On Settlement Finality and Distributed Ledger Technology, by Nancy Liao
In their opening remarks at the March 3, 2017 roundtable, Carolyn Wilkins of the Bank of Canada and Andrew Hauser of the Bank of England described the efforts undertaken by their organizations to understand the capabilities and limitations of distributed ledger technology. Both central banks examined the potential use of distributed ledger technology in large-value payment systems (e.g., systems that serve a similar function as Fedwire in the United States). Both concluded that such technology is currently not sufficiently mature to be deployed in large-value payment systems. See also The Bank of England, A blueprint for a new RTGS service for the United Kingdom, May 2017 and Carolyn Wilkins and Gerry Gaetz, Could DLT underpin an entire wholesale payment system?, Globe and Mail, May 25, 2017.
Nestled between various performance concerns (e.g., scalability, security, sustainability), there was legal uncertainty. Specifically, there was uncertainty over whether distributed ledger technology would be able to satisfy the international standard for settlement finality.
This post seeks to explain the concept of settlement finality, why settlement finality is important to financial market infrastructure and to regulated financial institutions, and whether distributed ledger technology may fit within the existing regulatory regime. In particular, the post presents the main argument why distributed ledger technology may not be able to achieve settlement finality, and then addresses whether this contention is accurate, in the context of both permissioned and permissionless ledgers.
What is settlement finality?
Settlement finality is a statutory, regulatory, and contractual construct. In general, it refers to the moment in time when one party is deemed to have discharged an obligation or to have transferred an asset or financial instrument to another party, and such discharge or transfer becomes unconditional and irrevocable despite the insolvency or entrance into bankruptcy of either party. See Principles for Financial Market Infrastructures, Principle 8 (Settlement Finality). The specific criteria for settlement finality differ by jurisdiction, asset class (e.g., currency or securities), modes of payment or transfer (e.g., checks or wire), and type of participant (e.g., banks or non-banks).
Large-value payment systems are supervised or regulated, and have generally been deemed systemic. They are subject to international standards known as Principles for Financial Market Infrastructures, as such standards have been adopted into applicable domestic law. Acknowledging the importance of settlement finality, the Principles state: “An FMI [financial market infrastructure] should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide final settlement intraday or in real time.” Principles for Financial Market Infrastructures, Principle 8 (Settlement Finality). The large-value payment systems of many jurisdictions, including those of the United Kingdom and the United States, provide for real-time final settlement.
Settlement finality is not the same as operational settlement. Operational settlement refers to the moment when an entity can be said to have taken all operational actions needed to complete the payment or transfer. The relevant statutory, regulatory, and contractual framework then determines when the payment or transfer resulting from operational actions becomes effective, i.e., when operational settlement becomes legal settlement. Further, the relevant insolvency framework establishes whether such payment or transfer could be voided or reversed, should either party to the payment or transfer becomes insolvent or enters into bankruptcy. In other words, the relevant insolvency framework determines whether legal settlement can be characterized as final.
The following example illustrates the difference between settlement finality and operational settlement:
- Assume that (i) Bank A wants to make a payment to Bank B; (ii) Banks A and B have accounts at Bank C; and (iii) Banks A, B, and C are U.S. banks for purposes of the Uniform Commercial Code (“U.C.C.”).
- Bank A will issue a payment order to Bank C. Bank C will accept the payment order from Bank A. At this point in time, Bank A has an obligation to pay Bank C, and Bank C has an obligation to pay Bank B.
- Assume that Bank A, before it issued the payment order to Bank C, had ensured that its account with Bank C has sufficient credit to cover the full amount of the payment order. Bank A authorizes no further withdrawals from its account with Bank C.
- In this scenario, Bank A operationally settles its obligation to pay Bank C at the time it issues the payment order to Bank C. Legally, however, Bank A is deemed to have discharged its obligation to pay Bank C at the earlier of (i) the moment Bank C withdraws the applicable credit from the account of Bank A or (ii) midnight of the day on which Bank C first has the ability to withdraw the applicable credit from the account of Bank A, provided that Bank C learns of this ability. U.C.C. Section 4A-403(a). Therefore, Bank A may operationally settle with Bank C before its obligation to Bank C is legally discharged.
- Similarly, Bank C does not achieve settlement finality the moment it credits the account of Bank B. Rather, Bank C discharges its obligation to pay Bank B after it credits the account of Bank B, when (i) it notifies Bank B of its right to withdraw the credit, (ii) it “lawfully applies” the credit to a debt of Bank B, or (iii) it otherwise makes funds with respect to the payment order available to Bank B. U.C.C. Section 4A-405(a). Again, Bank C may achieve settlement finality with respect to its obligation to pay Bank B later than it operationally settles the same obligation.
Additionally, settlement finality is not the same as payment finality (also known as “receiver finality”). In the example above, Bank A wants to pay Bank B. Bank A is the payment originator, Bank B is the payment beneficiary, and Bank C is the payment conduit. Bank A is deemed to have discharged any obligation it had to pay Bank B at the time that Bank C accepts the payment order. U.C.C. Section 4A-406(a).
Why is settlement finality important?
From a systemic perspective, it is easy to see why it is important for large-value payment systems to demonstrate that their operational processes are recognized by applicable jurisdictions as resulting in settlement finality. For example, assume that Bank A wires money to Bank B via a large-value payment system at 9:00 am on Day T. Bank B then takes the money that it receives from Bank A, and wires that money to Bank C at 10:00 am on Day T. At 12:00 pm on Day T, Bank A enters into bankruptcy proceedings in a jurisdiction with a “zero-hour rule.” A “zero-hour rule” is a “provision in the insolvency law of some countries whereby the transactions conducted by an insolvent institution after midnight on the date the institution is declared insolvent are automatically ineffective by operation of law.” See Principles for Financial Market Infrastructures, Annex H (Glossary). The “zero-hour rule” voids the wire that Bank A made to Bank B at 9:00 am, leaving Bank B with an unanticipated exposure for the full value of the wire. One can imagine the magnitude of disruption that may be caused by this exposure if, say, Banks A and B were revealed to be Citibank and JPMorgan respectively, and the wire were revealed to have been for a large amount of money.
How does the regulation of large-value payment systems, as well as of bank participants in those systems, affect the desirability of using distributed ledger technology?
The Principles for Financial Market Infrastructures explicitly recognize the legal nature of settlement finality, stating that: “Final settlement (or settlement finality) is a legally defined moment.” Principles for Financial Market Infrastructures, footnote 86. Given the legal nature of settlement finality, the Principles anticipate that cross-border settlements may be particularly problematic, and thus state: “Because of the complexity of legal frameworks and system rules, particularly in the context of cross-border settlement where legal frameworks are not harmonised, a well-reasoned legal opinion is generally necessary to establish the point at which finality takes place.” Principles for Financial Market Infrastructures, Section 3.8.4.
Accordingly, large-value payment systems have strong disincentives to adopt distributed ledger technology or any other technology that may enhance efficiency, unless they, and their supervisors or regulators, are reasonably certain that the payments or transfers resulting from this technology will be deemed to have achieved settlement finality under relevant statutes, regulations, or contractual frameworks. Moreover, if distributed ledger technology takes longer than real-time to achieve settlement finality, then certain large-value payment systems, and their supervisors or regulators, would consider that technology to be less efficient than what they currently use. In that case, large-value payment systems, and their supervisors and regulators, would need to understand and weigh any offsetting benefits that distributed ledger technology could bring (e.g., decrease in participant reconciliation costs; expansion of system users to qualified non-banking entities) against the potential loss of efficiency.
Of course, large-value payment systems are centralized structures, and one of the key attractions of distributed ledger technology is that it may enable secure, large-value payments between participants in a decentralized structure. As discussed below, it is likely that such decentralized structures will continue to be supervised or regulated, to be deemed systemic, and to be subject to the Principles for Financial Market Infrastructures, as adopted into applicable domestic law. However, independent of any supervision or regulation that may be imposed on such decentralized structures, if participants in those structures are banks, then they may have their own incentives to care about settlement finality, given supervisory expectations. For example, the Basel Committee on Banking Supervision issued supervisory guidance on the management of foreign exchange settlement risks. Guideline 6 (Legal Risk) states: “A bank should ensure that agreements and contracts are legally enforceable for each aspect of its activities in all relevant jurisdictions.” One of the Key Considerations interpreting Guideline 6 (Legal Risk) states: “A bank should identify when settlement finality occurs so that it understands when key financial risks are irrevocably and unconditionally transferred as a matter of law.” Note 3.6.5, which elaborates on the Key Consideration, states: “A bank needs to know with a high degree of certainty when settlement finality occurs as a matter of law and plan for actions that may be necessary if settlement finality is not achieved as a matter of law” (emphasis mine). Guideline 7 (Capital for FX Transactions) hints at what such a “plan” may entail: “When analysing capital needs, a bank should consider all FX settlement-related risks, including principal risk and replacement cost risk. A bank should ensure that sufficient capital is held against these potential exposures, as appropriate.” By issuing SR Letter 13-24, the Federal Reserve System extended this supervisory guidance to banking organizations under its supervision, with the exception of community and regional banking organizations (i.e., less than $50 billion in total consolidated assets) that do not engage in significant foreign exchange activities.
One can further imagine a distributed ledger that serves as a payment system for non-banking organizations, which nonetheless processes payments of significant magnitude. As Carolyn Wilkins of the Bank of Canada stated at the roundtable, evaluating these arrangements, if and when they come into being, will entail a careful consideration of benefits and risks, not unlike the exercise that supervisors and regulators are undertaking with respect to shadow banking. Currently, in the United States, it is not inconceivable that this type of payment system could be categorized as a financial market utility, and may therefore be designated by the Financial Stability Oversight Council as systemically important if, among other things, its failure or a disruption could “create, or increase, the risk of significant liquidity or credit problems spreading among financial institutions or markets, and thereby threaten the stability of the U.S. financial system.” Title VIII of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. I leave it to others to consider how this designation would work if the payment system does not have a separate corporate identity other than its participants, and its participants are located in different jurisdictions.
Why might distributed ledger technologies fail to achieve settlement finality?
Certain distributed ledgers may rely on consensus processes, where participants must “agree” on the next set of transactions to be added to the ledger, as well as the state of the ledger if those transactions were added. “Agreement” is defined differently across distributed ledgers, but a common formulation requires a percentage (e.g., supra-majority) of all or a specific category of participants to calculate the same outcomes with respect to transactional sets and ledger states. Distributed ledgers relying on consensus processes may be permissioned (i.e., the ledger restricts access to approved participants) or permissionless (i.e., anyone with the requisite computing power may join the ledger; participants often operate on a pseudonymous basis). Through the consensus process, participants in the latter may have the ability to revise transactions that had been previously added to the ledger. This ability has led settlement in those systems to be described as “probabilistic,” because there may never be a point at which transactions are entirely safe from revocation.
As noted above, settlement finality is generally defined in reference to a point in time. Consensus, in contrast, is reached over a period of time. As the Bank for International Settlements, Committee on Payments and Market Infrastructures observed, operationally, “[i]n some DLT arrangements, it can take some time to update and synchronise state changes to a ledger. The first instance of an update, for example, may not represent operational settlement because it may take time for consensus to be achieved across the nodes in the synchronization of ledgers.” With respect to how these operational settlement arrangements may challenge current statutory, regulatory, and contractual constructs of settlement finality, the Committee states: “In traditional systems, settlement finality is a clear and well-defined point in time, backed by strong legal basis. For DLT arrangements, settlement finality may not be as clear. In arrangements that rely on a consensus algorithm to effect settlement finality, there may not necessarily be a single point of settlement finality. Further, the applicable legal framework may not expressly support finality in such cases.” With respect to permissionless ledgers, certain industry members
have taken a stronger position than that expressed by the Committee, stating: “Because of how the mining process works – miners can reorganize history (and have) – a public blockchain by design cannot definitely guarantee settlement finality.”
Do current operational settlement processes used by distributed ledgers preclude settlement finality?
Determinations of settlement finality are jurisdiction- and fact-specific. As such, it is likely not the case that distributed ledgers using consensus processes will be deemed to fail settlement finality criteria across all jurisdictions. The fact that operational settlement via consensus may take place over a period of time does not preclude distributed ledger participants from identifying a single point in time as when the payment or transfer from one party to another becomes legally effective. For example, if a supra-majority of certain participants must agree to update transactional sets and ledger states, then the single point of time when the payment or transfer will be deemed legally effective can be whenever the last participant needed to constitute the supra-majority broadcasts its agreement to all other participants. More conservatively, the single point of time can be defined as whenever a number of subsequent confirmations is received (e.g., settlement of Block T will be deemed final at Block T+6), provided that the number is sufficiently large that revisions would be difficult and exceedingly unlikely. To bolster the argument that payments or transfers are legally effective, participants can agree on processes and procedures to govern the ledger, including revisions to the ledger. Such processes and procedures can be evidenced in writing (e.g., via a rulebook) and can be embedded in the code of the distributed ledger.
Of course, these agreements between participants are easier to effectuate on a permissioned ledger. In fact, if participants on a permissioned ledger were limited to bank entities and if transfers or payments were limited to fiat currencies, there is an argument that commercial law frameworks in certain jurisdictions already recognize the right of such participants to define the point of settlement finality as between themselves and with respect to third parties. See March 2016 ABA Business Law Today article by Jessie Cheng and Benjamin Geva.
As both the Bank of England and the Bank of Canada indicated, if distributed ledger technology were ever to form the core of large-value payment systems, that technology would be deployed in a permissioned manner. As the core of the large-value payment system, distributed ledger technology would be used to settle payments in fiat currency. The large-value payment system would likely continue to be supervised or regulated, to be deemed systemic, and to be subject to the Principles for Financial Market Infrastructures, as adopted into applicable domestic law. The large-value payment system may be centralized, effectively eliminating the consensus process, and thus the main reason articulated for why distributed ledger technology may fail to achieve settlement finality. Even if the large-value payment system were to maintain a degree of decentralization, the Principles would continue to require that the system have governance structures and risk-management frameworks. See Principles for Financial Market Infrastructures, Principles 2 (Governance) and 3 (Framework for the comprehensive management of risks). The Principles would further continue to require that system participants work through the governance structure to promulgate “rules and procedures” that “clearly define the point at which settlement is final.” Principles for Financial Market Infrastructures, Principle 8 (Settlement Finality). Currently, jurisdictions such as the European Union have legislation that protects the validity of settlement, as defined by the large-value payment system, even in the instance of the insolvency or entry into bankruptcy of a participant. In the United States, large-value transfer systems restrict membership to banking entities, and the insolvency regimes applicable to such entities do not contain any “zero-hour rules” that would void payments that were deemed to be settled by the system. In sum, if the large-value payment system continues (i) to be systemic and supervised or regulated, (ii) to transact in fiat currencies, and (iii) to have governance structures and risk management systems in accordance with international standards, then it is unclear exactly how adoption of distributed ledger technology would cause settlement finality to be questioned where it is not today.
In the payments context, further complications arise when participants use a distributed ledger to transfer things that are not fiat currency. This statement applies equally to permissioned and permissionless ledgers. For example, the Bank of Canada conducted a distributed ledger experiment known as Project Jasper. As Carolyn Wilkins of the Bank of Canada described, Project Jasper is “a joint initiative between Payments Canada, the Bank of Canada, major Canadian banks and R3” and is essentially “a simulated wholesale payment system using a DLT-based settlement asset (dubbed ‘CADcoin’ or ‘settlement coin’).” CADcoin is not the digital version of Canadian dollars. Rather, according to R3, CADcoin is a token that represents “claims on the central bank money deposited in a segregated account at the Bank of Canada.” R3 then analogized CADcoin to a deposit receipt, and further explained its ownership features as similar to that of a gold certificate or a bearer bond. One can imagine that the legal frameworks governing tokens such as CADcoin are not the same as those governing fiat currencies, and that the transferability characteristics of the former are not the same as the latter. Therefore, participants in a distributed ledger may find it more challenging to achieve settlement finality with respect to transfers of tokens in comparison to fiat payments. However, the challenge arises not because of the consensus process or “probabilistic” settlement, but rather from what the token is considered to be under existing commercial law.
Are there additional issues regarding settlement finality for permissionless ledgers?
Permissionless ledgers may find settlement finality difficult for a number of reasons. First, it may be difficult to determine which laws apply to permissionless ledgers, given the cross-border nature of such ledgers. Second, permissionless ledgers may operate using a virtual currency, which may have features of both money and property. The legal framework governing the issuance and transfer of virtual currency is unclear, and therefore settlement is unclear. Third, permissionless ledgers, by definition, cannot restrict themselves to certain categories of participants (e.g., banks), and therefore participants cannot rely on commercial laws that aid settlement finality (such as, e.g., U.C.C. Article 4A, which only applies to banks). Fourth, permissionless ledgers have not been declared systemic and have not sought supervision and regulation, and they therefore cannot avail themselves of legislation that protects the settlement determinations of designated financial market infrastructure (in, e.g., the European Union).
Despite the above, it does not seem impossible for a permissionless ledger to achieve settlement finality. For example, one could imagine a ledger that requires users to agree to standard terms and conditions that specify (i) choice of law and venue, (ii) the jurisdiction in which transfers or payments are deemed to have taken place, (iii) the jurisdiction in which assets and their tokens are deemed to be held, (iv) the conditions under which an asset or token would be deemed transferred, (v) the exact moment of transfer, and (vi) the discharge of obligations upon transfer, among other things. These terms and conditions would form a contractual basis for settlement finality.
The potential for transactional blocks on permissionless ledgers to be reverted does not, in and of itself, appear to preclude settlement finality. Participants on permissionless ledgers generally care about the integrity of the ledger, even if they prefer to depend on cryptography and decentralization to maintain this integrity, rather than on external, centralized supervision or regulation. For that very reason, participants call scenarios where one entity (or a group of colluding entities) gains computing control of a permissionless network “attacks.” Given that background, let us consider the circumstances under which a reversion may happen. First and most obvious, one or more blocks on the permissionless ledger may be reverted as a result of an attack (whether 51% or otherwise). Attacks, cyber or via other means, are not limited to permissionless ledgers, and being the victim of such an attack does not cause a payment system to fail statutory, regulatory, or contractual criteria for settlement finality. Second, one or more blocks on the permissionless ledger may be reverted in response to, e.g., a hack that results in assets and/or tokens being stolen. This type of reversion only undermines the settlement finality of the theft, and is similar to self-help recovery of stolen assets and/or tokens in circumstances where filing a report with law enforcement is unlikely to be successful. Finally, one or more blocks on the distributed ledger may be reverted to correct an error. Again, errors are not limited to permissionless ledgers, and corrections of such errors do not cause a payment system to fail statutory, regulatory, or contractual criteria for settlement finality.
In sum, there are many reasons why transacting on permissionless ledgers may not be a good choice for regulated financial institutions (e.g., privacy, scalability, latency). It is not obvious, however, that an intrinsic inability to achieve settlement finality is among them.
Nancy Liao is an Associate Research Scholar in Law and the John R. Raben/Sullivan & Cromwell Executive Director of the Yale Law School Center for the Study of Corporate Law.This post is part of an online symposium entitled “Blockchain: The Future of Finance and Capital Markets?” You can read all the posts here.