General Meeting Proxy Voting on Distributed Ledger
Infrastructure failure Risk
Yüklə 257,46 Kb.
|
Infrastructure failure Risk Description Mitigation Loss of control over network It may be possible for a perpetrator to take over the network or to disrupt its operation completely, preventing the network operator from fulfilling its responsibilities. Each individual node of the network can be easily replicated anywhere as long as its private key is not compromised. Any compromised node only gives the perpetrator authority to perform actions valid for that node and the state of the system. Owner of each mode must take measures to protect its private keys from being compromised. Denial of service Voting process, like any other, is susceptible to denial of service attacks which can bring down key infrastructure nodes and prevent execution of business processes in a timely manner. Each individual node of the network can be easily replicated anywhere without loss of data. The network can automatically rewrite its physical routing when that happens. Difficulty of recovering trustworthy and complete data for audit and regulation purposes Regulators often change their requirements to processes in the financial industry, including shareholder voting. These changes create significant costs provide the data as required by regulators or auditors. Blockchain supports having master keys with elevated read access rights, which can be given to the auditors or other parties which require this access. The blockchain stores all data that is significant for the process. If the regulatory requirements change, the regulators or auditors can adapt which data they retrieve from the chain to satisfy these requirements.
DATA ENTITIES IN DISTRIBUTED LEDGER General considerations This document does not postulate the architecture or the exact structures of data that should be used in the implementation of a local proxy voting solution. We believe that when systems based on these requirements are implemented for production use, there will be detailed standards that require certain data elements to be stored in a particular way to enable easy interoperability. This chapter looks into what kinds of data entities may be stored on the ledger in general in relation to proxy voting product, and how its business vocabulary is affected by the move from traditional messaging solutions to DLT-based solutions. As described earlier, storing data in the ledger allows the system to provide certain guarantees to its users and to be the source of trust and thus reduces many of the traditional risks in the process. The copies of data stored in the ledger are the golden source of truth, and any replica of this data stored elsewhere is not considered valid if it is different from what is stored in the ledger. Data stored in the distributed ledger can be classified into several distinct kinds: Regular data and metadata, stored on the network (e.g. meeting agenda information) or on the node (e.g. identification data). Access to this kind of data is defined in the same way as in traditional systems. Tokens. They are owned by the wallets in which they are stored and may be transferred by the owner of the wallet (and in some cases, other parties according to particular rules). Transactions, which are traces of token movements between wallets. They can never be created manually. This classification emphasizes the differences on how the data can be perceived, accessed and acted upon.
Access Rights Considerations Most data entities in the distributed ledger contain some kind of confidential information and must not be accessible without proper authorization. Despite that many DLT platforms, especially those that are permissionless, do not naturally support granular confidentiality controls, any system implementing these requirements must be able to
provide sufficient segregation of access rights. Those DLT platforms that don’t support proper confidentiality and access controls may be unsuitable for implementing this product. In general, voting requires three large roles: Issuer Agent, Intermediary and Voting Party. However, local extensions may and likely will introduce their own more granular roles to comply with local laws. The Auditor role deserves a special mention. There are different kinds of auditors with different needs: Regulators, which may require full read access to all data, and possibly even the ability to execute certain administrative actions. Each regulator is certain to impose its own requirements to its access rights and they may be hard to predict on a global scale. For the sake of completeness, we assume that most regulators will want full read access on all entities and transactions. Auditors of the market participants, who perform audit on behalf of their employers. These auditors will need to have access rights corresponding to the access rights of their employer and may not have any higher access rights. Independent auditors, who perform the audit to prove the correctness of the process in general, without looking at any specific details. They don’t need any access to confidential data and can work with the data that is available publicly. Implementing an Auditor/Regulator role is likely to be a requirement in every jurisdiction. Due to the nature of DLT, data can’t be modified or deleted on the distributed ledger. Instead, if at any time it is necessary to modify or delete any piece of data, a separate new record is created, which also includes in itself a trait that invalidates the old record. The old record will remain visible and accessible on the network for all time. Any amendments of confidential data and changes to network algorithms must take this into account.
Alignment with the business layer of ISO 20022 ISO 20022 standard is the most widely accepted standard in the financial world today that covers business, logical and physical layers of many processes in the industry that require integration. DLT-based solutions are bound to make significant alterations to the logical and physical parts of this standard – the means of data storage, integration and communication on distributed ledgers are very different from messaging.
The business standard, however, was designed to fit the business process, rather than the technology on which it is implemented. As a part of this document, we provide a detailed review of the data elements from existing ISO 20022 standard on voting including proxy voting (seev.002-008 messages) that are mapped to the requirements from this document. The
detailed cross-reference is available in the
separate excel
file MDR_Part3_ProxyVoting_Maintenance_2014_2015_DLT_aligned.xls that is distributed jointly with the present document. That excel file is based on the ISO 20022 specification of the voting process. After performing this review, we can with confidence say that the business layer of ISO 20022 can be implemented on DLT with minimal alterations. Most of the business terms and definitions apply to the DLT-based process. There are two main difference points to consider: DLT has different kinds of data, which should not be treated in the same way. In messaging, the meaning of data was always explicitly encoded in the data itself. On DLT, it can be encoded in part by how a particular data entity is represented – e.g. the fact that a transaction has happened between particular wallets means something on its own, without any additional data fields. DLT is a new technology that has a different cost structure for solutions based on it. When DLT-based products become commonplace, changes in the cost structure will drive businesses to adapt business processes so that they can take advantage of that new cost structure, rather than go against it. It would result in changes in business processes, and, as a result, the business vocabulary. In the future, specialized DLT-based standards may need to be created, and it may be too early to define them fully at this point in time. However, for the moment we can use the business layer of ISO 20022 to guide definitions of DLT-based products.
NON-FUNCTIONAL REQUIREMENTS Non-functional requirements are heavily dependent on the local operating environment of the system. For each particular implementation, the exact service levels for availability, performance, integration and so on may be not the same, if not greatly different. This chapter describes the requirements that must be defined by the implementing system. № Requirement Description 1 General availability The system must define how much downtime it may have per year. 2 Data integrity The system must provide audit trails. The audit trails must be easily retrievable and understandable for all appropriate parties according to the local legislation. 3 IT environments It must be possible to deploy the system in non-production environments as required by the implementing parties. 4 Interoperability The system must provide open, documented APIs for integration purposes. The distributed ledger must not use any non-public integration channels. The system should be able to support a hybrid model i.e. electronic messaging and DLT to foster interoperability and to avoid market fragmentation. 5 Performance The system must define maximum acceptable response time to a user action.
6 Recoverability The system must define recovery time and point objective parameters and guarantee that they will be met. 7 Reliability The system must support a failover configuration that is able to fulfill its recoverability and availability requirements. 8 Scalability The system must define the minimum amount of simultaneous meetings, voting parties per meeting and transactions per second that it can support. 9 Security The system must pass relevant security tests and be compliant with relevant security measures (e.g. HSMs, 2-factor authentication, etc). 10 Accessibility The system must define its supported range of platforms and or/devices with which it can be accessed. 11 Usability The system must define its expectations to the level of technology literacy of is target audience and provide sufficient learning tools to compensate for the lack of it.
FUTURE DEVELOPMENTS This document is a work in progress that is maintained by the CSD Working Group on DLT. Future versions will include but are not limited to: wider coverage of the international market, including more countries, deeper alignment with existing international standards, e.g. ISO 20022, complete requirements for a cross-system and cross-border integration solution,
… and more. The work outlined in this document is innovative in its nature. The members of the working group hope that this document will be useful to the wide range of market participants in understanding, implementing and standardizing DLT solutions of all kinds and in the field of e-voting in particular.
DISTRIBUTION AND CONTACTS This work is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License. To
view a copy of this
license, visit
http://creativecommons.org/licenses/by-nd/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. This document may be shared by the member organizations of the working group freely with the interested parties. The working group welcomes feedback on the contents of the document as well as proposals for cooperation on any further work. The logos and company names of NSD, Strate, SIX Securities Services, Nasdaq, DCV, Caja De Valores, SWIFT and SLIB are registered trademarks of the respective companies. To get in touch with the working group, please contact: Alexander Chekanov, NSD, chekanov.as@nsd.ru
Tanya Knowles, Strate, tanyak@strate.co.za
urs.sauer@six-group.com
Michael Rexestrand, Nasdaq, michael.rexestrand@nasdaq.com
Claudio Calderón , DCV,
claudio.calderon@dcv.cl
Alejandro Wyss, Caja de Valores, awyss@cajval.sba.com.ar
The alignment of this work with the ISO 20022 has been prepared in deep collaboration with SWIFT. To get in touch with them, please contact: Stephen Lindsay, SWIFT, stephen.lindsay@swift.com
The adaptation of this document to the French market has been prepared with a major contribution from SLIB. To get in touch with them, please contact: Guillaume Guerin, SLIB, guillaume.guerin@slib.com Yüklə 257,46 Kb. Dostları ilə paylaş:
|