CFTC Primer on “Smart Contracts” … which apparently aren’t necessarily “smart”

FinTech, Financial Crimes, and Risk Management RegTech by Jim Richards

The Commodity Futures Trading Commission (CFTC) recently published an excellent primer on Smart Contracts.

I’ve reproduced most of the primer here: it was a PowerPoint reduced to PDF, so some of the images are not included. But the main gist of it is here.

Notably, the CFTC notes that “a ‘smart contract’ is not necessarily ‘smart.’  The operation is only as smart as the information feed it receives and the machine code that directs it.”  This is a great quote, expressing a sentiment that I have repeatedly stated in the context of machine learning and artificial intelligence applications for financial crimes risk management … they are only as good as the data they receive!

CFTC’s LabCFTC “A PRIMER ON SMART CONTRACTS”

https://www.cftc.gov/sites/default/files/2018-11/LabCFTC_PrimerSmartContracts112718_0.pdf

What is a smart contract?

Fundamentally, a “smart contract” is a set of coded computer functions. It may incorporate the elements of a binding contract (e.g., offer, acceptance, and consideration), or may simply execute certain terms of a contract. A smart contract allows self-executing computer code to take actions at specified times and/or based on reference to the occurrence or non-occurrence of an action or event (e.g., delivery of an asset, weather conditions, or change in a reference rate).

A “smart contract” is not necessarily “smart.” The operation is only as smart as the information feed it receives and the machine code that directs it. A “smart contract” may not be a legally binding contract. It may be a gift or some other non-contractual transfer, it may be only part of a broader contract. To the extent a smart contract violates the law, it would not be binding or enforceable.

Smart Contracts Leverage Blockchain/DLT

Smart contracts can be stored and executed on a distributed ledger, an electronic record that is updated in real-time and intended to be maintained on geographically disperse servers or nodes. Through decentralization, evidence of the smart contract is deployed to all nodes on a network, which effectively prevents modifications not authorized or agreed by the parties. Blockchain is a continuously growing database of permanent records, “blocks,” which are linked and secured using cryptography. Note: Distributed ledgers may be public or private/permissioned. See “A CFTC Primer on Virtual Currencies,” October 17, 2017, https://www.cftc.gov/LabCFTC/Primers/index.htm

Smart Contract Origins & Recent Explanations

The concept of a smart contract is not new. More than 20 years ago, computer scientist Nick Szabo stated the following:

“A smart contract is a set of promises, specified in digital form, including protocols within which the parties perform on the other promises…. The basic idea of smart contracts is that many kinds of contractual clauses (such as liens, bonding, delineation of property rights, etc.) can be embedded in the hardware and software we deal with, in such a way as to make breach of contract expensive (if desired, sometimes prohibitively so) for the breacher.” Nick Szabo, Computer Scientist Smart Contracts Building Blocks for Digital Markets 1996 ‡ See Nick Szabo, Smart Contracts: Building Blocks for Digital Markets, 1996, http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html

“A smart contract is a mechanism involving digital assets and two or more parties, where some or all of the parties put assets in, and assets are automatically redistributed among those parties according to a formula based on certain data that is not known at the time the contract is initiated.” Vitalik Buterin, Founder of Ethereum, “DAOs, DACs, DAs and More: An Incomplete Terminology Guide,” (May 6, 2014), available at https://blog.ethereum.org/2014/05/06/daos-dacs-das-and-more-an-incompleteterminology-guide/

“A smart contract is an agreement in digital form that is self-executing and self-enforcing.” Kevin Werbach, Professor of Legal Studies & Business Ethics, University of Pennsylvania, Wharton Business School, “The Promise — and Perils — of ‘Smart’ Contracts,” (May 18, 2017), available at http://knowledge.wharton.upenn.edu/article/what-are-smart-contracts/

“A smart contract is an automatable and enforceable agreement. Automatable by computer, although some parts may require human input and control. Enforceable either by legal enforcement of rights and obligations or via tamper-proof execution of computer code.” ISDA and King and Wood Mallesons, Smart Derivatives Contracts: From Concept to Construction (October 2018), at 5 (citing Clack, C., Bakshi, V., and Braine, L., “Smart Contract Templates: foundations, design landscape and research directions” (August 4, 2016, revised March 15, 2017))

Smart contracts can be viewed as part of an evolution to automate processes with machines and self-executing code. Increasing automation has long been a feature of our financial markets including: for example, Stop Loss (Conditional) Orders (“If the price falls below $X, then sell at market”), and trading algorithms and smart order routers (machines that direct orders for execution).  Increasingly, smart contract-like automation is a feature of everyday life. Common examples include ATMs, automatic bill pay, touch-to-pay systems, and instant money transfer apps.

Potential Benefits of a Smart Contract

The attributes of a smart contract give rise to potential benefits throughout an economic transaction lifecycle, e.g., formation, execution, settlement.

Examples of a Smart Contract

The article provided three examples of a smart contract, a self-executing insurance contract, transportation (bicycle rental), and a credit default swap.

Other Potential Smart Contract Use Cases

Smart Contracts may have potential uses in financial market operations, and likewise may be useful in a variety of other areas as well. Examples include:

  • Financial Markets and Participants
    • Derivatives – streamline post-trade processes, real time valuations and margin calls.
    • Securities – simplify capitalization table maintenance (e.g., automate dividends, stock splits).
    • Trade Clearing and Settlement – improve efficiency and speed of settlement with less misunderstandings of terms.
    • Supply Chain/Trade Finance – track product movement, streamline payments, facilitate lending and liquidity.
    • Data Reporting and Recordkeeping – greater standardization and accuracy (e.g., Swaps Data Reporting, regulator nodes for real time risk analysis); automated retention and destruction.
    • Insurance – automatic and automated claims processing based on specified events; Internet of Things (IoT) enabled vehicles/homes/farms could execute claims automatically.
  • Other sample applications:
    • Public property records – maintain a “gold copy” of ownership and interests in real property.
    • Loyalty and rewards – can power travel or other rewards systems.
    • Electronic Medical Records – improves security and accessibility of data, empowering patients to control their own records while improving compliance with regulations (e.g., HIPAA).
    • Clinical Trials – protects patients with timestamped immutable consent forms, securely automates sequences, and increases data sharing of anonymized data while ensuring patient privacy.

Potentially Applicable Legal Frameworks

Depending on the facts and circumstances, a Smart Contract can be a binding legal contract. Smart contracts may be subject to a variety of legal frameworks depending on their application or product characterization. Examples include:

  • Commodity Exchange Act and CFTC regulations
  • Federal and state securities laws and regulations
  • Federal, state, and local tax laws and regulations
  • The Uniform Commercial Code (UCC), Uniform Electronic Transactions Act (UETA), and Electronic Signatures in Global and National Commerce Act (ESIGN Act)
  • The Bank Secrecy Act, USA PATRIOT Act, and other Anti-Money Laundering (AML) laws and regulations
  • State and federal money transmission laws.

Existing law and regulation apply equally regardless what form a contract takes. Contracts or constituent parts of contracts that are written in code are subject to otherwise applicable law and regulation.

Smart Contracts: Operational Risk

Smart contracts may not include appropriate or sufficient backup / failover mechanisms in case something goes awry. Smart contracts may depend on other systems to fulfill contract terms. These other systems may have vulnerabilities that could prevent the smart contract from functioning as intended.

Some smart contract platforms may be missing critical system safeguards and customer protections. Where smart contracts are linked to a blockchain, forks in the chain could create operational problems.

In case of an operational failure, recourse may be limited or non-existent – complete loss of a virtual asset is possible. Poor governance is another operational risk: smart contracts may require attention, action, and possible revision subject to appropriate governance and liability mechanisms.

Smart Contracts – Technical Risks

There are a number of technical risks, including:

  • Unintended software vulnerabilities
  • Humans! – make mi$taak3s when K0diNg
  • Technology failures – internet service can go down, user interfaces may become incompatible, or computers/servers can stop working
  • Scaling or bandwidth issues
  • Divergent/Forked Blockchains – such events can create multiple smart contracts where only one existed, or may disrupt the functioning of a smart contract
  • Future proofing – unforeseen or unanticipated future events that shock and/or stress the technology
  • Oracle (the oracle, not Oracle) failure, disruption, or other issues with the external sources used to obtain reference prices, events, or other information.