DLT-based enhancement of crossborder payment efficiency

Dirk Zetzsche, Linn Anker-Sørensen, Maria Lucia Passador and Andreas Wehrli


Financial law and regulation have, to date, assumed that regulated activities and functions are concentrated in a single legal entity responsible and accountable for operations and compliance. Even with regard to financial market infrastructure where the regulatory perspective acknowledges the need for interoperability of many entities as a system, each entity is subject to its own rules and regulations, and can thus meet its own compliance requirements independent of other system participants.

The entity-focused regulatory paradigm is under pressure in the world of DLT-based payment arrangements where some ledgers, and thus the performance of the services as such, are distributed. DLT arrangements could provide an alternative to the traditional reliance on a mutually trusted central entity to transfer funds and enable the creation of new foundational infrastructures by distributing technical functions or linking existing systems.

As such, we identify and outline concepts for use cases where DLT is potentially improving the efficiency of crossborder payments, namely a Best Execution DLT, a DLT application for a Network of Central Banks, a DLT as an AML/KYC utility, as well as DLT arrangements for an Identity Platform, a Small Payments Platform and, finally, an Interoperability Platform connecting multiple closed-loop and proprietary banking systems.

Despite the wide-ranging interest in DLT-based payment systems, research so far has focused on technical concepts and lacked legal details. This paper seeks to fill this gap by providing an initial analysis of the legal challenges related to DLT-based payment systems.

From a legal perspective, the distribution of functions in DLTs comes with new risks created from the joint performance of services and functions as main characteristic of a distributed ledger, and the need for additional agreements, ongoing coordination across, and governance arrangements among the nodes.

Further, in a crossborder context, multiple regulators and courts of various countries (asking for compliance with their own set of rules and regular reporting) will be involved. All of these must decide whether for compliance with any single rule they look at the DLT as a whole (herein called ‘the ledger perspective’) or each individual node (that is each institution participating in the DLT, herein called ‘the node perspective’).

Moreover, financial and private law must provide for risk allocation, liability, responsibility and accountability for all legal obligations related to each function and activity.

This paper examines the extent to which the ledger perspective or the node perspective should prevail against the backdrop of a range of DLT use cases, resulting in policy recommendations for regulators.

In this paper, we propose the adoption of what we call an enabling approach for payment systems: ledger operators must specify in a Plan of Operations subject to regulatory approval to which rights and obligations the ledger perspective applies; in the absence of such a stipulation, rules apply based on the node perspective.

However, for systemic risk controls, AML/CFT, data protection and governance, as well as DLT governance, we propose a reversed default rule in which the ledger perspective prevails in the absence of rules stipulating that the node perspective applies.

Finally, in private law matters, we propose protecting consumers and SME clients through a standardized payment services contract structure, without mandating details.

I. Introduction

Crossborder payments suffer from high costs, low speed, limited access, and insufficient transparency1, and enhanced crossborder payment services would provide widespread benefits for citizens and economies worldwide, supporting economic growth, international trade, global development and financial inclusion2.

Distributed Ledger Technologies (DLT) have been proposed3, critically discussed4 and even tested by some central banks5 and private entities6 as technologies that could increase crossborder payments efficiency and financial inclusion7.

DLT’s conceptual proposition of a distributed and synchronized ledger, shared by various entities, is particularly suited to the creation of a multilateral arrangement for public and private Payment System Providers (PSPs), subject to a set of business and operational rules and agreed technical standards8.

DLT enables a new distributed infrastructure for payments, where participating PSPs, the institutional and technical design, and the distinct rulebook for the network represent its architecture.

DLTs have inspired great expectations, indeed. Some argue that DLT could result in faster (almost real-time) processing, easier reconciliation and greater transparency on fees, while foregoing, for instance, the risk associated with intermediaries in the payment chain9.

DLT could also result in an auditable source of information in terms of digital identity, shared and verified across a network of organizations aiming at KYC compliance, given that DLTs allow for certification of the payors’ and payees’ provenance (due to the immutability of data recorded in the ledger) as well as multi-party aggregation10.

Further, a DLT-reduction of payment costs could enhance financial inclusion and address the issue of pricy remittance transfers11.

Despite the wide-ranging interest in DLT-based payments, the analysis to date has dealt with technical concepts and lacked legal detail12. This paper aims to fill this gap by offering a preliminary analysis of the legal challenges regarding the DLT-based payment systems.

To this end, we understand legal challenges as all issues related to law and regulation, including private and public law, financial supervision as well as the system’s setup, data privacy and data protection.

In fact, to enhance the efficiency of crossborder payments, it is essential to take a look at law and regulation, for at least four reasons.

  • First, law and regulation are part of risk management. Any regulatory approach needs to consider the risks (such as the Herstatt risk13) for both payment institutions and end-users. This is true regardless of whether crossborder payments rest on correspondent banks, a closed-loop payment system, a multilateral platform (such as Target2) or a peer-to-peer payment system14.
  • Second, law and regulation – in association with the work of standard-setting bodies – drive the standardization of terminology, interfaces and parties’ obligations.
  • Third, law and regulation are often a precondition and enabler for crossborder cooperation of regulators.
  • Fourth, the regulation of payment systems is often part of a broader policy agenda. For instance, the immense political investment in a harmonized framework for intra-EU/EEA domestic payments15 is best explained by the goal of supporting the EU’s economic and monetary union.

Often, the regional integration agenda conflicts with (1) the global setup and activities of large financial institutions that function as major correspondent banks or as building blocks of interregional multilateral systems, and/or (2) the approach of globally active closed-loop systems that seek to build a global rather than regional payments platform.

In the legal context, the IMF16 has identified two questions that have yet to be answered:

  • First, to what extent does the use of DLT require new interpretations of existing international standards for payment systems and capital market infrastructure more generally?
  • Second, what are the implications for regulation, supervision, and oversight in a world that is moving toward greater real-time settlement, flatter structures, continuous operations and global reach?

While comprehensive answers are out of reach, we nevertheless provide some early steps to address these questions. Currently, law and regulation of payments are contingent on the assumption that ownership, governance, accountability and responsibility for legal rights and obligations are concentrated in one legal entity.

In turn – applied to a DLT context – the law so far looks at each node separately, establishing the duties and obligations of that node, and in turn, each node can meet its compliance obligations independently and irrespectively of others.

For this viewpoint (referred to as ‘the node perspective’), the perspective of the ledger is derived from the individual rights and obligations of each node and is thus of secondary importance.

Adapting existing payment laws to DLTs – which by definition rely on some degree of distribution of functions – will require, for single each legal, regulatory and contractual right and obligation, a decision as to whether the technical distribution of functions among the ledgers should be acknowledged by law (ie. whether the law shall adopt what we call herein ‘the ledger perspective’).

In this paper, we examine the extent to which the ledger perspective or the node perspective shall prevail against the background of a number of DLT use cases, culminating with policy recommendations for regulators.

The paper is structured as follows:

  • Part II summarizes the current state of research and regulatory reports on the origin and cost drivers of crossborder payments, as well as the potential of DLT to improve crossborder payments in general;
  • Part III describes specific use cases where DLT is potentially enhancing the efficiency of crossborder payments;
  • Part IV deals with the general legal perspective, arguing that the core legal question is whether the ledger or the node perspective prevails; Part V provides policy considerations;
  • and Part VI concludes.

II. DLT as a focal point for more efficient crossborder payments

To provide some context on the potential impact of DLT on payments, we first give an overview of the cost drivers, as well as the benefits and risks of DLT-based (crossborder) payments17.

1. Introducing DLT as an infrastructure

A distributed ledger is “a database that is consensually shared and synchronized across networks, spread across multiple sites, institutions or geographies, allowing transactions to have [multiple private or] public ‘witnesses’.”18

Data sharing results in a sequential database distributed over a network of servers that all work together as a ledger19. Distributed ledgers are characterized by no (or minimal) central administration and no centralized data storage. They are, therefore, ‘distributed’ in the sense that permission to record a given piece of information stems from the software-driven interaction of multiple participants.

Coupled with cryptographic solutions, these features (decentralization and distribution across a computer network) reduce the risk of data manipulation, thus solving the problem of trusting third parties, and specifically data storage service providers20.

The modus operandi of distributed ledgers is best understood by contrasting them with a traditional electronic concentrated ledger administered by a single entity. The latter entails a number of risks.

First, if the hardware where the register is ‘located’ is destroyed, the information contents and the authority to ascertain that they are correct are lost21.

Second, an unfaithful administrator (or disloyal employees, as the case may be) can manipulate the information stored in the register.

Third, a cyber-attack may result in manipulations and data losses22.

Distributed ledgers address these problems by raising the barrier for manipulation. The underlying technology requires the consensus of many data storage points (‘nodes’).

If there are n nodes (instead of one concentrated ledger) and e describes the effort necessary to break into any single server, all other conditions being equal (safety per server etc.), the effort necessary to manipulate all the linked servers will be n x e rather than 1 x e.

The distributed ledgers of today are usually paired with a blockchain protocol23. Blockchain refers to the storage of all data parts as data bundles (the ‘blocks’) in a strict time-related series which links each block, through a time stamp, to the previous and subsequent blocks.

The blockchain renders data corruption even harder, because a successful cyber-attack would require simultaneously corrupting not just one set of data, but multiple data sets (ie. the whole blockchain) as well as the time stamps.

Distributed ledgers have provided fertile ground for the application of another innovation that may solve the problem of trust in human interactions: smart contracts.

While neither smart, nor contracts, they are in fact self-executing software protocols that reflect the terms of an agreement between two parties24. The conditions of the agreement are directly written into lines of code.

Smart contracts permit the execution of transactions between disparate, anonymous parties without the need for an external enforcement mechanism (such as a court, an arbitrator, or a central clearing facility). They render transactions traceable, transparent, and irreversible.

Since processes driven by smart contracts are often saved on distributed ledgers, we refer to these three technologies collectively as ‘distributed ledger technologies’ (‘DLTs’).

Financial law and regulation to date assume that regulated activities and functions are concentrated in a single legal entity that is responsible and accountable for operations and compliance. This regulatory paradigm is under pressure in the world of DLT-based payment systems where some ledgers are distributed

2. DLT as a means to enhance payments efficiency

The Financial Stability Board (FSB) and the Committee on Capital Market Infrastructures (CPMI) identify four impediments to efficient crossborder payments: (1) costs, (2) lack of speed, (3) limited access, and (4) lack of transparency25.

(1) Costs comprise transaction fees, account fees, compliance, FX and liquidity costs and fees along the payment chain, with charges for crossborder payments amounting “up to 20 times those for domestic transactions.”26

Some of these costs are related to legal matters: on the front-end, the know-your-customer and client onboarding rules, and ongoing diligence processes to update clients’ status later add to the costs.

Meanwhile, back-end costs include costs for compliance, AML and regulatory reporting, as well as negotiation and management of interbank service agreements (including charges)27.

Issues increase with countries less often involved in crossborder transactions28 (ie. where fewer correspondent banks (if any) are active and legal matters non-standard and/or unknown).

(2) As for lack of speed29, the main drivers include a lack of technical integration, manual processes, and the need to review diverging legal requirements.

Meanwhile, (3) limited access impacts SMEs and individuals who might lack access to services to make crossborder payments. Moreover, PSPs may face limitations when it comes to accessing local or foreign payment systems, due to high barriers of a technical, financial or regulatory nature.

In addition to Herstatt risk mitigation, ongoing legal due diligence requirements add to the costs of maintaining a crossborder network.

Finally, (4) transparency is limited since crossborder payment data (with volumes and fees) are rarely published with names of parties and payment institutions involved30. Central banks, applying the 2020 IMF Transparency Code31, increasingly abandon aggregated data collection in favour of more granular reporting.

However, additional efficiency gains could stem from integrating correspondent banks and closed-loop systems into one transparent payment architecture and infrastructure run and managed in the public interest32.

Enhancing crossborder payments is a multifaceted problem requiring a comprehensive approach, and DLT could be one way of addressing these inefficiencies. Employing distributed networks for that purpose is not new per se.

Relevant approaches include, for instance, the Hawala payment system33 dating back to the 700s that, beyond raising criticism due to its intransparency34, is said to have inspired the Ripple DLT35.

In fact, a closer look reveals that DLT comes with features that potentially assist in removing or lowering the four barriers just mentioned.

First, through DLT any data stored on the ledger become very hard to delete (immutability).

Second, DLT relies on the same software code stored and run on multiple ledgers simultaneously, ensuring technical synchronization of all servers participating in the ledger.

Once the code has been designed, programmed, and implemented, full technical integration, including a built- in settlement mechanism, increases the speed of technical processing (if the code is well programmed and a sound governance mechanism ensures that code updates are properly managed).

Third, as a multilateral system, a DLT-based system is in principle accessible by many parties at roughly the same time. A DLT creates a network by connecting all nodes by means of a code; each node is connected to every other node, avoiding a single point of failure.

In terms of payment systems, connections represent embedded links across the nodes which could be used for many purposes (information distribution, account relationships, etc.).

Finally, DLT improves transparency as it shares information with all nodes storing the same data almost in real time36, and could therefore improve the efficiency and quality of supervision, even levelling the playing field among small and large firms37.

At the same time, advanced data partitioning concepts, with only a portion of the data accessible to all nodes, potentially reduces data protection and privacy concerns38.

Figure 1. Issues of Crossborder payments vs. DLT

The enhanced transparency, access and speed can be used to create and activate competition as well as for regulatory or supervisory purposes. For instance, through DLT, a payer’s institution could ask all ledger participants about their terms.

The institution offering the best execution as to costs, counterparty risk and settlement time would then be chosen as the counterparty. Or, given that compliance processes with anti-money laundering, counter-terrorist financing, and state sanctions determine how ‘real-time’ any payment can potentially be39, regulators40 could become a node in the payments DLT, thereby receiving real-time access in lieu of reports, tap into the data stream for regulatory tracking, and – being technically equipped – intervene if suspicious names or transactions appear in the data stream.

Of course, such applications would depend on the allocation of responsibilities, among private and public authorities (see for all DLT use cases infra, under III.).

3. Challenges and risks

Despite these clear advantages, DLT is not a panacea. The use of DLT is, like any technology, subject to risks and challenges. While this is not the place to discuss the risks and challenges of DLT in general41, some DLT-related issues also undermine its ability to enhance payment efficiency42.

Much of the following, however, depends on what function is distributed (or remains with each ledger participant) in the DLT:

  • First, distributed ledgers are often accompanied by distributed ownership and governance43; in turn, organizing code updates across multiple computers and engines with a plethora of different source codes and potentially divergent interests of participating institutions may become a technical, organizational and governance challenge. While these challenges are far from new to the regulators and central banks involved in streamlining their payment systems, crossborder payments often mean circumventing the jurisdictional borders of these same regulators, and by definition involve multiple regulators and central banks.
  • Second, DLT’s increased competition feature could come with fewer revenue opportunities from the large correspondent banks as well as closed-loop systems that currently benefit from an oligopoly position; this could result in less investment in technology and compliance and thus in less efficient payments. However, new DLT-based products and services could fill the role of pacemakers in the payment services market.
  • Third, the distributed ledger could increase information costs if information about the ledger participants’ creditworthiness and financial capabilities is not readily available; setting strict entry conditions paired with ongoing disclosure as a precondition for ledger participation could address this issue. However, the risk of errors is real. For instance, the CPMI held that “in a possible future configuration with many automated contract tools, macroeconomic conditions could automatically trigger margin calls across [financial institutions], leading to severe liquidity demand across the financial system and creating a systemic event.”44 Hence, data integrity and privacy can be a challenge.
  • Fourth, if the account itself is distributed (ie. if the cash ‘is on the ledger’) unless central banks guarantee its convertibility, trust will have to be vested in all actors in the network jointly; in turn the most financially capable node will effectively vouch for the others, potentially creating perverse incentives for the less capable ones to freeride. Unless the cash is on the ledger, synchronization with the cash on classic accounts will be not necessarily less complex than today, as it requires strict organization with clearing houses45. Also, in order to reap the benefits of DLT in a crossborder setting, any new infrastructure would need to become interoperable with existing processes and infrastructure.
  • Fifth, if a consensus algorithm is used to determine the purpose of the settlement, the DLT agreement may lack a strong legal basis for the exact moment when the transfer of an asset is considered final and irrevocable, as the applicable legal framework might lack a clear definition.

Further risks stem from the untested nature of DLT prompting new technology-driven operational risk, potentially triggering a new, entirely tech- based type of systemic risk46.

Related to that, the lack of DLT-related skills and knowledge could impair the decisions of PSPs’ management, PSPs’ staff and the regulators47.

It is obvious from the challenges laid out in this section that the architecture of any DLT-based payment system must be carefully designed, considering both the information that can be held on the ledger and the organization of the ledger itself48.

III. Specific DLT use cases

1. DLT as a best execution network

a. Objective

At present, the correspondent banks’ point-to-point payments potentially allow for oligopolistic rents, as prices within the network rather than market forces determine payment costs49.

DLT could be used to create competition among PSPs participating in the network by relying on the information distribution feature inherent in DLTs, similar to the order routing systems used in securities brokerage.

The transparency feature of a DLT could then help to identify optimal counterparty liquidity. This process might be easier to implement in payments than in securities, since payments are based on a chain of bookkeeping entries by the payer and the payee, and the transfer does not rely on a central custodian of the security to which all parties must be connected, directly or indirectly.

b. Architecture and DLT features used

Assume PSP1 located in country A wants to transfer funds to country B. PSP1 has announced an interest in engaging in a payment transfer via DLT using an announcement algorithm.

Now two types of PSPs may respond (again by way of algorithms): the first group consists of PSPs with direct representation in B, interested in receiving currency A; and the second group consists of PSPs engaging in multi-aggregate transactions (eg. PSPs in country C with links both to PSPs in A and B which are interested in swapping their position in C- currency into positions in A- and B-currency).

Both the first and the second group disclose their currency transfer rates and any additional costs as well as the offered settlement time (a point in time) by way of DLT.

PSP1 then accepts the offer that represents best execution. Connected via DLT, both parties can then create book positions through which crossborder payments are executed.

Of course, this requires a definition of what best execution in that context means. To facilitate best execution, payment regulators could change the nature of how fees may be set and allocated to clients, including by introducing a fiduciary law-style best execution principle into payments50.

Figure 2. Best execution DLT

In such a system, DLT relies on the following features, in addition to the basic elements of a payment arrangement, which include a set of instruments, procedures, and rules for transferring funds between or among participants:

  • Distribution/Network function linking all PSPs together technically so that they can build up mirror account positions (nostro/vostro accounts) with little effort;
  • Transparency function ensuring that all nodes know where the cash is;
  • Immutability to ensure that bids are binding, and that failure to close may be automatically penalized.

These three features result in fewer compliance costs, fewer manual processes, and overall greater speed.

c. Examples

Liquidity-oriented marketplaces involving central banks are not novel, per se51. Also, efforts are underway to improve crossborder payments by connecting payment systems to digital identities across borders52. This project could potentially implement a ‘best execution’ component, but in order for the Best Execution Network to operate efficiently it needs to come with amendments to payment laws in many jurisdictions.

d. Challenges

Each element of the best execution network is already available: FX aggregation software is available from various vendors (eg. Software AG), and DLT-based marketplaces with demand and supply offers are available as a SaaS model (eg. Google Workspace, Dropbox, Salesforce, Cisco WebEx, Concur, and GoToMeeting). The unique feature of a Best Execution DLT is DLT governance and participation.

The setting-up of a Best Execution DLT requires careful consideration as to who shall be allowed to participate in the distributed ledger as a node to prevent freeriding and reduce Herstatt risk.

A ledger will function best if all participants have an interest in its proper functioning, and if the rules state that they will be held accountable if it malfunctions.

Institutions with better capitalization are targeted more easily as defendants in a lawsuit in case of malfunctions. We envision as ideal composition ledger nodes with roughly the same amount of money at risk.

This can be achieved in two ways: either only institutions with roughly the same credit rating and size function as a node, or the law and regulations cut off unlimited liability for ledger participants but require a minimum capitalization of the ledger itself.

Regardless of which route you take, setting up an appropriate governance scheme with multiple DLT nodes is a challenge. As such, we recommend seeking flexible governance approaches, similar to those used for property rights allocation in the SWIFT system.

SWIFT is not DLT-based, but is rather a multilateral network of institutions that addresses the long-term need to balance the divergent incentives of hundreds of shareholders and several thousand indirect participants from multiple countries; its governance issues are similar to those we are facing with regard to DLTs more generally53.

Another challenge is to convince private actors to participate in that Best Execution DLT. In this regard, we recommend introducing law and regulation to require best execution, taking into account customer interests on cost, speed and risk54.

2. DLT as a network of central banks

a. Objective

The Best Execution DLT use case faces the challenge that it lacks the central banks’ credit and liquidity support55 and thus entirely rests on the liquidity of FX markets. This, on a stand-alone basis, could create liquidity shortages in some currencies, or at some point in time. So, central bank involvement could be essential. However, the question that arises is how such involvement should be designed.

Where multiple central banks work on a single system, assigning exclusive jurisdiction to a central bank or oversight body (in the absence of interoperability of multiple single systems) necessarily leads to the fragmentation of DLT-based payment systems, as jurisdictions, for reasons of monetary sovereignty, will hesitate to cede oversight over their payment systems to a foreign central bank because they have a domestic mandate (usually to oversee the stability of the domestic payment system).

Interoperability of multiple domestic systems may provide a solution56. Even so, the question remains how jurisdiction over the crossborder dimension of a DLT-based payment system can be assigned in a mutually acceptable manner.

As a solution, we envision the distributed ledger itself to be managed and operated by several central banks mutually, with a common rule book signed up to by all central banks and governance rights split over the participating central banks on a non-exclusive basis.

Such governance rights would depend on (a) the volume of currency in a regulated country, (b) the volume transacted to and from a given country, and (c) the number and nature of users of a payment system.

Yet some crucial decisions about a nation’s currency must be retained for each central bank. Decisions reserved for the sovereign include:

(1) the amount of liquidity supply in a country’s currency, beyond the minimum amounts set as part of the general ledger setting,

(2) monetary sanctions, and

(3) which financial institutions have access to the central bank balance sheet.

Meanwhile, central banks of other countries must retain sovereignty over central bank access.

b. Architecture and DLT features used

How should such a system be designed? Rather than relying on market liquidity, participating central banks could step in as transactional intermediaries for each currency participating in the payment system.

In addition, rather than linking PSPs as nodes in a ledger, central banks could function as nodes while all PSPs transact only with the distributed ledger; as such leaving them off-chain.

This way, the nodes achieve the status of trusted authorities while we also support scaling (due to the monopoly of each central bank for its jurisdiction’s currency and the lesser transaction costs when transacting with the nodes).

The ledger is set up in such a way that the supply and demand in each currency are split up and all demand/supply in each currency is exclusively settled by the central bank in charge of that currency.

To ensure that central banks do not set exchange rates by virtue of this mechanism, they engage in internal rebalancing through their links within the ledger. If time and transaction costs were zero, the amount to be rebalanced would also be zero.

However, even under the best technical conditions, it will take some time to rebalance, so there would be some FX risks. Given the immutability of the ledger, the entry and exit date record for each transaction can be computed and turned into a net FX deviation amount between the two dates [entry and exit].

This remaining FX balance is settled across the central bank network by way of FX swaps (traditional or tokenized), with the ledger algorithm creating FX Swaps or an amount of tokens equal to the net currency volatility during the transaction.

If the token is issued by a smart contract in an automated manner across all central banks (including the nomination), that token constitutes a new settlement asset only acceptable by the participating central banks as part of the ledger rebalancing process.

Yet it is crucial to provide for such a neutral settlement device, as all other ways would lead to rebalancing in one currency that one of the central banks may not have in the quantity needed for settlement. (Over time, however, if rebalancing amounts pile up in one way, it may be necessary to rebalance the outstanding amount by some type of asset transfer to ensure that the debt owed by one central bank does not become too high).

Figure 3. DLT as a Network of Central Banks

By relying on a safe settlement asset, the DLT Network of Central Banks benefits from a digital transfer of assets across borders – something that could not be done so easily if it was only currency that was transferred: cash-on-ledger concepts are still in their infancy, and difficult to maintain in a multi-currency framework where then different central banks would either be exposed to some other country’s currency, or gain some leverage over another country’s currency.

Hence, a neutral settlement asset with securities and/or derivatives features allows for rebalancing where cash/money lacks transferability – for reasons of legal and monetary sovereignty.

For a Network of Central Banks, the liquidity provision in each currency remains concentrated as this is the original central bank function for each currency. But we distribute the transactional information across all ledger participants and use the network function for settlement. Trust among participating central banks and users is created by immutability and smart contracts undertaking rebalancing across the system.

c. Examples

We are aware that the core functionality, to the extent that derivatives are used instead of money, has similarities with the mCBDC bridge project and the Dunbar project that explore the potential of DLT for an international settlement arrangement involving multiple CBDCs57.

However, to our knowledge, our DLT Network of Central Banks, with its split liquidity provision, introduces a different division of functions and a novel rebalancing mechanism.

Further, the BIS Innovation Hub works on connecting central banks using DLT in an effort to create a new foundational infrastructure interlinking existing payment systems as well as creating an international settlement system. Our Central Bank model pursues the second of these directions.

A working model connecting central banks using DLT could eventually be found in ‘CLS NET,’ yet on a paid-upfront basis. While providing a settlement mechanism without counterparty risk and potentially creating new liquidity pools, CLS Net does not make use of two of the key benefits that the use of DLT could result in, which are (1) reducing FX risk between the point in time a transaction is initiated and settled, and (2) that prepayment is not necessary. Of course, if CLS Net would result in a settlement time approaching 0, the FX risk is minimal.

Further, the company Wakandi aims to connect eight African countries and their respective central banks by way of DLT58. At the heart stands Wakandi Core with one standard Application Interface that allows multiple formal and informal payment providers to connect by way of DLT.

While connecting private entities seems to work quite effectively, it remains to be seen how the projects succeeds to moderate the jurisdictional conflict among multiple central banks.

As a solution, we envisage that all central banks involved in the project assign private entity Wakandi as service provider, thus each central bank retains formally the governance rights over its currency.

d. Challenges

Again, governance is a challenge when multiple central banks cooperate given that each central bank has a domestic mandate and is subject to legislative constraints.

At the same time, certain central banks already have experience with deep cooperation in the field of payment systems, and experience with aligning technical aspects.

For the Network of Central Banks, we recommend the following stipulations:

  • 1. A DLT as a network of central banks functions best with as many functions as possible automated through smart contracts, as this type of automation addresses the issue that central banks often have very limited staff, and automation can help to ensure that a system can be run with relatively little overhead. At the same time, such an embedded RegTech approach reduces uncertainty for all participating central banks.
  • 2. For a network of central banks, the central banks need to agree on an arbitration mechanism ex ante.

Theoretically, our central bank network, if truly well-functioning, could potentially wipe out FX markets; if all or most of the liquidity flows through the network there is little room for market-based currency prices.

If this were to happen, the rebalancing mechanism we propose lacks a reference point. To avoid wiping out our FX markets, the Network of Central Banks could come with a marketplace component, such as limiting prices for the respective currency, implicitly creating market prices.

Further, we could foresee central banks taking a more active role in setting currency prices based on the liquidity flows they see over their system and transaction disclosures (including intra-closed loop netting) from payment systems.

Yet as the establishment of the super-efficiency of the Network of Central Banks is still far away, we leave these fundamental questions regarding the function of central banks for future research.

3. DLT for AML/KYC utilities

a. Objective

A recurring challenge in the domain of crossborder payments is the scope of KYC procedures for financial institutions and other regulated entities.

DLT could be used to reduce the risk of suspicious transactions and the identification of beneficial owners through embedded RegTech, that is automating certain contractual terms and conditions merged with legal requirements.

This can be done for beneficial owner identification, where legal requirements demand the financial institution to know the ultimate beneficial owner of a transaction, and for assessments of suspicious transactions59.

Financial institutions’ ability to assess and investigate the full route of a transaction across multiple intermediaries, which could in its entirety be classified as a suspicious transaction, is in fact limited.

Assessments of ultimate beneficial owners are particularly challenging (ie. costly) in times where links between individuals and entities are created through alternative modes of corporate control such as tailor-made derivatives, smart contracts, and private DLT platforms, respectively60.

b. Architecture and DLT features used

DLT can be instrumental in addressing said challenges. For AML purposes, transactional information across all ledger participants can be shared and connected with information on beneficial owners. If all PSPs connected to the same individuals share transaction data on a common platform, transactions can be assessed from a life-cycle perspective, and not on a singular basis.

Data shared on the platform are locked and cannot be tampered with. A system-wide AML/KYC utility requires careful consideration of which data are stored on-chain and which are stored off-chain.

Figure 4. DLT as an AML/KYC network

c. Examples

For now, most systems rely on third-party service providers to allow for in-system AML/CTF checks. Examples include the multi-currency Buna payment-platform operated by the Arab Regional Payments Clearing and Settlement

Organization, a subsidiary of the Arab Monetary Fund. Buna is cooperating with Refinitiv61 to provide comprehensive anti-money laundering compliance through World-Check Risk Intelligence, screening millions of transactions each month62. Compared to systems such as that, a DLT utility would directly tap into the databases of all nodes connected to it.

Deutsche Bundesbank ‘Amplus’ proposes – among other modules – a KYC scheme to support the automation of compliance processes in crossborder payments based on a KYC identifier and supported by a DLT infrastructure where local competent authorities would operate the nodes63.

The proposed governance model would allow for the inclusion of national solutions while at the same time ensuring a sufficient international minimum standard.

d. Challenges

A system-wide KYC utility faces a number of challenges.

First, the coding of smart contracts and algorithms that will connect individuals with their payments and transaction history across the ledger must take into account data privacy regulations, and other data-sharing restrictions.

This could be solved by data partitioning, for instance, by virtue of zero-knowledge proofs64, where only parts of individuals’ information are shared on the platform. Zero-knowledge proofs could provide the nodes on the platform with a green/yellow/red indicator on the risks related to the beneficial owner, thereby reducing challenges relating to data protection and cyber-attacks65.

Further challenges to overcome include the system risks that may lie in a centralized entity pursuing AML functions, the degree of locked information on the platform in rapidly changing identity cases, and integration into existing AML compliance systems66.

In order to overcome these challenges, we propose:

  • Introducing a labelled risk categorization using risk-related identifiers associated with beneficial owners in the system, based on existing KYC procedures in financial entities as nodes. An algorithm may facilitate labelling which is updated on-chain, based on new information on the client gathered by financial institutions which is stored off-chain.
  • Using zero-knowledge testing in the transition of on- and off-chain information to decrease/eliminate GDPR risks.
  • Using algorithms on the DLT platform capable of detecting alternative control modes as far as relevant for AML/KYC purposes.

4. DLT for Financial Inclusion (Identity Tool)

By reversing the function of DLT-based client diligence, DLT could result in granting financial identities to customers who do not have them for multiple social and economic reasons. In this case, DLT could actually improve financial inclusion.

a. Objective

Rather than defining clients by who they are based on official documents, over time an individual is identified just as securely by tracking data about what they are doing, paired with their personal features such as biometric data.

DLT’s inherent feature of locking in information and making it transparent continuously on the ledger may therefore provide solutions to the problem of customer identification.

The data stored via DLT could be turned into a client identification tool based on the financial transactions the clients enter into paired with additional user data taken from their cell phone and e-commerce transactions.

b. Architecture

DLT as an identify tool could assign an identification number on-chain based on multiple data points linked together, thereby creating a client e-identity. After the client is identified this way, an e-ID number substitutes for the pool of data assigned to that individual which together describe the individual’s activities.

This e-ID number can be used in the chain for payments, banking and non-financial services and functions. The central bank could operate this network in areas of low official identity, add credit data as part of a built-in credit register and checks on the credit institution’s interest rates, thereby assisting in limiting the shadow banking market.

Figure 5. DLT as an identification network

c. Examples

While the identity-creating data collection function is at the core of many systems (including India’s Aadhaar and Deutsche Bundesbank’s Amplus), few payment systems make explicit use of DLT for this purpose.

One example that comes to mind is the ‘UBU’ project run by Global Voice which makes use of DLT-based identities within a financial ecosystem drawing on a barter system created by virtue of the virtual currency unit ‘UBU’67. In addition, some projects that aim to financially include refugees and migrants are also DLT-based.

d. Challenges

The perennial concern regarding cyber-attacks and operational malfunctions in particular relate to DLT as an identification tool. However, the main possible promising feature of a DLT-based identity platform is that the identity is stored on an immutable platform, which makes it more difficult to manipulate the ID.

However, customer due diligence without relinking ‘banking IDs’ to formal identity systems will render participants in such networks incapable of large financial transactions for a long time, meaning that a DLT-based identity works only as a mere starting point.

5. DLT as a Messaging Board for Small-value Systems

a. Target

Using DLT for micropayments has been advocated for some time.68 With regard to micropayments (to be defined), the costs related to SWIFT are high, as SWIFT charges a per-message fee; negligible for wholesale payments, but expensive for small payments if we assume there are no ‘bundling banks’ (ie. correspondent banks).

Further, individual assessments and accounting for large numbers of small transactions are time-consuming, as a number of assessors are required to evaluate the transactions where both the time and costs related to the valuers’ function are not commensurate with the ordinary risks of small-value payments.

DLT may serve as a means to improve efficiency, reduce costs, and, at the same time, maintain transparency and traceability of transactions.

b. Architecture

A DLT platform for micropayments does not distribute any functions, but rather operates as a messaging board where network participants have access to near real-time sales or usage data.

Figure 6. DLT for small-value payments

For micropayments, DLT would be useful not only for its improved transparency and immutability, but also for its ability to automatically collect and disburse payments to participants on the platform.

c. Examples

Various providers have created platforms for micropayments. Pertinent examples include Microsoft’s Ethereum-based platform for royalty payments for their Xbox gaming platform to enhance efficiency in the gaming industry.

These platforms pursue their own efficiency gains alongside benefits for their network partners and participants. Microsoft’s platform relies on digital contracts between Microsoft and industry participants, where the legal terms of their contractual relations are encoded in smart contracts.

In addition to automated royalty payment calculations, the DLT platform provides contributors with almost real-time disclosure of digital content sold on the Xbox platform, so that each contributor can see their own royalty income derived from the sales.

The time for calculations is said to decrease from 45 days to 4 minutes as a result, and no manual processes are necessary due to the self-executing features encoded in the smart contracts.

d. Challenges

Of course, these small payment platforms are not a panacea. On the one hand, they create lock-in effects, de facto replacing one silo (that of correspondent banks) with another silo (that of closed-loop systems run by unsupervised commercial entities).

Further, the underlying financial risks are not addressed. Particularly noteworthy here are the FX risks on the consumer’s side, as well as risks from market concentration and reliance on one entity which could be understood as a form of systemic risk.

6. DLT as an Interoperability Network of Closed-loop Systems

a. Objective

DLT can be instrumental to build new foundational financial infrastructure that avoids the negative effects of silos (regardless of whether that silo stems from a network of correspondent banks or closed-loop systems) while maintaining the benefits of the silos, which come from technical standardization across countries, by providing an interoperability framework for many different closed-loop systems.

Rather than rebuilding legacy systems, DLT could provide a connector among existing closed-loop systems. Further, we may understand the technical integration provided by some banking groups (such as S&L institutions in Germany and Norway) as the development of regional closed loops.

We further expect, given the costs of creating and maintaining IT infrastructure, that more and more partially-integrated closed loops will develop over time. From this perspective, it is desirable to reach a state in which these hundreds or so of technically-integrated closed circuits (in each of which multiple PSPs participate) interact, to the benefit of the payee and the payer and the financial system and the economy at large.

b. Architecture

Such an interoperability framework could rely on the DLT use cases we have outlined above: we would propose combining the Best Execution DLT (supra, at III.1.) to ensure that closed loops have all payment gateways at their disposal, with the Network of Central Bank approach (supra, at III.2.) being applied to ensure unlimited liquidity.

Figure 7. Interoperability DLT

The Interoperability DLT combines the DLT features of the two models and all four DLT advantages are outlined above in III.2, namely immutability to build trust, technical standardization to achieve speed, network feature that ensures transparency, and access69.

c. Challenges

The challenge associated with the interoperability framework is to ensure that closed loops and correspondent banks participate. We propose relying on laws and regulations to provide incentives. To this end, regulators should require:

  • ‘Best execution’ as part of payment laws (including rules on how to allocate infrastructure costs to payment transactions);
  • Detailed pre- and post-execution disclosures to regulators;
  • As part of the licensing conditions for any intermediary PSP (closed-loop operator or correspondent bank), participation as a node in the Interoperability DLT;
  • As part of the licensing conditions for all PSPs (and in particular PSPs participating in a closed-loop system), a (indirect) connection to the Interoperability DLT by way of a flow-through process, so that tapping into the interoperability framework is as standardized as tapping into payment services in the closed loop.

If DLT now provides better terms with regard to cost, risk and speed than rates offered within the closed circuit or correspondent banking network, regulation would require the intermediary PSP to channel execution through the Interoperability DLT.

The standardizing of closed loops creates a challenge with respect to ensuring that liquidity is actually flowing through the Interoperability DLT, at least initially; for quite some time, the closed loop will appear to operate at lower costs, as past technology investments are sunk costs in that cost calculation, while the costs of maintaining the connection to the Interoperability DLT are ongoing and high per each transaction, if few transactions are processed via the Interoperability DLT.

Thus, the involvement of central banks as providers of unrestricted liquidity is essential to the functioning of the Interoperability DLT. In addition, strict enforcement of best execution coupled with standardized disclosure to regulators who analyse the data with advanced algorithms will enhance pressure over time to comply with the best execution principle.

IV. The legal challenge: the ledger or the node perspective?

How can the use cases explained above be best reflected in law?

In this section, we will argue that adjusting existing laws to DLTs – which by definition are based on some degree of distribution of functions – will require, for any single legal, regulatory, contractual and other right and obligation, a decision as to whether the technical distribution of functions across ledgers should be acknowledged by law, that is whether the law shall adopt what we call herein ‘the ledger perspective’ or whether it should retain ‘the node perspective’ where the law requires each node to comply with applicable laws and regulations70.

While this decision is crucial for any DLT-based payment system, the matter is even more pressing for the crossborder provision of payment services.

1. Introducing the ledger and node perspectives

PSPs and payment infrastructures involved in crossborder payments are subject to the legal and regulatory regimes of multiple jurisdictions. Payer and payee intermediaries must meet the different legal and regulatory requirements71 of two or more jurisdictions.

In principle, the law and regulation of payments is contingent on the assumption that ownership, governance, accountability and responsibility for legal rights and obligations is concentrated in one legal entity.

In turn, the law so far looks at each node separately, establishing the duties and obligations of that node; for that view (herein referred to as ‘the node perspective’) the perspective of the ledger – whether it functions well as a whole, and how all the nodes interact – is derived from the individual rights and obligations of each node and is thus of secondary importance.

For instance, we could understand the books of a settlement bank used by a payment system as central ledger; in this case, the node’s duties and obligations can be established directly and are not derived from the individual rights and obligations of the payment system participants in the case of a traditional payment system.

A ledger, from the node perspective, is the product of multiple entities cooperating, and the law governing such cooperation, including the rules of delegation, determines the conditions and outcomes of that cooperation.

Even when the law takes the node perspective, the ledger relationship must be considered in terms of the setup of each participant, which is no easy feat: typically, each ledger participant alone has no influence over the ledger and cannot secure its operations on a standalone basis, given that the very nature of a DLT is its distribution across various nodes.

This influences the cybersecurity risk and requires modified operational resilience plans; such a plan could consider, for instance, whether the overall ledger setup and governance is robust, and whether other ledger participants are well capitalized, regulated and supervised.

In addition, outsourcing rules that require the ledger participant to ensure compliance with all laws and regulations and to terminate the relationship in cases of non-compliance make little sense when the DLT is monopolistic, as capital market infrastructure often is; terminating participation is equal to getting out of service. Allocating responsibility in a DLT-based payment scheme is also becoming increasingly difficult.

Further, asking who among several participants issues a payment instrument if the instrument is issued via a DLT that is not controlled by anyone leads to challenges in the application of the law.

Thus, as an alternative, financial regulation could look at the DLT as a whole. Under this contrasting concept, for any single rule, obligation and/or right, the node perspective is replaced by the ledger perspective.

Under the ledger perspective, the technical distribution of functions among ledgers is acknowledged by law; the ledger perspective assigns rights and obligations to the ledger as a whole.

From a legal standpoint, the ledger perspective is close to assigning entity status to the ledger, albeit – as we will show – not for all of the functions, rights and obligations that the law foresees.

The node perspective applies the law as if an individual PSP were the sole subject of a given regulation. Here, we look at the exposure, costs, and risks of each node as such.

In contrast, the ledger perspective refers to a state where the whole network is subject to regulation and each participating entity is subject to regulation only as a kind of reflection through its participation in the network; in the latter case, liability is intermediated through the network and responsibility is distributed among network participants. Here, we look at the participants only to the extent that they are exposed as network participants.

Example: let us assume there are two DLT participants: A (with an AAA rating) and B (with a junk rating). The node perspective would measure counterparty risk separately, resulting in one very good rating and one very poor rating.

If third-party clients are exposed to counterparty risk with respect to A, they put less capital at risk than clients exposed to B. From the perspective of the ledger, the rating mix of A and B would determine the outcome.

If A is much larger and much stronger than B, the result may be much closer to A’s rating than to B’s, and vice versa if B’s exposures exceed A’s capitalization.

Figure 8. Legal view: ledger or node perspective?

Given that payments are in the end a point-to-point transfer of funds from one institution to another, there is an implicit limit to the ledger perspective, ie. the distribution of functions: any distribution of the underlying accounts would result in the socialization of an institution’s capital.

In turn, only a part of the functions of a payment system provider can be distributed; however, which of these functions are distributed is of the utmost importance from a legal perspective.

The latter case particularly concerns DLT, as DLT relies on the cooperation of multiple nodes in order to jointly operate a DLT-based system.

As we have discussed elsewhere in more detail, the result of this cooperation by virtue of DLT may be some type of joint liability for the obligations and debts incurred by being involved in the operations of the DLT72.

In turn, for legal purposes, it is crucial to clarify which functions of a payment system are performed via the distributed ledger (with all nodes contributing to its functions) and which functions are retained by the institutions connected to the DLT and booked on their very own balance sheet.

To take this further, from a legal perspective the distribution of a function of financial intermediation, resulting in a kind of shared responsibility and accountability, and prompting the need for shared supervision by several regulators, is an abnormal state of affairs and is as such costly: since Aristotle’s times73 it has been well known that an asset or service owned by many is essentially owned by none; if no one is truly entitled to its proceeds no one will invest in maintaining the asset or service – a state that according to Ronald Coase is associated with the tragedy of the commons74.

We have examined the effect of decentralization on financial services in general elsewhere in more detail75. Suffice it to say here that distribution of payment functions does not improve efficiency per se, but it could improve efficiency if the scope of the DLT is limited and its functions are properly designed so that the benefits of distribution outweigh the additional transaction costs it generates.

Hence, from a legal policy perspective, what we need when adopting the ledger view is a justification as to why distributing the function across nodes results in an improvement in efficiency in light of the four features of DLT (data security, technical harmonization and integration, transparency, and access under equal terms) – and where this justification is lacking, retaining the node perspective seems to be the most plausible default option in law.

As such, we see the need for regulators to analyse each individual legal stipulation and to decide whether adopting the ledger view for that function in fact increases efficiency. For this decision, the perspective of the law needs to be taken into account.

This perspective differs depending on the particular area of law we are talking about; specifically,, financial regulation differs from private law.

2. Why it matters: financial regulation and public law

Examples of (broadly defined) financial regulation include areas such as: licensing and authorization, prudential supervision (including risk management, cyber security and other operational risks), financial integrity (eg. anti-money laundering and countering the financing of terrorism and proliferation (AML/CFT)), transparency (including transaction tracking and disclosure of costs and fees), consumer protection and protection of customer funds, transaction limits, foreign exchange regulations, and the law governing the crossborder provision of services.

In all these fields it matters whether we ask the ledger as such or each individual node to comply with the law, and ensure proper enforcement.

Other areas of public law in which adopting the ledger or node perspective is important are:

  • data collection, protection and transfer rules;
  • capital controls;
  • sanctions regimes; and
  • tax reporting requirements.

Last but not least, adopting the ledger or node perspective makes a difference particularly for enforcement purposes: should the ledger as a whole or each node be fined for cases of non-compliance, and if so under what conditions? Which directors will be disqualified by financial regulators in cases of non-compliance?

The decision between the node or ledger perspective is even more relevant in a crossborder setting. Financial regulation recognizes three types of conflicts of law rules76:

  • Incompatibility: a prohibits conduct that is permitted in B. This configuration incurs the greatest costs for intermediaries, as they need to devise alternative solutions, typically involving separate legal entities licensed in different jurisdictions and connected by a contract;
  • Restricted eligibility: a establishes additional requirements that may or may not be compatible with the institution’s setup and business model in B. This setup requires an additional layer of law/regulation and oversight/enforcement in A that comes with additional costs;
  • Eligibility subject to mutual recognition, which is usually based on a substituted compliance/equivalence test: a recognizes that the law/regulation and supervision/enforcement in B is, in substance, equivalent to and as effectively enforced as in A.

Against this background, it becomes important which regulator holds jurisdiction over conduct. Financial law has several ways to connect the jurisdiction of a regulator.

One category often used for prudential regulation, the organization of financial institutions and standard compliance requirements is the headquarters and/or registered office of the financial institution.

Distribution rules often ask where the institution offers or markets its services, while a third category asks where the effects of an institution’s actions are felt.

The focus on effects is the consequence of so- called risk-based regulation, which asks where risks are likely to materialize; the latter category can be found for example in market abuse, data protection and AML/CTF rules, systemic risk oversight, but also in state sanctions laws.

In turn, a payment institution can be subject to the financial regulation of several different countries at the same time: the laws of the country’s headquarters for prudential regulation and operational requirements, the laws of the countries where it offers payment services (if only as a correspondent bank), and the laws of all those jurisdictions whose a) citizens’ data are stored, and b) currencies are booked in a payment institution’s account.

Since violations typically result in (severe) penalties, any payment institution’s legal counsel must evaluate its potential involvement with each new country. The PSP’s compliance organization must organize and process on a steady basis the data on sanctions, black-listed individuals and firms. Further, the PSP’s data systems must link to the reporting interfaces of each national regulator to which it is bound to report.

3. Private law

The node or ledger perspective also matters for private law. In particular, who is the party to the payment services contract? Each node or the ledger as such? Who is the proper defendant in a lawsuit with customers? Who is liable for damages?

If we take the ledger perspective: what are the conditions for piercing the ‘veil of the ledger’ (ie. applying a ‘look-through’ perspective)? The question of governance is pertinent here: who is in charge, who has voting rights, and who can make decisions about ledger operations and technological revamps/updates?

Again, the ledger or node perspective are important legal determinants in a crossborder setting. Meanwhile, private law includes contracts, property and tort relationships between private actors (ie. payment institutions and their clients), and also intra-corporate matters such as legal relationships between DLT nodes.

However, we provide herein examples only on conflict of law rules for contracts. As a matter of principle, entities involved in wholesale business (such as a PSP’s relationships with other PSPs) can choose in many cases the jurisdiction whose laws shall apply and which courts shall be responsible for deciding whether one institution owes the other damages from breaches of a contract between them77.

However, some mandatory public law rules of a jurisdiction require recognition even if the private law is otherwise freely chosen. In addition, there are certain fundamental principles of private law (called ordre public) that always require recognition.

In contrast, when it comes to retail clients and consumers, in principle, the mandatory consumer protection law of one country applies as a minimum standard even if the law and courts of another country govern the legal matter; in some cases, to protect consumers, the choice of law and courts is even void.

In turn, payment institutions among themselves can be subject to the law and courts of one jurisdiction (A) while the law applicable to their relations with their customers is subject to the law and courts of another jurisdiction (B). If the jurisdiction of country A is inconsistent with the jurisdiction of country B, no adjudicating body will address the gap.

For instance, if the law of country A in charge of an inter-bank relationship awards the payee institution damages for the payer’s revocation of a payment order (after a certain time limit), but the law of country B in charge of the relationship between the payment institution and the payer does not grant the same claim in the PSP’s relationship to its client, the payment institution in B needs to internalize the damages (ie. by paying them out of their own pocket).

Add to that the fact that it is often uncertain ex ante whether or not the law in country B will grant damage claims. Both the damage itself and the costs of assessing legal risk (legal advice) will end up as ‘costs’ of a crossborder payment system.

Where the mandatory legal background is harmonized, on a public and private law level, standardized agreements may achieve essentially the same results and thus could reduce costs; in the absence of mandatory law harmonization, however, even if the contract wording is similar, the outcome may diverge.

This is particularly true with regard to DLTs where the legal environment in many countries is still, in many respects, uncertain78.

4. Use of DLT as a risk-increasing feature of payment systems

Against this background, it is easy to understand why DLT ‘can increase legal risks’ in an environment where it is difficult to identify the applicable jurisdiction or relevant laws.

While according to the former in most cases the law assigns exclusive jurisdiction with regard to one rule to one country, two difficulties remain: first, the economic actors to whom the law applies come from different jurisdictions; second, in different fields of law, conflicts of law rules may allocate jurisdictions differently – most notably, it may be that the law of one country applies to contracts, that of another to torts, and the law of a third country to matters of financial regulation (including payments regulation, data protection and AML/CTF rules).

In turn, we may see the private law of countries A and B simultaneously applying at the same time that the public law of country C regulates certain aspects of a transaction.

The former does not present a particularly complicated scenario, but rather the ordinary life of a PSP involved in crossborder payments. In turn, we may understand that PSPs move out of certain smaller and less profitable markets to reduce their costs and risks, often referred to as ‘de-risking’79.

At the same time, regulatory cooperation in a DLT-based setting is under- developed, due to the decentralized performance of services80, which further increases complexity.

Regional harmonization projects that include both private and public law dimensions could provide a solution81: public law harmonization resulting in substituted compliance reduces legal risks stemming from financial regulation, while private law harmonization ensures a harmonized approach to damages for revoked or nullified transactions within a payment chain, so that PSPs do not need to internalize damages resulting from an inconsistent harmonization of laws82.

Yet, in reality, harmonization is rarely achieved, and the issue remains how to achieve legal consistency across several regionally integrated regions.

Hence, in the absence of distinctive policy steps which remedy whether a given law allocates rights and obligations to either the ledger as a whole or each node, the use of DLT increases legal risks, which will reduce the attractiveness of DLT as a technology for payment systems.

V. Policy considerations (steps de lege ferenda)

The previous undesirable state can be improved through a clear allocation of rules applied to either the node or the ledger as a whole, and in turn a clear allocation of jurisdiction and supervisory powers based on that. At the same time, mandatory regulation limits innovation. In this section we examine how to bridge this gap.

1. Enabling an approach to financial regulation: opting for either the Ledger or the Node Perspective

a. The plan of operations as a determinant of the ledger or node perspective

We have already shown (supra, at III.) that the distributed part of a payment system can take entirely different forms and functions depending on the use case envisaged.

At the same time, regulators have little experience with DLT arrangements; this is particularly true in the payments context. This makes, in principle, any rule undesirable that presupposes either compliance to be performed by the ledger as a whole, or by each node individually.

For the time being, we suggest refraining from imposing binding standards and guidelines that cement either the ledger or the node perspective for certain functions.

Rather, we recommend that financial regulations be drafted in a way that allows for the adoption of the ledger or node perspective with respect to each legal right and obligation, but requires that the nodes collectively, as part of the licensing process, submit a plan of operations showing whether compliance with a provision will be performed by each of the nodes separately, or by the ledger as a whole83.

Under this approach, applicants will be required to put in place an agreement based on private law devices (contract, corporate or partnership law, secured transactions) that establishes which entity or entities will assume responsibility for compliance with specific provisions of financial regulations.

Regulators are supposed to review the plan of operations and assess whether the proposed arrangement ensures effective compliance. As a default rule (subject to the exceptions discussed below in V.3), all rights and obligations not expressly assigned to the ledger as a whole will remain the responsibility of each node separately; this default rule reflects, in principle, the doctrinal basis of existing financial regulation.

The enabling approach should, in principle, apply to all parts of payment processes subject to supervision and regulatory approval of any kind, i.e., where a review by a supervisory authority ensures that the plan of operations aims at rigorous compliance rather than the circumvention of the rules.

Figure 9. The Business Plan Concept

A provision could be formulated as follows84. Operators of DLT payment infrastructures, and in the absence of an operator of all nodes collectively, shall establish a clear and detailed plan of operations describing how they intend to carry out their services and activities, including a description of critical staff, technical aspects, the use of the DLT and information on how they carry out their functions, services and activities and how functions, services and activities are performed, including the type of DLT used and the function, responsibilities and liability of each node in that DLT.

They shall also have up-to-date, clear and detailed publicly-available documentation on their website at all times, defining the rules under which the DLT payment infrastructure shall operate, including the agreed-upon, associated legal terms defining the rights, obligations, responsibilities and liabilities of the operator of the DLT payment infrastructure, as well as those of all nodes, members, participants, issuers of payment instruments, and/or clients using the DLT payment infrastructure. Such legal agreements shall specify the applicable law, pre-litigation dispute resolution mechanism and jurisdiction to bring an action.

b. Examples

All in all, the more the Plan of Operations deviates from the default state, the more peculiar the arrangements required, and the more rigorously the substitute arrangements need to be scrutinized by regulators. Given the tendency of regulators to prefer proven concepts, we acknowledge some pressure to adopt the default rule, yet if supervised entities provide good reasons to deviate from the default rule, they may receive permission to do so.

A few examples may demonstrate how the Plan of Operations works:

First: the rules on the safeguarding of clients’ funds shall ensure that clients’ funds are isolated from PSP default risk, but also provide safety in terms of certain operational risks; for instance, safeguarding rules usually require some ‘safe’ investment policy on non-volatile and central bank deposits.

Given that Payment DLTs take on different forms, any rule anticipating ‘cash-on-ledger’ would be premature. Most use cases will not require that client funds be held permanently on the ledger itself.

Thus, in principle, the default rule is for nodes to meet the provisions on the safeguarding of clients’ funds. However, the default rule concept also allows for a Plan of Operations that requires that all customer funds of all PSPs functioning as nodes be held in an account in the name of the DLT on behalf of all PSP nodes.

Then, the Plan of Operations must also come up with additional safeguards (eg. the omnibus account could be created as a trust account and held by one or several central banks in the name of the ledger).

Further, if client funds are held on the ledger, the Plan of Operations must adjust clients’ rights; for instance, in addition to a claim against their PSP (which stems from the clients’ payment services contract with the PSP)), the trust arrangement between the ledger and the trustee must be set up to ensure that it benefits the PSPs’ customers (ie. the payee and the payer) as third-party beneficiaries in the event of ledger (if any) and/or PSP insolvency.

Second: capitalization and own funds requirements serve to ensure a buffer against a PSP’s adverse operational and business developments, such as unexpected damage or reduced profitability for a limited period of time. They also ensure that each PSP has some skin in the game, incentivizing the PSP to maintain operations.

In principle, this logic holds even if several PSPs cooperate through a DLT. However, we could imagine that the ledger itself, if provided with entity status and capital or capital substitutes (insurance), would function as a risk buffer. Thus, the default rules approach allows for innovation, depending on the function and configuration of each ledger.

Third: the PSP’s own governance and conduct of business rules85 serve to ensure proper participation of the PSP in the DLT. For instance, we would require a PSP to ensure that its management, as a whole, has the skills necessary to make qualified decisions on how to best participate in the DLT (a distributed view, in contrast, would look at whether all PSPs together meet this test).

Again, the default rule approach allows a different allocation for cases in which the ledger itself usurps the function of client contact (as potentially encountered in a small-value payments DLT).

Fourth: any payments regulation must set rules and procedures to clearly define the point at which settlement is final. It has been argued that, to ensure that DLT-based payments can be integrated into the financial systems, regulators must (be amended to) ensure that DLT-based platforms qualify as ‘designated systems’ for the purposes of settlement finality, “because the technical finality of transfer orders processed in a DLT environment need not match the commonly shared legal understanding of the concept of finality.”86

Finality of transactions processed in distributed ledger environments may be understood to be probabilistic only (rather than deterministic, as in the case of centralized ledgers), which raises concerns regarding the determination of title transfer thus giving rise to warranted reservations in terms of title transfer87.

Further, in the absence of an identifiable entity to operate the platform, doubt emerges with regard to which entity is to guarantee (that is: who is liable for) the finality of transactions88.

Our proposal, if adopted broadly for selected parts of financial law, would solve this problem: in the Plan of Operations, the consensus method relying on probabilistic means could be defined as the definitive one, for legal purposes.

In the end, it matters most which entity may stand up for settlement finality with its balance sheet (ie. every decision in the end is a matter of accountability).

Obviously, when DLT has entity status, all nodes collectively could function as a ‘entity’ (more precisely: entities) in charge of settlement for this purpose.

However, even a group of entities cooperating through the DLT could provide more financial support than a centralized ledger, except for those that are better funded or the central banks themselves.

The same Plan of Operations stipulating that the group (if any) assumes responsibility also needs to stipulate the legal consequences, particularly what type of responsibility is assumed; to ensure the purpose of settlement, unlimited liability is the strongest type of responsibility, of course, but separating liability could also be effective if the formula of separation and the amount are clearly defined.

c. Three accompanying rules

Such an enabling approach must be accompanied by three rules. First, it must be clarified by way of law that the Plan of Operations defines not only rights and obligations, but also describes what sanctioning powers regulators have with respect to the rights and obligations laid out in the plan.

That is, the ledger as a whole or the node will be sanctioned based on the responsibility assigned by the plan. This division of sanctioning power, to be effective, will need to be accepted by various regulators across boundaries.

Of course, sanctioning the ledger as a whole means sanctioning the nodes that rely on it as well, in principle, so the details of the sanctioning power must be carefully considered.

Second, cases of non-compliance shall trigger a review of the Plan of Operations, with regulators entitled to request changes to that plan.

Third, a business plan approach as proposed herein works best if an entity is in charge of applying for supervisory approval (called herein the ‘operator’ of a DLT payment system). DLT would enable systems without an operator, as in fully distributed public ledgers such as Bitcoin.

Yet, those DLT systems raise significant governance issues. Hence, we propose that in principle each DLT is required to have one operator, or a group of operators, respectively, who jointly assume responsibility for the initial filing.

The law shall stipulate that in the absence of one operator fulfilling the legal filing requirements, all nodes shall be jointly liable for compliance with all rules and regulations applicable to the DLT.89 This will provide a strong incentive to ensure that an operator, or a group of operators, is put in place.

Over time, this approach will lead to better practice regarding certain functions that could then become the basis for default arrangements (to reduce costs) or even binding rules.

d. Technical implementation

All rules governing payment processes must be reformed to enable the plan of operations approach to ensure openness to innovation. Technically, this can be done with a piece of legislation in the general part of a regulation that overrides existing rules and regulations, clarifying that the entity addressed by the financial regulation could also be multiple legal entities (nodes) connected through DLT that together ensure compliance with some, or all, of the provisions as further described in a Plan of Operations and where private agreements exist that bind all nodes in the manner prescribed. Our proposal is developed infra (Part IV).

2. Crossborder supervision and cooperation

Crossborder supervision and cooperation between payment regulators and central banks are key to ensuring effective supervision and financial system stability. DLT, as part of decentralized finance, comes with significant barriers: all established means of cooperation tend to be too slow and ineffective, while intensive forms of cooperation such as mutual recognition schemes and substituted compliance based on equivalence assessments tend to be difficult to establish politically across a wide range of jurisdictions90.

However, in the world of payments, and specifically for crossborder payments where crossborder cooperation is indispensable, the CPMI-IOSCO Principles for Financial Market Infrastructures (PFMI) provide a solution.

The principles require that payment regulators and supervisors should ‘cooperate with each other, both domestically and internationally, as appropriate, in promoting the safety and efficiency of FMIs’91.

Under these principles, the US Federal Reserve System has accepted primary oversight responsibility for the CLS system, in a Cooperative Oversight Arrangement with the ECB and national central banks of various countries.

Within the Eurosystem, the ECB has primary responsibility for the settlement of euro-denominated payments by CLS, in close cooperation with other Eurosystem central banks.

The most intensive form of crossborder cooperation – the supervisory college – may also be appropriate for dealing with DLT-based payment systems. Since we require each DLT to appoint an operator, the supervisory authority responsible for the DLT operator as well as any node supervisor should participate in that college.

This leaves open the question of how to determine the chair of the college. This function could be assigned based on (a) volume processed, (b) entities involved, and/or (c) settlement currency.

Depending on the configuration, we could also provide for different colleges for different parties, with the authority of the DLT operator participating in all of them.

As a result of the establishment of the supervisory college, regulators need to secure the DLT’s license to operate in any given country where the DLT’s activities are subject to licensing, given the DLT’s specific setup.

This can be achieved by a rule embedded in the financial regulation of all participating countries that any license granted under this scheme by the supervisory college provides automatically for the right to perform that service in any country participating in the supervisory college under the conditions stipulated by that college.

3. Reversed default rule in certain instances

Our proposal is based on a default rule concept in which all rights and obligations not expressly assigned to the ledger as a whole will remain the responsibility of each node separately.

However, in certain instances reversing the default rule, that is rendering the ledger perspective the default rule and the node perspective the contractual option (albeit subject to regulatory approval), could enhance efficiency.

a. Systemic risk prevention

Systemic risk controls seek to shed light on interconnectedness. For DLT payment systems as multilateral networks, taking a joint view on the DLT as such increases supervisory oversight and is, in principle, preferable.

Yet, there are limits to the ledger perspective: the PSP’s individual operational risk (in particular, tech risk92) from the use of DLT must be assessed separately to incentivize the institution to invest in the best technology and staff to reduce these risks.

However, if the ledger protects these types of risk, the tech risk on the node level can be disregarded for systemic risk purposes.

b. DLT governance

DLT governance requirements, that is the decision-making mechanism which decides the design and all changes to the DLT design93, make little sense if they do not find their counterparts in all participants, so the evaluation of ledger governance must be based on the ledger perspective.


Applying AML/CTF rules to the general ledger as a whole could improve cost efficiency and reduce duplicate compliance checks. That is inherent in using the DLT as an AML/CTF Network (supra, at III.3.).

The nexus of AML/CTF legislation is often a legally defined term such as ‘payment service provider’ or ‘intermediary payment service provider’94. Attached to that term are multiple reporting and documentation duties, including that each PSP and intermediary PSP must add their own tracking numbers to enable transaction tracking, report suspicious transactions and establish a compliance organization to ensure such reporting.

The ledger perspective for AML/KYC purposes would allow for centralized AML/KYC checks, efficient intra-ledger processes and operations and the pooling of reporting requirements.

Beyond simplifying reporting to regulators, the ledger perspective allows for the following efficiency gains:

  • Within closed-loop DLT systems, regulators could consider moving from front-end to back-end AML checks, since most relevant transactions stay in the system; this is true at least as long as cash transfers are limited to smaller amounts; Identification of ultimately beneficial owners could be stored and mitigated on the DLT platform, where algorithms can ensure the accuracy of the information in light of the various modes of enterprise control mechanisms being applied;
  • Auditable data trails could enable regulators to access the entire setup of a transaction to assess whether and to what extent a specific individual or market actor fulfils compliance requirements.

However, the former is subject to the condition that within the distributed ledger all relevant data are accessible for compliance purposes; this creates potentially large pools of unwanted data.

Moreover, involving the ledger for AML/CTF only makes sense if the nodes are themselves relieved of their customer due diligence duties. Hence, our proposal is to adopt the ledger perspective for that field as a reversed default setting.

In such a setting, the ledger is the primary recipient of AML/CTF rules that rely on the various PSPs to perform client due diligence as delegates through outsourcing arrangements for the ledger.

Such an arrangement would facilitate clear responsibilities and sanctions: the mandated ledger operator would be responsible and liable, and regulators would require adequate resources, capital and governance arrangements as a precondition for licensing.

However, we could envisage many intermediate arrangements, in particular ‘traffic light’ systems in which PSPs and intermediary PSPs rely on client due diligence performed by one node on behalf of the others. As such, the default setting allows for different arrangements, by setting up the Plan of Operations accordingly.

d. Data protection and governance

DLT rests on shared data, hence any node perspective creates costs and barriers in that regard95. In terms of data governance, the ledger perspective (disregarding the many nodes) would decrease costs. At the same time, DLT is particularly good at protecting against data corruption and ensuring ongoing data access.

Data protection legislation imposes most obligations and responsibilities to the data controller and data processor96. To each of these terms is attached a number of information, documentary and compliance requirements.

When many ledgers are connected, as in the case of a distributed ledger, these duties multiply if each of the nodes is subject to full GDPR compliance expectations. Adopting the ledger perspective for the data processor and data controller could simplify compliance and reduce costs.

However, data protection and privacy rules may limit the ability to save resources. For instance, at present, the EU GDPR and Australian data protection framework are reported to be among the strictest globally97. A DLT-based payment system may therefore need to consider and accept these local standards.

In essence, this may ask any DLT including the EU and Australia, to de facto adhere to EU and Australian data protection and privacy laws as a precondition for global reach98.

Technology may provide a solution to this undesirable state: we discussed the option supra, in Section III.3. of making use of a so-called ‘zero-knowledge proof’ for particular parts of information that are locked down in the DLT platform we refer to.

Yet, it will be difficult to implement the ledger view for data governance. In the current state of legal diversity, the lack of data-related equivalence may prompt the segregation of client data on a per-country basis; for instance, the EU does not deem the data governance of US federal laws to be equivalent to the EU’s GDPR.

In addition, some countries have instituted regulatory requirements for data localization, ie. key customer data residing in a given country must be stored and processed in that country.

While these data localization rules are intended to ensure operational resilience, they also hinder, from a legal perspective, the ability to treat DLT as a single entity, ensuring the smooth flow of data across all ledger participants.

4. Sanctions

It goes without saying that both the ledger and the node perspective come with their own incentives for financial institutions participating in the DLT; compliance must be ensured by appropriate sanctions.

For legal and political reasons, agreeing on a harmonized catalogue of sanctions is a challenge, yet some harmonization of sanctions is crucial, as a different level of sanctions provides incentive for regulatory arbitrage and thus undermines the effectiveness of any legal ordering crossborder: law is all about sanctions.

To clarify, in order for the Plan of Operations approach to function, we do not need ‘full’ harmonization of sanctions, but sanctioning along certain previously agreed principles within a certain catalogue of sanctioned conduct.

In the absence of such minimum harmonization of sanctioning powers, only the ledger perspective works from the legal perspective – which means we lose enormous scale potential. Hence, we encourage to invest the political capital to achieve some joint approach to sanctioning99.

5. Private law

Our general approach, where the Plan of Operations determines whether compliance is owed by each node separately, or by the ledger as a whole, works less well with regard to private law matters.

One of the reasons is that the Plan of Operations can easily adopt the perspective of the payment system, while private law must consider the perspective of each PSP participating in the system, and the relations of that PSP to its clients.

The difficulties here stem from three aspects: (1) private actors have an incentive to create liability arrangements in their favour, and thus to the detriment of third parties not subject to the contract; (2) usually, the jurisdiction of payment regulators does not extend to private law relationships; and (3) courts deciding on private law are not bound by regulators’ approval of these schemes.

At the same time, private law liability impacts the operations and setup of each PSP. Thus, private law arrangements deserve special attention.

a. Wholesale vs. retail clients

We propose that wholesale and retail clients be distinguished. In principle, wholesale clients can negotiate terms with their PSPs and have the means to protect their interests through a contract.

Consumer and SME clients, by contrast, do not have the negotiating power to do so. At the same time, harmonization of consumer protection laws across countries is not yet feasible.

Instead, we propose an approach in which PSPs are subject to contracting for a large number of items, and submitting these contracts for approval by the authorities. In principle, this could lead to some harmonization by way of contract despite the divergence of national laws100.

b. Private international law

We have set out the difficulties in assigning applicable law and competent courts. For greater clarity, we propose that a private international law provision specific to multilateral payment systems be introduced101.

Such a provision could subject the rights and obligations relating to a distributed ledger (the intra-ledger perspective) to the laws and courts of a country, or relating to the ledger’s head office (if any) or the country stipulated in the contract underlying the ledger, addressing the respective legal uncertainties in private international law102.

c. Insolvency law

One field in which the law, so far, takes the node perspective is in the field of insolvency law. Insolvency proceedings are concentrated in one court proceeding. In many countries, the proceeding takes place at the debtor’s ‘center of main interests’103.

In a DLT situation, where the DLT itself assumes entity status, it can be difficult to determine the debtor’s ‘center of main interests’. At the same time, insolvency laws exclude certain regulated entities subject to tailor-made resolution regimes from the ‘main interest’ test, particularly credit institutions and payment systems104.

This exemption applies, however, only if the DLT itself is a licensed entity within that definition, requiring its own capitalization, reporting and governance. In the absence of the former, the ‘principal interest’ test applies, creating significant legal uncertainty regarding the applicable insolvency law.

One solution to this insolvency conundrum is to assign a prudential status to the ‘ledger’, that is, to adopt the ledger perspective for that part of the DLT-based payment system.

Our proposal above requires that an ‘operator’ for the ledger does not go that far, but we acknowledge that as soon as ‘the ledger’ turns into some organization, this may have repercussions with regard to the forum in ‘the ledgers’ insolvency’.

VI. Conclusion

Financial law and regulation to date assume that regulated activities and functions are concentrated in a single legal entity that is responsible and accountable for operations and compliance.

This regulatory paradigm is under pressure in the world of DLT-based payment systems where some ledgers are distributed. While the function of payments as a point-to-point transfer of funds seems to place an implicit limitation on DLT-based distribution of technical functions, DLT-based systems allow for the creation of foundational infrastructure linking existing systems rather than merely new designs on the front-end.

As such, we identify the Best Execution DLT, the DLT as Network of Central Banks, the DLT as AML/KYC Utility, Identity Platform, Small Payments Platform and Interoperability Platform connecting multiple closed-loop and proprietary banking systems.

From a legal perspective, the distribution of functions in DLTs comes with new risks, and the need for additional agreements, and ongoing coordination across, and governance arrangements among the nodes.

Further, in a crossborder context multiple regulators and courts in various countries (demanding compliance with their own set of rules and regular reports) will be involved. All of these must decide whether for compliance with the law and regulations they look at the DLT as a whole (herein called ‘the ledger perspective’) or each individual node (that is each institution participating in the DLT, herein called ‘the node perspective’).

Further, financial and private law must provide for allocation of risks, liability, responsibility and accountability for all legal obligations related to each function and activity.

The key decision in the legal design of DLT-based payment systems is for which rights and obligations regulators adopt the ledger perspective, and for which they adopt the node perspective.

In this paper, we propose what we call an enabling approach to be adopted for payment systems: ledger operators must specify in an operational plan subject to regulatory approval to which rights and obligations the ledger perspective applies; in the absence of such a stipulation, the rules apply based on the node perspective. However, for systemic risk controls, AML/CTF, data protection and governance, as well as DLT governance and, to some extent, insolvency proceedings, we propose an inverted default rule in which the ledger perspective prevails in the absence of rules stipulating that the node perspective applies.

Finally, in private law matters where we need to focus on the perspective of the PSP rather than the system as a whole, we propose that consumer customers and SMEs are protected through a standardized payment services contract structure, without imposing details.


Dirk A Zetzsche is Professor of Law, ADA Chair in Financial Law (Inclusive Finance), and Coordinator, House of Sustainable Governance & Markets, Faculty of Law, Economics and Finance, University of Luxembourg. Linn Anker-Sørensen is Director – Head of Sustainability Tax & Law, at Ernst & Young Tax and Law Norway; lecturer-in-law, University of Oslo. Maria Lucia Passador is John M Olin Fellow at Harvard Law School and an Academic Fellow at Bocconi, and Andreas Wehrli is a Senior Adviser at the Swiss National Bank. Formerly Bank for International Settlements.


1. Cf. Financial Stability Board, Enhancing Cross-Border Payments. Stage 1 Report to the G20: Technical Background Report (April 9, 2020), https://www.fsb.org/wp-content/uploads/P090420-1.pdf, at 2-4; McKinsey & Company, The 2020 McKinsey Global Payments Report (2020), https://www.mckinsey.com/~/media/mckinsey/industries/financial%20services/our%20insights/accelerating%20winds%20of%20change%20in%20global%20payments/2020-mckinsey-global-payments-report-vf.pdf

2. See Committee on Payments and Market Infrastructures, Enhancing Cross-Border Payments: Building Blocks Of A Global Roadmap. Stage 2 Report to the G20 (July 2020).

3. See David Mills et al. Distributed Ledger Technology in Payments, Clearing, and Settlement, 10-11 (Wash.: Bd. of Governors of the Fed. Reserve Sys., Finance and Economics Discussion Series 2016-095, 2016), https://doi.org/10.17016/FEDS.2016.095

4. See Ellen Naudts et al. DLT for (Crossborder) Payment Systems: Governance and Oversight – an abstract (Jan. 20, 2021), 1.

5. See International Monetary Fund, Ghiatgh Shabsigh, Tanai Khiaonarong & Harry Leinonen, Distributed Ledger Technology Experiments in Payments and Settlements. Note/20/01, at 4; World Economic Forum, Central Banks and Distributed Ledger Technology: How Are Central Banks Exploring Blockchain Today? (March 2019), http://www3.weforum.org/docs/WEF_Central_Bank_Activity_in_Blockchain_DLT.pdf; César A Del Río, Use of distributed ledger technology by central banks: A review, 8 ENFOQUE UTE (2017), https://www.redalyc.org/jatsRepo/5722/572261717001/html/index.html; Fred Huibers, Distributed Ledger Technology and the Future of Money and Banking, ACCT. ECON. L. (2021), https://doi.org/10.1515/ael-2019-0095 (assuming that DLT-based competition and diversity could increase stability and efficiency of the financial system).

6. See, for instance, David Floyd, Overstock’s t0: Reconciling Fiat Currency and the Bitcoin Blockchain, NASDAQ (Dec. 16, 2015).

7. Projects in this sense are described in Robert M Townsend, Distributed Ledgers. Design and Regulation of Financial Infrastructure and Payment Systems (2020), chapter 8, 115-6.

8. Financial Stability Board, supra note 1, at 12.

9. Deloitte-MAS, understanding the regulatory requirements of the MAS Payment Services Act, https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/financial-services/sg-fsi-payment-services-act-2019-wns.pdf, 10.

10. Deloitte-MAS, supra note 9, 12; CipherTrace, Cryptocurrency Crime and Anti-Money Laundering Report (Feb. 2021).

11. See Naudts et al (supra note 4), at 4: Jesse Leigh Maniff & W Blake Marsh, Banking on Distributed Ledger Technology: Can It Help Banks Address Financial Inclusion?, Fed. Reserve Bank of Kansas City. Econ. Rev. (2017), https://www.kansascityfed.org/~/media/files/publicat/econrev/econrevarchive/2017/3q17maniffmarsh.pdf, at 59-69; International Telecommunication Union, Distributed Ledger Technologies And Financial Inclusion (2017), https://www.itu.int/en/ITU-T/focusgroups/dfs/Documents/201703/ITU_FGDFS_Report-on-DLT-and-Financial-Inclusion.pdf; World Bank, Blockchain & Distributed Ledger Technology (Dlt) (Apr. 12, 2018), https://www.worldbank.org/en/topic/financialsector/brief/blockchain-dlt; Deloitte, The Changing Paradigm of Distributed Ledger Technologies (2020), https://www2.deloitte.com/content/dam/Deloitte/us/Documents/technology/2020-gbcs-ip-bcm.pdf, at 2.

12. International Monetary Fund, Distributed Ledger Technology Experiments in Payments And Settlements (June 24, 2020), https://www.imf.org/-/media/Files/Publications/FTN063/2020/English/FTNEA2020001.ashx, 2-8. See also Christoph Aymanns, Mathias Dewatripont & Tarik Roukny, Vertically Disintegrated Platforms (Dec. 20, 2019), https://ssrn.com/abstract=3507355; Alexander Lipton, Blockchains and distributed ledgers in retrospective and perspective,19 J Risk Fin. 4, 14-15 (2018); Thomas Ankenbrand et al. A structure for evaluating the potential of blockchain use cases in France, 17 Perspectives of Innovations, Economics & Bus. 77, 83-85 (2017); Deutsche Bundesbank, Distributed Ledger Technologies in Payments and Securities Settlement: Potential and Risks. Monthly Report (Sept. 2017), 35-49; Philip Paech, The governance of blockchain financial networks, 80 Modern L. Rev. 1073 (2017).

13. Hal S Scott & Anna Gelpern, International Finance, Transactions, Policy, And Regulation (2020), 728-742.

14. Financial Stability Board, supra note 1, at 8, figure 5. For financial market infrastructures, a framework for addressing inherent risks is set out in the Committee on Payment and Market Infrastructures (CPMI) and the International Organization of Securities Commissions’ (IOSCO’s) report on Principles for Financial Market Infrastructures (PFMI). See https://www.bis.org/cpmi/publ/d101a.pdf.

15. See, in particular, the Directive 2015/2366 of the European Parliament and of the Council of 25 November 2015, on Payment Services in the Internal Market (PSD 2) and as last building block and the EU Digital Finance Strategy (DFS). In particular, PSD2 aims at enhancing competition, reducing fees and improving system resilience in the payments industry by lowering barriers to entry for Fintech and other new participants seeking access to financial data of payment system users. See also Dirk A Zetzsche, Douglas W Arner, Ross P Buckley & Rolf H Weber, The Evolution and Future of Data-driven Finance in the EU, 57 Common Market L. Rev. 331, 347-9 (2020) (specifying the underpinning on which PSD II started to operate and describing the role of PSD II in “pushing forward the transition to data-driven finance in Europe’s Single Payments Market and potentially more broadly”).

16. International Monetary Fund, supra note 12, 8-9.

17. Mahdi Zamani et al. Cross-Border Payments for Central Bank Digital Currencies via Universal Payment Channels, paragraph 2.3.

18. World Economic Forum, Innovation-Driven Cyber-Risk to Customer Data in Financial Services – White Paper 6 (2017), https://www.weforum.org/whitepapers/innovation-driven-cyber-risk-to-customer-data-in-financial-services.

19. See Mills et al. supra note 3.

20. See Michèle Fink, Blockchain Regulation and Governance in Europe 12-14 (2019). See also Sinclair Davidson, Primavera De Filippi & Jason Potts, Blockchains and the Economic Institutions of Capitalism, 14 J Inst. Econ. 639 (2018) (arguing that blockchain technology is a new governance institution that competes with the other economic institutions of capitalism, ie. businesses, markets, networks, and even governments); Primavera De Filippi & Aaron Wright, Blockchain and the Law: The Rule of Code (2018), AT 55, 136-40 (arguing that the spread of blockchain will lead to technology-based business practices that could induce a loss of importance of centralized authorities, such as government, and urging a more proactive regulatory approach).

21. In practice, payment system resiliency and contingency plans usually limit this risk with hot copies of the ledger at a secondary site of operations.

22. Any server can be manipulated with sufficient computing power and time (even if no other weakness in an encryption system is known to the attackers). See, generally, Jean-Philippe Aumasson, Serious Cryptography: A Practical Introduction to Modern Encryption 10-18, 40-48 (2017).

23. See, eg. De Filippi & Wright, supra note 20, at 33-58; Dirk A Zetzsche, Ross P Buckley & Douglas W Arner, The Distributed Liability of Distributed Ledgers: Legal Risks of Blockchain, 2018 U. ILL. L. REV. 1361, 1372 (2018).

24. See, eg. Anthony J Casey & Anthony Niblett, Self-Driving Contracts, 43 J Corp. L 1, 5 (2017); Joshua Fairfield, Smart Contracts, Bitcoin Bots, and Consumer Protection, 71 Wash. & Lee L Rev. Online 35, 36 (2014); Karen EC Levy, Book-Smart, Not Street-Smart: Blockchain-Based Smart Contracts and The Social Workings of Law, 3 Engaging Sci. Tech. & Soc’y 1 (2017); Kevin Werbach & Nicolas Cornell, Contracts ex Machina, 67 Duke LJ 313 (2017).

25. Financial Stability Board, supra note 1, at 13-14; Committee on Payments and Market Infrastructures, Cross-Border Retail Payments (Feb. 2018), https://www.bis.org/cpmi/publ/d173.htm. This time-related issue is perhaps even worse given that “the lack of common communication or messaging standards across systems often hinders seamless interoperability” (European Central Bank – Bank of Japan, Synchronised Cross-Border Payments (June 2018), https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb.miptopical190604.en.pdf, at 1). For a general overview, see Jon Cunliffe, Cross-border payment systems have been neglected for too long, Financial Times (July 13, 2020), https://www.ft.com/content/a241d7e0-e1de-4812-b214-b350cbb7d046

26. Scott & Gelpern, supra note 13, at 744.

27. The diversification of the front end and the back-end levels is described in Financial Stability Board, supra note 1, at 8.

28. Whereas mainstream countries are “moving towards one common global standard for financial messaging, called ISO 20022. Global adoption of this standard is accelerating with a number of high-value payment market infrastructures already live and more planned to go live by 2023.” (KPMG, A New Standard for Payments (2020), https://home.kpmg/xx/en/home/insights/2020/02/payments-standard.html).

29. The need to accelerate the pace of cross-border payment systems is not, however, a last-minute requirement, as the following contributions testify: Morten Linnemann Bech, Yuuki Shimizu & Paul Wong, The Quest for Speed in Payments, Bis Quarterly Rev. (MARCH 2017), at 57 ff., http://www.bis.org/publ/qtrpdf/r_qt1703g.htm and IBM Launches Blockchain Banking Network to Speed Cross-border Payments, ICT Monitor Worldwide (Oct. 17, 2017).

30. On the general lack of transparency issue, see Cross-Border Interbank Payments and Settlements. Emerging Opportunities for Digital Transformation (Nov. 2018), https://www.mas.gov.sg/-/media/MAS/ProjectUbin/Cross-Border-Interbank-Payments-and-Settlements.pdf, at 13-14.

31. International Monetary Fund, The Central Bank Transparency Code (July 30, 2020), https://www.imf.org/en/Publications/Policy-Papers/Issues/2020/07/29/The-Central-Bank-Transparency-Code-49619.

32. Casper L Van Ginneken, Settlement Of Cross-Border Transactions Through Central Bank Digital Currency (CBDC): Analysis From A Risk Management Perspective (2019), https://essay.utwente.nl/78027/1/Ginneken_MA_BMS.pdf, at 73.

33. Hawala is an informal value transfer system (without money movement) based on the transfer of debt between a network of money brokers (the hawaladars) operating outside of, or parallel to, traditional banking, financial channels, and remittance systems. Hawala is distinguished from other remittance systems by the reliance on trust amidst the brokers that form the Hawala network, rendering it operable even in the absence of legal enforcement. See Gamal Moursi Badr, Islamic Law: Its Relation to Other Legal Systems, (1978) 26:2 Am. J Comp. L 187–198.

34. NS Jamwal, Hawala – The Invisible Financing System of Terrorism, 26 STRATEGIC ANALYSIS 181 (2008); Rachana Pathak, The Obstacles to Regulating the Hawala: A Cultural Norm or a Terrorist Hotbed?, 27 Fordham Int’l L.J. 2015 (2003); Financial Action Task Force, The Role Of Hawala And Other Similar Service Providers In Money Laundering And Terrorist Financing (Paris: Financial Action Task Force, 2013); Patrick M Jost & Harjit Singh Sandhu, The Hawala Alternative Remittance System And Its Role In Money Laundering (Vienna, Va: International Criminal Police Organization, 2000), at 5.

35. Due to trust-based account re-balancing similar to modern correspondent banking, Hawala functions cross border without actually transferring money, yet rather than using capital-based counterparty risk mitigation Hawala relies on a kind of collective liability of all nodes. We will turn back to this particularity which is at the heart of the legal dimension of DLT, infra Part IV.

36. Committee on Payments and Market Infrastructures, Distributed Ledger Technology in Payment, Clearing and Settlement. An Analytical Framework (Feb. 2017), 1.

37. Raphael Auer, Embedded Supervision: How to Build Regulation into Blockchain Finance. BIS Working Papers No. 811 (SEPT. 2019).

38. See Xiaohui Yang & Wenjie Li, A zero-knowledge-proof-based digital identity management scheme in blockchain, 99 Computers & Security 102050 (Dec. 2020) (arguing that a non-interactive zero-knowledge range proof protocol could erase data protection concerns).

39. Societè Generale, Blockchain and Payments: Lessons Learned and Future Prospects, https://www.securities-services.societegenerale.com/en/insights/expert-views/banking/blockchain-and-payments-lessons-learned-and-future-prospects

40. We understand regulators to include financial services agencies, central banks, authorities in charge of enforcing AML/CTF rules and potentially law enforcement authorities.

41. See Zetzsche, Buckley & Arner, supra note 23, 1374-86, 1391-1403; David C Donald & Mahdi H Miraz, Multilateral Transparency For Securities Markets Through DLT, 25 Fordham J Corp. & Fin. L 97 (2020); GFMA Global Fx Division, Considerations Relevant To Initiatives And Developments In Wholesale Fx Settlements (Sept. 2019), at 4-7 (identifying the following categories: liquidity risk, settlement risk (ie. “the risk that one party to a physically settled FX transaction pays out of the currency it sold but does not receive in full, when due, the currency it bought (the counter-currency)), and disruption risk, namely “the impact of the failure of a new technology or new business model on the existing ecosystem”); Jonathan Rosenoer, Hardening The Chain: DLT And Operational Risk Management, 100 Risk Mgmt Association J. 41 (2018); Paech, supra note 12. See also, for the evolution (rectius, increase) of settlement risk, as CLS and PvP share of FX turnover declined, Naveen Mallela, Industry Initiatives on Multi-Currency, Multi-Entity Shared Ledger Infrastructure (Jan. 20, 2021), at 3.

42. Cf. Committee on Payments and Market Infrastructures, supra note 35, 17-19.

43. While no common, predefined governance model for distributed ledgers exist, setups exploit the full range from hierarchy to non-hierarchy, including governance models that some people think are fully decentralized, ie. controlled and influenced by no one. We examine the legal consequences of the choice of a more centralized or decentralized governance infra, at IV. Yet, the law requires that someone (either the ledger as a whole or the nodes separately) fulfils regulatory requirements, and any governance model must provide the answer as to who is responsible for doing so. For further details, see infra, at V.

44. Committee on Payments and Market Infrastructures, Supra Note 37, 19.

45. Société Générale, supra note 38.

46. See Ross P Buckley, Douglas W Arner, Dirk A Zetzsche & Eriks Selga, Techrisk, Singapore J. Legal St. 35 (2020).

47. Marc Hamilton, Blockchain Distributed Ledger Technology: An Introduction and Focus on Smart Contracts, 31 J. Corp. Acct. & Fin. 7 (2020). See also Lyria Bennett Moses, Regulating in the Face of Sociotechnical Change, in The Oxford Handbook of Law, Regulation and Technology (Roger Brownsword, Eloise Scotford & Karen Yeung, Eds.) (Oxford University Press, 2017), section 3 (stating that “regulators need to respond to new technologies, not because they are technological per se, but because they are new and law and regulation need to be changed to align with the new sociotechnical landscape, including new negative features (harms, risks, market failures, inequality, etc.) it presents.”).

48. Committee on Payments and Market Infrastructures, supra note 35, 3 and 10.

49. See Dirk A Zetzsche, Ross P Buckley, Douglas W Arner & Maria Lucia Passador, The Case for a Best Execution Principle in Cross-border Payments (April 26, 2021), University of Luxembourg Law WPS 2021-002, UNSW Law Research Paper No. 21-45, https://ssrn.com/abstract=3834335.

50. Additional details are provided in Zetzsche, Buckley, Arner & Passador, supra note 49.

51. For instance, the Swiss National Bank provides liquidity to market participants via a repo platform operated by Swiss infrastructure provider SIX.

52. See, for instance, the work of the Monetary Authority of Singapore and the work of the BIS Innovation Hub, https://www.bis.org/review/r210427c.html. On project Dunbar, see https://www.bis.org/about/bisih/topics/cbdc/wcbdc.htm

53. See Raphael Auer & Rainer Boehme, The Technology of Retail Central Bank Digital Currency (2020), https://www.bis.org/publ/qtrpdf/r_qt2003j.pdf

54. See Zetzsche, Buckley, Arner & Passador, supra note 49.

55. The central bank balance sheet is a public good; central bank money offers the unique features of settlement finality, liquidity and integrity. See CBDCS: An Opportunity for the Monetary System, BIS Annual Economic Report 2021, at III., 65, 69-72, www.bis.org.

56. The question of interoperability has been discussed under the heading of ‘mCBDC systems’, see Raphael Auer, Codruta Boar, Giulio Cornelli, Jon Frost, Henry Holden & Andreas Wehrli, Cbdcs Beyond Borders: Results from a Survey of Central Banks, BIS Paper No. 116 (June 2021), www.bis.org, at graph 6 and pp. 12 et seq. Yet, as we show in the following, a Central Bank Digital Currency is no prerequisite for running a multi-Central Bank payment system.

57. See Raphael Auer, Codruta Boar, Giulio Cornelli, Jon Frost, Henry Holden & Andreas Wehrli, CBDCS Beyond Borders: Results From A Survey Of Central Banks, BIS Paper No. 116 (June 2021), www.bis.org, at graph 6 and pp. 12 et seq.

58. See https://wakandi.com/

59. See Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU, Article 30 (1) and 44.

60. Linn Anker-Sørensen, Corporate Groups and Shadow Business Practices (Cambridge University Press, Forthcoming 2021).

61. Refinitiv is one of the world’s largest providers of financial markets data and infrastructure, serving over 40,000 institutions in approximately 190 countries. It provides leading data and insights, trading platforms, and open data and technology platforms that connect a thriving global financial markets community – driving performance in trading, investing, asset management, regulatory compliance, market data management, enterprise risk and financial crime fighting. For more information, see www.refinitiv.com

62. Additional information is available at https://www.refinitiv.com/content/dam/marketing/en_us/documents/brochures/world-check-risk-intelligence-brochure.pdf

63. See David Ballaschk & Marcus Härtel, The “amplus” initiative – a modular approach to improving cross-border payments (2021, forthcoming).

64. Yang & Li, supra note 37.

65. Such categorization resembles the country codes used today where certain codes signal the need for additional due diligence.

66. Dirk A Zetzsche, Ross P Buckley & Douglas W Arner, Digital ID and AML/CDD/KYC Utilities for Financial Inclusion, Integrity and Competition, J. Econ. Transformation 133 (2018); Douglas W Arner, Dirk A Zetzsche, Ross P Buckley & Janos Nathan Barberis, The identity challenge in finance: from analogue identity to digitized identification to digital KYC utilities, 20 Eur. Bus. Org. L. Rev. 55 (2019).

67. See https://ventureburn.com/2019/04/ubu-startup-universal-basic-income/

68. Cf. Alexander Bechtel, Agata Ferreira, Jonas Gross & Philipp Sandner, The Future of Payments in a DLT-based European Economy: A Roadmap (Dec. 18, 2020), https://ssrn.com/abstract=3751204; Volodymyr Babich & Gilles Hilary, Blockchain and Other Distributed Ledger Technologies in Operations (Nov. 19, 2018), https://ssrn.com/abstract=3232977

69. We are so far not aware of live interoperability frameworks. However, the joint Dunbar project by the BIS Innovation Hub and the Monetary Authority of Singapore (MAS) moves towards multi-CBDC settlement, including the exploration of a wide variety of governance, implementation, and policy issues.

70. We acknowledge that the multilateral regulatory approaches for regulating Financial Market Infrastructure established by the BIS/CPMI Principles for Financial Market Infrastructure seek to move in the direction of the ledger perspective, yet stop short of going ‘all in’. Even with regard to financial market infrastructure where regulation clearly acknowledges the need for interoperability of many entities as a system, each entity is subject to its own rules and regulations established in its home country, and can thus meet its own compliance requirements, in principle, independent of other system participants.

71. Financial Stability Board, supra note 1, at 12.

72. See Zetzsche, Buckley & Arner, supra note 15.

73. As Aristotle said about children, and Milton Friedman adapted for the overall economy, ‘when everybody owns something, nobody owns it, and nobody has a direct interest in maintaining or improving its condition.’ See Milton & Rose Friedman, Free to Choose – A Personal Statement (Mariner Books, 1990) 24.

74. See, on the original concept, William Forster Lloyd, Two Lectures on the Checks to Population (Oxford University Press, 1833). The concept became widely known after being used by Garrette Hardin, The Tragedy of the Commons, 162 Science 1243 (1968).

75. See Dirk A Zetzsche, Douglas W Arner & Ross P Buckley, Decentralized Finance (DeFi), 6 J. Fin. Reg. 172 (2020).

76. See Eddy Wymeersch, Challenging the Prudential Supervisor: liability versus (regulatory) immunity (Feb. 2003), http://www.law.ugent.be/fli/wps/pdf/WP2003-03.pdf. See also, in the context of Brexit, Matthias Lehmann & Dirk A Zetzsche, Brexit and the Consequences for Commercial and Financial Relations between the EU and the UK, 27 Eur. Bus. L. Rev. 999 (2016), paragraph II.A.

77. Cf. The Conflicts of Laws, JHC. Morris (ED.) (2005), chapters 1-5; Peter Hay, Conflict of Laws (2018) and The Conflict of Laws, Arian Briggs (Ed.) (2019).

78. Committee on Payments and Market Infrastructure, supra note 37, at 16.

79. Financial Stability Board, supra note 1, at 12.

80. Dirk Andreas Zetzsche, Douglas W Arner & Ross P Buckley, Decentralized Finance (DeFi), 6 Journal of Financial Regulation 172 (2020).

81. See Douglas W Arner, Ross P Buckley, Thomas Lammer, Dirk A Zetzsche & Sangita Gazi, Building Regional Payment Systems: Towards a Single Rule Book (2022, forthcoming)..

82. For instance, in the case of the EU where 27 countries of different sizes are tied together under one uniform payment regulation and a payments law directive harmonizing private law, consumers and PSPs benefit from huge costs reductions and depth of crossborder services retained through the European Passport for payment institutions – the most intense form of substituted compliance.

83. While, in principle, a plan of operations is in line with the governance agreement required by Principle 2 of the CPMI-IOSCO Principles for Financial Market Infrastructures, its content and nature may go beyond what is set out in Principle 2. Cf. Principle 2 of the CPMI Principles for Financial Market Infrastructures requires that ‘[a]n FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders.’

84. Inspired by, but modified from, Article 6 draft EU PilotR on DLT market infrastructure. See Dirk A. Zetzsche & Jannik Woxholth, The DLT Sandbox under the EU Pilot Regulation (April 25, 2021). University of Luxembourg Law WPS 2021-001, https://ssrn.com/abstract=3833766 (highlighting that the PilotR Proposal “foresees a regulatory sandbox approach for the European Single Market, offering firms a set of exemptions from EU financial law allowing them to test distributed ledger technologies (DLTs) in certain activities related to trading, clearing, and settlement. Besides offering room for experiment, the PilotR Proposal supports the education of EU regulators about DLTs in this context, which may come to form the basis for foundational changes to EU law”).

85. Including requirements on the fitness and properness of key staff, the requirements to act honestly, fairly and professionally with a view to the best interest of the clients, conflicts of interest rules as well as board and firm-internal governance arrangement (including lines of defence and reporting lines).

86. See eg. in the context of Article 2(a) EU Settlement Finality Directive (SFD): Phoebus Athanassiou, Impact of Digital Innovation on the Processing of Electronic Payments and Contracting: An Overview of Legal Risks 29-30 (October 30, 2017), https://ssrn.com/abstract=3067222

87. London Stock Exchange Group, Response to ESMA Discussion Paper on The Distributed Ledger Technology Applied to Securities Markets (Sept. 2016), 2; See Also Juan A Garay, Aggelos Kiayias & Nikos Leonardos, The Bitcoin Backbone Protocol: Analysis and Applications (Aug.14, 2020), https://eprint.iacr.org/2014/765.pdf, 4-5; and Randy Sams, Bitcoin Blockchain for Distributed Clearing: A Critical Assessment, 4 Capco Institute J. Fin. Transformation 39, 44 (2015) 4, 39-46, at 44.

88. See Athanassiou, supra note 81, at 29-30. For that purpose existing legislation for securities settlement mandates that a CSD or another system participant will assume responsibility for the irrevocability of the transactions. A similar argument applies to crossborder payments with the need to determine the point in time where the accounts of the banks involved are matched and thus settled.

89. For a similar proposal, see CPMI-IOSCO consultative report Application of the Principles for Financial Market Infrastructures (Oct 2021), at 13 et seq

90. Zetzsche, Arner & Buckley, supra note 71.

91. See CPMI-IOSCO Principles For Financial Market Infrastructures (PFMI) (APRIL 2012), at 133, Responsibility E.

92. See Ross P Buckley, Douglas W Arner, Dirk A Zetzsche & Eriks Selga, Special Feature: Techrisk, Singapore J. Legal St. 35 (Mar. 2020).

93. Committee on Payments and Market Infrastructure, supra note 37, at 3.3.4, p. 17.

94. See Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006, Art. (5) ‘payment service provider’ means the categories of payment service provider referred to in Article 1(1) of Directive 2007/64/EC, natural or legal persons benefiting from a waiver pursuant to Article 26 thereof and legal persons benefiting from a waiver pursuant to Article 9 of Directive 2009/110/EC of the European Parliament and of the Council, providing transfer of funds services; (6) ‘intermediary payment service provider’ means a payment service provider that is not the payment service provider of the payer or of the payee and that receives and transmits a transfer of funds on behalf of the payment service provider of the payer or of the payee or of another intermediary payment service provider.

95. See Committee on Payments and Market Infrastructures, supra note 37, at 3.3.5, p. 17; Finck, Ref.

96. Pursuant to Art. 4 (7) GDPR: ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; Pursuant to Art. 4 (8) GDPR ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

97. Australian Entities and the EU General Data Protection Regulation (GDPR) (JUNE 8, 2018), https://www.oaic.gov.au/privacy/guidance-and-advice/australian-entities-and-the-eu-general-data-protection-regulation/. A general comparison is also available at https://insights.comforte.com/12-countries-with-gdpr-like-data-privacy-laws. Cf. Elizabeth Englezos, A new world standard?: Why Australian businesses should be ensuring their compliance with the EU ‘general data protection regulation’, 115 Intellectual Property Forum 39 (2019).

98. See also Elizabeth Englezos, A new world standard?: Why Australian businesses should be ensuring their compliance with the EU ‘general data protection regulation’, 115 Intellectual Property Forum 39 (2019) and Charlie George, Privacy predicaments: How the new EU General Data Protection Regulation (GDPR) affects Australian companies, Mondaq Business Briefing (June 8, 2018).

99. For that purpose, lessons may be learned from the development of harmonized sanctioning in EU financial services law: the first step of harmonizing sanctions comprises defining conduct that is deemed a violation. As second step, regulators could agree on criteria for sanction severity, such as transaction volumes, size of the intermediary etc. The last step comprises a harmonized catalogue of minimum sanctions; yet we acknowledge the difficulty to agree on such catalogue in the absence of harmonized economic parameters and accompanying private law, as sanctions imposed by regulators are often supplemented by private law suits.

100. For our proposal we take inspiration from a similar approach in payment laws. See for instance Article 52 of Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market (‘PSD2’).

101. Our proposal is inspired by Article 6 IV lit. d) and e) of Regulation (EC) No. 593/2008 of the European Parliament and of the Council of 17 June 2008 on the law applicable to contractual obligations (Rome I), providing specialised conflict of law rules for multilateral trading platforms.

102. See Matthias Lehmann, Who Owns Bitcoin? Private Law Facing the Blockchain, 21 Minn. J.L. Sci. & Tech. 93, 124-7 (2019).

103. See, for instance, Regulation (EU) 2015/848 of the European Parliament and of the Council of 20 May 2015 on insolvency proceedings, OJ L 141, 5.6.2015, 19. 111, at Article 7(1).

104. See Articles 1 (2) and 12 of Regulation (EU) 2015/848 of the European Parliament and of the Council of 20 May 2015 on insolvency proceedings, supra note 113.

This working paper benefitted from comments by Douglas Arner, Ross Buckley, Jon Frost, Thomas Lammer, Nadia Manzari, Tara Rice, Takeshi Shirakami, Jannik Woxholth, and participants at the Bank for International Settlements/Committee on Payments and Market Infrastructures (CPMI) conference on “Enhancing cross-border Payments”, March 18, 2021.

The authors are grateful for funding support by the Bank for International Settlements as well as the NORFACE Joint Research programme on Democratic Governance in Turbulent Ages, co-funded by AEI, AKA, DFG, FNR and the European Commission through Horizon 2020, under the Grant Agreement No 822166.

BIS Working Papers are written by members of the Monetary and Economic Department of the Bank for International Settlements, and from time to time by other economists, and are published by the Bank. The papers are on subjects of topical interest and are technical in character. The views expressed in them are those of their authors and not necessarily the views of the BIS.

Translate »