Corda: An Introduction

Announcing the Corda Introductory Whitepaper

The Wall Street Journal had a couple of good pieces this morning that describe some of the work we’re doing at R3 and our vision for the future of financial services.

Project Concord is our codename for the overall vision, with Corda as our underlying distributed ledger software.

I first wrote about Corda back in April and we demonstrated it in public for the first time a few weeks later.  Since then, we’ve been continuing to develop the code base in collaboration with our members, trialling it through an ongoing series of proofs-of-concept, prototypes and more advanced deployments, refining the design and maturing our thinking.

As part of this process, we wanted to share more information with the broader community about what we’re doing.  I’m pleased to announce the release of our first whitepaper on Corda: an introductory, non-technical overview that explains our vision, some design choices and outlines the key concepts underpinning the platform.  We’ll follow this up in the coming months with a more detailed technical whitepaper.

whitepaperThe whitepaper, which you can download here, explains how we set ourselves the challenge of starting with the financial industry’s pain points: duplicated, inconsistent data and business logic and redundant business processes – and asked ourselves if we could apply breakthroughs in distributed ledger and blockchain technology to solve them.

Our conclusion is that distributed ledger and blockchain technology represents a once-in-a-generation opportunity to transform the economics of data management across the financial industry. But there’s a problem because the blockchain and distributed ledger platforms that led us to this exciting moment were never designed to solve the problems of financial institutions and do not meet all our needs: we need tight linkage to the legal domain; we have an obligation to prevent client data being shared inappropriately and so can’t send all transactions to all network participants; we must integrate and interoperate with existing financial infrastructure; and more.

Corda is the outcome of the analysis we did on how to achieve as many of the benefits of distributed ledger and blockchain technology as possible but in a way that is sympathetic to and addresses the needs of regulated financial institutions. Corda is intended to be a contribution to the plurality of technologies that will be adopted in the coming years, one that is targeted specifically and with a laser-focus on the needs of financial institutions.

I hope you find the whitepaper interesting and illuminating and we would love to hear your feedback.



Introducing the R3 Technical Leadership Team

I joined R3 in September as our Chief Technology Officer. Regular readers may have noticed a drop-off in my blogging at precisely the same time.   It turns out that joining a high-profile, fast-growing startup consumes a lot of time..!

In this post, I want to share some early thoughts and to introduce my senior leadership team.  Regular readers of my blog will know that I have thought deeply and written often about the applications of blockchain and distributed ledger technology in finance.  But as I set out on my journey at R3, I tried to imagine myself in a few years, sitting in front of the CIO of one of the world’s largest banks, having a conversation about our project. What would we talk about?  How would I describe what we had built?  How would I explain why we built it one way rather than another?

I figured it would be an extremely difficult conversation if my opening line was: “well… you know….  I built the platform like this because blockchains were cool in 2015”…  No. That simply won’t do.   The rules of engineering and architecture don’t fly out of the window just because somebody pulls out the “shared ledger” trump card.

If we aspire to reduce cost, free up capital, improve controls and enable innovation in finance and beyond, we need to build our vision on more than hype and hope.   So I’ve gone back to basics:   what properties does a technology platform need to possess if it is going to enable the world’s banks – and other firms – to deploy shared platforms to record, manage and report on their contractual agreements with each other and with their customers?   What is the irreducible set of functional requirements we must provide?  What are the non-negotiable non-functional requirements?

So I’ve spent my first few weeks building my leadership team, establishing an Architecture Working Group with our members and developing a detailed view on what a shared ledger for financial firms needs to look like if it’s going to gain widespread adoption and solve real business problems.

In the coming weeks, I’ll share thoughts on these questions.   I’m probably wrong about huge portions of it (I usually am…).  But my strong desire is to have this debate in the open:  just as we’re driving this discussion with our members, we also want to debate this with other practitioners, firms and projects.  Not least, because it’s manifestly obvious that a base “fabric” for the recording of financial events and execution of logic has to be open and if I can persuade you of my vision (or you can persuade me of yours…), perhaps we can work together to drive some standardisation too.  Watch this space.

In the meantime, I’d like to introduce my senior leadership team.

First, I’m delighted to announce that James Carlyle, formerly Chief Engineer at Barclays Personal and Corporate Bank, is joining R3 as our Chief Engineer.  He is almost too-good-to-believe:  he built hugely complex systems for a hugely complex bank, founded two startups and he happens to to be one of the few people I know who can both talk about ethereum and develop for it.

Secondly, I am beyond excited that Mike Hearn has joined us as our Lead Platform Engineer. He brings half a decade of experience of blockchain and cryptocurrency development and over seven years of experience helping run some of Google’s most heavily-trafficked websites.  The combination of deep understanding of blockchain technologies and real-life experience of building rock-solid internet-scale production platforms is truly unmatched in the industry.  And his involvement in the recent bitcoin blocksize debate gives me confidence he can hold his own against a group of very opinionated bank architects…

Thirdly, I would like to welcome Ian Grigg, our Architecture Consultant.   Ian has been building cryptographic ledger platforms for over two decades.  He invented the concept of the “Ricardian Contract”, co-invented the concept of triple-entry accounting and astounds me every day with the experience and perspective he brings to the team.   You would be amazed how many of the concepts in the shared ledger space today can be traced back to Ian’s work.

Fourthly, Tim Swanson joins as our Head of Research. I have to believe there are people in this space who Tim doesn’t know, but I’ve not met one yet.   He teaches me every day that it’s OK to be opinionated, provided you can justify the opinions. And Tim can; his most recent report is a fascinating demonstration. I lean on him heavily for advice and insight and am delighted to have him as a colleague.

They join a fast-growing team, which also includes Jo Lang and Ayoub Naciri, amongst others.


… and what about you? We’re hiring!

We are working on the most interesting and exciting project I can imagine in technology today. We’ll be sharing details of our open roles and how to contact us shortly.   In the interim, if you’re interested in working with us, I’d encourage you to think about a few questions that just might come up in interview…

  • If you were building a system to enable multiple parties to come to consensus about the state of an agreement between them and maintain that in lockstep for the life of that agreement, what are some of the most important non-functional requirements you would want to explore to validate your design?
  • If you were building a shared ledger system between large numbers of regulated financial entities with hugely sophisticated IT infrastructures, what would be your approach to co-existence and integration?
  • What would be your answer to the CIO’s follow-up question? “Tell me… why did you build your shared ledger using a blockchain rather than another technology?”




Think Payment Cards are Insecure? Just Wait Until Push-Payments Hit Primetime…

What Brazil’s Boleto Fraud Tells Us About Bitcoin and other Push Solutions

When I explain to people how payment cards work, they are usually aghast. I point out that when you hand your card to a merchant and sign your name or enter your PIN, you’re authorising them to suck funds out of your account and the only thing that stops somebody draining all your money is trust. The picture below shows the standard “four-party” model for payment cards and I stress that the consumer is merely authorising payment; it’s the merchant and all the other actors who actually move the money.


The Payment Card “Four-Party” Model: Consumers authorise merchants to pull money out of their account.

(Aside: I’ve never understood why this is called the four-party model. I count at least five parties on that picture…)

Online, the problem is more stark: you type your card details, including your CVV2 “secret number on the back” into your browser and hope for the best: you have to trust the merchant, their IT supplier, the acquiring bank, their third-party processor, the card network and your own card issuer – and everybody who works for them and has access to their systems. If a bad guy gets hold of your card details at any point in this process, they could drain your account. The picture below shows the scope of all the entities with access to your critical card information:


Your Primary Account Number – PAN – passes through the hands of pretty much everybody involved in processing the transaction.

It seems mad: why would you spray such sensitive information all over the place willy-nilly? Whoever thought it was a good idea to build the system this way?!  Except… the system works.

Fraud is surprisingly low given the design – and consumers get compensated if something goes wrong. And the design isn’t actually as mad as it seems: how else would you build a consumer payment network in a world where you can’t assume the consumer has a smart device with guaranteed network connectivity?

Payment card networks also have the advantage of decades of experience and refinement. For example, the Payment Card Industry Data Security Standards (PCI-DSS) lay down rules and guidance on how to protect the sensitive card data. The EMV smartcard standards make it harder to clone cards. Issuers have sophisticated heuristics to block suspicious transactions. And forthcoming moves to standardise “tokenisation” (something I should blog about one day) will further mitigate the risk of card details getting into the wrong hands. So an underlying architecture that appears wholly unsuited to the web age has actually been patched up to be good enough (but not perfect – and it still has lots of problems)

The Push Pay Revolution – a better way to do retail payments?

As I’ve written often, there is an entirely different way to design a retail payment system, one where the consumer doesn’t have to trust nearly as many people. I call these sort of payments push payments.  Bitcoin follows this model, as does M-Pesa, iDEAL, ZAPP and the Boleto system in Brazil. The defining characteristic of push-payments is that the consumer is in the driving seat.

With Push, it is the consumer who instructs a payment – from their bank or telco or Bitcoin wallet

This is unlike pull-payments, where the consumer merely authorises the merchant to pull the funds from their account.   The difference may seem subtle but it turns out to be hugely important. The picture to have in mind for push-payments is this one:


Push payments have a very different threat model to pull payments. Now the consumer only has to trust their payment provider and their own device.

In previous articles, I talked about the benefits of push payments in terms of innovation and the reduced need to trust quite so many people.   In this post, I look at one of the downsides: push payments can be compromised in hard-to-detect ways if they are not implemented really carefully.

So what’s the problem with push payments?

First, let’s remind ourselves about what we do have to trust and what we don’t have to trust in the pull world.

In the pull world, the consumer has to trust everybody else – and, as I’ve discussed above, there are various safeguards in place to fix things when they inevitably go wrong. One might argue that the safeguards don’t always work and that they come at a cost. Both arguments are, of course, valid but let’s leave them to one side for now.

In the push world, it’s different. The way it’s supposed to work is like this:

  • Step 1: The merchant “tells” the consumer how much they’d like to be paid and to where the payment should be sent. Examples:
    • With M-Pesa, this is usually done in-person, verbally
    • With Bitcoin, it is either done ad-hoc or via a QR-code displayed by the merchant or via the emerging BIP70

To illustrate the point, here is a picture of me in Shoreditch trying to tell a Bitcoin ATM where to send some Bitcoins I’d bought. On my laptop screen is a QR code that represents my Bitcoin wallet address. Note how it’s me as the Bitcoin receiver who is telling the sender (the ATM) where to send the coins.     In the more common case, where I am paying Bitcoins, this means it is the merchant who has to show the QR code to me. I need to know where to send the money to.


This is me using a QR code on my laptop to tell a Bitcoin ATM where to send my Bitcoins. (The Apple Bitcoin ban was still in force when we took this photo… so I had to use my laptop rather than my iPhone…)

  • Step 2: Once the consumer has the payment request, they use a program or app on their smart device (laptop, smartphone, whatever) to instruct the payment. Examples:
    • An M-Pesa user launches the M-Pesa SIM app and instructs the payment
    • A Bitcoin user pastes the destination address and value into their Bitcoin wallet
    • … or uses their wallet to read the recipient’s QR code
    • … or opens the BIP70 Payment Request with their wallet)

When you put it like this, push payments are obviously superior, right? The consumer is in control, they don’t have to trust all those people and there’s no danger of a rogue agent sucking all their money out of their account!

Not so fast…

The analysis above neglects one small, but rather important, fact: devices get hacked.

In the pull model, the only devices that can get hacked are those inside the “circle of trust” – your plastic card is pretty impregnable.  And as the utterly disastrous Target breach suggests, consumers were made whole when the disaster happened. It was the big firms who messed up who suffered the consequences.  

Yes… I know this is counterintuitive… you must be asking yourselves: “is this guy seriously arguing that the Target disaster is an argument in favour of the current payment card model?!” Obviously, no…. the episode was clearly a catastrophe and it was really, really bad.   But… it did eventually get sorted out and the roll-out of EMV, tokenisation and better enforcement of PCI-DSS should reduce the risks of something similar in the future.   So I raise this merely as prelude to the push scenario.

Now ask yourself what happens if a device gets hacked in the push scenario.  The obvious question is: which device?   Well… the only device in the circle-of-trust this time is the consumer’s smartphone. Uh-oh.

This is the device from which we’re instructing real-time payments, right? The one that could be riddled with malware?

This might have been merely a theoretical risk…. And then the Brazilian Boleto fraud happened.

RSA have a great write-up of a country-scale real-life example of what can go wrong when push-payment systems get breached… and it’s really scary.

The Brazilian Boleto system is very cool.   At core, it is a way for fund requestors (utility firms, etc) to send a payment request to consumers. The request is known as a Boleto and they can be physical or electronic.


A Brazilian Boleto. Think of it as a mainstream equivalent of a Bitcoin BIP70 Payment Request…

The idea is this: the Boleto has details of the payment request and includes details of how much to pay and to where.   This is in coded text format and a bar code… basically, something that a consumer can take and feed into their banking app: scan the code with your mobile banking app, approve and you’re done. Or you could take it to a bank branch. And if you’re online, you could copy and paste the code into your online banking website and achieve the same end.

Except… the RSA paper shows all the ways it can and has gone wrong.

First, there’s a simple problem of authentication. How do you know the Boleto really did come from who it says it’s from?   The RSA paper documents examples of people receiving Boletos via email that look convincingly genuine but which have the fraudster’s payment account details in place of the firm from which they purport to come.

This is a real problem but it’s nothing new… it’s not really any different to fake websites that masquerade as real ones. We solved it in the pull world with SSL certificates and the like for websites. And the Bitcoin Payment Protocol includes the option to use the same PKI system, for precisely these reasons.

However, the RSA paper also discusses another attack – and this one’s scarier.

This second attack comes in the form of malware that runs in the consumer’s browser.   When it sees a document that looks like a Boleto, it silently changes the details that the consumer sees on their screen: the payment details are changed from the genuine recipient to the attacker. So when the consumer copies and pastes the details into their banking app, it’s the attacker’s account they’re sending the money to.

Variations on this theme are included in the paper but they all amount to the same thing: if the consumer’s device is compromised then it’s game over. And you don’t even need to compromise the whole device or get root-access… you just need to compromise the browser in this scenario.

There are various mitigation mechanisms one can implement (e.g. tying the payment instruction to a signed representation of the payment request and so forth) but the underlying problem remains: if you’re using the consumer device to instruct payments, you have an issue if that device is compromised.

Now, this risk is perhaps over-blown: the risks identified here apply equally to standalone mobile banking apps and we happily run these on mobile devices today, albeit with the belief that their bank will bail them out if something goes wrong. (It’s no surprise that banks are big users of technology like IBM Trusteer).

Similarly, Bitcoin users run their wallets on their devices, in the full knowledge that there is nobody who will bail them out if malware runs amok on the device.  

But I think the two-step dance of an end-to-end push payment request/instruction – where the device is responsible for turning the request into the instruction – is something new that needs deeper study.  So I think the Boleto story tells us is that we need to think very hard about things like:

  • User experience: how is the linkage between Step 1 (receive and authenticate request) and Step 2 (populate and instruct payment) executed and communicated to the user? If step 1 is done by a different app to step 2, what is the hand-off? What security assumptions are being msde?
  • Validation and Reconciliation: what work should (can?) the “network” do to validate that a payment instruction purporting to be in response to a payment request, really is traceable to that request?
  • Malware detection systems: what new behaviours should anti-virus and other technologies be looking out for?
  • Wallet providers: which scenarios are you willing and able to protect your consumers against?

It is possible that this is just a variation on the age-old theme that end-point security is hard – but when things like the Boleto fraud happen, we should use it as an opportunity to look at the other systems being built along similar lines and ask: are there any lessons we can learn and apply?

Welcome to Bitcoin Island

Forget currencies and commodities… perhaps the right analogy for Bitcoin is LAND!

Oleg Andreev posted an insightful tweet the other day:

You could argue this is a trivial observation: how else could it work?!  But thinking in terms of ownership and protocols for transfer of ownership is a surprisingly helpful way to think about how the system works.  And that’s because the “protocol of ownership” insight means there is a whole other world of history, tradition and precedent to learn from: land!

Here are some observations to motivate the thought:

  • In the end-state the quantity of Bitcoin will be fixed, just like land.
  • Bitcoin is not perfectly fungible and neither is land
  • Bitcoin is not “consumed” through use – just transformed and transferred. This is similar to land and dissimilar to many commodities, which are consumed (or at least degraded) through use.

OK – not a perfect parallel but let’s go with it for now…. What happens if we think about Bitcoin through the lens of land?

Well, first, it allows us to think about coins that haven’t been mined yet… we can think of them as parcels of land on “Bitcoin Island” that haven’t been released yet:


The “Land Interpretation” of Bitcoin. Think “Bitcoin Island”

Second, it helps us put some intuition behind the concept of the “unspent transaction output”.  These are Bitcoins that have been sent somewhere but not yet themselves been spent.  So the set of all unspent transaction outputs (UTXOs) can be thought of as the latest state of every Bitcoin that has ever been mined.

The UTXO is absolutely crucial to everything in Bitcoin and yet very few people think in these terms, talking instead about misleading terms like “address balances” and so forth.

But the interesting thing is: if we take a “land interpretation” of Bitcoin, then UTXOs have a really simple explanation: they are plots of land! And Bitcoin transactions are simply actions that merge or split these plots of land.

Imagine I own twenty Bitcoins. My Bitcoin wallet software will show a “balance” of twenty. But it’s likely that this balance actually consists of multiple unspent-transaction outputs. Even if I had bought all twenty Bitcoins in one go, it’s likely that the seller merged several smaller UTXOs that added up in total to twenty Bitcoins.    So perhaps I received three plots of “land”: 7 Bitcoins in one, 7 in another and 6 in the third.  My total “holdings” are 20 – but it is formed from three “UTXOs”.

Perhaps my holdings on Bitcoin Island look like this:


We can think of Unspent Transaction Outputs as plots of land on “Bitcoin Island”. Plots A, B, C represent three unspent transaction outputs controlling 20 Bitcoins

And now it’s possible to teach people about Bitcoin transactions without completely confusing them!

Imagine I wanted to buy a second-hand car for 11 of my Bitcoins.  Let’s also imagine that I pay a transaction fee of 1 BTC to keep things simple (a HUGE over-estimate, of course)

I need to do a few things:

  • Step One: I need to prove ownership of the coins I’m trying to spend
  • Step Two: I need to say how the coins are going to be allocated – how many am I sending and to where? 11 to the seller, 8 back to me and 1 for the miner in this case.
  • Step Three: I need to specify what the new “owners” will need to do to prove they do indeed own the coins. In other words, I need to specify what they will need to do in their Step one when they try to spend their coins in the future.

I do this in Bitcoin by issuing a transaction that accomplishes all three steps in one.  Here’s what it might say:

“I own three unspent transaction outputs: A, B and C. In total they represent twenty Bitcoins. Here is my proof I am entitled to spend A.  Here is my proof I am entitled to spend B.  Here is my proof I am entitled to spend C. I hereby reshape my plot into two new plots: one plot 8 units in size, which I call X and a second plot 11 units in size, which I call Y. Whoever mines this transaction can claim the remaining 1 BTC. If you can satisfy the following conditions then you will be considered to own X: … . If you can satisfy the following conditions then you will be considered to own Y: …”

I will set the conditions so that only the seller of the car could satisfy the Y condition and so that only I could satisfy the X condition (that’s my change and I don’t want anybody else spending it!)

The end result is that I have simply rearranged the land holdings:


Transaction outputs A, B, C are now spent, replaced by two new unspent transaction outputs: X and Y.  X is my change, Y now belongs to the car dealer and F goes to the miner.  


But we can go further… we can now have an informed discussion about what “ownership” means in Bitcoin.  When I “send” Bitcoins to somebody, I’m not assigning ownership to an individual.  What I’m actually doing is laying down a condition – and anybody who can satisfy that condition will be considered the owner.

Now, normally, the condition is very simple.  It says something like:

“To spend this output you must prove you know the public key that hashes to the following address: …   And you must prove you own the corresponding private key by issuing a digital signature”.  

That’s what the “OP_DUP OP_HASH160 …” stuff you sometimes see is usually saying.

But the conditions can be far more complex than that…. It’s all down to how you write your transaction.

Where is this going?

OK – so thinking of Bitcoin in terms of land helps us build some intuition around UTXOs, which we can think of as “parcels of land on Bitcoin Island” and we see that Bitcoin transactions are really just a way to merge or split these parcels of land and impose conditions that allow people to assert ownership.

And now things get really interesting.  Because there are all sorts of interesting phenomena that happen with land transactions that we can use to think about Bitcoin problems.


The land analogy works because Bitcoins are not perfectly fungible. Sure – there are projects trying to overcome this but this feels like an arms race between developers and law-enforcement agencies. To the extent that fungibility remains imperfect, what drivers could force different “land parcels” to have different values?

For me, the biggest topic on the horizon for fungibility is “coin tainting”, “whitelisting” and the other schemes intended to “tag” Bitcoin addresses or UTXOs.

I see these schemes as directly analogous to concepts like land “blight” on the one hand and maybe “planning gain” on the other.  For example, if you own a “plot of Bitcoin land” that has been “whitelisted” by an exchange or finance firm such that you can access their services, presumably your “plot” would be worth more than one that didn’t have that property?

It is perhaps no surprise that the fungibility issue is so hot right now.

Mineral Rights and Colored Coins

Two pieces of seemingly identical land can be worth vastly different sums: if one is sitting on oil and the owner has mineral rights, a purchaser will be willing to pay them more for their land than if it didn’t! Perhaps this is a useful analogy for colored coins: two identical Bitcoins can trade for different prices if one of them has been “colored” by a trusted issuer. What are the taxation implications? What happens when projects trying to add coin coloration to Bitcoin conflict with projects trying to create fungibility?

Alt coins

Perhaps Altcoins are just different islands! If there is a Bitcoin Island, then presumably Litecoin has Litecoin Island and Dogecoin has Dogecoin Island?

This interpretation now helps us think more clearly about the role and value of altcoins.   Perhaps the innate characteristic of a currency (faster confirmation? Use of scrypt?) makes the island a more attractive place to live. But if all the infrastructure and population is on Bitcoin Island then these features may not be enough.  Who knows.

Charges and Liens

It is possible to impose conditions on land parcels in many jurisdictions. A mortgage company can prevent sale of land unless the debt is settled and some landowners in the UK have been dismayed to discover that their land ownership came with an expensive obligation to pay for the upkeep of a local church.

In some cases, the obligation is short-lived (e.g. the mortgage charge) but in others, it persists across transactions (e.g. chancel repair liability).    A question I don’t know the answer to is: can you write a Bitcoin transaction that imposes conditions on a UTXO that propagate?  That is: can you write a transaction such that whoever spends the UTXO must impose the same condition on their transaction output?


Of course, the land analogy is imperfect but I do think there is something to it.  If nothing else, the mental image of “Bitcoin Island” with UTXOs being the plots of land feels like a really useful one… it has certainly helped my understanding…



How I explain Bitcoin and Cryptocurrencies to new audiences

I’ve given several informal talks on Bitcoin and cryptocurrencies recently – mostly to mixed audiences of finance and tech professionals, with varying levels of knowledge about Bitcoin.    I’ve found that the structure below has been working well to so I thought I’d share it in case it helps others explain it to their clients, colleagues or friends.

I don’t claim any of the Bitcoin concepts below are mine… just this approach to explaining them.

Bitcoin’s core idea is audacious

I point out that money is weird: it behaves completely differently when you try to spend it in person to when you try to spend it at a distance.   Here’s what I mean:

If you’re physically with somebody, it’s easy to pay them: you just hand over the cash. You don’t need anybody else’s help and you don’t need anybody’s permission.

But if you’re at a distance, you can’t do the same thing: you always need somebody else’s help…. a bank, a remittance firm, a telco….  Somebody has to be there to transmit the value to the other end.   And they get to set the rules, they get to watch and in some parts of the world, they don’t even exist.


The “audacious announcements”: Nakamoto’s announcement email and Bitcoin whitepaper

And then Satoshi Nakamoto’s white-paper came along and said something utterly audacious.  It said that you could transmit value at a distance with no trusted third party. Five years on, that is still a mind-blowing claim. And it’s all the more mind-blowing because it actually works.   If you take nothing else away from one of my talks, take away the realisation of just how audacious this idea is.  

I also point audiences at this IBM Academy of Technology TechNote, which I co-wrote.  It includes a simple analogy for how Bitcoin works under the covers.  But I don’t talk about the details during the presentation – it simply isn’t necessary.

But forget payments… this is all about a platform

I then say that the amazing thing is that this isn’t even the best bit.  The real story is what you can do with it and what it might mean for the world.  I then make the analogy with the World-Wide Web.

I’m just about old enough to remember the world before the web.  I remember dial-up BBSs, TV “Teletext”, the closed-gardens of AOL and Compuserve.      They were all examples of closed “information-exchange systems” and they were all completely blown away by the web, the world’s first internet-scale open platform for information exchange.

It was owned by nobody, nobody needed permission to build on it and we all know what happened next.

Now look at today’s value exchange networks: the card networks, large bank custody networks, domestic net settlement systems, real-time gross settlement systems, remittance networks.   They look similar:  broadly non-interoperable, closed, proprietary.  Sure: there are good reasons for this – security, financial crime prevention and so on — and those who built them surely deserve to earn a return from running them! But the parallels are eerie.


The big VC firms investing in Bitcoin are all making the same bet:  Bitcoin will be the world’s pre-eminent internet-scale open platform for value exchange


So I invite my listeners to ask themselves:  could Bitcoin and the cryptocurrency revolution be the value-transfer equivalent of the HTTP/HTML/Mosaic information-transfer platform?

If so, it’s not difficult to understand why so many people are so focused on this area.    I also point out that this doesn’t mean the existing value-transfer networks will be replaced – but that it could mean we’re going to see disruption.

What are the implications?

I then share ideas with the audience related to their business…. Perhaps how colored coins could teach us how to build next-generation custody systems.  Or how the openness of the network means non-human systems can become economic actors.  Audiences tend to find Mike Hearn’s self-driving taxis quite amusing and I see eyes open wide when I introduce the idea of the “economy of things”, where a fridge has an internet connection and a Bitcoin wallet


We should expect to see innovation in law, retail, banking, custody, …

So where could this be going?

I then end with a claim…. there are surely only three ways this can go:

Scenario 1:  “It’s all a collective hysteria”

Cryptocurrencies could be a huge collective madness – driven by too many geeks with too much time (and cheap capital) on their hands.  Possible. Plausible.  But it ignores the audacious invention of “peer-to-peer value transfer at a distance”.  I consider this scenario unlikely  (Although, as Ken Tindell points out we should – of course – expect a crash and associated disillusionment at some point)     [Edited 2013-3-27]

Scenario 2: “Banks are doomed; sell everything!”

This scenario invites us to believe that Bitcoin could destroy the banks, replace sovereign currencies as we know them and unleash the era of the feudal geek lords.   Yeah, right.

Scenario 3: Coexistence

So we’re left with only one possibility: we’re going to see co-existence.

This would mean that the winners in the finance sector will probably be the fast (or slow) followers – not the early adopters – and we should regard today as analogous to the web in 1994/1995 when thinking about what infrastructure needs to be built…   Indeed, as I argue in my write-up of a recent panel discussion, we should also remember that the transformational impact of the web wasn’t fully felt for another decade – don’t expect the world to  change overnight.

And that’s why I find this so interesting…

[Updated 2014-05-14]

Bitcoin exchanges are more centralised than traditional exchanges. We can do so much better than this.

What The Traditional Financial System Can Teach Us about The MtGox Disaster

Imagine you were an equity trader and used a Stock Exchange to trade between equities and cash and back.  What would happen if they unexpectedly filed for bankruptcy? How much money would you stand to lose? The answer is zero.    You would lose nothing.  Your equities would be safe at your custodian bank and your cash would be wherever you left it.

However, if you were a Bitcoin trader and your Bitcoin exchange went bankrupt, you could have lost everything – as users of Mt.Gox discovered to their cost last week.

How can this be?  Isn’t Bitcoin supposed to be the ultimate decentralized financial system?  Well, yes… the Bitcoin network is decentralized but many of the major players are not.  And, worse, exchanges like Mt.Gox acted as more than just exchanges: they are also the Bitcoin custodian, clearing house and bank.

The diagram below shows the problem.  From the time a buyer deposits cash or a seller deposits Bitcoins, they are utterly dependent on the solvency of that exchange until they withdraw their funds at some later date.  You have counterparty exposure to the exchange for all this time.


Buyers and Sellers have Counterparty exposure to the exchange for an extended period of time

That’s not how it works in the equity world. I wrote about the mechanics in my article on how equities move around the securities settlement system.

The key point of that article is that your shares and cash never go anywhere near the exchange.

Instead, a custodian bank looks after your equities in a segregated account and they usually also hold your cash.  And a Clearing House will step into the middle of the trade to protect you from non-performance by your counterparty. So you don’t even need to worry about the other party going bust. Things would have to be really bad before you stood to lose any money.

For example, when Lehman Brothers defaulted on US$9 trillion notional of Interest Rate Swap derivatives, LCH.Clearnet (a clearing house) resolved the situation with no loss to anybody else at all:

In September 2008, we successfully managed Lehman Brothers’ US$9 trillion interest rate swap default,  comprising over 66,000 trades, by implementing SwapClear’s unique default management process.   

Less than a week after default, market risk had been reduced by 90% by comprehensive hedging and, within  three weeks, the default was fully resolved well within the margin held and at no loss to other market participants.

The diagram below shows what the risk situation looks like when trading equities: at no time are you exposed to the exchange’s solvency and that your risk exposure is with respect to well-capitalised, hopefully well-run clearing houses and custodian banks rather than the exchange itself.


Users of equity exchanges have no exposure to the exchange

Note that you can choose your custodian and you could, by choosing your exchange, also choose your clearing house….   The equity world is more decentralized than the Bitcoin world!

Can We Do Better?

It’s tempting to conclude that Bitcoin exchanges should move to this model.  But I think we can do better.  Perhaps it is possible to leapfrog a stage of evolution. Here’s what I have in mind:

The Bitcoin “multi-signature” feature allows you to “encumber” funds so that they can only be spent with the agreement of more than one party.   So here’s what you could do if you’re a seller of Bitcoins…

Just before you want to sell some coins through an exchange, send them to a new 2-of-3 address that can be spent by any two of the following three entities:

1)   You

2)   The exchange’s “Clearing House”

3)   An “arbiter” that you and the clearing house both trust

Your coins are now encumbered.  They’re locked up until the trade is done and the outcome agreed.

The “clearing house” would be a new concept in the Bitcoin world but it could be quite simple:  it just needs to be an entity that takes temporary custody of the buyer’s fiat payment and, once received, facilitates the transfer of the Bitcoins, before releasing the fiat payment to the seller.    Note that this still means somebody has to be trusted with the fiat funds but it’s not obvious how you would ever escape from that requirement.  And one could imagine, in the future, that a real Bank might step up to perform this function.

Under this model, when you execute a trade, the exchange informs the clearing house and they then manage the processes necessary to settle the trade.

First, the clearing house can request fiat payment from the buyer (if they don’t already have the funds). When the clearing house confirms to you that they have received payment from the buyer, they sign and submit a 2-of-3 transaction to you for co-signature that will release the encumbered Bitcoins to the buyer.

The clearing house will have populated the buyer’s address and signed their part of the transaction.  So if you agree, you co-sign and publish it into the Bitcoin network.  The recipient gets their Bitcoins, the clearing house waits for confirmation and then releases the cash to you.

At no point does the clearing house or exchange have the ability to steal or lose your coins.  And the 2-of-3 address prevents you from running away with the coins. You all need to co-operate.

In the event of a dispute, you can turn to the third-party “arbiter”, who controls the third key, which they can use to co-sign a transaction with whichever party they decide for.  Notice how there could be competition amongst arbiters – you just need an entity that both you and the clearing house trust.

So provided the arbiter is not in collusion with the clearing house (not a given, of course), we have a way of resolving the transaction even in the event of dispute.

Now this is not perfect and it still has points of centralisation… but it’s a big step forward from where we are today.  And notice how it’s simpler than the equity world: there is no need for a dedicated Bitcoin “custodian” service here – the multi-sig feature allows us to do without.  We just need the clearing houses entities, which could be spun out from the existing exchanges as separate legal entities, and a network of arbiters – the one new function.

From a risk perspective, you end up with the diagram below:


Using Multi-Sig transactions as a step towards lower risk (and greater decentralization) for Bitcoin exchanges

 I don’t claim this as an original idea but I think it does have the virtue of being implementable fairly easily (easy for me to say, of course…)

What are the future Bitcoin battlegrounds?

A throwaway remark by Ken Tindell in a conversation with Marc Andreessen and Joseph Weisenthal caught my eye the other day:

It’s a great question:  assume a cryptocurrency like Bitcoin achieves some level of adoption, what happens next? What products and services will be needed? What institutions should we expect to see? Where are the opportunities?

Sadly, that question is just too hard for me.  But I can try answering a different question: what upcoming battles can we foresee that might shape the future landscape?

Here are some thoughts…

What happens when the Banks remember why they exist?

Never Believe What You Read in the Press: People Do Trust Their Bank. Forget this Lesson at your Peril

When I look at an industry, I ask myself: “If it didn’t exist today, would anybody invent it?” It’s instructive to ask that question about retail banks. If I can hold funds on a prepaid debit card, do payments over SMS, get loans from Wonga and invest with Zopa, why do I need a relationship with a bank?

People usually give one of two answers to that question.

The first explanation is to say that Banks exist to facilitate maturity transformation: most people want to borrow long and lend short – and banks are the institutions that meet that demand by taking the other side of the “trade”.  It’s an inherently unstable business but serves a useful purpose so we allow it to exist. Unfortunately, the FinTech revolution and relentless grind of disintermediation makes it look increasingly anachronistic.  So this explanation doesn’t help.

However, there’s an older, simpler model of banking. This model says they exist to look after our stuff.  We deposit our valuables with the bank and they keep them safe.

When I see services like Barclays “CloudIt”, I wonder if we’re seeing a renewed interest in this business model by the banks. And it’s one that could work: despite what they say most people do still trust their banks to look after their stuff. Interest rates on savings are effectively zero and yet people still leave their money with the banks rather than under their matresses or in the stock market. Ignore what people say; look at what they do.

Now look at today’s Bitcoin world. Take me as an example: my Bitcoin holdings are scant yet I barely trust myself to look after them and I’m supposed to be an expert. How is everybody else supposed to manage?  The default solution to this sort of problem is to do what we’ve always done: outsource the problem to specialists.  Today, that might be Coinbase or elliptic or BitGo but if we apply the logic above, would it really be a surprise if banks realized this is also an opportunity for them?

So we can foresee a showdown: what happens if the Banks realize their association with “safekeeping” gives them brand permission to offer Bitcoin wallet services?  Will they create their own offerings? Partner? Acquire?

Who knows… but the point is this: if you assume a valid model for banking is “safekeeping” then Banks could surprise us all and make a claim for a dominant role in Bitcoin’s future.

And I think some people will find that extremely distasteful…

The Mother of All Forks: A Stake Through the Heart of Privacy?

Imagine the banks follow the logic above and they consider offering Bitcoin safekeeping services.  What happens then?  They quickly realize there’s a problem: Anti-Money Laundering and Know Your Customer rules. What do they mean in this world and how do you comply? To be completely safe, they’d want to track your Bitcoin activity closely.

On one level, that’s easy: if they host your wallet, they can see all your Bitcoin transactions.   But they don’t know who you’re transacting with. And they obviously don’t see anything you do with any other wallets.

But they have a way round that: imagine if they said the following:

“We will provide Bitcoin safekeeping services, facilitate the exchange of Bitcoins for sovereign currencies and provide Bitcoin payment services to you provided you agree to identify upon request the identities of any entities with whom you transact. Failure to do so will result in the immediate termination of your account”.

Now, most current Bitcoin users would never sign up to such a condition.  But current users wouldn’t be the target market; the target market would be the mass market… and that is a lot of people.    Now imagine the regulators get involved and insist that Bitcoin exchanges and payment processors insist on similar conditions.

Suddenly, the banking and regulatory sphere has driven a stake through the heart of Hierarchical Deterministic Wallets, Stealth Addresses, CoinJoin and all the rest.  Sure… you can use all those privacy-protecting technologies…. But you just can’t interact with the exchanges or merchants or anybody else in the “real” world.

We could expect a furious backlash and increased focus on decentralized exchanges and other technologies but it’s not hard to imagine a system that is effectively forked: Bitcoins owned by addresses “inside” the system and Bitcoins owned by addresses “outside”.   It’s interesting to imagine which ‘flavour’ of Bitcoin would be worth more…

Robots With Checking Accounts (Silks, Hit the Road?)

If you read the thinking behind projects such as Ethereum, their ambition is stunning:  they foresee whole classes of interaction that today are governed by law that they think can be mapped into code.  What happens to the legal profession in that world?

I don’t think the lawyers need to worry about their jobs just yet, however….  I observed last year that “on the blockchain, nobody knows you’re a fridge”. But  what happens when this becomes a reality?  Is society ready for devices that can initiate and receive financial transactions with their own accounts, accounts to which no human has access?

What does this mean for the legal system? What does “liability” mean in this world? How do you arrest a fridge?

If my fridge detects a design fault in my washing machine and shorts the stock of the manufacturer, is it committing insider trading?


We shouldn’t assume that the best technical solutions will prevail: on “push” versus “pull” payments

I’ve just posted a new piece on the IBM “Insights on Business” platform discussing “push” and “pull” payments.  I point out how push payments, in general, would remove whole classes of threat from the retail payments landscape but that there are some real problems around adoption that may prove insurmountable.

Who will decide the future of retail payments?

Ultimately, we need to remember that consumers actually like their credit cards and most phone-based solutions today are clunky.  So some recent research from Denmark that studied how real people respond to different options is very enlightening.  It’s obvious that we should spend more time thinking about things from users’ perspectives, but difficult to do in reality!

What is the “irreducible core” of Bitcoin?

Or… why is it so hard to come up with a simple, yet accurate, explanation of Bitcoin and its importance?

I am a firm believer in the following rule-of-thumb:

“If you can’t explain something clearly, it means you don’t understand it.”

Put more positively, we could perhaps say:

 “Only when you understand something deeply can you make it sound simple”.

Many of my colleagues will recall situations where I have been almost fanatical in driving for intense clarity of expression. And so it concerns me deeply that there is no good, simple, accurate and comprehensive explanation of Bitcoin that helps people understand what makes it so unique.

Here’s what I mean:  I want a description that doesn’t lead the listener to say:

  • “So how is that different to my electronic bank account?”
  • “So how is that different to airline miles?”
  • “So how is that different to m-pesa?”
  • “So how is that different to Mondex?”
  • “So how is that different to Ripple?”
  • … and so on.

And no cheating is allowed….   You can’t refer to these systems in your description…. Your description has to be so good, it has to be so precise and it has to be so comprehensive that an attentive listener cannot possibly confuse Bitcoin for anything else.  In other words, you need to get to the irreducible core of this bewilderingly complex system.

Here’s a sample of existing explanations that show how hard it is. I typed “What is Bitcoin?” into and clicked on the first five hits:

  • We Use
    • The video is helpful but I’m looking for prose that meets my text above.   The closest we get are three boxes that mention “secure”, “open” and “fair”.  These things may or may not be true but they don’t really explain what’s going on
  • Wikipedia“Bitcoin is a peer-to-peer payment system and digital currency introduced as open source software in 2009 by pseudonymous developer Satoshi Nakamoto”
    • OK – perhaps this is accurate but it doesn’t give me any indication that this could be the most important invention of the last decade and an intelligent reader could legitimately confuse it any number of pre-existing centralized systems.
  • The Washington Post“It’s an electronic cash system that allows online payments to be sent directly from one person to another without going through a financial institution (like a bank) or a third party (like PayPal).”
    • This is actually pretty good.  It brings out the “directness” and uses the word “cash” to evoke the idea of a bearer instrument and finality.  But note that it doesn’t tell me anything about how it works or why it’s so revolutionary.
  • Children’s BBC“Bitcoin is a new type of money that is completely virtual. It’s like an online version of cash.”
    • Pretty good – but limited (I’ll go easy on them given their demographic!)
  •“Bitcoin is an innovative payment network and a new kind of money.”
    • This is true and is probably enough to pique interest – but you have to go over to the FAQ to get this:
    • “Bitcoin is a consensus network that enables a new payment system and a completely digital money. It is the first decentralized peer-to-peer payment network that is powered by its users with no central authority or middlemen. From a user perspective, Bitcoin is pretty much like cash for the Internet. Bitcoin can also be seen as the most prominent triple entry bookkeeping system in existence.”

Of all these descriptions, I like the last one the best from the perspective of technical accuracy but it focuses only on the “payment” use-case.    For day-to-day usage, I think the Children’s BBC or maybe Washington Post versions are also pretty good.

But did you notice how many concepts were packed into these descriptions, how much knowledge they assumed and how none of them really explained why this was so revolutionary?

I think this is because there are really three independent concepts all competing for attention at the same time and we need to step back to unpack them.

The world’s first internet-scale decentralized platform for value exchange

First, Bitcoin is the world’s first true system of digital cash, which allows peer-to-peer value exchange over the internet with no reliance on third parties.   This is the key feature of Bitcoin as a currency and payment system and explains most of the current infrastructure build-out.

 … implemented on a decentralized global asset register…

Secondly, Bitcoin works because it is based on a new concept: decentralized global asset registers.

Decentralised global asset registers are also an entirely new invention. They can be used to register and transfer ownership of any digital asset.

It is this that people are talking about when they say things like “currency is just the first application” for the Bitcoin platform.

… which is a decentralized consensus system

However, the story doesn’t stop here.  There’s a third element: how do these asset registers work?   They work because of a third breakthrough: the invention of “decentralized consensus systems”.  That is: internet-scale systems that can reach and maintain a common state without the involvement of any third party and in the presence of malignant adversaries.   This is a breathtaking breakthrough in computer science; we should expect to see the most forward-looking computer science schools undertaking active research in this space.

Putting it all together

“Bitcoin is the world’s first system of digital cash, which allows peer-to-peer value transfer over the internet with no reliance on third parties.  It is built on a new invention, the decentralized global asset register. This global asset register is the world’s first decentralized consensus system.”

I’m still working to refine this description, but I think it’s getting close…  although it’s very technical and not suitable for everybody.

Digital Scarcity

Or, at least, I thought was getting close until I listened to this wonderfully informative interview of Adam Back by Andreas M. Antonopoulos on the “Let’s Talk Bitcoin” PodCast.

Adam invented “Hashcash”, the inspiration for Bitcoin’s mining function and contributed to the years of experimentation and prototyping that ultimately led to Bitcoin’s invention.

In the PodCast, he used an interesting phrase.  He described the idea of “digital scarcity”.  That is:  how to create a system that allows you to make objects in the digital world “scarce”.  The obvious intuition here is to think of .mp3 files.  If I email one to you, it hasn’t been transferred, it has been duplicated and is no longer scarce.  We know what happened to the recorded music industry when this happened on an industrial scale.   Back’s concept, thus, is the problem of how to enable transfer without duplication.  Clearly, this property is key to making Bitcoin work and Back’s phrase captures it perfectly: “digital scarcity”.

So, my challenge is to consider how to update my “three concept” model to incorporate this key idea: “digital scarcity”.

Perhaps Digital Scarcity is the irreducible essence….

Is this the single concept that captures what makes Bitcoin so utterly unlike anything that came before?

A Simple Explanation of How Shares Move Around the Securities Settlement System

I explained here how money moves around the banking system and how the Bitcoin system causes us to revisit our assumptions about what a payment system must look like. In this post, I turn my attention to securities settlement: if I sell some shares to you, how do they actually move from my account to yours? What is actually “moving”? What do I mean by “account”? Who is involved? What are the moving parts? 

I have argued for some time that the Bitcoin system is best regarded as a global, decentralized asset register and that some of the assets it could register, track and transfer could be securities (stocks and bonds). In this post, I go back to basics to explain what actually happens behind the scenes today and use that to think through the implications should schemes such as or MasterCoin gain traction. I’ve discussed these systems in a couple of articles here (coloured coins) and here (MasterCoin).

As in the previous article, my focus is on imparting understanding by telling a story and building up a narrative.  This means some of the precise details may be simplified. So please don’t build a securities settlement system for your client using this article as your guide!

First, let’s establish some common ground.

Here are the simplifying assumptions I’m going to make:

  • I’m going to invent a fictional company called MegaCorp
  • I’m going to assume we start back in the days when certificates were in paper form. I’ll move to electronic systems later in the article but I think it helps first to think about paper – it helps us keep track of what’s really going on
  • I’m going to rewrite history to suit the story. If you’re a historian of finance, this article is not for you!
  • Finally, I’m going to assume that MegaCorp already exists, has issued shares and that they are in the hands of a large number of individuals, banks and other firms.  I’m going to assume you’re one of these owners. How these shares were issued would be a fascinating story itself but there isn’t space here to talk about corporate finance, IPOs and all the rest. Google it: “primary market” activity is a really interesting area of investment banking.

So let’s get started. You own some MegaCorp shares and you want to sell them.

Selling shares if everything was paper-based

So… you own some shares in MegaCorp and you have a piece of paper that proves it: a share certificate. You’d like to sell those shares. Now you have a problem. How do you find somebody who is willing to buy them from you?

I guess you could put an advert in the paper or maybe walk around town wearing a sandwich board proclaiming your desire to sell.  But it’s not ideal.

Figure 1 - buyerseller

Figure 1 The fundamental problem: how does a seller find a buyer or a buyer find a seller?

The obvious answer is that it would all be so much easier if there were a place – a venue where people commonly in the business of buying and selling shares could get together and find each other.  Happily, there are and we call such places stock exchanges. In the early days, they were simply coffee houses or under a Buttonwood tree in trading centres such as London. Over time, they became formalized. But the idea is the same: concentrate buyers and sellers in one place to maximize the chance of matching them with each other.

This adds a new box to our diagram: the stock exchange.

Figure 2 - exchange

Figure 2 A stock exchange brings buyers and sellers together to help them execute trades

There are still some problems, however. What if you’re just an occasional buyer or seller? Do you really want to have to trek to London or New York every time you want to buy or sell? And as an out-of-towner, do you really think you’d get a good deal from the locals who spend all their time there? You’d be completely out of your depth.  So you’d probably value the services of an intermediary – somebody who could go to the exchange on your behalf and get you the best deal they could. We call these people stockbrokers (or just brokers).  An example for retail investors may be Charles Schwab. An example for, say, pension funds might be Deutsche Bank or Morgan Stanley.

Figure 3 brokers

Figure 3 Brokers act on behalf of buyers and sellers

You’ll notice that “stock exchange” has become “stock exchange(s)”: this reflects the reality that there could be multiple venues you could visit to trade a particular share.  This creates opportunities for arbitrage (the price may be different at each venue) but we’ll ignore this from now on.

Now this works fine if there is lots of trade in MegaCorp shares: when my broker tries to sell, there will probably be somebody else who wants to buy.  But what happens if there are no buyers just then? Does that mean the share is worthless? Clearly not. So there’s an opportunity to somebody to make a living taking a bit of risk by buying and selling shares on their own account. Whereas a broker is acting in an agency capacity, this new person would make money from their wits: buying low and selling high with their own money. We call these people market-makers – since they literally create a market in the shares in which they specialize. We call firms like Goldman Sachs and Morgan Stanley broker-dealers because some of their subsidiaries engage in both broking and market-making in various markets.

Figure 4 market makers

Figure 4 Market-makers buy and sell shares on their own account, creating liquidity

Guess what: we still have problems! Remember: I’ve asked my broker to sell my shares for me but imagine they succeed.  Then what? We now have the tricky problem of settlement.  Remember: we’re still in the days of paper-based certificates.  So my broker has just sold my MegaCorp shares. Well… the buyer is going to want the certificate pretty soon.  And I would quite like the cash.

Now… I could just trust my broker.  I could leave the paper certificate in their hands and ask them to take receipt of the cash when the buyer’s broker hands over their cash.  But that means placing a lot of trust in that individual. And remember: I chose the broker because they could navigate the rough and tumble of the stock exchange, not because I trusted their book-keeping skills!

Worse, what happens if MegaCorp issues a dividend while the share certificate is in the hands of the broker? Do they really have the ability or inclination to collect the divident, allocate it to my account and report to me about this in a timely manner? Perhaps, but probably not.

But we still have the need for somebody to keep the certificate safe and to be on hand to give it to the purchaser if a sale takes place. It’s just that the skills needed by this person are completely different to those needed by the broker.  The broker needs to be able to negotiate the best price for me. But the person who looks after my certificate needs to be good with accounts, book-keeping, reporting and security.  After all, I’m trusting them with the safekeeping of my share certificate: it’s in their custody.  So we call these people custodians. Examples include State Street and Northern Trust, as well as divisions of Citi and HSBC, etc.

Figure 5 custodians

Figure 5 Custodians are responsible for the safekeeping of shares

So now, when my broker finds a willing buyer at the exchange, they can tell my custodian to expect to receive cash from the buyer’s custodian and to send the certificate to the buyer’s custodian when this happens.

And while the share certificate is sitting at the custodian, they can deal with all the tedious things that can happen to a share during its life: dividends, stock-splits, voting, …  It’s as if the shares need regular attention, like an old car that needs constant servicing: so we call this business the business of securities servicing.  The picture above shows a line from the buyer/seller to their custodians, because the custodian is working on their behalf. However, retail investors will probably not be aware of this relationship as their brokerage will manage the relationship on their behalf.

So… what have we achieved?  I can lodge my share certificate with a custodian, instruct my broker to sell the shares on my behalf by finding a willing buyer at a stock exchange and wait for the cash to arrive. We’re done!

Erm… not so fast.  There are still several problems.    The first becomes obvious when you think about how the picture I’ve described would work in practice. You have loads of brokers shouting at each other, making trades all the time. It would be completely chaotic yet, somehow, we need to get to a point where the buying and selling brokers agree completely on the details of the trade they just did and have communicated matching settlement instructions perfectly to the two custodians so they can settle the trade.  That’s not going to be easy.

In reality, there’s quite some work that must be done post-trade to get it to the point where it can be settled (matching, maybe netting, agreement of settlement details, agreeing on time and place of settlement, etc, etc).  We call this process clearing. (I wrote previously about a real-life example of spontaneous clearing at the world’s first-ever open-outcry Bitcoin exchange.)

And there’s a second, more subtle, problem: how does my broker know that the person they’re selling to is good for the cash? And how does the buyer know that my broker can lay their hands on the shares? In the model I’ve just described, they don’t.  Now, perhaps that’s not a problem: after all, smart custodians are only going to exchange shares and cash at the same time.  But it’s still problematic: sure… if the buyer turns out not to have the cash, I still have my shares… but I wanted to sell them! And the price may drop before I can find a replacement buyer.

A clearing house is intended to solve both these problems. Here’s how: after a trade is matched (both sides agree on the details), the information is sent to the clearing house by the exchange. And here’s the trick: as well as orchestrating the clearing process and getting everything ready for settlement, the clearing house does something clever: it steps into the middle of the trade.  In effect, it tears up the trade and creates two new ones in its place: it becomes my buyer and it becomes the seller to the buyer.  In this way, I have no exposure to the buyer: if they turn out to be a fraud, it’s now the clearing house’s problem.  And the ultimate seller has no exposure to me: if I turn out to be a fraud, the buyer still gets their shares (the clearing house will go into the market and buy them from somebody else if it really has to).  We call this “stepping in” process novation and say that the clearing house is acting as a central counterparty if it performs this service. As an example, the London Stock Exchange uses LCH.Clearnet Ltd as its clearing house.

Of course, this amazing service comes at a price: they charge a fee and, more importantly, impose strict rules on who can be a clearing member of the exchange and how they should be run. In this way, the clearing house acts as a policeman, ensuring only people and firms with a good track record and deep resources are allowed to participate. (I’ll leave to one side whether this privileging of one group over another is a net good or bad!)

So we can update our picture again:

Figure 6 clearing house

Figure 6 A clearing house manages the post-trade process of getting to a point where settlement can take place and often also acts as a central counterparty

We’re almost there… but there are still some loose ends.  To see why, consider this from MegaCorp’s perspective.  We’ve been talking about buying and selling their shares and this all happens without any involvement from them at all.  That’s fine in most circumstances but it does cause problems from time to time. Specifically, what happens when the company issues a dividend or wants its shareholders to vote on something?  How does it know who its shareholders are?  Imagine it knew I was a shareholder.  What happens after I’ve sold the shares using the system above to somebody else? How does the company get to hear about the new owner?

Enter yet another player: the registrar (UK) or share transfer agent (US). These companies work on behalf of the company and are responsible for maintaining a register of shareholders and keeping it up to date. If the company pays a dividend, these companies are responsible for distributing it.  They rely on one of the participants in the process to tell them about share transfer. An example of a registrar in the UK would be Equiniti.

Figure 7 registrar

Figure 7 A registrar (or stock transfer agent) keeps track of who owns a company’s shares on behalf of the company

Now, I assumed up front that we were using paper certificates. And it’s amazing how far you can go in the description without needing to bring IT into the narrative at all.  But, clearly, paper certificates are a complete pain.  They can get lost, you have to move them around, you have to reissue them if the company does a stock split, etc.  It would clearly be easier if they were electronic.

For any given custodian, it’s not a problem: they can just set up an IT book-keeping system to keep track of the share certificates under their safekeeping.  And this can work well:  imagine if the seller of a share uses the same custodian as the buyer: if the custodian is electronic, no paper needs to move at all! The custodian can just update its electronic records to reflect the new owner.  But it doesn’t work if the buyer and seller use different custodians: you’d still need to move paper between them in this case.

So this raises an interesting possibility: what if we had a “custodian to the custodians”?  If the custodians could deposit their paper certificates with a trusted third party, then they could transfer shares between each other simply by asking this “custodian to the custodians” to update its electronic records and we’d never need to move paper again!

And that’s what we have.  We call these organisations central securities depositories.  In the early days, they were just that: a depository where the share certificates were placed in exchange for an equivalent entry on the electronic register. The shares were, in effect, immobilized at the CSD.  Over time, people gained trust in the system and agreed that there really wasn’t any need for paper certificates at all… so we moved from immobilization to dematerialization.  The UK’s CSD is Euroclear (CREST).

This completes our picture (and notice how it is the CSD who informs the registrar when shares change hands… left as an exercise to a reader is thinking through what happens if shares change hands within the same custodian and what it means for the granularity of the data held by registrars):

Figure 8 csd

Figure 8 A CSD acts as the “custodian to the custodians”

This picture also introduces regulators, governments and taxation authorities, for completeness. However, I don’t discuss them here. I also don’t discuss what happens if you’re trading shares cross-border.

So now we have the full story: if I want to sell some MegaCorp shares, here’s what happens:

  • My shares start off in the account of my broker, who uses a custodian for safekeeping
  • The broker executes a sale at an exchange
  • The clearing house establishes everybody’s respective liabilities, steps in as central counterparty and orchestrates the settlement process
  • The buyer’s and seller’s custodians exchange shares for cash (“Delivery versus Payment”), utilizing the CSD if shares need to move between custodians as a result. Assuming so, the company’s registrar is informed.
  • Somebody probably has to pay some tax J

You’ll notice many parallels with the global payments system: lots of intermediaries and lots of specialists – all of them there for a reason but imposing costs nonetheless.

Now, I said I would use this narrative to discuss what it could mean for Bitcoin “colored coins”.  I think there are two key concepts that can help us think through workable models: risk and the meaning of settlement.


Consider the picture above: what risks are you exposed to as an investor? Ideally, if you buy shares in MegaCorp, the only risks you want to be exposed to are those associated with MegaCorp itself, realized through changes in share price or dividend payments. So, the ideal state is when you just face this market risk.  And that’s broadly what the system above delivers: by depositing your shares in a custodian bank, which should keep them in a segregated account at the CSD, you’re protected even if the custodian goes bust: your shares are not considered part of the custodian bank’s assets. So the only risk you’re exposed to beyond the market risk (which you want) is operational risk that the custodian makes a mistake. (I’ll ignore cash here but note that it’s typically not protected in the same way)

Now, when we look at “colored coin” share representation schemes, we see there is the notion of a colored coin “issuer”: somebody who asserts that a given set of coins represents a particular number of shares in a particular company.  So now we have a big question: who is this somebody?  This matters because if the “somebody” reneges on their promise or goes bust, you’ve lost your shares.

Now, if a colored coin scheme were “grafted on” to today’s system, it could work quite well if done right.  Imagine a firm wanted to offer colored coins representing 100 MegaCorp shares. They could open a custody account, fund it with 100 MegaCorp shares as “backing” and we’d be done: such firms could perhaps compete on the completeness of their transparency.  However, owners of colored MegaCorp coins would have counterparty exposure to this firm, which means the risk profile would be different (worse?) than if they simply owned coins in a regular custody account.

Interestingly, you can’t overcome the problem entirely by having a custodian bank be the issuer because it’s not obvious to me that a coloured MegaCorp coin issued by a custodian bank is the same as a segregated share for the purposes of bankruptcy protection: you’d presumably also need a legal opinion – and I am not a lawyer!

Bottom line: there is work to do for those developing these schemes.

However, there is one intriguing possibility with this approach: think through what happens if MegaCorp themselves were to issue colored coins representing their shares. Any analysis of counterparty risk becomes moot: if MegaCorp went bust, you’d lose your money regardless of how your shares were held!  Perhaps this is the future?  (Note also that I’m not discussing here precisely why anybody would want to issue – or buy – coloured coins! I’ll leave that to others)

Do you actually want settlement?

However, there’s another way of looking at this: you don’t have to own a share to enjoy the benefits of ownership. Contracts for Difference (or, more generally, Equity Swaps) allow you to enjoy the losses or gains from owning a stock without actually owning it. They are, instead, contracts, with a counterparty, in which the counterparty pays (or receives) cash that matches the gain or loss in the share price (and payment of dividends).   Now, the counterparty often hedges their risk by buying the shares – but that becomes their problem, not yours. So this gives you all the benefits of owning the stock without having to go through the pain of actually taking delivery. It also has tax advantages in some jurisdictions.

The downside is that you take on counterparty risk to the party issuing the CFD: if they go bust while you’re in the money, you’re out of luck.  But we’ve already established that there could well be quite considerable counterparty risk with colored coins in any case. So perhaps this is the right model.  I don’t yet have a view on which will prevail but hopefully laying out how today’s system is constructed will help others think this through more clearly.

I’ll end with one final observation: the issuance is the easy part.. but somebody still has to do the servicing.  But notice how this is much easier if you use a technology such as the Block Chain: there’s no need for the arbitrary distinctions between custodian, CSD and registrar:  the issuer can see immediately which addresses own their coins and to whom they should send messages or dividends.  Similarly, the peer-to-peer nature of Bitcoin means the hierarchy of custodians and CSDs could possibly be collapsed.

I know many people think blockchain technology could be hugely disruptive for the world’s banks but I look at it another way: I believe there are huge opportunities for those financial firms that really take the time to study this space.

[Final comment: a reminder to readers that this is my personal blog and the opinions are mine alone… I don’t speak on behalf of my employer]

[Update – 2014-01-07 – One question I failed to address above is precisely why anybody would want to settle share trades using a coloured coin scheme! I think there are two possible answers:

1) if settlement can be effected over the blockchain, the cost potentially reduces to the fee of the Bitcoin transaction in simple cases

2) if opens up the potential for custodians, CSDs and registrars/stock transfer agents to innovate their business models in a new way: do they still need to be separate entities, for example? Further, would ‘regular’ companies see value in becoming their own issuers, etc?

However, I’m not convinced this approach does anything to reduce risk – the challenge would be how to build a system with risk as good as what we have today. ]