Distributed Oversight: Custodians and Intermediaries

[Note: This past weekend I took part of a working group at Stanford University as part of the “Blockchain Global Impact”  conference — and we discussed some of the legal issues surrounding digital bearer assets.  Below is my written submission provided beforehand; I am not a lawyer but I did consult with several attorneys familiar with the Bitcoin ecosystem who provided feedback, some of which was incorporated.]

The prevailing view in the bitcoin community is that control, by virtue of knowledge of a private key, is synonymous with ownership of the contents of the associated address. In other words, bitcoin is often touted as a form bearer instrument. With the advent of “exchanges” and “hosted wallets,” the ecosystem birthed facilitators (custodians) and intermediaries (depositories) where an individual no longer controls the applicable access credentials.

As Professor Shawn Bayern noted, the nature of the rights one has with respect to directly-held bitcoin differs significantly from the indirect interest in bitcoin in an account held by a third party: “[As] a matter of law, the [user of an exchange or wallet] probably does not ‘own’ any bitcoins, at least not in the sense of having title to personal property corresponding directly to bitcoins. What the [party] has is simply a contract right against the operator of the website—what was classically, at common law, called a chose (i.e., thing) in action.”

What is the nature of this right? Does the user still own the bitcoins held at an exchange or wallet? Or, instead, has title passed to the wallet/exchange? If title remains with the user, the user might be termed a bailor and the exchange/wallet a bailee. On the other hand, if title has passed to the exchange/wallet, the user would likely be a creditor and the exchange/wallet a debtor. Of course, the user agreements are far from clear on this point. As it turns out, the first question you ask to determine whether a transfer of title has occurred is: does the transferor receive the same exact thing or merely equivalent things that was put in? If the former is true, a bailment may be possible (this is often referred to as safekeeping or custody). If the latter is true, the transaction would not be a bailment except in three specific cases discussed later below.

In terms of both funding and development, the two largest VC-backed verticals in the Bitcoin ecosystem are “exchanges” and hosted wallets – both of which often offer “vaults” called “cold storage” and sometimes some type of insurance for customers. The precise legalities of providing other services such as “tipping” is beyond the scope of this brief article. Suffice to say that at this time, there is probably no US-based VC-backed startup that is fully compliant with all deposit taking laws, money transmission laws, insurance laws and so forth.

Yet irrespective of personal views as to whether or not additional regulatory compliance should be expected of these nuvo financial intermediaries and custodians, one aspect that all startups can and would agree on is the need for “best practices” in financial controls. But this then circles back to legal compliance.

For instance, every funded exchange as of this writing pools their clients deposits into a shared hot wallet which is then dispersed into a cold wallet (which sometimes is further broken into “ice cold” or “glacier” wallets). Yet despite this element of security – or at least security theater – deposits can and have been expropriated by knowledgeable insiders including exchange operators themselves.   Commingling customer bitcoin effectively forecloses the possibility of bailment/custody because, once commingled, the user is unlikely to get the “same thing” bank that they put in.

How can the technology being developed in the larger Bitcoin ecosystem be used to mitigate or prevent his from happening? And more importantly, how can entrepreneurs structure their startups to be in compliance with the law?

In its BitLicense proposal to the New York State Department of Financial Service, the Crypto-Economy Working Group outlined several technology solutions including multisig, escrow, proof of reserves, proof of solvency, keyless wallets and continuous real-time auditing. Empirically we have seen the rapid growth in the use of multisig via a technique called pay-to-script-hash (P2SH) – a method which at the start of 2014 represented roughly 0% of all bitcoins yet now at the time of this writing encompasses about 8% of all bitcoins. That is to say, possessors of those direct and indirect interests have moved 8% of the bitcoin money supply into a multisig schema.

BitReserve is a VC-funded startup that has spearheaded the proof-of-reserve initiative, providing near real-time data of the assets in their “reserve” (cold wallet) and the liabilities or obligations to its depositors. Several other companies have attempted to position themselves as “keyless wallet” providers, most notably Blockchain.info. They claim to be a software company that has no access to user funds, keys or information – solely providing a website that generates a “wallet” based on a multi-word mnemonic that users must memorize or store as it is the sole access credential to “direct interests.” This type of segregation not only prevents maleficence from internal administrators but may also prevent Blockchain.info from being legally defined as a depository or custodian in some, if not all, jurisdictions.

But what happens if Bob loses this mnemonic? Then Bob loses control of the property, the bitcoin becomes inaccessible, ownerless (in our eyes) yet still exists as an entry on the blockchain.

Who does it belong to then? Did the network “steal” it? Its last legal owner was Bob, but to the Bitcoin network there is no distinction between ownership and possession. For instance, stealing is a legal term – not a physical phenomenon – thus whether it is rightfully transferred or not is the subject for legal scholars to debate.

Recall that the job of property systems is to associate the who(s) with the what(s). There is no infallible magic bullet. It is merely a question of best evidence. While possession and control is a pretty crude form of evidence but often nobody has better evidence of ownership. Registration is pretty good evidence but it can still be overcome. Think about a piece of artwork that Bob consigns to a gallery or that he registers. Or a title to his house. No matter what the title search says, Bob can never really know somebody won’t come out of the woodwork with better evidence of ownership. The question is really: how much protection does the law provide to an innocent purchaser for a particular type of property in a particular situation? This is still an open question with bitcoin.

What of bailments then? Does this distributed technology change the legal relationship between a bailor and bailee?

The term custody is reserved for bailments. After some consultation it appears you can only have a bailment when you get the same thing back that you put in and with “pooled” bitcoins, a depositor does not receive the same unspent transaction output (UTXO) as they originally deposited. Exceptions include: (1) fungible goods in warehouse; (2) currency in a particular type of bank account (special deposit); and (3) security entitlements (immobilized securities or pieces of a securitized pie). Bitcoin is not a good. Furthermore, hosted wallets are not warehouses. Bitcoin is not currently a legally defined currency and hosted wallets are not banks. A third idea is the trust company/broker dealer. While an entrepreneur may be able to secure a trust company charter, it has yet to be seen in the wild. And it is probably only scalable for a limited subset of uses and actors.

So, if we don’t have a bailment. We have something else. Again, after consulting with experts, we likely have a transfer of title and a corresponding debt owed to the depositor. If that is “checkable” or repayable upon request of depositor, then certain startups may have a problem under 12 USC 378(a)(2).

This seems to be the model that most startups has assumed is legally allowed. In fact, as of this writing, several VC-backed hosted wallets grant a “security interest” only on bitcoins they own. Alice’s hosted wallet startup may claim that “our bitcoins are insured.” Thus, if we were talking bailment, they would not be Alice’s startup’s bitcoin as the title would remain with the bailor (not Alice’s hosted wallet – who would be known as the bailee).

Now that organizations such as the Consumer Financial Protection Bureau (CFPB) have taken an interest in the Bitcoin ecosystem, how then, can Alice explain this to a consumer in a way that is not unfair, deceptive, or abusive? Is there anything in the technology that can help provide transparency and mitigate abuse?

In practice Alice will need to at least explain the effect on title in a manner that is consistent with reality. And she will likely have to be licensed, regulated and supervised to the same degree as others who operate in the same manner. While laws may change, it does not appear that a hosted wallet company falls within a loophole (currently).

In essence, there is a distinction between a facilitator and an intermediary.

And again, an intermediary is an institution that invests primarily in financial assets and that issues liabilities on itself (e.g., deposits). And a facilitator facilitate the financial transactions between intermediaries and their counterparties. They may hold some financial assets but their holdings are incidental to their facilitating roles. Custodians and money transmitters are the latter. Depositories are the former.

The questions for this working group should take these definitions into consideration and brainstorm how the technology being developed can not only help reduce the compliance requirements (if there is any leeway for that) but also fulfill financial controls “best practices” with respect to existing consumer protection laws.

A special focus should also highlight how exchanges operate in practice, that is to say, since they know the trading history, margin positions, when futures contracts will expire and other customer information – there is potential vectors of abuse such as front running and naked short selling by insiders. How can this be prevented, reduced and stopped?

Leave a Reply

Your email address will not be published. Required fields are marked *