Three Predictions For The Year Ahead In Digital Finance

Trust takes centre-stage, DeFi meets CeFi, and CBDC proponents put up or shut up.

It’s fair to say the permissionless crypto world seemed to do all the running in the blockchain space in 2021. But that doesn’t mean those of us working to bring advanced cryptographic techniques to the world of business were resting.

Indeed, and despite the ongoing challenges of the pandemic, 2021 was a year of significant progress for the digitisation of capital markets. 2022 will be another unprecedented year in financial technology – and the following three trends look set to continue reshaping the landscape for market participants, governments, regulators, and infrastructure providers over the next 12 months.

1. The quest for trust will dominate the digital realm

We never think about it in our day to day lives but the ability to develop trust in each other in the real world is what has, uniquely, unleashed humanity’s potential. Trust is the cornerstone of human civilisation.

And as more of our personal and professional lives move into the digital realm, the sheer lack of trust in the digital realm is a trillion-dollar problem the industry must tackle in 2022.

Trust allows us to do things that would be almost impossible if we had to verify everything for ourselves. Can you imagine, for example, aviation if you couldn’t trust the airline’s safety engineers? And how often have you relied on a trusted brand when searching for a meal in an unfamiliar location? Imagine if you had to check the ingredients yourself before tucking in! Put simply: if we can trust, we don’t have to verify. 


How would commercial enterprises ever have extended beyond immediate family if we had no mechanisms to develop trust in strangers? Ultimately, trust is the fundamental enabler of trade. And trade is what creates wealth. This is why I say trust is the basis of civilisation. In short, the fact humans can develop trust in each other explains the dazzling opportunities, wealth and living standards so many of us can enjoy. But consider how little trust exists in the digital realm.

In the early days of the web, you had no way of knowing if your browser really was talking to the company you thought it was. So, eCommerce and online banking struggled to take off. But the advent of the browser padlock – literally creating trust that you are connected to who you think you are – unleashed trillions of dollars of opportunity. Until recently, firms doing business with each other had no way of knowing if they had the same records. And so they wasted staggering amounts of money reconciling with each other. Blockchains are solving this problem by literally creating trust that “I know what I see is what you see.”

But there is so much further to go – and this is where the tech industry must focus its attention in 2022 and beyond. For example, when you send information to a third party, you have no technological way to know what they will do with your information. So you have to spend a fortune on ‘data scrubbing’ or audits… or, more likely, you don’t share sensitive data at all. It’s mind-blowing to imagine how many opportunities to create new value or serve customers better are squandered because we can’t trust how our information will be processed when it’s in somebody else’s hands. 

One day we will look back in awe at how much we managed to achieve in the digital realm when the levels of digital trust were so low. But things are changing: trust technology is now here. The convergence of blockchains, confidential computing, and applied cryptography is happening, and firms are applying this to massively increase the levels of trust that exist within and between firms of all sizes operating in the digital realm.

The delivery of trust to all realms of our digital lives will drive the next wave of human advancement – and it begins today.

2. The lines between DeFi and CeFi will continue to blur

Interest in decentralised finance, or ‘DeFi’, is booming in the technology world, and last year that interest peaked. The term has invited enthusiasm, skepticism and curiosity, in equal measure. But I have little doubt that the technology could be host to a number of exciting applications (assuming the grown-ups in that space can out-run the grifters). At its core, DeFi rests upon the central principle of disintermediation, and this could have many benefits – namely, democratisation of finance. 

But let’s not get ahead of ourselves. The idea that DeFi is ready to replace the existing, centralised or traditional financial system, or ‘CeFi’, is wildly overstated, especially at a time when governments are increasingly favourable to regulated financial markets and institutions. 

However, and at the same time, we’re already seeing incumbent financial firms and market infrastructures adopting some of the insights and breakthroughs from the decentralised world – for example DTCC’s Ion work and the Swiss Digital Exchange, SDX – so we can imagine these two trends coming together and reinforcing each other in 2022: DeFi will mature and co-exist with the financial services ecosystem we have come to know and trust as it, in turn, evolves.

3. CBDCs will move even closer to real-world deployment

2022 will be the year that CBDCs gain clear, policy-led direction and guidance. We’ll find out if any central bank is bold enough to launch a true digital equivalent to cash. CBDCs at both the wholesale and retail level are now being explored by countries all over the world, to different extents. Riksbank has been working on its ‘e-krona’ in Sweden for some time now, for example.

One of CBDCs’ usages that have received less attention until very recently is their use in cross-border settlements. In December, Project Jura successfully settled a “real-life” transfer of securities and cash between France and Switzerland with a wholesale CBDC.

2022 will be a year of real maturation for CBDCs. They are now understood by jurisdictions and this year, policymakers will get off the fence and tell us: will we as citizens be allowed to make digital payments with the same freedom we can make them in the real world? Yes or no? We’ll get an answer in 2022 and that will unlock everything – as we will then know what we need to go and build.


Tagged : / / /

Think Your Data Is Secure? Think Again.

The Pegasus exposé highlights the urgent need for ‘defence in depth’

The Pegasus Project – a collaborative exposé by more than 80 journalists from across the globe – is a timely wakeup call for any business that thinks its data is secure. Because the frightening reality is: it’s not.

The project revealed how a piece of spyware called Pegasus, originally developed for military and law enforcement usage, can exploit iPhones and Android devices to take control of a user’s phone. No one was off limits – a list of around 50,000 victims has been published, including politicians, heads of state, business executives, activists, royal family members, journalists and more.

No piece of technology, no matter how expensive or sophisticated, is truly secure and this project is the final proof, should it ever have been needed.

Despite billions of dollars spent by Apple and Google and all the top-flight engineers they have working for them, it’s still almost impossible to write bug-free code that a determined attacker can’t break in to. All they can really do is set the bar so high that it’s only firms like Pegasus’s creator, NSO, who can reliably pull this sort of thing off at scale and for a sustained period.

So, if you’re a company processing sensitive data, how would you rate your own software engineers and security architects? Are they better than those at Apple and Google? If so, perhaps you have nothing to worry about. But, if not, how do you sleep at night? If they can’t get this stuff right, how on earth will your teams?


Picking the locks of iOS and Android

Any firm that writes software, from Apple and Google down knows their software has flaws and that bad people are trying to find and exploit them. So the good firms are constantly trying to find and fix these holes in their software before anybody else discovers them. But software firms are also always shipping new features and versions of their products, which means they’re usually creating new security holes just as quickly as they’re fixing the old ones.

So the ‘bad guys’ have lots of opportunities to find these problems quicker than the vendors themselves. And if you’re a talented software engineer who’s good at finding these sorts of problems, you can sell the information you discover to firms like NSO, who will then upgrade their hacking tools so they can exploit the hole.

A good way to think about it is to imagine many different manufacturers of padlocks. Clever people are constantly trying to figure out how to pick the locks. And firms like NSO are in the business of selling a ‘Lock Picker’s Toolkit’ – lots of little spanners and wires and needles and who knows what else. Each time they discover another way to break into a particular type of padlock, they add an extra little tool to their toolkit and announce to their customers that their product is now even better for breaking locks.

Pegasus ultimately shows that, in the software world, if an adversary is sufficiently motivated, they will get in. And the Pegasus Project is just one in a string of recent high-profile data security breaches – just look at the Colonial Pipeline hack earlier this year or the SolarWinds hack last year. No one is immune.

The solution: defence in depth

So, if Apple and Google’s best software can get hacked – and sensitive data extracted this easily – how do you possibly think your business data is safe?

Data is like oil: depending on your viewpoint, it’s either your most valuable asset, or merely one leak from total disaster. Either way you need to use every tool available to you to create ‘defence in depth’ to stop it getting out.

But don’t despair. You may not have the resources of Apple. But there’s still hope.

The answer is to do two things. First, take advantage of protections that already exist. Don’t leave your back door wide open. Sounds obvious but it’s amazing how many mainstream security techniques are simply ignored by most firms.

Secondly, ensure you have depth to your defences. Multiple lines, not one. Yes: any given security technique might have lots of gaps, just like how you can see through the holes in a slice of swiss cheese. But if you layer enough slices of swiss cheese on top of each other, eventually the light is blocked.

What this means in practical terms is that you need to be taking advantage of every layer of protection already available. If you’re not, you’re a sitting duck.

But you should also be rolling out new protections as they emerge, especially if a new option implements an entirely novel technique. After all, there’s a reason why doctors don’t get too excited when a new ‘me-too’ version of an existing drug comes onto the market but get very excited indeed when an entirely new class of drug is discovered for a serious disease!

And that latter point is extremely important. We already have lots of tools for improving the security posture of firms, and competition between vendors in those categories means the bar is constantly being raised, but improvements within an existing category is usually incremental at best.

But you get a step-change in capability when an entirely new approach comes onto the scene. And the rapidly maturing field of Confidential Computing provides just that. As such, it represents an extremely promising new defence.

This new technology lets you run applications that prevent anybody from tampering with them or seeing things they shouldn’t – not even you, the operator. That might seem a bit odd the first time you read it. Why would you voluntarily give up the ability to see what information your applications are processing?

Well, the answer is: if the data your applications are processing is encrypted even from you and even when it’s being processed then even if an attacker did get through all your other lines of defence, all they’d be able to steal would be encrypted data that they didn’t have a key to decrypt it with!

And what makes this even more powerful is that applications secured by Confidential Computing can cryptographically prove to their users that their data is encrypted in this way, with a proof that is provided by the physical hardware that is doing the computations. So your customers can be enlisted as an extra set of eyes and ears in the fight against the attackers.

If you’re a business providing services to a customer, you can use this technology to convince them what your service will do with their data, before they’ve even sent it. They no longer have to trust you; they can verify for themselves. That’s the essence of confidential computing, and it’s a game-changer. It helps your customers build trust that you will protect your data, and it provides you with another layer in your defences against the hackers.

Until now, there’s been no good way to technologically control what happens to that data once it leaves your premises. And so data has, all too often, been shared between companies with scarily lax control over how it is protected. You didn’t need to be a world-class hacker to take advantage of this sort of opportunity. And confidential computing is a way to close down that line of attack.

A recent proof-of-concept from the insurance industry puts this into context. Using this technology, a group of innovative companies are enabling insurers to pool claims across their institutions and improve detection of so-called “double dipping” claims where fraudsters claim an event with multiple institutions. Confidential computing is facilitating this advance by enabling competing insurers to share sensitive information with confidence that it cannot be revealed to competitors or violate privacy laws and other regulations.

Indeed, this technology may be one of those rare examples of a security tool that also enables new business opportunities, in this case by making it possible to pool data that would otherwise be ‘too hot’ to share.

Confidential computing is a once-in-a-generation innovation in data security, and a new line of defence against the virtual Lock Picker’s Toolkit offered by the likes of NSO and many others. If you don’t have the resources of a software giant such as Apple or Google, you probably can’t afford to buy the world’s most expensive padlocks. But the next best option is to use every technology at your disposal – including the newest ones as they emerge – to ensure you have as many different types of padlocks as you can get your hands on. This is defence in depth.


Tagged : / / / / / /

Forget “don’t Be Evil.” The Real Opportunity Is “CAN’T Be Evil”

Apple’s self-serving privacy crusade against Facebook is pure genius. And it’s a playbook that could work in your industry too

Apple’s recently-launched iOS 14.5 disabled the ability of ad networks to track you. Just like that.

Well, OK… not just like that. But not far off.

Apple has very cleverly positioned this as a triumph for the individual over the faceless corporation: Facebook and other major app developers like Foursquare or Activision Blizzard will no longer have such unfettered access to your data. You, the individual, are back in control. Apple is fighting the good fight.

Hmm. Maybe.

There’s another analysis of this situation we can make. One that is rooted in hard-headed competitive strategy. And an emerging technology, known as ‘Confidential Computing’, could hold the key to executing the same strategy against the incumbents in your industry.

The reality is that Apple has identified something profound: many of their competitors’ business models are utterly dependent on unfettered access to your data. And Apple’s is not.


So if Apple can restrict advertisers’ access to data, it fundamentally weakens key competitors… and it makes Apple look like the good guys. Win-win! If you’re Apple, that is.

Now, Apple is hardly a random challenger, pluckily seeking to take on the incumbents. It just happens to have noticed that its competitors’ biggest asset – their access to your personal data – can be ruthlessly turned into their greatest weakness.

But this idea – turning your competitors’ data from an asset into a liability – could be far more broadly applicable.

For example, in many information-centric markets, the biggest players are often little more than data warehouses with some custom analytics and long customer lists. You’re never going to peel off their customers one-by-one. But can you turn their privileged access to that database against them?

Or perhaps you’re looking at online marketplaces and would quite like your fair share of those juicy commissions that flow whether prices go up or down? After all, sometimes it seems like all they do is match buyers to sellers, and yet somehow end up owning huge amounts of market data that they then sell back to their customers. Can you make their privileged market position a competitive disadvantage for them?

What do these examples have in common?

Answer: these businesses are all fundamentally built on aggregating data from multiple parties who are hesitant to share data with one another directly, and processing it to create additional value.

And, because they are incumbents, they’re running on tech stacks designed for a world before data privacy became a ‘thing’. They have huge databases full of customer data, which means they are only ever one ‘fat finger’ error from a data breach that makes the front page of all the newspapers.

Deep in their hearts, these data aggregators know that their access to all this data has gone from being an asset to a liability. And most of them are terrified.

The supposedly impregnable incumbents are actually trapped. Their business models and systems architectures are on the wrong side of an unstoppable industry trend towards privacy-first computation. The very things that made them so successful and powerful – their huge customer data sets – are now the things that could bring them down. It would only take one rogue employee. One catastrophic hack.

It’s almost tragic: these firms have reached the pinnacle of success by asking their customers to trust them with their most precious information. And it now turns out that ‘trust’ is not enough. 

It’s no longer enough to promise that you ‘won’t be evil.’  You need to be able to prove that you or anybody with access to your systems simply can’t be evil.

And this is because there’s a new technological sheriff in town that means it’s even possible to contemplate such a thing. It goes by the boring name of ‘Confidential Computing’ but it promises something transformational. The firms who master it won’t need to beg their customers’ trust. They’ll be able to prove they’ve earned it instead. And those who find themselves on the wrong side of this trend won’t know what hit them.

Quick Explainer: if you search ‘Confidential Computing’ you can’t be blamed if you get confused very quickly: the technology industry is its own worst enemy when it comes to explaining new concepts! So here’s what you need to know right now: this new technology lets you run applications that prevent anybody from tampering with them or seeing things they shouldn’t – not even you, the operator. And – this is the key part – these applications can cryptographically prove this to their users, with a proof that is provided by the physical hardware that is doing the computations. If you’re providing services to a customer, you can use this technology to convince them beyond doubt what your service will do with their data, before they’ve even sent it. They no longer have to trust you; they can verify for themselves. That’s the essence of confidential computing, and it’s a game-changer.

But what does this have to do with ‘David versus Goliath’ competitive strategy? How can this strange new technology give aspiring upstarts a chance to dethrone powerful incumbents in existing markets?

The answer rests on how Confidential Computing enables solutions that can prove to users how their data will be processed, who can see it, and what they can do with it. No longer do users simply have to hope, pray and trust. They can audit and inspect it for themselves! It’s a fundamental step forward in computer and data security.

We will look back on 2021 in astonishment.

We will be appalled that firms shared information with each other without any technological enforcements over how that data will be used. We will be aghast that firms could freely assemble vast data sets of other people’s information, where only paper contracts and ‘folk memory’ constrained what could happen to it.

Confidential computing, and related techniques such as Fully Homomorphic Encryption and Zero Knowledge Proofs are going to blow through the halls of today’s industry incumbents like a storm they haven’t seen before.

So, if you’re a challenger seeking to take on one of these profitable service providers, whose business has been built on handling and processing other people’s data, then this is your moment. And if you’re a senior leader at an incumbent, the clock is ticking, but there’s still time.

If you’re a challenger, you can construct services that analyse your customers’ data without your staff needing to have access to it. You can build products where your customers can easily pool their data together for matching, analysis or any other purpose, all whilst verifying technologically exactly what you can – and cannot – do with it. And once these solutions begin to roll out, the world will change in the blink of an eye: once customers – and regulators – see that this new privacy-first architecture is possible, they will begin to demand it.

Just as Apple doesn’t need direct access to detailed customer records to succeed, neither do you if you build a solution using privacy-preserving techniques. And just as Apple can use that to hammer Facebook into the ground, you can do the same to the incumbents in your target market.

And if you are one of those incumbents, don’t sit there waiting for the steam roller. Instead, drive the change you know is coming.

Confidential Computing is here today. The wave is about to hit!


Tagged : / / /

No Slam Dunk For Plaintiffs In NBA Top Shot Moments Class Action Lawsuit

As if on cue, just as we were bidding adieu to a wave of class action lawsuits stemming from the initial coin offering (ICO) boom of 2017-2018, we see a class action complaint based on allegations that certain NFTs (non fungible tokens) are actually unregistered securities.

The lawsuit was filed against Dapper Labs, Inc and Roham Gharegozlou, the founder and Chief Executive Officer of Dapper Labs, in New York State’s trial court, making them the first defendants in what could turn into an onslaught of lawsuits brought against issuers of NFTs. The gravamen of the complaint is that NBA Top Shot Moments — which are a type of NFT —  are securities, which the defendants “promoted, offered and sold” in violation of federal securities laws.

The plaintiffs assert that Dapper Labs teamed up with the NBA and the NBA Players Association to launch NBA Top Shot. NBA Top Shot Moments depict video clips of highlights from NBA games. The NFTs exist on the Flow blockchain, created by Dapper Labs.  NBA Top Shot sells digital packs of Moments, the prices of which vary based on scarcity. Moments can also be purchased in the Marketplace created by Dapper Labs, where buyers and sellers of Moments come together.

Unlike other lawsuits concerning whether certain digital assets violate U.S. securities laws, this one stands out because it involves the purchase of something that can be considered a collectible. 

But before diving into the question of whether a collectible can also be a security, there are several other items to consider:

First, why didn’t the plaintiffs sue the NBA and the NBA Players Association? Certainly, the NBA has deep pockets. So why not include them as defendants?


Second, the plaintiffs chose to file their lawsuit in New York state court as opposed to federal court. Why sue in state court when the plaintiffs’ claims are based on allegations of violations of federal law? This is particularly perplexing given the novelty of the claims alleged. That is, these claims involving digital assets on a blockchain will likely raise issues of first impression. Why not file in the court best able to address these issues of first impression? 

Daniel Alter, partner at Yankwitt LLP, and former General Counsel at New York State Department of Financial Services, notes that bringing the lawsuit in state court could be problematic from the perspective of developing consistent law. He explains that New York State Courts construing state securities law have a long history of defining securities very broadly. He suggests, “this could take the Howey test in new directions,” which could be helpful to the plaintiffs.

David Silver, founder of the Silver Miller law firm, expects that the defendants will move to dismiss for jurisdictional reasons. He says, “the nexus between the NFTs and New York is questionable as the complaint is written right now.”

Third, the plaintiffs do not allege that the defendants promoted the NFTs as an investment. To the contrary, the plaintiffs concede that in their Service Terms of Use,  the defendants required users to agree that they “are using NFTs primarily as objects of play and not for investment or speculative purposes.” Nonetheless, they allege that Moments were sold with the expectation of profit, and quote both an investor, and a former SEC regulator to buttress their assessment: 

“The reality is that the growing fanatical NBA Top Shot database is all about the investment, speculation and appreciation of the Top Shot NFTs and the NBA Top Shot Marketplace. . . .”

Silver notes that “quotes by third parties to substantiate claims against a defendant are always tricky. The preference is always to directly quote the defendant” which was not done here.

So, the question comes down to whether Moments are more like digital Beanie Babies (which gave rise to the Beanie Baby craze of the 1990s ). Or, are they more like the bank certificates of deposit (CDs) in the seminal case, Gary Plastic Packaging Corp. v. Merrill Lynch, where the Court found that a broker dealer’s scheme to market high-yielding bank CDs to their clients satisfied the Howey test.

In Gary Plastics, the defendants marketed negotiable, insured, and liquid CDs that they had purchased from various banks. In their marketing materials, the broker dealer promised to monitor the creditworthiness of the issuing banks and maintain a secondary market to guarantee purchasers liquidity.

The Second Circuit’s Howey analysis found that the plaintiff had invested $1,200,000 in the CDs offered by the broker dealer, that the broker dealer had engaged in a common enterprise by investigating issuers, and marketing and creating a secondary market for the CDs, and, finally, that the plaintiff expected profits solely from the efforts of the broker dealer. Accordingly, the Court found that the CDs were investment contracts and, thus, securities.   

Here, however, the defendants did not promote or market the Moments as an investment. They expressly disclaimed that the Moments were being sold for investment purposes.

Alter observes that a key component of Gary Plastics was the fact that the broker dealer created and maintained the sole marketplace for trading the CDs. Alter emphasizes that the broker dealer’s oversight and maintenance of the marketplace transformed a non-security into an investment contract. In essence, it was the CDs combined with the program that constituted a security.  

And that’s the nub of it. 

Are the plaintiffs here investors within the meaning of Howey, or are they mere collectors? Have the defendants simply provided basketball enthusiasts with an opportunity to purchase collectibles in the form of a video clip. Or, did they knowingly offer the plaintiffs an investment opportunity by creating and maintaining a marketplace for their Moments. 

Lewis Cohen, co-founder of blockchain-focused boutique law firm, DLx Law noted, “Dapper Labs appear to have been extremely cautious with their marketing of Moments, but they may be a victim of their own success. In a torrid market for non-security assets like their Top Shot Moments, it is inevitable that some buyers will seek a speculative profit, hoping to ride the coattails of the seller’s hot product. If this is the new standard for ‘investment contracts’ there are many other businesses out there that should start worrying.”  

Alter has a different take, insisting the defendants’ disclaimer may not be a silver bullet. He warns Gary Plastics could be a serious threat.


Tagged : / / / /

New York State Department Of Financial Services Taps Enforcement Attorney To Lead Research And Innovation Division

Is the New York State Department of Finance (DFS) gearing up for enforcement actions in the crypto space? 

In the last couple of months, Debra Brookes was quietly installed in the newly created position of Deputy Virtual Currency Chief in the DFS Research and Innovation Division. Before joining the DFS more than eight years ago, Brookes was a federal prosecutor who led and participated in complex white-collar investigations which, according to her LinkedIn profile, resulted in over 70 guilty individual and corporate guilty pleas and millions of dollars in fines and restitution. 

Prior to assuming her role in the Research and Innovation Division, Brookes held leadership positions in three different DFS divisions, each of which possessing enforcement and investigatory authority: Financial Frauds and Consumer Protection Division, Enforcement Division, and Consumer Protection and Financial Enforcement Division.

DFS is the primary regulator for all state-licensed and state-chartered banks, credit unions, and mortgage bankers and brokers.The Department also oversees all the money transmitters, and virtual currency businesses operating in New York.

In 2015, the DFS implemented the restrictive BitLicense, which sent innovators in the FinTech space scurrying from the State. Since that time, DFS has sought to lure them back with inviting rhetoric and innovative initiatives. 

Last summer, the DFS enacted the Conditional BitLicense to enable virtual currency companies to do business in New York with fewer obstacles and less expense. This past October, PayPal PYPL became the first entity to receive the Conditional BitLicense.


At that time, DFS Superintendent Linda A. Lacewell said that “DFS will continue to encourage and support financial service providers to operate, grow, remain and expand in New York and work with innovators to enable them to  germinate and test their ideas, for a dynamic and forward looking financial services sector . . . .”

As of this writing, the number of crypto companies overseen by the DFS that operate in the State has swelled to 30.

Does having a career enforcement regulator helming the DFS Research and Innovation Division suggest that the DFS may be seeking investigations over innovations. Perhaps, but perhaps not. After all, Valerie Szczepanik who leads the Securities and Exchange Commission’s Strategic Hub for Innovation and Financial Technology came from a background in enforcement, and she’s been an outspoken and active participant in the crypto space, inviting companies to share their technology and vision, and offering guidance to ensure compliance. 

So, the jury’s out on this one. Only time will tell. Fingers crossed.


Tagged : / / /

A Dummies Guide To Insurance Fraud

How an obscure new technology is giving the bad guys a headache

The (not so) perfect crime

Imagine, purely hypothetically of course, that you were a crook. Perhaps you’re one of those people who would rather earn an easy living than an honest one. If you can steal money and not get caught, perhaps your first instinct is to ask yourself ‘why not?!’

I jest, of course. I’m sure this doesn’t describe you in any way. But pretend, for a moment, that it did.

What if I were to tell you there was a sure-fire, can’t-lose way to steal thousands of dollars from big insurance companies. Better still, what if I were to tell you this scam is so foolproof that the insurance companies might not ever even know they’d been defrauded?

Here’s the scam.

Go out and buy a car. It doesn’t need to be flash but it needs to be worth something. Maybe pay $10,000 or so for it? 

Try not to fall in love with it, however, as the car isn’t going to make it to the end of this story in one piece.

But, first, open up your laptop and find the web sites for some big insurers. Take out a comprehensive policy for the car with the first insurer you find. Maybe the policy costs $500? Doesn’t matter… you’re going to make enough back to cover this. And then some.


Now switch to the next tab in your browser. And take out a comprehensive policy for the car with this insurer. Another $500, another policy. Now switch to the third tab, and the fourth. And the fifth and the sixth. (See where this is going yet…?)

Don’t stop until you’ve taken out ten policies for this vehicle.

Cost to date? $10,000 for the car, and maybe $5,000 for the insurance policies. $15,000 in all.

Remember I told you not to get emotionally attached to the car?

Well, that’s because – you guessed it – the car is about to meet with an “unfortunate” accident…  This is your big chance… this is your chance to prove you have it in you to be bad. I bet nobody thought you’d go through with it when you told them you were changing career and joining the ‘alternative’ economy, did they? Well now you can show them.

You see… you now need to go crash this car so badly that it’s a write-off. And it needs to be convincing. This has to look like a genuine accident. You need to really go for it! And, please, try to be creative.

Done it? Good for you! How does it feel to have embarked on your life of crime? Exciting? A little bit wild? You’re probably getting a taste for it by now…!

Assuming you’ve managed to do the deed, then it’s plain sailing from here….

File ten identical claims on the ten policies you took out with those ten insurers. Assume they each pay out maybe $8,000? That means you’ll receive payouts for $80,000 total. Subtract your $15,000 costs, and you just made sixty five thousand dollars for one day’s (well, maybe night’s) work!

This is no time for amateurs

Now, there’s the teensy little problem that this is highly illegal.

And there’s the ever-so-slightly bigger problem that convincingly staging a fake car accident is really quite hard.

And that latter problem may actually be the show stopper for your budding career in crime. Insurers aren’t stupid. They’re wise to amateurs thinking they know what they’re doing. So, hopefully, you read down this far before trying this little scam! If you’re foolish enough to try it, you’ll very quickly find yourself in court.

But there are highly experienced, professional gangs who know exactly how to pull this sort of thing off. And they cost the insurance industry a LOT of money.

Why is it so hard to prevent this sort of fraud?

You’d think it would be an easy problem to solve. After all, each insurer in this story is processing a claim for the same vehicle! And each car has a unique identity: literally, a Vehicle Identification Number (VIN).

So why can’t the insurers check with each other? It would be infeasible for the claims handlers to manually call up their counterparts at all the other insurers each time they received a claim (imagine how many calls that would be each day!) But nothing stops the insurers setting up a centralised ‘claims database’ that could spot this sort of fraud in an instant, right?

Well… it turns out there is something stopping them from doing this in some jurisdictions: data privacy rules and commercial sensitivity.

To see why, imagine you had to build such a database. How would you do it?

You’d need some way of detecting when the same VIN was being processed in a claim by more than one insurer. And to do that you’d need to keep track of all claims currently being processed. After all, how would know a second claim was indeed a second claim if you didn’t know about the first?!

So you’d need to build a system that knew about all vehicles that were the subjects of active or recent claims with all insurers. Only then could you scan the database looking for duplicates, which would be evidence of possible fraudulent ‘multiple claims.’

In other words, this is a problem with a simple – almost trivial! – technical solution. But the solution is really difficult to implement owing to the amount of data – some of it personal – that would need to be aggregated in one place, by one party. There is the obvious personal privacy issue, but also a commercial one: who would the insurers trust to have all this information? Anybody who could see all the information could deduce pretty much anything about the underwriting policies and standards of every participating insurer.

We could give up at this point – as most insurers in most markets have done – and deal with the scam through other, more indirect, means. 

Can we bring together the data we need, without sacrificing privacy or commercial secrecy?

But we could also ask ourselves a question. Imagine, for a moment, that we could wave a magic wand. What would it take to make this central database viable? What would its designers need to promise to make it acceptable from a commercial and privacy perspective?

The answer is: the operator would need to be able to prove two things to the insurers who participated in the scheme.

First, they would need to prove that the only thing the claims data could be used for is identifying duplicate claims. If they could provide that proof, it would allay the insurers’ commercial fears.

And, secondly, they would need to prove that nobody – not even the operator of the service – could see any of the underlying claims data. If a claim turns out not to be a duplicate, nobody outside the insurer handling that claim should ever be able to see that record. And if it does turn out to be a duplicate, then only the insurers concerned should learn about it. Nobody else. Not even the operator of the service.

If – and it’s a big if, of course – it were possible to build a service that could make those promises (and keep them!), it would kill this form of fraud dead. And the system itself wouldn’t be that hard to build – and could be up and running in no time.

So the billion dollar question is: can you build a system that can make those promises?

The answer – surprisingly – is yes!

Confidential Computing lets us reimagine the ‘art of the possible’ for data pooling services

An obscure – but rapidly maturing – technology known as ‘Confidential Computing’ enables precisely this. Confidential Computing utilises hardware cryptography from companies such as Intel to protect data even when it’s in use. Applications written with this technology can technologically prove to their users what algorithms will run on their data, and that the underlying data will never be visible to the operator of the service.

And using this technology to solve the insurance duplicate fraud problem is not theoretical. A firm called IntellectEU have built it! The solution is called ClaimShare and the first pool of insurers to use it is being assembled.

However, it turns out that Confidential Computing applications can be exceedingly difficult to write. So how has IntellectEU been able to build ClaimShare so quickly and without having to train an army of hardware cryptographers? 

The answer is that they are building ClaimShare using a ‘software development kit’ that is purpose-built to make it easy and quick to write confidential computing applications without having to understand the underlying hardware.

I know about this project because IntellectEU are using my firm’s product, Conclave, but there are, of course, other platforms seeking to do the same thing.

And that’s really the main message of this post. Confidential Computing allows us to imagine a future where owners of sensitive data can be absolutely sure how it will be used when they send it for processing elsewhere. But it is the new generation of confidential computing ‘software development kits’ that are going to unlock the power of this technology at scale.


Tagged : / / /

What Will The Ripple Effect Be In The Crypto Space?

It would appear that the initial coin offering (ICO) class action ship has sailed (without a lot of damage suffered by the defendants), but with some pretty interesting takeaways to consider. 

Last year, I wrote about the 11 class actions that were filed in the Southern District of New York against four crypto-asset exchanges and seven digital token issuers. 

The gist of those cases was that the defendants offered and sold unregistered securities in violation of state and federal securities laws. The alleged activities that gave rise to the complaints took place in 2017 and 2018. The defendants offered several grounds for dismissal, including that the claims were time-barred due to the one-year statute of limitations on claims arising from issuing and selling unregistered securities.  

In the last few months, two of the lawsuits (Bibox and BProtocol Foundation (Bancor)) were dismissed, while five others (Quantstamp, Status Research, Civic Technologies, HDR Global Trading (Bitmex), and Kaydex (Kyber Network)) were voluntarily dismissed. The remaining four cases (Binance, Kucoin, Tron, and BlockOne) are working their way through the legal system.  As an aside, the plaintiff in the Bibox case moved for reconsideration of the dismissal of their state law claims on the grounds that their state statute of limitations can be extended for plaintiffs who are ignorant of the law, and the court recently set a briefing schedule on that motion for reconsideration.  

Kayvan Sadeghi, a litigation partner at Schiff Hardin, who represented defendants in one of cases that was voluntarily dismissed, explains that in the two cases that were dismissed, the plaintiffs sought to extend the statute of limitations by alleging that they couldn’t have known the token was a security before April 3, 2019, the date on which the Framework for Investment Contract Analysis of Digital Assets was issued by staff at the Securities and Exchange Commission (SEC). But the courts didn’t buy it.  


“Ultimately, it came down to the statute of limitations issue,” Sadeghi offers. In the two cases that were dismissed, the court ruled that there was no basis to extend the statute of limitations, he explains. That is probably why the other five cases were voluntarily dismissed, he continues. “Plaintiffs’ counsel saw the writing on the wall.” 

As to the four cases that are still active, there are additional claims and/or allegations of trading within a year of when they filed suit, according to Sadeghi. So, the same statute of limitations defense might not be grounds for a complete dismissal at the pleadings stage. 

With respect to the two cases that were dismissed, in BProtocol Foundation, the court found that the plaintiff had failed to allege an actual injury resulting from his purchase of the BNT digital coin, and failed to allege a causal connection between his alleged injury and the defendants’ crypto offering from two years earlier. The court also refused to find that it had personal jurisdiction over the defendants (the Swiss-based organization that issued the tokens and the individual defendants, officers of the issuer, who are citizens of Israel). 

In In Re Bibox, the court found that the plaintiff did not have standing with respect to claims pertaining to five of the six tokens described in the complaint because he had never purchased those tokens. Significantly, the court refused to impute to those five tokens the core features of the Bix token and, therefore, all of the claims related to those five tokens were dismissed. As to the claims pertaining to the remaining (Bix) token, the court found that those claims were time-barred and, so, the entire complaint was dismissed.

Taken together, BProtocol Foundation and In Re Bibox demonstrate that the securities laws should be construed narrowly when it comes to private plaintiffs. With a private cause of action, the courts require an actual injury and actual causation. There must be a real connection between the U.S. and the token sale, as well as the defendants.  

But it is a completely different standard when the Securities and Exchange Commission (SEC) is the plaintiff, such as in the enforcement actions brought by the SEC against Ripple Labs and LBRY. 

The SEC does not need to show reliance or injury, explains Sadeghi. They just need to show a violation. Further, the SEC asserts jurisdiction over any violation that has substantial conduct or significant effects in the U.S. According to Sadeghi, for private plaintiffs, it is limited to domestic transactions. What’s more, when the SEC is the plaintiff, it has five years to bring a cause of action, he explains, and potentially longer for some kinds of relief. 

With the dismissal of the class action lawsuits raising questions about the application of securities laws to sales of digital assets, observers are now looking even more closely to the SEC’s case against Ripple Labs, says Lewis Cohen, Co-Founder DLx Law.  

Cohen relates that unlike in the private litigation where plaintiffs seek monetary relief, the SEC’s enforcement actions assert a higher principle, namely that securities laws have a meaning and importance that must be observed, even if in the short run enforcing the law may conflict with the interests of the holders of the asset sold. How judges resolve that case will have far reaching implications for the future of digital assets,” says Cohen.

Jason Gotlieb, Chair of Morrison Cohen’s White Collar and Regulatory Enforcement Group, explains that the SEC plays by a different set of rules. As a result, he says, “they may very well succeed where the private plaintiffs were unable to do so.”

Gottlieb notes that commentators are looking at the middle-game skirmishes where the Ripple defendants are winning discovery motions. He suggests that these wins may provide the defendants with a different set of facts. But, he says, “that may not ultimately determine the core question of whether XRP is a security. We have no idea what is going to happen because we don’t know what the documents are going to say.”

Drew Hinkes, a lawyer at Carlton Fields PA in Miami who works on cryptocurrency matters, suggests that the enforcement action against Ripple is the most important lawsuit in the crypto space right now. “Everything else is just noise,” says Hinkes. 

Hinkes explains that Ripple has the resources to take the case past judgment to an appeal where an appellate court will have the opportunity to determine what the law is.  

Gottleib agrees. “For the first time we have a defendant who can make good on its promise to take the case to the highest court. They have the legal fire power and the resources to pay for their very fine attorneys. Only the U.S Supreme Court would consider overturning Howey with respect to digital assets.”


Tagged : / / / / /

The Convergence Of CeFi And DeFi: The Banks’ Big Opportunity

There’s a weird little conundrum amid the exuberance around decentralised finance: have you ever thought about quite how much the ecosystem depends on centralised services?! There’s a reason for that and it points the way to the big opportunities for existing institutions.

The idea that much of the ‘DeFi’ ecosystem depends on centralised services isn’t as contradictory as it may first appear, but the reason for it – convenience – is massively misunderstood. And it helps us see where the traditional world of centralised finance and the new world of decentralised finance might converge, to the benefit of all.

The role of centralised services in the world of decentralised finance was, of course, brought into sharp relief with the recent listing of Coinbase. But it goes further. Just look at how many ‘decentralised’ services stopped working when Infura went down last year, for example.

The technical details aren’t that important for this story. The key point is merely that Infura is a centralised platform that many DeFi services rely on in order to connect to the Ethereum network, and so when it went down many of those decentralised services stopped working. Now, Infura is an impressive project and the event was newsworthy only because of how rarely it had happened before; this is not a criticism of the Infura team. And nor is this a criticism of all those Ethereum services that depended so heavily on Infura.

And it would be easy to say this kind of event means that decentralised finance is decentralised only in name. But that would be to entirely miss the point: yes, many services choose to use Infura for its convenience and superior service versus taking a ‘purist’ decentralised approach. But those same projects also have the power of exit: a centralised service in a decentralised world will be dominant only for as long as it delivers value. 

And so this leads to an interesting insight about how centralised services can and do legitimately exist in an otherwise decentralised world.

Indeed, centralised services that deliver value reliably and in a mutually beneficial way will almost invariably be preferred by users. What’s not to like? There’s an identifiable operator to get support from and to yell at if things go wrong. And it saves you the hassle of building and operating everything for yourself. Convenience always wins.


If you’re active in the blockchain space and doubt me, ask yourself this: do you run your own Bitcoin node? Do you rely on a custodial wallet? If you’re one of the rare people who use a hardware wallet, when was the last time you audited the source code of its firmware for yourself?

For as long as humans walk on the earth, firms that can offer the convenience of a well-run service will make a good living, even in a supposedly decentralised world.

And this insight, I think, is key to addressing the dilemma being faced by senior executives at banks across the world as they watch the DeFi revolution unfold. Is it real? And if it is, is there a role for us? And what might it be?

After all, it’s highly unlikely the global financial system will be completely dismantled and replaced by DeFi models, so there’s an argument to do nothing. But it’s also easy to see that these worlds are edging closer together.

The answer is to think about convenience.

After all, and for all the scorn they receive – and despite how it feels when you actually interact with most of these institutions as a consumer – the primary value proposition of many banking services is convenience.

It’s the only reason many banks still exist!

  • Banks sell the convenience not to have to secure your savings in your own steel vault.
  • Banks sell the convenience not to have to use cash to make every payment.
  • And – whisper it – banks sell the convenience of not having to be too paranoid in your interactions with others: if you truly get defrauded, they’ll usually bail you out.

Now, most financial services firms are well on their way to capitalising on the application of these technologies to their own business problems. So they’re well placed to broaden their focus to their clients too.

Indeed, my firm – R3 – and our blockchain – Corda – led the way with this convergence. The initial Bitcoin revolution triggered a response from enterprises and authorities, which led to platforms like Corda and solutions like Spunta, Contour, Marco Polo, B3i, HQLAx, SDX and more. And this, in turn, catalysed progress with new regulated digital assets such as CBDCs, which will incorporate systemically critical intermediaries such as central banks and apply the key benefits of this technology in a way that is safe, regulated and achievable within the near future.

But the convergence of this enterprise world with the fully anarchic world is still a difficult path to navigate. While the utopian ideal of full decentralisation is unrealistic for financial markets, integration with and adoption of the good parts can be utilised, and the unrealistic elements will fall away over time.

This approach recognises that regulators and central banks are vital components with a role to play in maintaining orderly market conditions and provides the infrastructure to connect them with new DeFi technology.

This DeFi-CeFi hybrid is already happening amongst real organisations within the regulated financial system, many of them utilising enterprise-grade blockchain technology as their starting point. It provides the level of access and decentralisation people want, and the new services and innovation they desire, but in step with the regulated world and institutions within it. 

One example might be the XKD cryptocurrency, the first to launch on Corda Network, which offers an excellent example of Corda functioning as a bridge between DeFi and CeFi. As Corda provides a permissioned network, all participants are known entities and existing rules and regulations can be applied, while still delivering the benefits of a decentralised cryptocurrency. XKD was unveiled by the Cordite Society, a UK cooperative and as such an existing legal form. Regulated digital assets payment firm BCB Group is also one of the three founders of XKD.

And as CBDC work continues and gets more serious, it’s clear that purist DeFi platforms are unable to deal with real world regulatory challenges and the necessary performance requirements. Bank of Thailand, for example, recently found that increased privacy on the public blockchain-based solution it was testing had an adverse effect on performance. That’s because a DeFi platform cannot simply be re-engineered and applied to the world of centralised finance. A hybrid approach is required.

Ultimately, real change in financial markets is driven by collaboration. Improvements to the way money and assets flow through the global financial system have almost always been achieved by successfully integrating a new technology with the existing infrastructure and institutions within it.

And let’s not forget most businesses’ inbuilt penchant for convenience. Very few – if any – firms operating in the financial services industry would suddenly refuse to participate in the centralised world they are entrenched in, and switch to a completely new way of working. If they are to switch to a new technology, it needs to be seamless and with minimal disruption to their day-to-day operations. And it needs to enable them to connect with their peers and other parts of the financial market infrastructure.

New models and solutions inspired by the DeFi concept must be combined with technology that delivers the level of trust, distribution, compliance – and convenience – that is necessary for businesses in a market as complex and highly regulated as financial services.


Tagged : / / / /

First Approved Brazilian Bitcoin ETF Seeks To Raise 500 Million BRL ($90,000,000 USD)

Last week, Brazilian-based QR Capital received approval from the Brazilian Securities and Exchange Commission (CVM) to list an exchange-traded fund (ETF) composed solely of bitcoin (BTC), on the São Paulo-based B3 Stock Exchange. The ETF is the first 100 percent BTC exchange-traded fund to be approved anywhere in Latin America, and the fourth to be approved in the G-20 countries. The first three were approved last month in Canada. 

The U.S. still does not allow crypto ETFs to trade on national stock exchanges. 

The QR Capital ETF is slated to begin trading in June and, when it does, the ETF will be open to any Brazilian citizen, as well as international investors, who have an account with a broker dealer affiliated with B3, says QR Capital Founder and CEO Fernando Carvalho. 

More than 4,000,000 Brazilians currently have access to the B3 stock exchange, says Carvalho. It is anticipated that the demand for the ETF will be staggering. 

For the first time, Brazilians investors will be able to participate in a fully BTC-regulated investment vehicle. Unlike the U.S. and many other countries, crypto exchanges are not specifically regulated in Brazil. 

Further, the QR Capital ETF is the only Brazilian investment fund that is invested 100 percent in BTC. All other investment funds open to small investors are constrained by Brazilian law to hold a maximum of 20 percent of crypto currencies. 

Carvalho expects that demand will also come from international investors. 

“The approval of the ETF in Brazil is significant,” says Rosine Kadamani, a Sao Paulo-based regulatory attorney and member of the Global Future Council of Cryptocurrencies at the World Economic Forum, “because now there will be another option for investing in bitcoin in a regulated environment.” It will be easy, says Kadamani, like purchasing shares of stock. Easy and less costly than the current options. 


ETFs are funds designed to follow the price variation of an underlying asset or index and, therefore, are said to be passively managed. In other funds, like ordinary equity funds, management picks and chooses investments to find the best market opportunities. According to Kadamani, “the management fee of an actively-managed fund can be 1-2% or more. But the administrative fee for an ETF is much less, around 0.5%.”

She also thinks the time is right for a Brazilian ETF. 

Kadamani explains that Brazil has younger, less developed capital markets than the U.S, and that Brazilians have traditionally invested in high interest State-issued bonds, which ensured high returns with low risk. But that is changing with a significant reduction in the interest rates. “There is a move to the capital markets, and the approval of the ETF could be a pivotal moment, especially when combined with the growing number of Brazilian companies going public” says Kadamani.

Next comes the work of putting the fund together and acquiring the bitcoin.

With approval from the CVM in hand, QR Capital has begun their primary raise, says Carvalho. He anticipates the raise will yield 500 million BRL or about 90 million USD over the next several weeks.  

According to Carvalho, QR Capital will buy spot assets in regulated exchanges abroad in the open market. The ETF will rely on the CME CF Bitcoin Real Time Index (BRTI), a global standard for pricing BTC.

Carvalho says the challenge will be to replicate the index price. 

“We have regulatory restrictions on where we can trade BTC. We can only exchange BTC with regulated partners.” This helps to ensure that the BTC held by the fund is beyond reproach. “The KYC/AML requirements guarantee the security and origin of the BTC,” Carvalho says.  

“I suspect the U.S. regulators are watching closely, and will be learning from this ETF approval and subsequent trading (as well as the recent approvals in Canada),” says Lewis Cohen, Founder of DLx Law. As more time passes and these products prove themselves to be safe and popular, the SEC will have greater comfort with ETFs and other crypto-related investment products, he added. 

In considering how the bitcoin will be custodied, Carvalho relates that QR Capital will rely on their international partners, BitGo and Coinbase Custody, based in the U.S. This is what they currently use for the three QR Capital hedge funds that invest in BTC.

Annemarie Tierney, former SEC regulator and blockchain strategy consultant, notes the irony in a Brazilian ETF custodying digital assets with U.S. custodians, while the U.S. Securities and Exchange Commission has yet to approve a national stock exchange listing for a crypto ETF, despite multiple attempts. She says, “the growing regulatory acceptance for publicly traded crypto ETFs in other jurisdictions highlights the competitive disadvantage facing issuers seeking to launch a similar product in the U.S. public markets.”

Carvalho serves as the regional ambassador to the Global Blockchain Business Council (GBBC) which issued its GSMI mapping initiative last fall. The GSMI analyzes the current blockchain landscape and summarizes blockchain related legislation from 185 jurisdictions.  According to Carvalho, this type of resource has been helpful in demonstrating the global movement towards developing a regulatory infrastructure for crypto currency and blockchain tech. The GBBC enables greater interactions between regulators globally which cannot be underestimated, says Carvalho.

Looking ahead, Carvalho suggests that the bitcoin ETF is a “game changer” because it provides important access to legacy markets and allows individuals to invest securely without having to be concerned about securing their private key or having technical knowledge about how to keep their private keys safe. Carvalho expects bitcoin ETFs to spread to other jurisdictions.  

Tierney agrees with this assessment. She believes it’s just a matter of time before the SEC follows suit. She offers, “the market is hopeful that with a new administration, the SEC will provide detailed guidance on what is needed to obtain approval and move forward to allow public crypto-ETF listings.”

Carvalho opines that the current cycle of demand for bitcoin is different from that of 2017, where there was a sharp price increase and then a plummet. These days, the price of bitcoin continues to climb (with small fluctuations) due to increased demand from institutional investors and corporations buying BTC for their treasuries, says Carvalho. 

“There is still more room to grow. It is early days for the integration of BTC into the legacy capital market structure,” Carvalho says


Tagged : / / / / /
Bitcoin (BTC) $ 38,766.39 0.47%
Ethereum (ETH) $ 2,101.68 0.43%
Litecoin (LTC) $ 71.85 1.05%
Bitcoin Cash (BCH) $ 226.22 0.55%