Luxembourg Financial Services Regulator CSSF publishes white paper on Distributed Ledger Technology – Securities DLT Financial Instruments Luxembourg Stock Exchange Official List – European Digital Finance Strategy Update | K&L Gates LLP
In the context of increased interest in digital financial services technologies, the Luxembourg regulator of the financial sector (the CSSF) recently published a white paper entitled “Distributed Ledger Technologies & Blockchain – Technological Risks and Recommendations for the Financial Sector” (the DLT paper).1 The DLT Paper is a continuation of the CSSF’s approach aimed at fostering financial innovation while remaining technologically neutral and aims to initiate an open dialogue with market players.
The DLT document, declared non-binding, aims to guide professionals in their due diligence process related to the use of distributed ledger technologies (DLT), with particular emphasis on the risks associated with DLT.
1. DLT DEFINITIONS
Under Luxembourg law, there is currently no specific definition of DLT. The Luxembourg law of March 1, 2019, amending the Luxembourg law of August 1, 2001 on the circulation of securities (la 2001 Act), simply refers to “secure electronic record devices, including distributed electronic registers or databases”.2 In contrast, the European Commission’s draft pilot scheme for DLT-based market infrastructures3 (discussed in more detail below) defines DLT as “a class of technologies that support distributed storage of encrypted data”. The CSSF recognizes that the development of a definition of DLT is a moving objective due to the many developments surrounding it. Based on this, the DLT document proposes key common characteristics and main types of DLT.
2. MAIN COMMON CHARACTERISTICS OF DLT
In the DLT Paper, the CSSF identifies two key elements that distinguish DLT from distributed databases, which in turn have been known for decades and play a key role in the rise of cloud computing and website virtualization which use distributed databases with multiple clusters of geographically distant nodes. .
2.1 Use of the consensus mechanism through the network of nodes
In a DLT environment, nodes must reach a consensus among themselves to validate new data inputs by following a set of predefined rules. The consensus mechanism, determining whether a new transaction on the DLT is legitimate or not, is specified in the algorithm that defines the distributed ledger. The consensus mechanism prevents the network from being hacked or misused and helps build trust and security in a decentralized computer network.
2.2 Guarantee immutability, non-repudiation and authorization
Using DLT ensures that a transaction is immutable (i.e. once a transaction is committed by the nodes and added to the DLT, it cannot be changed or amended retroactively without consensus participants according to the relevant method used). A transaction or message accepted in the DLT is deemed authentic and shared with everyone (i.e. participants in the DLT cannot deny that authenticity or claim not to have received that transaction or message). The authorization function is implemented through the use of public and private key pairs during the validation process.
3. TYPES OF DLTs
Without seeking to promote any particular technology, the CSSF distinguishes between different types of distributed ledgers according to (i) their access rights characteristics (i.e. public or private distributed ledgers, restricted or unrestricted) , (ii) their validation rights characteristics (which i.e. distributed ledgers with or without permission or node types with increasing validation capacity), and (iii) the consensus methods used.
4. IDENTIFY THE RIGHT TYPE OF DLT FOR A PROJECT
The CSSF uses various examples to illustrate the potential use of DLTs by financial market participants. These use cases include:
- Operation of an anti-money laundering/know your customer data management system to avoid duplication of data collection and verification efforts;
- The fast, automatic and secure processing of payments and the transfer of funds and other crypto-assets (such as stablecoins denominated in fiat currency), without using intermediaries such as clearing and settlement systems and correspondent banks; and
- A DLT-based distribution platform enabling the tokenization of shares or shares of investment funds, to which investors can subscribe and redeem these shares or shares via a web or mobile application.
5. RISK CONSIDERATIONS
The CSSF uses a large part of the DLT Paper to develop, in the form of questions and answers, the risks it considers to be associated with the use of the DLT and which financial market participants should take into account when considering using the DLT. These risks revolve around:
- Governance aspects (relating to a supervised entity’s DLT strategy, how changes at the DLT level can potentially impact business continuity and validity, and legal and contractual matters);
- DLT-specific technical risks (related to distributed ledger design, node management, smart contracts, and key management); and
- Traditional information and communication technology risks (related to governance (such as outsourcing and concentration risks), continuity and resilience measures, and security and cybersecurity risks).
6. DLT FINANCIAL INSTRUMENTS ON SECURITIES OFFICIALLY LISTED ON THE LUXEMBOURG STOCK EXCHANGE
Almost simultaneously with the publication of the DLT Paper, the Luxembourg Stock Exchange (LuxSE) announced that it would allow “DLT financial instruments”4 be listed on its official list of securities (GROUND)5 and that it admitted three security tokens governed by French law and natively issued on the Ethereum and Tezos public blockchains, respectively, by subsidiaries of Societe Generale on January 31, 2022. Registration on the SOL gives DLT financial instruments increased visibility and their issuers the opportunity to communicate an indicative price and data relating to these instruments to their investors. Registration on the SOL does not, however, qualify DLT Financial Instruments for admission to trading on either of the two LuxSE markets.
To be registered on the SOL, a DLT Financial Instrument must meet the requirements of the LuxSE guidelines for the registration of DLT Financial Instruments on the SOL (the LuxSE Guidelines).6 In particular, the DLT Financial Instruments must consist, for the time being, of debt securities within the meaning of points (II) and (III)seven of the definition of “Securities” in section 2 of the LuxSE Rulebook SOL that meet the following criteria:8
- Debt Securities offered exclusively to Qualified Investors (as defined in the Prospectus Regulations) or issued in a denomination per unit of at least EUR 100,000;
- Debt securities whose issuers have previously issued securities on the capital markets or issued by candidates with proven experience in capital market operations; and
- Debt instruments priced in fiat currency.
LuxSE requires certain information about the DLT Financial Instrument to be provided via an information notice, covering, among other things, (i) a contingency procedure in the event of default of the DLT; (ii) the payment process, if that process contemplates the transfer of Settlement Tokens;9 and (iii) environmental considerations for the DLT used.
7. FAVORABLE LUXEMBOURG LEGAL FRAMEWORK FOR DLT FOR THE ISSUE AND CUSTODY OF SECURITIES
The DLT Paper is part of the already existing Luxembourg legal framework concerning the issuance and custody of securities using DLT technology:
- The 2001 law was amended by the law of March 1, 2019 to provide for (i) the maintenance of securities accounts and (ii) the transfer of securities by credit and debit of securities within or through transfer mechanisms. secure electronic records, including registers or databases;
- The Luxembourg law of April 6, 2013 on dematerialized securities has been amended by the law of January 22, 2021 to provide for the issuance of dematerialized securities on a securities issue account which may be maintained, and registrations of securities may be made , in or through secure electronic record-keeping mechanisms, including distributed electronic registers or databases; and
- In March 2020, the Virtual Asset Service Provider function (VASP) was introduced in the Luxembourg law of 12 November 2004 on the fight against money laundering and the financing of terrorism, as amended (the 2004 Act).ten
8. DLT IN THE EUROPEAN CONTEXT 11
In a wider (European) context, as part of the European Commission’s digital finance strategy,12 It is important to note two ongoing initiatives that were launched in September 2020:
8.1 Crypto-asset regulatory markets (the MiCA regulations)
The draft MiCA regulation13 aims to create a harmonized framework within the European Union (EU) for issuing, applying and providing services in crypto-assets. This is the first legislation of its kind within the EU and aims to effectively deal with crypto-assets that are currently not covered by the EU regulatory perimeter.
8.2 Pilot scheme for market infrastructures based on the DLT (the DLT Pilot Plan)
The proposed DLT pilot scheme14 aims to enable market participants to operate a DLT market infrastructure (either a DLT multilateral trading system or a DLT securities settlement system) by establishing clear and uniform operational requirements for the use of DLT in a configuration decentralized rather than through a centralized structure, as is currently the case. The overall objective is to remove regulatory barriers to the issuance, trading and post-trade of financial instruments in crypto-assets and for regulators to gain experience on the application of DLT in market infrastructure. This, in turn, could lead to efficiencies in commercial and post-trade areas and lower costs to the benefit of investors.
To date, the draft DLT pilot scheme is at a more advanced stage than the draft MiCA regulation, since the European Parliament has voted on amendments (published on August 5, 2021)15 to the initial DLT pilot scheme proposal. The European Parliament proposes to include in the scope of the DLT pilot scheme all financial instruments listed in section C of Annex I of MiFID16 with the exception of certificates of deposit which are issued, registered, transferred and stored using a DLT. In the initial draft of the European Commission, the scope of the DLT Pilot Regime was notably limited to securities equivalent to shares and bonds issued, registered, transferred and stored by means of a DLT.