On August 26, 2019, the Swiss Financial Market Supervisory Authority (FINMA) granted a bank and securities dealer licence to both Sygnum of Zurich and Seba Crypto of Zug (a partner of bank Julius Baer). Supposedly a world first. But what is the status quo of blockchain technology? Can money laundering legislation and “Know Your Customer” regulations be complied with?

This week I had the privilege of meeting with a group of financial experts from Credit Suisse, and giving a lecture on blockchain technology. In the personal conversations with the participants afterward, we discussed interesting details about many things, including blockchain banking. This is the fourth contribution in our blockchain series and builds on our introduction. In this blog entry I present some of the content on distributed ledger technology from the August 27, 2019 presentation.

This entry also explains the differences between various blockchains that are used today. We also comment on the claim in the NZZ that Switzerland’s crypto financial centre is now a fact.

How does blockchain work?

Blockchain is a decentralised database, which is also called Distributed Ledger Technology or DLT. DLT allows the transparent documentation of transactions. Instead of a single ledger at a single location, there are many equal ledgers at different locations. These copies of the ledger are kept consistent in an automated consensus process, ensuring that they are identical copies.

As soon as a data transaction takes place between a sender and a recipient, the validity of this change is first compared with the other computers in the network. If the change is valid, the transaction is packed into a new block and attached to the last block, that is, the last transaction.

Each transaction is a data record that also has a hash value, i.e. a unique digital fingerprint. The hash value of the previous record is also saved with the next record, thereby creating a chain of blocks.

Thanks to the hash value, subsequent changes to the data are impossible. If changes are made with brute force, the integrity of the entire system is damaged. This is then documented and can be seen and understood by every user in the blockchain.

Blockchain ist neuer: Doch zentrale Elemente wie Distributed Computing (seit 1960 und 1970 das Ethernet) sowie asymmetrische Kryptografie (1974 Merkle's Puzzle und 1977 Rivest, Shamir & Adelman) gibt es schon eine Weile.
Blockchain is newer, but central elements such as Distributed Computing (since 1960, and Ethernet since 1970), and asymmetrical cryptography (Merkle’s Puzzle of 1974, and Rivest, Shamir & Adelman in 1977) have been around quite a while.

Public or private blockchain: What are the similarities?

Public and private blockchains have many things in common, such as:

  • Both are distributed peer-to-peer networks where each subscriber maintains a copy of a shared attach-only ledger of digitally signed transactions.
  • Both keep the replicas of the transactions synchronous via a protocol called consensus. This means that each participant in the blockchain has the same transactions or the same copy of a ledger on its server.
  • Both offer certain guarantees for the immutability of the ledger. An example is the consensus protocol, which helps to verify transactions.

A blockchain is called private or semi-private if the consensus process can only be completed by a limited and predefined number of participants. Write access is granted by a company and read access can be public or restricted. Of course, there are other important factors that are explained below.

Public blockchain

A public blockchain allows everyone to participate in the open ecosystem. The prerequisite is that one use the network’s protocol. The peer-to-peer (P2P) transactions take place in the decentralised network, so no middleman is necessary.

The underlying blockchain protocol provides an operating system that allows a group of people who do not know or trust each other to organise themselves around specific goals. Using a public blockchain that sells Bitcoin, Litcoin or Zcash, for example, one can purchase a product and pay for it using these cryptographic currencies without knowing the true identity of the supplier or customer.

Advantages are increased security. However, this comes at the expense of the speed of transactions and consumes a lot of energy (also called overhead). The Bitcoin protocol is open source, i.e. anyone can take the protocol, share it (change the code) and start their own version of P2P money.

Bitcoin money laundering and “Know your Customer” regulations

On August 26, 2019, the Swiss Financial Market Supervisory Authority (FINMA) granted a banking licence to two blockchain service providers, a first. Seba and Sygnum do not act as a stock exchange, but as counterparties for their clients’ transactions in cryptocurrencies. But this could be a back door for dirty money. Bitcoin’s trading, for example, is conducted on a public blockchain. As a result, neither Seba nor Sygnum know the sellers that participate in the blockchain and from whom the companies purchase Bitcoin. Even if they buy them from someone they may know, the latter may originally have purchased Bitcoin or tokens from someone involved in a money laundering scheme.

That is, if Seba or Sygnum buy cryptocurrencies like Bitcoin on a public blockchain to offer them to their customers, how are they able to meet the anti-money laundering and “Know Your Customer” regulations? FINMA writes:

Institutions supervised by FINMA are only permitted to send cryptocurrencies or other tokens to external wallets belonging to their own customers whose identity has already been verified and are only allowed to receive cryptocurrencies or tokens from such customers. FINMA-supervised institutions are thus not permitted to receive tokens from customers of other institutions or to send tokens to such customers. This practice applies as long as information about the sender and recipient cannot be transmitted reliably in the respective payment system. Unlike the FATF standard, this established practice applies in Switzerland without the exception for unregulated wallets and is therefore one of the most stringent in the world.

FINMA guidance: stringent approach to combating money laundering on the blockchain (2018-08-26).

The following two issues seem unclear:

  • Where do the tokens these two banking institutions must acquire in order to offer them to their clients come from? If the tokens come from a blockchain like Bitcoin’s, we must ask how it is possible to follow the money laundering laws.
  • If the original tokens are from clients with whom the bank has business, where did those clients get the bitcoin (or whatever the cryptocurrency might be called)? If the tokens come from a public blockchain like Bitcoin uses, the question becomes, what do we know about the other side? Nothing, since the seller and buyer are both anonymous.

FINMA also took the opportunity to trumpet the robustness of its anti-money laundering procedures. Nevertheless, its published documents (see above) do not reveal how the questions above are being addressed in its regulations. The same discussion is currently taking place in London. Here, Visa partners with Coinbase to offer a credit card that allows you to make a purchase anywhere the card is accepted. The customer pays his monthly credit card bill with the help of the cryptocurrencies held in the Coinbase depot. Here, too, there are still doubts as to the extent to which Coinbase and Visa can comply with money laundering laws or “Know your Customer” regulations. Stay tuned.

Jeder Nutzer verschlüsselt seine Nachricht mit dem öffentlichen Schlüssel des Empfängers. Nur dieser kann die Nachricht lesen, indem er seinen privaten Schlüssel für die Entschlüsselung nutzt. Diesen privaten Schlüssel teil er mit niemandem, er bleibt geheim.
Each user encrypts their message with the recipient’s public key. Only the recipient can read the message by using their own private key for decryption. A user does not share this private key with anyone, it remains a secret.

Private blockchain

This is available to a specific group with central responsibilities, such as within a company with subsidiaries and international branches. The person responsible takes charge of maintaining the blockchain. The company determines, for example, who may carry out which actions and who has access to certain data on the blockchain.

Here consensus is reached through the coordination of the central responsible parties, who may grant or withdraw mining rights to users within the network. This makes the private blockchain more centralised but still cryptographically secure.

The company retains control over the inspection of internal company activities. In the case of a public blockchain, the competition would theoretically also have insight into the private business of the company.

Semi-private blockchain

Semi-private blockchain applications are run by a single enterprise. The company gives access to any user who qualifies. Typically, this application is aimed at business-to-business (B2B) users.

Examples include when a brand or company opens the blockchain to its suppliers or outsourcers, as well as distributors. This allows the exact tracking of a component for a machine, elevator, or drug from manufacture to sale. Maintenance work can also be integrated, i.e. if a technician replaces a spare part, this information can also be entered into the blockchain.

Consortium / federated blockchain

For example, a consortium or federated blockchain often brings together banks that want to provide an important service more quickly and accurately. For example, JPMorgan Chase plans to extend an existing blockchain project with processing functions. The blockchain-based Interbank Information Network (IIN) was established in 2017 in partnership with the Australian ANZ Bank and the Royal Bank of Canada. It allows the banks to quickly address payments that contain errors or get held up for compliance reasons. This can sometimes take weeks if several banks are involved along the entire payment chain.

Approximately 5 to 20% of payments fail due to errors or compliance problems, according to JPMorgan Chase’s experts. New blockchain features should therefore be available to the 220 bank members by the end of September 2019.

A consensus mechanism is used for a consortium blockchain and the Interbank Information Network. For example, a code states that a transaction, block or decision within the network may only be considered true if it is confirmed by more than a specified number of participating institutions. This helps the consortium to reach a consensus. This means that you do not have to wait for an individual decision as one does in the private blockchain. Since we need a defined majority decision in the federated blockchain, fraudulent activities by individual participants are prevented.

What is your opinion?

Blockchain is a decentralised accounting system. The blockchain has various components (blocks) that are connected to form a chain. At present, development is proceeding at a rapid pace. Blockchains are a niche product that are especially suitable for securing and optimising supply chains in the B2B sector.

Of course, cryptocurrencies can be packaged in traditional financial products. But crypto assets are not an alternative to serious banking. Even the two bank licenses to Swiss blockchain service providers change little. No, this is not a surge of electricity for the financial centre, even if the NZZ may claim so. Whether speculative cryptocurrencies such as Bitcoin or Coinbase can hold their own with reputable investors in the long run is a matter of the stars. However, blockchain technologies can help make financial services more efficient and effective. The IIN is excellent proof of this.

Of course, what interests us, is your opinion. Please leave it as a comment at the bottom of the article!

  1. Do you know examples of successful blockchains that help accelerate transaction processes (see JPMorgan Chase above) or supply chains, or to minimise errors?
  2. Have you ever entered data into a blockchain? What are your experiences in terms of usability, user-friendliness, etc.?
  3. What is your experience with cryptocurrencies? As a means of payment or instrument for speculation?

Thanks to Oliver Christen, Claude Lüthi and Josef (Sepp) Zellweger for organising the event. More about Credit Suisse.

This post is also available in: German