By Mark S. Nelson, J.D.
Byungkwon Lim is a partner at Debevoise & Plimpton LLP and is leader of the firm's Derivatives, Blockchain and Hedge Fund Practice Groups. Lim's practice includes advising technology firms on a variety of matters, including regulation, platform structure and offerings. Lim is admitted to practice in the Republic of Korea and New York
Lim spoke with Wolters Kluwer about trends and challenges in blockchain law and policy.
1. Your law firm biography indicates that you lead Debevoise’s Derivatives, Blockchain and Hedge Fund Practice Groups. How did you become interested in blockchain law? What advice would you give to an attorney who wants to represent clients in the blockchain space?
More than two decades ago, somebody told me that we would buy and sell everything on the Internet, and my reaction was simply “yeah, right.” Then, Amazon and so many other things have happened, and I became more and more curious about all new technologies, and blockchain and FinTech came my way almost by accident a few years ago. I am still working on many things I have been doing for a long time, but I am very excited and fascinated when I work on blockchain and technology matters.
I always suggest to lawyers and other service professionals working in the blockchain space that they should have some amount of knowledge and understanding of computer science—mostly the software side. Without that, it would be difficult to fully understand a legal or regulatory issue. For example, if you are tokenizing a security or issuing a security token on Ethereum, security law restrictions must be built into ERC 20 tokens (assuming tokens are fungible). As a lawyer, I will need to talk to you about what you need to write into the token codes and discuss with you how those lines in the code will execute in different conditions. This is true for any technology, whether it’s AI, big data analytics or self-driving cars.
2. The last roughly two years saw a great deal of enthusiasm that commercially viable blockchain solutions would soon emerge. Perhaps the volatility of the main blockchain solution to date—virtual currencies—has dampened that enthusiasm somewhat. What is the current state of the blockchain industry?
It really depends on what we mean by the “blockchain industry.” Blockchain is a technology, and the “blockchain winter” we saw last year just relates to the technology sector largely funded by those who own Bitcoin and other crypto assets. Corporations and sovereigns have been funding their projects differently, and we saw an increasing number of pilot projects using the technology last year. From early on, we have seen die-hard enthusiasts who preached that the world would transform in a matter of a few years. We still have those enthusiasts. But this technology cannot transform society overnight; we should just remember how long the Internet has taken to change every facet of our lives. But changes will come, and they will come faster than we think, simply because the pace of change in the society powered by every technology has been accelerating throughout history. We can pick anything we see—transportation, communication, or, more to our everyday life, stuff like home security. One last thing: for the record, I truly respect enthusiasts who believe in what they believe in and work tirelessly to achieve their goal. Many will fail, but some will not, and the world will owe gratitude to all of them.
3. A key challenge for the U.S. blockchain industry has been navigating the several existing federal regulatory regimes (e.g., securities, commodities, banking, and tax) that can apply to different aspects of blockchain activities. How likely is it that blockchain will ultimately require a new legal and regulatory framework?
Again, I view blockchain as a technology, which is neutral from a legal or regulatory perspective. I am not really sure if any new rule is necessary when a business enterprise uses it to manage its own supply chain, as Walmart has been reportedly experimenting with. On the other hand, trading, clearing and settling securities through blockchain would require a large scale modification of the current regulatory system. So, in some use cases, the current regulatory system will have to change. Such change may come in the form of a new rule or interpretation of the existing rule. It is not easy to change a rule, in whatever form it may take, so it is important for the industry and the regulator to engage each other to understand the objective of the relevant rule and the use case of the technology.
4. Questions have arisen about the need for additional federal or state laws to validate cryptographically signed documents such as smart contracts. How might existing laws, such as the federal Electronic Signatures in Global and National Commerce Act (E-Sign Act) and the Uniform Electronic Transactions Act (UETA), apply to smart contracts?
It depends on in what context a “smart contract” is used. Let’s say that you and I signed a contract on paper to exchange U.S. dollars and British pounds at different exchange rates depending on whether Brexit happens on October 31. Then we agreed to make the performance of this contract automatic by putting a smart contract on a blockchain. Come October 31, the smart contract will automatically transfer U.S. dollar and British pound amounts between our accounts. The smart contract doesn’t involve the formation of a valid contract. On the other hand, it is possible that we execute the same contract on a chain. In all likelihood, we will agree on the terms of the contract off-chain or on a website specifically designed for execution of this type of contract. In either case, it will be just a contract executed on the Internet, which can provide for a valid e-signing procedure. Although I am not really sure if this is realistic or not, it is possible that we open a joint address on the Ethereum blockchain, write a smart contract ourselves and send it to the chain for execution by miners. (The use of the word “execution” is a bit confusing, since it just means that the smart contract will be included in a block by a miner and that block becomes part of the chain.) Later, when conditions are met, the smart contract will be “executed” in a deterministic manner without any human intervention. In that case, we might face the issue of whether a contract (in a legal sense) was validly executed. Again, I am not sure how many of us could actually write a contract directly on the chain.
5. The SEC has perhaps taken the early spotlight among federal regulators due to the number of its blockchain enforcement actions dealing primarily with initial coin offerings, but the Treasury Department’s somewhat lesser known Financial Crimes Enforcement Network (FinCEN), also can play a big role in regulating blockchain activity through enforcement of its anti-money laundering (AML) regulations. What are blockchain firms already doing, or perhaps still need to do, in order to better comply with the Bank Secrecy Act and related know-your-customer (KYC) and AML requirements?
I cannot speak for all business enterprises that use blockchain in the money service business, but most of the enterprises that engage in money service business do generally comply with FinCEN rules and, if applicable, state money transmitter rules. There are, however, challenges. FinCEN’s 2019 guidance is more expansive than its 2013 guidance, and FinCEN will almost certainly implement new recommendations adopted by the Financial Action Task Force. The most complicated and possibly burdensome rule may be the travel rule. Many technology firms have been developing programs for enterprises to comply with the travel rule, but those programs need to be tested in a live environment in order to determine if they actually work as intended.
A more complicated and confusing area is data protection. Debate has been going on regarding how to apply data protection rules like the EU’s GDPR to blockchain based data structures, but there is no consensus even on the basic premise of whether blockchain can ever be adopted by a business enterprise in a manner to meet GDPR requirements. I recently read the European Parliament’s study paper on this topic, and I suggest others read it.
6. The SEC’s Division of Corporation Finance issued its “Framework” for digital assets in April 2019. So far, two no-action letters have resulted from that framework and both dealt with tokens that were to be part of functional blockchain platforms. In related events, two blockchain-related Regulation A offerings have been qualified. How effective has the Framework been in clarifying securities law requirements?
The industry largely agrees that the “Framework” is helpful in the sense that it provides an official confirmation of what the industry has believed to be factors the SEC staff would consider in analyzing an ICO. The flip side of this is that the Framework did not provide a safe harbor type guidance, which the industry was looking for. Since the Framework is based on the “Howey” decision and all subsequent court decisions, which are really fact-intensive, I am not sure if the SEC would be able to do anything else. Others will probably disagree with me, but I have thought that the Framework actually makes things more ambiguous. Let’s say that a developer got funded by a venture capital fund to build a platform, which goes live and functions as planned. The developer issues tokens, with which buyers can access the services provided by the platform. In issuing tokens, the developer says that it will use the proceeds to add functionality to the platform, improve it, and do other things to make the platform better using some of the token sales proceeds. The developer wants to limit the maximum number of tokens to be released. The market is excited about this, and many write blogs suggesting that this token is a must buy, and many people buy them for investment or speculative purposes. One could argue that this token is a security, but wouldn’t a business enterprise want to improve its product or introduce a new one? Should this token be treated as a security because there is a maximum amount to be released by the platform?
If we all step back a little bit, the fundamental issue is whether securities laws developed in an “analog” environment should be modified in a “digital” environment. It’s a policy question at a high level. Personally, I am not in the camp which argues that the rules need to be relaxed solely or even primarily in order to keep the blockchain industry in the U.S. That is one of many policy arguments—we do need to consider other policy goals like investor protection, the stability of the financial system and the integrity of the financial and other markets. But it is necessary for all participants to engage one another in a broad policy discussion.
7. SEC staff also have issued statements on custody of digital assets. What are some of the issues that blockchain firms and/or regulators still need to address regarding custody of digital assets?
Custody raises a number of complicated issues in part because of the current custody technology. Safe custody is all about safeguarding private keys. The best way is to have the private key related to an address which holds custodied assets of customers absolutely isolated from the world. It is more than cold storage in an off-line environment; it is better if no human being has access to it or knows what it is at all. So, the first question is how to demonstrate that the private key stored in an off-line device is indeed related to the particular address. Another question is how the custodian demonstrates to the world that the key stored in that device has been and is the only key that exists in the world. In other words, how can one demonstrate that the same key information (which is a string of alpha numerical digits) is not stored at a place not under the sole and exclusive control of the custodian? It’s proving the negative. Some technologies may prove it, but I don’t think they have been audited and certified. I am not sure if there is an ISO standard for blockchain related technology.
8. Several U.S. states have enacted digital token laws (e.g., Wyoming and Colorado). How do federal and state laws on blockchain either work together or conflict?
I have not really studied many state laws other than New York (for obvious reasons) and Wyoming. I have looked at Wyoming laws and rules and discussed them with some in the legislature and the banking department. It has been a great experience for me, and I hope that those in Wyoming I worked with feel the same. They spent a fair amount of time and resources to draft statutes and rules in a reasonably balanced manner. I don’t really see a conflict in the sense that Wyoming laws and rules are inconsistent with federal laws and rules, but if there are some and those are to be pre-empted by federal laws, then federal laws will of course apply in the inter-state context. I do believe that more states should be active in this area; the federal regulatory system would be better with better state systems. The two systems should not be mutually exclusive.
9. The U.S. is not the only would-be regulator of blockchain activities. What are some of the international issues affecting the development of blockchain solutions? Have there been any significant legislative or regulatory developments regarding blockchain outside the U.S.?
Based on my colleagues in our non-US offices, many countries have been implementing the adoption or modification of rules for blockchain. Of course, with more rules coming in all countries, it is getting pretty complicated to implement a platform or use technology in a business on a global basis. (Blockchain is meant to transcend geographic borders.) There are actually a number of good reports and studies coming out of the UK and the EU, which I suggest everybody in the industry read.
10. What do you expect could be the biggest developments for blockchain during the remainder of this year and into 2020?
Well, I wish I knew. But clearly Facebook’s Libra has forced many mainstream folks to seriously think about technology itself, use cases and regulation. These are all positive developments. I will not comment on whether Libra will go live next year. Because of Libra, more national central banks seem to be looking into central bank digital currencies. CBDC is a fascinating topic, and I am trying to read every study and paper on this topic.