Mutual Distributed Ledgers (aka Blockchains) have generated a great deal of excitement over the last couple of years, with the growing realisation that they have applications beyond cryptocurrencies. From secure systems to manage the ‘internet of things’, to trading platforms and government systems, Mutual Distributed Ledgers (MDLs) have potential to be a transformative technology. However, in the rush to embrace the future, it is important to ensure that this technology does not erode the accountability of governments and businesses who are employing it.

The Cardano Foundation recently sponsored Long Finance research designed to examine the challenge that Mutual Distributed Ledgers (MDLs) face with respect to governance. As part of this process, an examination was made of whether different types of MDL require different approaches and the type of tools that were required to deliver effective governance outcomes.

The Headlines

• The effective governance of MDLs relies on people rather than software;
• Whilst MDLs are sometimes called “trustless systems” due to the way transactions are managed, trust is actually an essential component;
• MDLs must be assuredly secure, reliable and predictable if they are to meet their potential; only effective governance can provide such assurance to users.

Fundamental Questions

Governance is the mechanism that enables organisations to be accountable to their stakeholders whilst delivering their long term objectives.

With respect to MDLs, the issue of governance raises a number of key questions:

• How do you go about creating and enforcing the rules by which the MDL is run?
• What happens when there are disputes between users?
• Who is allowed to change the software the ledger runs on, and who should have access to the data it contains?
• How do you go about managing risk and performance?

Types of MDL

There are two type of ledger:

• Un-permissioned ledgers, where users are anonymous and there is no need to register with a central authority and;
• Permissioned ledgers, which require the identity of users to be whitelisted or blacklisted through some type of Know Your Customer (KYC) procedure.

These two types of ledger lend themselves to four different use classes, each of which requires different governance structures. The table below illustrates the four different use classes and the types of governance structures they require:

The relationship with users is affected by the governance structures chosen for the MDL. For appointed boards and oligarchies, consultation with the users of the MDL is particularly important, as these will be more distant from users (see Figure 1).

Key Challenges In The Governance Of MDLs

Trust

The report identifies a number of key challenges that MDLs must address, regardless of the governance structure chosen. One of the most important issues is that of trust.Whilst MDLs are sometimes referred to as ‘trustless systems’ due to the way that transactions take place, trust is an essential component:

• Trust is required in the code that runs the MDL;
• Trust is required is persistence of the data- that it will not be changed through forks or rollbacks;
• Trust is required in your fellow users to implement appropriate systems for security and privacy;
• In the case of crypto currencies, trust is required that other users will continue to believe in the future persistence of community valuation of a ‘virtual element’.

Theft, fraud, coding errors, regulatory compliance, the way disputes are resolved and reputational issues can all impact on users trust in an MDL. Effective governance can address these issues and enhance trust.

Ethics

Ethical principles and social norms are important issues to consider in the governance of MDLs:

• If an MDL has a reputation as a haven of vice and criminality, law abiding organisations and individuals will be reluctant to use it, and regulators in multiple jurisdictions will be likely to sanction its use;
• If attempts to defraud users or hack the network go unpunished, trust in a MDL will decline.

Managing the behaviour of users is relatively straightforward in permissioned MDLs as the users are known and identified. However, in unpermissioned MDLs, users are anonymous and this is more difficult.

Regulatory Compliance

Regulatory compliance is another issue that must be considered, and the issue of privacy is a good way to demonstrate this. The way privacy is handled varies considerably across jurisdictions. The “right to be forgotten” and the General Data Protection Regulations have significant implications, given the permanent and persistent nature of MDLs.

There are technical solutions available for managing regulatory compliance, however as MDLs operate across regulatory regimes, it is essential that they are adopted by all users. Ensuring that all users comply with the adoption and implementation of these will require effective governance.

Effective Governance Mechanisms

Public MDLs

The anonymity of users complicates both dispute resolution and the management of user behaviour. Questions of legitimacy arise when it comes to code changes, and without governance structures, strategic planning and risk management are difficult.The report draws a parallel with the provision of free e-mail services, such as Gmail. Anyone can sign up for a free Gmail account however, to do so, you must accept the terms of use and policies. This allows Google to suspend or revoke accounts if terms of use are breached, for example distributing copyrighted material, pornography or spam.For a public MDL, terms of use, along with the formalisation of governance structures (including accountability, dispute resolution and the basis of software changes) can be enshrined in a constitution.Based on a constitution, two options present themselves for governance structures:

• An open process, such as that used by the Internet Society, which may be in line with the libertarian philosophy of some cryptocurrencies;
• Or a more structured approach, such as a foundation.

State Sponsored MDLs

With respect to state sponsored MDLs, ensuring integration of the MDL into existing governance structures is essential. A key challenge is ensuring that those responsible for oversight have both the technical knowledge necessary for running the MDL and an understanding of its strategic implications.

Private and Consortium MDLs

The key challenges faced by these types of MDL include;

• Enhancing trust through transparent decision making;
• Effective security, risk and performance management;
• Legal compliance and;
• Dispute resolution.

Consortium MDLs also face the additional challenges of:

• Effectively managing the expectations and needs of the organisations who are part of the consortium;
• Ensuring that the governance structure is independent and not unduly influenced by individual organisations or factional groups within the consortium.

As private and consortium MDLs are permissioned and the users are known to the managing body, the development of service level agreements (SLAs) is the key to effective governance.Effective SLAs must:

• Define the nature of the services that are being delivered;
• Bind users to expected behaviours and standards especially with respect to security;
• And establish independent mechanisms for dispute resolution.

Whilst the governing boards of private MDLs will be mapped on to the organisation which owns them, consortia have a number of options as to how the MDL can be governed.One example presents itself in the form of SWIFT, the Society for Worldwide Interbank Financial Telecommunications, a messaging network that financial institutions use to securely transmit information and instructions. SWIFT was established as a member owned cooperative and has been highly successful since it was established in the 1970s.However, in establishing a new structure to govern an MDL network care must be taken not to establish a body that evolves into the type of third party organisation that MDLs are designed to replace.

Tools For Governance

The tools for effective governance of MDLs are not that different from those used for the governance of any organisation:

• Strategic plans are needed to set priorities;
• Performance management frameworks are required to ensure delivery of objectives;
• Auditing and reporting arrangements are needed to ensure accountability and;
• Risk management plans are required to deal with adverse events.

Most of these will come from the standard governance handbook, however the auditing MDLs may present some challenges. Whilst researching this report, no accountancy firms were found who had conducted an audit on an MDL. However, whilst the accountants which were consulted did not foresee significant issues, a number of them did focus on the need to confirm that the assets which existed on the blockchain actually existed in the real world.

Conclusions

Ultimately, effective governance in MDL systems relies on people rather than software, and rests on three pillars:

1. Architecture: The role of the governance structure, its composition, remit, powers, responsibilities, and its relationship with users, is a critical component.
2. Accountability: Effective governance of MDLs enhances trust. Trust is enhanced when a governance structure is accountable to its stakeholders, transparent in its decision-making, and subject to periodic audit and third party review.
3. Action: The governance structure must develop strategic and risk management plans, which are delivered through effective performance management frameworks. Trust can be further enhanced through the use of the voluntary standards market to independently verify performance metrics and the systems established to compile them.

A full copy of the research report 'Responsibility Without Power' can be downloaded here.