Last month, HSBC announced it had issued a letter-of-credit financing over a blockchain. The deal involved supporting the shipment of soybeans between two units of Cargill, from Argentina to Malaysia, with ING serving as the seller’s bank.
Unlike a traditional L.C. deal, which takes up to a month to process because of all the paperwork involved, this transaction was completed in 24 hours, because everything was handled using the Corda distributed ledger operated by R3.
It is the latest, most concrete example of how distributed-ledger technology is poised to transform the $8 trillion world of trade finance. First, though, competing platforms are going to duke it out among corporations, banks and regulators.
This is a contest for creating a utility-like structure enabling the digitization of trade finance across many players. If it ends with no clear winner and a variety of blockchain solutions that have to connect via APIs, the industry risks creating a new generation of business silos.
On the other hand, if the industry settles on a common ledger framework, it could breathe new life into the L.C. market, and give banks new ways to both cut costs and drive new revenues.
L.C.s make up about $1.4 trillion of the total trade-finance market in terms of annual contracts. That seems like a big number, but L.C.s have been in decline as a proportion of trade financing tools, and now account for only about 11% of transactions. L.C.s are commoditized – one contract looks mostly like another – but complicated and paper-intensive in their execution, with banks coordinating documents among freight forwarders, export credit agencies, insurers and regulators – none of which have ever agreed on a standard of automation, therefore making the whole thing slow and error-prone.
Account receivables (selling invoices to banks) and open-account financing (in which exporters ship goods before getting paid) have become preferred over L.C.s, in part reflecting the greater influence of anchor corporate buyers in the process; in trade finance, banks are just another layer of service providers.
But if the L.C. industry can be automated and sped up, like the HSBC-Cargill-ING example, then perhaps L.C.s will regain their luster, and allow banks to take a more prominent role as trusted guarantors. At the very least, it would encourage more trade, and grow the pie while reducing the headcount costs to manage all that paperwork.
“Barriers to trade aren’t limited to tariffs,” said Joshua Kroeker, HSBC’s lead for distributed-ledger technology, based in Hong Kong. “It’s companies not being able to access working capital, or unable to make sales overseas due to their lack of experience with risk-mitigation products such as L.C.s. Our incentive to do this [pilot over Corda] is to have more trade: get more customers to use L.C.s, and grow the pie.”
L.C.s aren’t the first trade-related project to emerge from R3: that would be one called Marco Polo, driven by TradeIX, a technology company based in Singapore, which is aimed at the open-account segment.
R3 is a New York-based consortium of banks, insurers and other institutions, as well as regulators, with a mission to provide enterprise-level DLT to financial markets.
Its product, Corda, is not a classic blockchain like the one behind Bitcoin (for example), in which consensus is reached by broadcasting every transaction across the entire network; instead it operates permissioned, private environments in which “business network operators” – member banks, or their tech development partners – write the applications that run a node on top of Corda’s operating system, and say who gets to see what information.
Banks are involved in multiple Corda-based projects, and from Marco Polo emerged a smaller group of 11 banks interested in what became known as “Voltron”. (Blockchain engineers apparently have a thing for robot cartoons. The name is an internal moniker, not a product brand, but DigFinuses it here to differentiate it from other projects.)
Bringing in CryptoBLK
HSBC emerged to take the lead and sought developers to make Voltron happen. The finalist was selected by the bank’s London-based innovation team, which gave vendors samples of code to see how developers would improve or write it.
The mandate went to CryptoBLK, a blockchain developer in Hong Kong. CryptoBLK was set up in 2017 by Duncan Wong, a cryptographer who had spearheaded the fintech initiative at ASTRI, a government-backed research body. At ASTRI, Wong had worked with banks and financial regulatory bodies on issues around cybersecurity and blockchain proofs of concept; he then set up CryptoBLK to commercialize production-ready solutions.
With the HSBC mandate in hand, Wong says it became important to ensure Voltron could keep up with the fast pace of development of Corda. (ASTRI used Ethereum’s blockchain, but Wong says it Voltron required additional encryption mechanisms for security and access control.) In the end, this meant writing code from scratch.
“The lesson we learned was to ensure the future is scalable,” Wong told DigFin. HSBC and the other Voltron members all expect dozens of banks to join, and each one would attract hundreds of corporate clients. “So we’re designing this for hundreds of thousands of corporates and hundreds of banks,” Wong said.
CryptoBLK and the banks then had to address a number of areas before the pilot run.
One is access control. Unlike in Bitcoin, in which all nodes share the ledger, an enterprise DLT like Corda requires privacy, meaning an additional encryption layer to ensure only the relevant parties can see the L.C. details. That in turn requires complex management of private keys (the hashes, or lines of code, that let permissioned parties access information).
Second is managing the complexity of designing smart contracts to recreate the workflows associated with traditional L.C.s. Blockchain tech offers immutability: no one can change a record on their own, thus making audits easy. This is where the real cost-savings accrue, but using software (smart contracts) to ensure the integrity of documents requires a lot of development work.
That work has paid off: the Cargill soybean deal proves the system works in a live environment. But Voltron isn’t yet ready for prime time.
It still needs to provision “high availability”, meaning it can carry out transactions even when some nodes crash. The developers are also working on “multi-threading”, meaning a given node can handle a virtually unlimited number of transactions, so Voltron can scale.
And then the developers need to establish disaster recovery systems, as well as design protocols for revoking or renewing private keys in the event of cyber attacks or security breaches.
CryptoBLK’s Wong says the goal is to have a minimum viable product out and running 24/7 by the summer of 2019, but it may take longer before a comprehensive product is ready at scale.
That’s still a ways off. But the pilot presages more activity.
R3 will launch its enterprise version by the end of this month. Carl Wegner, Taipei-based managing director and head of Asia at R3, says until now Corda development has been open source, which has led to lots of shared ideas, for Voltron and for other Corda-based projects.
But open source doesn’t enable commercialization, which means deployment at a sophistication that banks require. Technical issues such as high availability, scalability and backup systems require a proprietary, enterprise-driven model, which also lets R3 begin to make money from these projects.
From there, the project becomes a race to add banks to Voltron. HSBC’s Kroeker emphasizes the consortium nature of the project. “This is an HSBC-owned platform,” he said. “This is decentralized.”
More banks will join as their big customers express more interest in blockchain. “Customers drive the world,” Kroeker said. “Banks have already been getting an earful about blockchain” and he expects the pace of adoption to quicken.
Voltron is the most prominent project for automating L.C. trade finance, but it isn’t the only one.
IBM’s Fabric, a DLT under the aegis of Hyperledger, another open-sourced platform, is working with many banks to deploy a solution.
Other banks may have their own DLT projects: in 2016, Commonwealth Bank of Australia and Wells Fargo pioneered what is probably the first blockchain-supported L.C., moving cotton from Texas to Qingdao on behalf of trading firm Brighann Cotton. (The developer of that tech, California-based Skuchain, has since pivoted from L.C.s to supply-chain invoice finance.)
In Europe, along similar lines, a consortium of banks have launched WeTrade as a DLT for trade finance.
Big corporations are driving their own solutions: Maersk, the shipping giant, has separate projects with both IBM and R3.
And governments are developing their own blockchain protocols: the Hong Kong Monetary Authority, in partnership with the Monetary Authority of Singapore, is developing the Global Trade Connectivity Network.
A HKMA spokesperson told DigFin: “When the interconnection of trade finance platforms between Hong Kong and Singapore is in place, this should…encourage other trading partners to participate.”
The GTCN is being developed to accommodate other digitized standards, so it can connect with other privately led systems, the spokesperson said.
But this leads to questions of just how many blockchain solutions are required for trade finance.
“If each consortium has its own solution, without an underlying platform that links them together, you end up with the same problem that you already have in banking today,” R3’s Wegner said. “You end up with disparate systems that have to be connected through APIs.”
For now, it seems proponents of all these different distributed ledgers say they are building to scale and to speak each other’s language, so they can one day connect. But this is untested.
Blockchain technology now offers the first serious opportunity to digitize trade finance. Consortiums, vendors, governments, banks and tech companies are building what they hope will become the industry standard. Some are doing this from a regional starting point, while others are trying to be global and then add on local partners.
Can all of these solutions actually rub along together indefinitely, or will there be a point at which the knives come out and one standard triumphs? These projects are not yet fully deployable, but they are being developed with one eye on this ultimate competition.
What China’s new crypto law is all about
DigFin asked the legal eagles at Latham & Watkins to tell us what we need to know.
In late October, China passed a cryptography law that goes into effect on January 1, 2020. The law itself is short on specifics but makes a distinction in how Beijing is likely to treat blockchain-related projects serving the state, versus those being pursued for commercial purposes.
The law also comes at a time of heightened expectations of the People’s Bank of China issuing a digital renminbi, of which there has been much speculation and guesswork. The law doesn’t directly address any framework for a digital renminbi, which although a government project would involve private-sector wallets and payments in order to propagate the currency.
Given this situation, DigFin figured whatever clarity exists will have been parsed by the legal industry.
Latham & Watkins’ counsel Simon Hawkins, who leads the firm’s financial regulatory practice for Asia Pacific, and his colleagues compiled the following report for our readers. Thank you, L&W.
The crypto law
The new cryptography law is not specific to (and does not mention) financial services, fintech or digital currencies. The definition of “cryptography” is very broad and, while the introduction of the law is timely in the context of the PBoC digital currency project and other high-level government pronouncements about the potential for using blockchain technology (which inherently relies upon cryptography), there are many other industries in which cryptography is used (e.g., defense, telecoms, military hardware, government I.T. systems, certain consumer software, etc) and the new law provides a framework that would also cover those industries.
The law is a framework. In due course, State cryptography administrations will develop cryptography administration regulations that will supplement the law. In some parts the law is intended to work in conjunction with the existing PRC Cybersecurity Law.
While the law is clearly a significant development and paves the way for specific standards and controls to be applied to cryptography, it is not entirely clear how the law will be applied in the context of the PBoC’s digital currency project. This is partly because it is not immediately apparent whether/how cryptographic technology that is involved with/linked to the PBoC digital currency will be categorized under the new law.
Stricter controls and standards apply to cryptography involving state secrets. There is a question as to whether there will be aspects of the technology underpinning the digital currency that will be state secrets – and, by extension, whether cryptographic solutions to be used in conjunction with the digital currency also will characterized as involving state secrets. Or will it be regarded as purely commercial cryptography, with no state secrets involved.
Even commercial cryptography can become subject to more onerous rules or requirements under the new law if the commercial cryptography involves state security, the national economy and people’s livelihoods, and/or the social public interest.
It is not a stretch to imagine how these triggers could be met if the PBOo digital currency has a high uptake after it is launched.
State versus commercial
The law distinguishes between three types of cryptography: (1) core cryptography, (2) common cryptography and (3) commercial cryptography.
Core cryptography is used to protect top secrets of the State and common cryptography is used to protect confidential secrets of the State.
Commercial cryptography is used to protect information that is not related to, or does not involve, State secrets.
Core and common cryptography are strictly managed by government authorities. The law stipulates that the State’s confidential information must use core and common cryptography for encrypted data protection and security certification.
Commercial cryptography, on the other hand, is for the protection of information not considered State secrets. It can be used by businesses and individuals to enhance the security of information that exists on, or is transmitted through, the internet.
Where does the digital yuan fall?
In the context of the PBoC digital currency project, it is not immediately clear whether wallet providers for the digital currency would fall into the common or commercial categories of cryptography.
Presumably this could depend on whether the protocols on which the digital currency operates are considered to be State secrets, in which case a wallet provider using cryptography to protect the integrity of the wallet could be subject to the higher standards for common cryptography imposed by the new law.
On the other hand, the cryptography used in e-wallets that currently exist for existing stored value/payments platforms in China (i.e., where the wallet reflects a digital version of cash in a bank account) appears more likely to fall into the commercial cryptography category.
And wallet operators?
Critical information infrastructure operators (CIIOs) are treated in a similar way under this law as they are under the Cybersecurity Law.
CIIOs will be required to seek assessment and approval by a government authority when procuring cryptography solutions in certain cases. This is not too dissimilar from the way that CIIOs are impacted under the Cyber Security Law when they process certain personal information – meaning this in some way aligns the requirements for CIIOs in respect of processing personal information and now cybersecurity.
Wallet providers for the PBoC digital currency could, if they achieve sufficient scale, become CIIOs and become subject to the State security review procedure (this could be unpalatable for foreign-invested enterprises that are categorized as CIIOs).
The use of commercial cryptography in the context of “mass consumer systems” is not expected to need an export/import licensing review, suggesting the law is more focused on State secrets and CIIOs, and the use of commercial cryptography for those types of solutions.
However, “mass consumer systems” is not defined in the law so it is not obvious whether wallet providers would be classified as “mass consumer systems” under the law.
What about foreign-invested providers?
Commercial cryptography products involving State security, national economy and people’s livelihood, and social public interests will be included in the catalogue of critical network equipment and dedicated cybersecurity products.
Such products cannot be sold until they have passed the testing and certification conducted by a “qualified agency.” The applicable provisions of the Cybersecurity Law will apply to the testing and certification of such commercial cryptography products.
It is possible that digital currency wallets could be subject to these requirements if they are regarded as commercial cryptography products that involve state security, national economy and people’s livelihood and/or social public interests – and this outcome may be unpalatable for foreign-invested enterprises that develop such products.
Interoperability of wallets – including abroad
Parts of the law focus on and appear to encourage standardization, reflecting perhaps a desire to achieve greater interoperability of systems over time (which is a problem associated with blockchain technology).
The law also specifically mentions that the State promotes participation by enterprises, social groups and educational and scientific research institutions in international standardization activities on commercial cryptography.
Even though the PBoC rhetoric on the digital currency project so far has focused only on its domestic usage, this could be a nod to potential cross-border development of the digital currency in due course (or at least these does appear to be some scope for this under the law).
The law imposes penalties for misconduct. For example, those who discover vulnerabilities in core and common cryptography (i.e., cryptography used for matters involving state secrets) but fail to report it to authorities may be subject to liability and punishment under the law. In addition, persons involved in commercial activities relating to unauthorized cryptography products and services may also be subject to punishment under the law.
Revolut’s live in Asia. Now what?
The fintech is competing in an environment very different from its home market.
In Europe, Revolut now has around 7 million users after just four years of operation, making it one of the world’s most exciting fintech companies. It’s now live in Asia, having just made its debut in Singapore, and with Australia and Japan waiting in the wings.
But Asia has already proved to be a tougher challenge than Europe, as Singapore-based managing director Jakub Zakrzewski acknowledged in his recent sit-down with DigFin.
What is Revolut? It’s a debit account-app aimed at affluent people who travel, with services that undercut banks. For a monthly fee, Singaporean residents can open a debit account via their mobile, receive a Revolut card (plastic or metal), and use it to spend worldwide in Singaporean dollars or 12 other currencies. Revolut offers interbank rates for foreign exchange and free money withdrawals worldwide. In Europe, Revolut also offers free commissions on trading stocks or cryptocurrencies (like RobinHood in the U.S.).
Singapore has plenty of customers that could be Revolut users. But scaling in Asia will be difficult. First of all, the region presents all companies, especially fintechs like Revolut, with the challenge of fragmented markets.
The culture offers a challenge too. Banks in Asia, especially in Singapore, are already at the forefront of digital innovation (at least by bank standards). In 2014, when Revolut was founded, the mood in Britain was in full hate-the-banks swing; but today, Asians still trust their big bank brands.
Finally, the competitive landscape is different to what Revolut grew up with: there’s no Grab or other “superapp” competition in London or Berlin. Singapore, on the other hand, boasts not only Grab but also an endless parade of consumer-facing fintechs.
The MAS is also about to issue virtual bank licenses, and while Revolut debuted in Britain where there was already a healthy environment of challenger banks, none of them (Monzo, Starling, etc) were built on the capital or sophistication of superapps: but in Singapore, the likes of Grab as well as big players like Singtel have indicated they’ll compete to win these licenses.
Zakrzewski says the fragmented nature of the region was a bigger hurdle than the company initially understood. Revolut won a money-operating license from the fintech-friendly British Financial Conduct Authority, which allowed it to market throughout the European Union. Its license in Singapore is just for Singapore, so expanding to new markets means extra layers of cost and complexity.
But this was not the real reason why Revolut’s launch was delayed, after having been announced for the start of this year or even earlier.
There were two factors to the delay. One was regulation. The Monetary Authority of Singapore has recently passed a Payments Services Act that consolidates licenses, but until then, Revolut had to operate one license for storing money and other to remit it.
We’re working to convince people it’s better to be early so you’re not playing catch-up when your experience is no longer relevantJakub Zakrzewski, Revolut
The second hurdle was talent.
“In Europe,” Zakrzewski said, “startups are seen as fun and innovative, and offer higher risk but higher rewards. In Singapore, there is a still the perception that people want to work for big corporate brands. They want the prestige and pay of a top-tier investment bank or consultancy.”
As a result, “We spent a crazy amount of time on recruitment, working to convince people that it’s better to be early [by joining a fintech] so you’re not playing catch-up when your experience is no longer relevant.”
So now that Revolut has launched in Singapore, with about 30,000 users, how does the company maintain that pace?
One boost are global deals cut in London with VISA and Mastercard. The payment companies will support Revolut issuing their credit cards. This kind of brand recognition should support Revolut’s rollout. (Recent news about the company seeking a $20 billion valuation for an IPO is also helpful, Zakrzewski says.) The card companies have seen fintechs like Revolut carve out a slice of the market for forex, and prefer to team up so that money circulates through their payment rails.
But that’s more of a bonus rather than core to Revolut’s Asia prospects. To make an impact, it will have to maintain a furious pace.
The barriers to innovation are coming down every yearJakub Zakrzewski, Revolut
“If we don’t continue to innovate, we’ll be disrupted,” Zakrzewski said. “The barriers to innovation are coming down every year.”
That innovation is primarily about finding ways to improve the customer experience, he says.
Do the economics work?
But is that sustainable? Ride-hailing app companies are losing money, and the torpedoed WeWork IPO in the U.S. shows the limits to customer numbers. In Singapore, most people are spoiled for choice when it comes to credit cards, for example.
“It’s not going to be a bloodbath,” Zakrzewski said. “We’re not going to throw money around like a ride-hailing company. We’re going to focus on the best [finance] product that keeps people using it.”
We will all compete on service, not on priceJakub Zakrzewski, Revolut
Revolut in Europe has succeeded in building user numbers by offering things like free commissions. But commission-free just suggests that a great swathe of financial services is headed towards zero rates. How does anyone, fintech or bank, make money? What’s the premium service that customers will pay for?
Zakrzewski disputes the premise. “Things are not going to end up at zero. They’re going to a level better understood by clients.”
Revolut versus the banks
The difference, he argues, is that traditional banks are hampered by quarter-to-quarter thinking and rely on big marketing budgets to remain relevant. Fintech players like Revolut, as well as e-commerce and other disrupters, will force banks to go through a massive restructuring, as they focus on growing revenue and cut costs.
That doesn’t mean going entirely digital, either. But it does imply that financial institutions still have a formidable transformation ahead.
Despite the presence of Amazon and Shopify, “There are still retail shops, for niche things,” he said. “Brick-and-mortar banks will have a similar role. But every bank should become a technology company.”
Incumbents have been innovative when it comes to hiding feesJakub Zakrzewski, Revolut
Sounds slick – but it doesn’t answer the question of what customers will continue to pay for. Zakrzewski provides an additional answer:
“We will all compete on service, not on price, by relying on an agile tech stack for a leaner cost structure, and on good developers to provide better products.”
Transformation for all
In a twist, he says banks have actually been very innovative. Just at things that aren’t going to be relevant anymore.
“Incumbents have been innovative when it comes to hiding fees, in order to make more money.” The transparency, efficiency and good digital experience that fintechs can bring will render this model increasingly moot.
Banks will instead find themselves on the same hamster wheel as Revolut and other fast-paced companies, fighting for the same talent to build the best product, and constantly innovating. Zakrzewski says the introduction of virtual banks will provide the industry with a necessary jolt to make banks more competitive.
One thing that banks tend to be good at, or at least have resources to manage, is cyber security. As open APIs create new vulnerabilities, fintech companies will find themselves increasingly under attack. How can a firm such as Revolut protect itself and its users, without spending the billions of dollars that global banks dedicate to security?
Revolut this year hired its first chief information security officer. Zakrzewski thinks this could lead to a new wave of services. “This needs to be the new normal for any tech company. I can see ‘Information Security as a Service’ becoming a thing.”
Alongside this is using customer engagement to educate users about data and money storage.
What about the superapps? Revolut has no experience of these behemoths in Europe. How will it compete against them, particularly given their deep, deep pockets?
“We focus on providing the best experience in financial services,” Zakrzewski said. “And you know what? It’s really hard.” He believes digital conglomerates lack the expertise, focus and DNA to do fintech well.
All of this comes down to Revolut, or any company’s, ability to keep pleasing its users. It’s working in Europe. But Asia’s a different environment.
Zakrzewski says the only way to survive is to rely on local talent to make decisions and reward innovation. “Great companies fail in Asia if they can’t localize and iterate,” he said.
Singtel advances banking ambition with OCBC
Can the telco use its mobile partner network to beat techfins, fintechs, and banks?
Singtel has added OCBC Bank as a mobile payments partner, enabling the bank’s customers to reduce their need for cash when visiting Thailand or Japan. But the telco’s e-wallet is only a stepping stone to its becoming a bank. Singtel and OCBC are expected to jointly apply for a virtual-banking license in Singapore (although Singtel might yet decide to seek a license independently). What might this look like?
OCBC is the second regional bank, after Thailand’s Kasikorn Bank, to join the telco’s mobile-payments platform, an app called Dash. Bank customers can use their own banking apps to make Singapore-dollar denominated, cashless payments with merchants in Singtel’s network, which it calls VIA.
Singapore’s digital infrastructure makes this possible, as Dash users can move money easily thanks to MyInfo (for data sharing), PayNow (for peer-to-peer funds transfer), a local standard for QR codes, and Singaporean banks’ early lead in developing open APIs.
As of the end of 2018, Singtel said it has over half a million Dash users, including Singapore residents, tourists, and – most importantly – foreign workers in Singapore. Such workers are often lower income people who are not well served by banks who join Dash to remit money home. Singtel is now gradually adding more financial services to Dash, such as very basic insurance packages from NTUC Income, says Valerie Law, an analyst writing on Smart Karma.
But Singtel is looking at a market for banking services 100 times bigger: the 50 million consumers and 2 million merchants in its VIA network across Singapore, Malaysia, Thailand, Indonesia and Japan.
In addition, the mobile payments industry in Southeast Asia is vast, driven by high adoption rates of smartphones. Singtel has partnered with Razer, an e-gaming company that is in talks to acquire MOL Global, a major e-payment network in Southeast Asia that is used by e-commerce giants like Lazada and Grab.
Valerie Law has identified a few strengths of Singtel as a virtual bank. (Be sure to check out her various reports on Smart Karma, which go deep into the details and also provide a good competitor landscape.)
First, while the license prohibits bank branches, Singtel nonetheless has lots of shops and kiosks around Singapore, where users go to top up airtime, among other things – an infrastructure that could be readily converted to topping up money or to pitch users financial products. Bundling telco and payments should help Singtel build a deposit base in short order.
Secondly, in Singapore, many merchants accept Dash, so there’s a ready network of players to accept payments and offer deals such as cash back, giving Dash the opportunity to evolve into a “lifestyle app”. Dash can also be used to pay for public transportation (unlike Grab). And it offers competitive foreign-exchange rates for local markets.
Law also noted the app has flaws, such as no customer support, not even a chatbot. And its remittance function only works with recipients on the network, which means no one can direct money back home to pay bills directly to a hospital, for example.
Indeed, Singtel would be going up against companies such as Grab, LINE and Alibaba that have well-developed user bases and advanced processes, such as credit scoring, which provide them with an edge – while also fighting lifestyle fintechs such as Revolut (which is more positioned for affluent users), TNG (a direct competitor for the foreign-worker segment) and Oriente (which is offering consumer loans via local consumer conglomerates in the Philippines and Indonesia). Throw in remittance players like InstaRem and Transferwise, plus incumbents such as Western Union, and the picture gets muddy indeed.
Singtel’s best weapon, as close to a “sure thing” that exists in business, is that demand for mobile and mobile services will grow. As a leading telco, this is a big advantage; with a virtual-banking license, it will be able to add on a growing number of payment, deposit, lending, insurance and investment products.
So within its network of merchants and partner banks, Singtel looks competitive. The question is whether it can develop its wallets and other services to be competitive in the broader market.