FinTech, Blockchain, Smart Contracts and Regulation – An interview with legal experts Imogen Garner and Sean Murphy

Blockchains - Block chains, image by hedgethink

FinTech, Blockchain, Smart Contracts and Regulation – An interview with legal experts Sean Murphy and Imogen Garner 

What does Brexit mean for London Fintechs? What legal aspects do founders and start-ups need to keep in mind? Will Innovation like RegTech and Smart Contracts spell the end for the legal profession and what’s next for Blockchain?

To find answers to these and other questions, Jochen Heussner has spoken to legal experts Sean Murphy and Imogen Garner of global law firm Norton Rose Fulbright. They are renowned for their work in the technology and financial institutions sectors.

Imogen is a financial regulatory lawyer based in London and is heavily involved in Norton Rose Fulbright’s Blockchain and distributed ledger practice. She advises a broad range of clients on the UK and EU financial services regimes. Having been seconded to the FSA, she has an excellent understanding how regulators tick and is in an advantageous position to judge how lawmakers might respond to new industry trends like FinTech, RegTech and Distributed Ledger Technology.

Sean is the global co-chair of Norton Rose Fulbright’s technology international business group and leads its global distributed ledger and Blockchain practice group. He is the Legal Chair of the Smart Contracts Alliance, recently launched by the Chamber of Digital Commerce (see post). He is a frequent speaker at Blockchain/DLT events like the recent R3 Smart Contract Templates Summit.


Jochen Heussner: Everyone is talking about Brexit and what it means for London as the FinTech capital. What is your take?

Sean Murphy: It is far too early to tell what the consequences of Brexit will be because Brexit is an on-going medium term process that will take some years to play itself out. One concern that some people have is that Brexit might lead to the relocation of decision makers in financial institutions to other jurisdictions and this might make London a less attractive place for FinTech companies. At the moment you’ve got a very large concentration of financial institutions in London, which makes it very attractive place to be for FinTech companies because many of their potential customers are based here. However, I spoke recently to a CEO of a FinTech firm in the UK, and his view was that even if key decision makers were relocated, London would still be a very attractive place given its transportation links, the fact it is English speaking, it is in a convenient time zone and the FCA and the UK Government are very keen to promote the FinTech industry in the UK. But I go back to my initial comment as it is far too early to tell what the eventual impact will be on the FinTech industry.

Imogen Garner: I completely agree and I have been hearing very similar things. There are lots of reasons completely unrelated to Financial Services Regulation or the UK being in the EU that make London an attractive place to be. We were recently discussing the subject of FinTechs moving for example to Berlin on a call with partners from a number of other jurisdictions. The sense was that FinTech firms ought to be considering factors like the local regulator’s style and attitude towards innovation and new technology before moving away from London – they shouldn’t simply assume they would be better off on the Continent.

Sean Murphy: Europe is so rich in talent that it is possible for London to be successful and for many other cities like Berlin, Amsterdam Dublin, and Paris to also be vibrant FinTech centres.

Jochen Heussner FinTechs, and especially start-ups, are always concerned with product development and financials, while legal aspects are often neglected. What is your advice what start-ups must keep in mind?

Sean Murphy: As you say, start-ups tend to focus on product and client development and fundraising because without those things they will go out of business. Because entrepreneurs are very focused on these things, they can lose sight of other connected issues which are important, like protection of intellectual property, making sure they have proper service agreements in place with employees and consultants, and making sure that the constitutional arrangements of the start-up company are in order. Those things feel like formalities, but the problem is that if you don’t get them right at the outset they can come back to bite you. For example, any venture capital firm that is considering investing in a start-up will do due diligence on the company and will look at all of these things. If there are deficiencies, it may hinder your ability to raise finance.

Jochen Heussner: Another topic not very popular with founders is regulation, what is your advice for entrepreneurs and start-ups in that respect?

Sean Murphy: The question of regulation is broader than just financial services regulation. Take, for example, something like data privacy. A lot of FinTech companies have business models that are built around collecting and analysing large quantities of data and sometimes, at an early stage when they are focusing on building a product, they might not think about how their product may or may not comply with data protection regulations. If the product doesn’t comply, it is a pretty fundamental problem.

Imogen Garner: From the perspective of financial service regulation, it is something you don’t want to get wrong from the outset and for some this can be quite a barrier. You need to be aware of your obligations from the start, because you don’t want to find yourself somewhere down the line and then work out that there is some form of regulatory obstacle that keeps you from conducting business the way you had envisaged it. The UK’s regulatory sandbox and the availability of the FCA (the UK’s Financial Conduct Authority) to provide guidance to firms that are establishing their business models have potential, though, to be quite valuable in that sense.

Jochen Heussner: The FCA aims to promote FinTech in general, but it has also been among the first to pick up on the topic of RegTech. In the findings of its recent Call for Input, which it had launched last year, the FCA concluded that it wants to play an active role, but from the report itself it isn’t apparent what the FCA plans in practical terms. Do you know what the FCA means by that and how the regulator intends to get involved?

Imogen Garner: I think it makes sense to consider where they are coming from as a regulator and what it is that they really want. One of those things is to see RegTech supporting compliance in the best possible way and potentially reducing the burden of regulation. For example, a lot of the legislation that came out of the financial crisis imposes significant additional data reporting obligations on firms and RegTech will be key in the delivery of that. On the other hand, you have regulators that receive large amounts of data and they have to understand, process and use. Anything that makes that easier will be very attractive.

Jochen Heussner: What are the implications of RegTech or LegalTech for the legal profession? Are you as lawyers afraid that machines will soon replace you?

Sean Murphy: If you look at smart contracts and think about what effect they might have on the legal profession, the first point to make is that there is a spectrum of possibilities in terms of what people think smart contracts are. On one end of the spectrum, there is the “code-is-contract” model. According to this model, even complex commercial agreements could be entirely codified and there would be no need for natural language contracts. On the other end of the spectrum, you’ve got models that are simpler, but still very powerful. For example, smart contracts that automate the performance of certain aspects of contracts. At this end of the spectrum, a natural language contract might set out the relationship between the parties and the smart contract might automate aspects of that natural language contract.

I think that the “automation of performance” approach is more viable than the “code-is-contract” model, at least in the short to medium term. There are a number of reasons why I say that.

First, contracts, as lawyers understand them, have many terms and clauses in them that simply cannot be expressed in code, at least with current technology. For example, what do “best efforts” or “reasonable endeavours” mean? Human intervention will be required in order to understand what these terms mean.

Secondly, there is a completeness of terms issue. As a matter of law it may not be possible to entirely codify all of the terms of a contract. For example, terms might be implied into a contract by law or by judgment of a court, so that even though those terms are not written down, they form part of that contract. This would apply to entirely codified contracts as well. Therefore, it may not be possible to have 100% of a contract expressed in code because the law or courts imply terms into it.

The template for a smart contracts developed by Dr. Lee Braine of Barclays in conjunction with R3 is an example of the “automation of performance” approach. It focuses on derivatives contracts, which is a brilliant case study to use, because ISDA, which is a trade organisation of participants in the market for over-the-counter derivatives, has produced standardised contracts that are recognised and accepted by the industry. Transactions for which there are already standardised contracts will be the first use cases for smart contracts. More complex contracts will still require bespoke negotiation by lawyers. Even with the derivatives example, the smart contract template works very well with vanilla derivatives. The template might not work so well so well for complex derivatives transactions.


Jochen Heussner: How soon do you expect smart contracts to be used for the more simple solutions described then?

Sean Murphy: Dr. Lee Braine talks about an 18 months to 3 year time period for the first “live” deployments of smart contracts. The adoption of smart contracts will then increase over the next 5 to 10 years, so this is more of a medium to long-term adoption curve.

Jochen Heussner: Do you envisage that smart contracts could be used for regulatory compliance as well?

Sean Murphy: Going back to the example of the smart contracts template for derivatives transactions, it would be quite conceivable that the smart contract could include limits on what traders are allowed to enter into, for example, in terms of the size of exposure.

Jochen Heussner: Going back to your comments on the complex nature of most contracts: Is it right to assume though that one of the biggest hurdles to overcome then to determine what a smart contract is supposed to do when it encounters, for instance, circumstances that weren’t envisaged at the time of the coding? Especially given that a smart contract should be able to execute itself without external interference?

Sean Murphy: That is a great point. A lot of people in the industry believe that immutability is an important feature of smart contracts. Once the smart contract goes live, it can never change. But you’re quite right: What happens if there is an error in the code? What happens if the smart contract doesn’t anticipate a particular scenario? What happens if there is a change in law that means that that contract becomes unlawful in some respect? Lawyers recognise that we don’t have crystal balls and we can’t anticipate everything. And we recognise that it may be necessary to amend contracts in the future. It may be, therefore, that many parties will want to have the ability to amend smart contracts..

Jochen Heussner: Is the recent incident at the DAO (a case where $60 million worth of cryptocurrency where stolen – for more information, read the post at PlanetCompliance here) such an example?

Sean Murphy: To some extent. However, the DAO attack raises a much wider set of issues.

Jochen Heussner: Do you think that the DAO attack will have consequences for Blockchain and smart contracts in general similar as scandals like Mt. Gox had on Bitcoin’s credibility and public perception?

Sean Murphy: I don’t think it’s completely comparable, but I assume the DAO attack will encourage people to think more carefully about how smart contracts operate. In the short to medium term, it may also encourage financial institutions and other large enterprises to focus their attention on private Blockchains rather than public Blockchains, a trend that existed before the attack. Financial institutions and large enterprises will naturally feel more comfortable operating within environments that are closed, walled off and more controllable.

Jochen Heussner: With regard to the development of solutions based on Blockchain technology, what are the key regulatory issues?

Imogen Garner: I suppose there are two ways of looking at it: One is to say, what is it that firms are using the Blockchain technology to do? If you are using it to perform some form of financial service or develop a financial product like a smart security, for instance, then the question is whether what you’re doing is regulated or not, i.e. are there already regulations that cover this activity. There is another angle though for institutions that are already regulated, which might be using the technology not to do financial services per se but just in the course of their business. A really key question that the regulators then will be interested in is, does it work, is it a robust solution, does it create risks, and, if so, how are you managing, identifying, mitigating these risks within your institution. There are different angles to look at this.


The full interview, which was first published at, can be found here.

Jochen Heussner is an experienced lawyer and compliance professional who has worked for financial institutions, law firms and consultancies for many years and in several countries. He analyses and writes about regulatory initiatives for the financial sector as well as the change innovation and technology are bringing to the industry.