The Cayman Islands has a large stake here. As one of the world’s leading offshore financial centres, home to approximately 70% of the world’s offshore investment funds and with an absence of any direct taxation on companies or individuals, Cayman is well placed to become an attractive destination for technology entrepreneurs. Cayman’s ambition to become a global leader in financial technologies (FinTech) is also supported by a sound legal framework, modern infrastructure, state of the art communications systems and a stable political climate.
Cayman now has an opportunity to realise the benefits of blockchain technology in real terms as the new era of technology-based financial services gains traction.
Conventional databases comprise a single ledger that forms a definitive record of all transactions that have taken place. A central administrator is then responsible for ensuring that this ledger is maintained, kept up to date and secure. Blockchain – or distributed ledger technology – replaces the centralised transaction database with a decentralised, distributed digital ledger where each and every transaction flowing through it is independently verified. In this way, the record of any single transaction cannot be altered without alteration of all subsequent transactions or “blocks” that are chained across the entire distributed ledger.
Taking a simple example, let’s assume we have a network comprising three participants, A, B and C. If A wants to send money to B, the request is represented as a “block”. That block is then broadcast to every participant on the network and those participants – here, A, B and C – must each approve that the transaction is valid to allow the “block” to be added to the chain. Once the new block is approved and added to the chain, the money moves from A to B and the transaction is completed. The chain provides an immutable record of the transaction between A and B and of all previous transactions between A, B and C.
A blockchain network can therefore operate securely without the need for any central administrator and the technology can work for almost every type of transaction. The technology is even more appealing as a possible replacement for existing processes which are largely manual, labour-intensive and paper-based but require sensitive information to be transferred and stored in a secure manner, for example KYC processes for identifying new clients. Its potential uses are almost limitless.
The technology also brings unprecedented security benefits. Hacking attacks that commonly impact large centralised intermediaries like banks are almost impossible on the blockchain. If someone wanted to hack into a particular block in a blockchain, a hacker would not only need to hack into that specific block, but all of the preceding blocks going back the entire history of that chain and they would need to do it on every ledger in the network, simultaneously.
The Government of Estonia, a pioneer in the implementation of blockchain technology, now uses blockchain to secure and validate identity management, e-voting and electronic health records. Another first-adopter of blockchain is the Government of Singapore. The Monetary Authority of Singapore has already successfully
completed a proof-of-concept pilot to explore the use of blockchain for interbank payments to simplify the payment process, reduce the time taken for transactions, enhance transparency and system resilience and reduce the cost of long-term record keeping.
Despite its decentralised approach, blockchain still requires a set of common rules by which all participants operate in order to ensure its accuracy and trustworthiness. Blockchain ledgers can be “permissioned” private ledgers or “unpermissioned” public ledgers. Permissioned ledgers are operated by a group of trusted or vetted participants who together agree rules on matters such as who gets access to the ledgers, what data is stored in the ledgers, what security protocols apply and whether or not a new block of information is true and accurate. Unpermissioned ledgers, on the other hand, may be open to everyone.
Due to the anonymous nature of participants in some blockchain applications, it is sometimes seen as being associated with issues of money laundering and the sale of illegal goods, and as supporting the ransomware payment model – as in the case of the recent “WannaCrypt” cyber-attack that crippled organisations across the globe.
Financial and banking stability and consumer protection are the key objectives for all regulatory authorities, but to date, authorities around the world have issued little in the way of regulatory guidance or control principles. In addition, the decentralised and cross-border nature of blockchain platforms makes the regulatory issues even more complicated. This leads to questions about which activities should be regulated, how activities should be regulated and by whom they should be regulated.
Regulatory concerns can be allayed in part by using a permissioned ledger and putting in place a governance structure among participants to deliver proper notification to customers through an agreed mechanism. The blockchain platform could also agree a set of rules and policies to be followed by all participants and then share these with customers and regulators.
Blockchain as a Data Protection Solution
Cayman’s new Data Protection Law is drafted around a framework of privacy principles to ensure that personal data collected in Cayman is properly stored, kept no longer than necessary, and used only for the purpose for which it is collected. One of the major benefits of blockchain technology is its immutability, meaning the data stored on the chain cannot be altered or deleted. This could also create a problem, because in theory there could be no “right to be forgotten” in the context of blockchain. However, personal data can be kept off blockchain ledgers altogether by replacing the data with an encrypted reference to the data – a “hash”. These hashes or digital fingerprints prove that data did exist at a certain date, but without the data itself appearing on the chain.
Encryption controls limiting the accessibility of personal data hashed in the blockchain is a viable solution for data protection compliance. While encrypted personal data may still qualify as personal data under the new Data Protection Law as long as the holder of the data possesses the encryption key, if the keys will only be made available in circumstances dictated by the individual data subject, then it is difficult to see the objection from a data protection perspective.
A Leading Role for Cayman
While much of Cayman’s financial services legislation was written before the FinTech revolution began, recent years have seen the Cayman Islands take a number of legal and regulatory steps to make the Islands a jurisdiction that will allow FinTech innovation to thrive. Recent reforms have seen Cayman’s intellectual property laws updated and the establishment of a Special Economic Zone (SEZ) allowing technology companies to benefit from specific advantages such as fast-tracked work permit applications for relocating employees. As FinTech solutions tend to be data driven, the enactment of Cayman’s Data Protection Law is seen by many as the final piece in the legislative jigsaw puzzle to enable the FinTech revolution to take hold in Cayman.
One way for Cayman to take a leading role in the fast moving FinTech sector would be to demonstrate success with an initial, modestly aimed blockchain proposal, perhaps between a number of local banks and with regulatory oversight in a “sandbox” structure. This would give Cayman the opportunity to gain experience and learn from a close evaluation of blockchain technology as a business tool and further improve Cayman’s standing in what is an increasingly competitive field of innovation.
With technological innovation transforming businesses, markets and everyday life and with a burgeoning technology and FinTech community in the Cayman Islands, Appleby has led the way amongst the offshore firms by launching a dedicated Technology and Cyber team that sits within the corporate group. Supporting clients across a broad range of emerging technologies the team advises on privacy, data protection and related cybersecurity issues, FinTech, digital business, e-commerce, media and telecoms. The Cayman team is closely integrated with Appleby’s global Technology and Cyber Group and so benefits from a wider team of market-leading lawyers who are at the forefront of policy developments in Europe and elsewhere.