing official resistance to shifting the regulation and supervision of consumer credit to the Treasury/FSA meant there was little time to do more than 'drag and drop' the old Consumer Credit licensing regime operated by the Office of Fair Trading into the FCA's world. But a lot less drag and a lot more drop would have saved great deal of time and expense.

Meanwhile, the confusion over permissions required and the 6 to 12 month authorisation time is driving many new entrants to launch into business lending space even where they would prefer to focus on consumers, sole traders and small partnerships.

The Innovation Hub is a great initiative, and a number of clients have taken advantage of this so far, but let's hope there is a solid programme for clearing the regulatory drag that is inhibiting more competition and innovation.

More Sunlight On #Payment Accounts

The Payments Account Directive (PAD) must be implemented in the UK by 18 September 2016, and the Treasury is consulting on how to do it. You have until 3 August to respond. This post explains the key features of PAD and the likely UK impact, according to the Treasury.

Key Features of PAD

Perhaps the most important feature of PAD is that payment accounts with certain basic features must be made available by banks to all consumers, including the homeless and asylum seekers, within 10 business days after receiving a complete application. Only banks will have to participate in that scheme, rather than other types of payment service providers (PSPs), like payment institutions and e-money institutions (the privileges and state guarantees enjoyed by banks must come at a price, after all). Such 'basic bank accounts' should be free of charge, or subject only to a reasonable fee, taking into account certain criteria, and there will be limits on termination.

PAD will also target the top 10 to 20 types of fee-based services commonly used by consumers in connection with a payment account or current account, and which generate the highest cost. The authorities have to provide that list to the European Commission and the European Banking Authority a year in advance, so they can specify technical and terminology standards in time for implementation by member states. That 'hit list' will be updated every four years.

The idea is we will each get a 'fee information document' in various forms before we sign up to a payment account or current account, as well as an annual statement of fees. We must also be able to refuse any 'packaged' features (like insurance), or get them separately, if we wish.

Member states have to ensure that at least one comparison website compares the fees for the top 10 to 20 types of fee-based services. There are rules to keep the comparison websites honest.

A 'switching service' must enable the prompt transfer between PSPs of information about all or some standing orders, recurring direct debits and incoming credit transfers, and of any positive balances from one payment account to the other, without necessarily closing the first payment account. The information must be available free of charge; and any other related fees that are charged must be "reasonable and in line with the actual costs" of the relevant PSP (except in cases of abnormal and unforeseeable circumstances beyond the control of the PSP, the consequences of which would have been unavoidable despite all efforts to the contrary, or where a PSP is complying with a statutory obligation). Any financial losses incurred by consumers due to switching must be refunded by the PSP without delay.

Similarly, PSPs must facilitate cross-border account opening, which will be interesting to see in action.

The Commission must report on the application of PAD and any proposals for improvements by 18 September 2019.

UK impact

The Treasury reckons about 50 firms are covered by PAD, and while some of the requirements are covered by existing UK initiatives, those firms are facing significant costs associated with standardising product descriptions and statements. The PAD requirements for basic bank accounts also go beyond the UK banks' voluntary bank programme (of course), so regulation is required. Only the UK's Money Advice Service will be expected to act as a comparison site. The 'current account switching service' covers most payment accounts likely to be affected, and PSPs who are not members of it will have to provide their own equivalent that meets the PAD requirements.

Sunday, 21 June 2015

#PSD2: The Final Chapter?

I have updated my article for the SCL on the differences between the Payment Services Directive (PSD) and the latest compromise text of PSD2, produced following informal negotiations amongst the European Parliament, Council and the Commission.

It seems we are not far away from the final version.

Wednesday, 17 June 2015

FCA Consults On Rules for Banks' #SME Loan Referrals and Credit Data

The Financial Conduct Authority is consulting on rules relating to banks' obligations to release information about credit performance to credit reference agencies; and the referral of their rejected small business loan applications to 'designated finance platforms'. 

The proposals are in Chapter 6 of the FCA's current quarterly consultation.

The FCA will have a limited supervisory and enforcement role in relation to these obligations.

The consultation ends on 5 August 2015.

Tuesday, 19 May 2015

Of #Smart Contracts, Blockchains And Other Distributed Ledgers

Seems I caught Smart Contract Fever at last week's meeting of the Bitcoin & Blockchain Leadership Forum. So rather than continuing to fire random emails at colleagues, I've tried to calm myself down with a post on the topic.

For context it's important to understand that 'smart contracts' rely on the use of a cryptographic technology or protocol which generates a 'ledger' that is accessible to any computer using the same protocol. One type of 'distributed ledger' is known as a 'blockchain', since every transaction which is accepted is then 'hashed' (shortened into a string of letters and numbers) and included with other transactions into a single 'block', which is itself hashed and added to a series or chain of such blocks. The leading distributed ledger is 'Bitcoin', the blockchain-based virtual currency. But virtual currencies (commodities?) are just one use-case for a distributed ledger - indeed the Bitcoin blockchain is being used for all sorts of non-currency applications, as explained in the very informative book, Cryptocurrency: How Bitcoin and Digital Money are Challenging the Global Economic Order. As Jay Cassano also explains, another example is Ripple, which is designed to be interoperable with other ledgers to support the wider payments ecosystem; while Ethereum is even more broadly ambitious in its attempt to use smart contracts as the basis for all kinds of ledger-based applications.

Generally speaking, the process of forming a 'smart contract' would be started by each party publishing a coded bid/offer or offer/acceptance to the same ledger or 'blockchain', using the same cryptographic protocol. These would be like two (or more) mini-apps specifying the terms on which the parties were seeking to agree. When matched, these apps would form a single application encoding the terms of the concluded contract, and this would also be recorded in the distributed ledger accessible to all computers running the same protocol. Further records could be 'published' in the ledger each time a party performed or failed to perform a contractual obligation. So the ledger would act as its own trust mechanism to verify the existence and performance of the contract. Various applications running off the ledger would be interacting with the contract and related performance data, including payment applications, authentication processes and messaging clients of the various people and machines involved as 'customers' or 'suppliers' in the related business processes. In the event of a dispute, a pre-agreed dispute resolution process could be triggered, including enforcement action via a third party's systems that could rely on the performance data posted to the ledger as 'evidence' on which to initiate a specific remedy. 

Some commentators have suggested this will kill-off various types of intermediaries, lawyers and courts etc. But I think the better view is that existing roles and processes in the affected contractual scenarios will adapt to the new contractual methodology. Some roles might be replaced by the ledger itself, or become fully automated, but it's likely that the people or entities occupying today's roles would be somehow part of that evolution (if they aren't too sleepy). The need for a lot of human-readable messages would also disappear, signalling the demise of applications like email, SMS and maybe even the humble Internet browser. Most data could flow among machines, and they could alert humans in ways that don't involve buttons and keyboards.

So what are the benefits?

Well, it might take significant investment to set up such a process, but it should produce great savings in time, cost, record-keeping and so on throughout the lifetime of a contract. And, hey, no more price comparison sites or banner ads! Crypto-tech distributed ledgers would enable you to access and use a 'semantic web' of linked-data, open data, midata, wearables, smart meters, robots, drones and driverless cars - the Internet of Things - to control your day-to-day existence.

The downside?

This also might also play into the hands of the Big Data crowd (if they find a way to snoop on your encrypted contracts), or even the machines themselves. So it's critical that we figure out the right control mechanisms to 'keep humans at the heart of technology - the topic of the SCL's Tech Law Futures Conference in June, for example.

Meanwhile, I'm reviewing my first smart contract, which is proving rather like being involved in the negotiation of a software development agreement - which it is, of course. I'll post on that in due course, confidentiality permitting...

Wednesday, 6 May 2015

Of #Blockchains And #MultiFactorAuthentication

Okay, so yesterday I was trying to use the car rental scenario to understand the concept of blockchains and distributed ledger technology and ended with the point that all sorts of computer applications could run "on" the blockchain. Some could act as gateways between/among blockchains, and some could link applications on blockchains with the applications running on the Internet - like social media, email - or applications on mobile networks, including SMS. 

So, in the example, the contractual program running on the blockchain that doubles as my car rental contract could also initiate a text message telling me where and when to pick up my rental car. 

I also mentioned that my own request to rent a car could provide the details for where the car rental company's program could go to verify my driver's licence. I didn't mean for identification purposes, but to work out if I'm licensed to drive a vehicle.

On the identity front, I mentioned that both me and the car rental company would be acting pseudonymously. That's important because blockchain transactions are accessible by anyone with a device running the relevant technology. So mine and the rental car company's respective bits of code would have to offer a way for us to authenticate each other. And this is where the public nature of blockchains really come into their own.

Back in 2011, we had a big discussion on identity at the CSFI from which my 'takeaways' were that (1) identity is dynamic, not static - we are better defined by the data generated by everything we do, rather than a birth date or fingerprints. So (2) verifying our identity could be based on a unique snapshot of our behavioural data, which could then be discarded, rather than a passport etc.  which could be copied and used by fraudsters.

The challenge with multi-factor authentication in the Internet world is possibly that the data is subject to alteration (though on a mass scale it could be hard to alter every item of data about a person's behaviour).

But blockchains are infinitely harder to alter, since (I'm told) all the computers running the technology check each block when it is completed and that can't be undone, unless you control most of the computers at any one time (like a villain in a Bond movie).

So our identities could be verified by reference to a series of our blockchain transactions. For privacy and security reasons, each blockchain transaction should be coded so as not to give away much information about the transaction itself. That ought to be easy, since the code only needs to be understood by the computers who process each transaction at that time. At any rate, each transaction could somehow be combined into a unique identity token that would continually evolve to remain unique.

Hey presto, reliable multi-factor authentication!

Do I have any of this right?


Tuesday, 5 May 2015

Of #Blockchain And Other Distributed Ledger Technologies

I'm still trying to get my head around the concept of the blockchain and other 'distributed ledger' technologies, how they are useful and what else needs to happen to harness their potential. To that end, I'm trying to ignore the 'virtual currency' use-case that seems to get everyone tied up in knots. I mean, the Internet is more than a money remittance platform, right? Well, the concept of a 'distributed ledger' is similarly broad - maybe broader than the Internet. According to Ethereum, "a platform for decentralised applications", even the word 'ledger' is too limiting.

Recently, I read the 'call for evidence' on this topic from European Securities and Markets Authority (ESMA), especially as there's been a lot of talk about using the blockchain to cut the time and cost of central clearing and settlement in the financial markets.

Yet, as the call for evidence itself shows, even ESMA is struggling to understand the uses beyond investment products which (a) provide exposure to a virtual currency without buying it, or (b) require you to actually trade in virtual currency in ways that are recorded in the relevant 'blockchain' or other currency ledger. 

This could be because ESMA is viewing the technology through the lens of the existing, heavily intermediated financial market structures and how these might be somehow replicated using the new technology (see the two diagrams in section 4).  But as I've complained for years, financial regulation (for which ESMA is partially responsible) funnels investment funds and opportunities into marketplaces where comparatively few intermediaries are allowed to operate - so they can charge what they like and not bother innovating, except to suit themselves (high frequency trading?). Internet technology has helped a bit, by making it cheaper to build and host systems etc, but that technology is still based on the idea that transactions occur in separate computers and the related data remains locked away in proprietary databases, or displayed only to subscribers.  

Distributed ledger technology seems to herald something far more revolutionary.

As I see it, these technologies basically involve publishing machine-readable applications or programs that can be read by any device running the same technology. Each market participant just needs to publish or display to others what it is offering or what it needs and any 'deal' will be recorded or coded on a nominated blockchain or ledger. Certain stuff can still be kept secret, but enough information can be shared to enable the computers to record the deal publicly so that everyone knows the deal was done.

Take an ordinary consumer transaction like renting a car. The rental car company's computer could publish a certain program that identifies the company itself (pseudonymously), a specific car, the make/model, its current location and the price to rent it for the day (including full collision damage waiver!). If I need to rent a car, I could publish some code that identifies me (pseudonymously), what type of car I need, where, when, how much I'm prepared to pay per day, the payment method and how the rental company can authenticate my driver's licence. Our computers find each other, like what they see and submit a transaction to a third computer which writes it up in code that instructs other computers to take my payment, send me the collection details and so on. In other words, as well as being an open record that the transaction exists, the code can also refer others to more detailed information where necessary.

It seems that very little should need to change outside the above scenario for this begin to happen, since the programming languages are now expressive enough to enable such codes to be written about every day transactions without a lot of fuss over industry standards. However, over time the same technology could be at work all over the place in more technical scenarios. For instance, my driver's licence could also just be a computer code available on a separate blockchain or ledger, to which the rental company's computers could be referred to check when it expires, whether I have any demerit points and so on. Even credit references and so on might be ascertainable in this way. 

In other words, all sorts of computer applications could run "on" the blockchain and/or act as gateways between/among blockchains and between blockchains and the applications running on the ordinary old Internet, like social media, email or those running on mobile networks, like SMS. So, in the example, a program running on the blockchain could initiate a text message telling me where and when to pick up my rental car.

I'm now struggling a little to see the difference between 'distributed ledger technology' and the 'semantic web' or 'Web 3.0', Linked Data, Open Data and so on. But, hey, I'm taking it a day at a time. At any rate, it all seems to promise the death of human-readable price comparison sites and their corny advertising, so bring it on!

Tuesday, 31 March 2015

Need To #Crowdfund Your US Launch? Try Reggae...

... er, that should read "Reg A". 

I'm indebted to Anna Pinedo and Jim Tanenbaum for pointing out that the SEC has finally done its job under Title IV of the JOBS Act. As they carefully explain in a recent Mofo Alert, the amendments to Regulation A that take effect in about 90 days time will enable private US and Canadian companies to raise up to $50 million in a 12 month period. That entity could be the holding company for a UK start-up, for example, or possibly the US subsidiary of a UK start-up, so long as it has a genuine US establishment - you know, real people and office equipment and a decent coffee machine. 

Existing shareholders may also sell reasonable amounts of stock as part of the offering. 

And eligible investors include 'the crowd' - provided they each limit their purchases to no more than 10% of the greater of their annual income or net worth (with a similar limit for non-accredited corporate entities). 

It should also be possible to combine a Reggae Reg A offering with private offering, if you really, really need the extra money.

Sunday, 29 March 2015

Mobile Consumer Rights

The mobile operators have finally agreed a code of practice on consumer billing

It does not state a standard cap on the customer’s liability for charges incurred as a result of unauthorised use of the device after it has been lost or stolen, or the notification period for the customer to report a device lost or stolen in order to qualify for the cap. But I understand that there is agreement on a £100 cap on the basis for notification to both the operator and police within 24 hours

That's a higher cap than for payment services (which have a cap of 50 euros) and an additional report to the police seem a little onerous, and just more admin for customers and police. However, the code leaves it open for providers to compete over this issue...

Tuesday, 24 March 2015

Big Day For Providers Of #AlternativeFinance To #SMEs

This morning, the British Business Bank began the process of creating a market for small business loan applications that the banks decline to fund, as well as opening up the banks' credit data to improve credit scoring for small business borrowers. 

Specifically, the BBB has called for expressions of interest from firms wishing to become either a designated finance platform, to whom banks must offer to refer any small businesses whose loan applications are rejected.

In addition, the BBB is seeking information from credit reference agencies that would like to receive credit data held by banks on small businesses to increase the reliability of SME credit scoring for non-bank lenders.

Saturday, 21 March 2015

UK Plans For #VirtualCurrencies and #Blockchain Technologies

The Treasury has published its response to the recent call for evidence on virtual currencies. The plan is to apply anti-money laundering regulation to virtual currency exchanges and ensure effective enforcement related to the criminal use of the currencies themselves, including seizure. It will also foster the development of standards for consumer protection in conjunction with the British Standards Institute. The government will also invest £10m to address 'research opportunities and challenges'.

In addition to addressing the risks, the report also explores the benefits of digital currencies as methods of payment, including uses beyond the retail scenarios, as well as other applications of blockchain technology; as well as barriers to suppliers setting up in the UK and how the government can help clear the way.

Alternative uses for the “distributed ledger” technology (i.e. beyond retail payment services) that the Treasury identified were:
  • transfer of title to digital assets, with inherent authentication, digital ‘signing’ and time-stamping and record-keeping e.g. recording and transferring the ownership of bonds, shares, securities and other financial instruments; passports, driving licences, criminal records, land registry and digital voting; 
  • ‘smart contracts’ and smart payments, whereby users encode requirements into a payment instruction or other message in order to achieve autonomous, self-executing payments and contracts that adjust for specific conditions. 
  • decentralised data storage solutions (using blockchain technology to store files securely and efficiently);
  • encrypted peer-to-peer messaging networks; and 
  • links with ‘smart property’ and the Internet of Things, whereby devices (including autonomous vehicles) communicate with each other and maintain and update themselves semi-autonomously.
Great news for the everyone that the government is positively engaging with this technology.

FCA Goes Social

The Financial Conduct Authority has made a huge effort to shrug off the image of its predecessor, and its latest guidance on social media and customer communications is another case in point. The FCA goes to far greater lengths than the FSA to understand the activities that it's regulating, and it has properly recognised the benefits to firms using the social media, not just the risks. There are some big concerns in here. But overall it's a helpful steer on how to market financial services in the social media, rather than just another regulatory minefield.

Now, about those 'big concerns'...

The word "consent" does not appear in this document. Nor do the words "data protection". The word "privacy" appears once, however, in a footnote which helpfully refers to the Information Commissioner's guidance on Direct Marketing. That's really the only nod to the many other requirements that application developers need to consider when producing financial services - something we've been focusing on intently at the Society for Computers and Law, for example. That's a particular concern, when section 1.8 of the guidance recommends "the use of software that enables advertisers to target particular groups very precisely" without so much as a footnote. If this is a tip to use Big Data tools, cookies and so on to engage in behavioural targeting of advertising, then firms will need a lot more help if they are to expected to do so appropriately.

Of equal concern is the FCA's decision to 'gold-plate' its guidance to the level of compliance required by the European directives on consumer credit and mortgages - another example of the European "regulatory creep" that blights the UK's landscape and is the source of so much talk of a "Brexit":
"The same constraints do not exist in other areas, but we think it is important to adopt a common approach across all the sectors we regulate, and across all media. To do otherwise would create a more complex and less certain regime, which would impose additional costs and which firms and consumers would find more difficult to navigate."
The problem with this approach is that not only do UK officials have a tendency to over-comply in this fashion, but they also take a literal approach to the interpretation of European law, rather than the purposive approach that European law itself dictates. So the UK invariably implements European edicts far more restrictively than, say, Greece or even France (historically the country most sued for failing to implement European laws, but here's the league table). 

Another problematic area is the guidance on using an image to convey a risk warning where a character limit would make it impossible to include it as text. While appearing to recommend this approach, the FCA then points out (on page 8) that Twitter settings, for example, allow users to ensure that images appear as a link, rather than being automatically displayed. So, risk warnings or other required information cannot appear solely as an image where such user features are present. This is explained a little more in section 7 of the Annex, which also mentions that some social media services limit the amount of text in images or crop them in unpredictable ways... In other words, images are not really much of a solution, even though they feature heavily throughout the FCA's examples.

Retweets and other sharing of financial promotions by customers and employees is another area for firms to consider a bit more carefully. There is some discussion of that (under "Other regulatory issues" on page 11), but it's obviously at the core of why firms would use the social media over traditional advertising channels. Basically, you can't rely on your employees to do the dirty work for you, at least not in the course of their employment (a slippery slope); and just because they or your customers are prepared to make a claim, doesn't mean that the firm can share it with impunity.

While it's refreshing that the FCA does not consider a tweet, for example, to be a real-time promotion, it doesn't mention the use of instant messaging features, or direct messaging. Although the guidance does mention that a customer 'following' a firm's account or 'liking' its material does not amount to an express request to receive real-time promotions to get around the ban on 'cold-calling'.

Finally, record-keeping is a key concern here. As the FCA points out (on page 14), you can't rely on the social media platforms to retain a copy of your promotional material. So firms need to have their own records of tweets etc., and the related compliance sign-offs.

No doubt the FCA's guidance will evolve in the light of these concerns over time - not to mention the guidance from the Information Commissioner!

Saturday, 7 March 2015

Artificial Intelligence, Computer Misuse and Human Welfare

The big question of 2015 is how humans can reap the benefit of artificial intelligence without being wiped out. Believers in 'The Singularity' reckon machines will develop their own superintelligence and eventually out-compete humans to the point of extinction. Needless to say, we humans aren't taking this lying down, and the Society for Computers and Law is doing its bit by hosting a conference in June on the challenges and opportunities that artificial intelligence presents. However, it's also timely that the Serious Crime Act 2015 has just introduced an offence under the UK's Computer Misuse Act for unauthorised acts causing or creating the risk of serious damage to "human welfare", not to mention the environment and the economy. Specifically, section 3ZA now provides that: 
(1) A person is guilty of an offence if—
(a) the person does any unauthorised act in relation to a computer;
(b) at the time of doing the act the person knows that it is unauthorised;
(c) the act causes, or creates a sign ificant risk of, serious damage of a material kind; and
(d) the person intends by doing the act to cause serious damage of a material kind or is reckless as to whether such damage is caused.

(2) Damage is of a “material kind” for th e purposes of this section if it is—
(a) damage to human welfare in any country;
(b) damage to the environment in any country;
(c) damage to the economy of any country; or
(d) damage to the national security of any country.

(3) For the purposes of subsection (2)(a) an act causes damage to human welfare only if it causes—
(a) loss to human life;
(b) human illness or injury;
(c) disruption of a supply of money, food, water, energy or fuel;
(d) disruption of a system of communication;
(e) disruption of facilities for transport; or
(f) disruption of services relating to health.
I wonder how this has gone down in Silicon Valley...

Thursday, 5 March 2015

EBA Sees #Payments Regulation As Best Model For #P2Plending - Updated

When the UK peer-to-peer lending industry began calling for proportionate regulation in 2011, we pointed to payments regulation as the ideal model. By the end of 2012, about 30 firms from across Europe signed an open letter calling for that approach to the regulation of crowdfunding generally. And that was the thrust of my response to the EC consultation on the topic. After all, these marketplaces are all basically payment platforms that enable the wallet-holders to agree to lend or invest money rather than just pay it. They have far more in common than there are differences.

Unfortunately, the UK authorities were determined to apply the existing investment rules to the P2P model, with consumer credit rules adapted to cover loans to individual borrowers and some small businesses. So instead of a dedicated set of regulations dealing with common operational risks among all platforms, with some extra rules to cover different types of instruments, we ended up with rules sprinkled all over the giant FCA Handbook.

Since then, however, the French have opted to apply payments regulation to P2P lending, and last week the European Banking Authority suggested a similar approach.

Of course, the additional attraction to payments regulation is that it is the subject of a 'maximum harmonisation' directive that allows for passporting throughout the EEA far more easily than under investment regulation.

If I were a betting man, I would put good money on the EBA's approach eventually winning out, with the real battle being fought over whether there should be any restriction on the amount that individuals should be able to lend [see update below]. The UK, France and Spain have each taken different approaches to this question. I'm glad to say that the UK has been the most pragmatic in recognising that platforms will struggle to generate enough liquidity without the possibility for some individual investors to lend significantly more than others to any one borrower, particularly in the SME lending markets. As I mentioned in the context of the recent European crowdfunding conference, my sense is that French and Spanish platform operators will realise this problem as they try to scale...

[updated as follows on 18 March 2015]

The battle over the restrictions around who should lend on P2P lending platforms, and how much, seems to flow from the mistaken belief by some authorities (the EBA included) that 'loans' are somehow 'debt securities'. Ironically, in its discussion of why investor type restrictions might be extended to simple loans, the EBA opinion underscores why that should not be the case - and indeed isn't the case in the UK.

For instance, in summarising the risks to lenders involved in P2P lending, the EBA, states (at para 28) that "the assessment of an investment opportunity requires a profound analysis as well as a thorough understanding of the project or business of a potential borrower." Yet making a loan does not equate to an 'investment' opportunity (and you would have thought that a banking regulator could fully elucidate the difference).

A loan is just a debt - which is a simple enough concept for anyone to grasp. It chiefly involves 'credit risk', not 'investment risk'; unlike bonds, for example, which are typically held for investment purposes rather than simply to earn interest (hence the focus on bond 'yields' rather than the interest rate or 'coupon').

The EBA later refers to the need for "explanations about a project, financing mechanisms and other investor education material", which also seems to misunderstand the straightforward nature of credit. Later still, the EBA states that P2P lending "usually means that lenders enter into loan agreements with a borrower which is, in many cases, a start-up enterprise." But that is certainly not the case in the UK, where such companies typically turn to equity investors who are looking for a share in the growth of a business, rather than simply the repayment of their capital plus interest. A subsequent discussion of "investment advice" and "investment recommendations" also highlights the EBA's mistaken assumptions about the essence of P2P lending. It's almost as if someone simply substituted "loan" for "equity" in a section about equity-based crowdfunding platforms.

This mistaken classification of lending as an investment is doubly ironic, given that the EBA is responsible for policy related to payments, banking, savings and loans and not securities (which is ESMA's territory). In fact, were it not for the EBA's view that payments regulation is the best fit for regulating the common operational risks of P2P lending, I would suspect the it of trying to limit competition with the banking sector by pushing P2P lending into the investment world. Yet, somewhat weirdly, when it comes to the section on credit risk the EBA suggests that platforms might be "required to cooperate with a bank, either in the way that the bank processes the assessments [of creditworthiness] on a professional basis or takes over any credit risk by contracting with each borrower directly." Which also ignores the fact, of course, that banks are busy walking away from the markets now served by the P2P lending platforms!

The EBA is also being somewhat disingenuous in suggesting that P2P lending platforms should carry out criminal records checks on borrowers - an extremely time-consuming, personally intrusive and costly process that not even banks are required to undergo when making loans. Compliance with anti-money laundering regulations, PEP/sanctions screening and membership of industry anti-fraud databases are adequate and proportionate controls for screening borrowers. Likewise, P2P lending platforms do not represent any greater source of risk to a lender's personal data than many other types of business, and data protection law should govern this type of risk, as it already requires appropriate IT and information security controls.

Overall, one is left with a nagging concern that, while it has made the best choice of regulatory frameworks for controlling the common risks associated with P2P lending, the EBA has not really engaged properly with the concept or the sector. Let's hope that changes soon.

Saturday, 24 January 2015

FCA Spotlight On How Consumers Deal With Money

Source: Audio Visual Excellence
Consumer Spotlight is the FCA’s view on how UK consumers deal with money and financial services, including the capabilities and potential vulnerabilities. It describes ten consumer segments, and reveals the data the model is built on.

The tool is intended to help the FCA identify the risks consumers face, and the protection required.

Charts show how each segment responded to questions in a survey of over 4000 consumers. Filters reveal characteristics, attitudes and behaviours associated with different group of consumers (e.g. inertia, risk appetite and impulsiveness). This can help firms design products and communications that "work well for different, specific consumers."

The FCA's model is said to differ from firm's models because it incorporates "some data not commonly collected in commercial models, such as vulnerability characteristics and financial capability." However, I wonder if another difference is that some firms treat evidence of vulnerability and financial capability as a reason to target a segment, rather than avoid it...

While firms would be wise to at least consider the data when designing products and communications, the FCA warns that:
"The data is based on consumer recall and self-reported behaviour and attitudes; it is not validated against other sources. Consumers may not know the answers to questions. Other industry data may be gathered in different ways or for different purposes, making direct comparisons difficult... Although it may inform a firm's thinking and planning, the model is not designed for commercial development. We do not intend to enable firms to profile their own customer base using the model for their own commercial benefit."

Tuesday, 20 January 2015

Changes to #MIF Regulation

Worth noting that the text of the Merchant Interchange Fees Regulation dated 16 January 2015 differs substantively from the version published on 31 October 2014 and considered by MEPs on 17 December. Troubling that no mark-up has been provided. However, I have done the work and updated my previous summary accordingly.