The financial industry is one of the most regulated sectors besides pharmaceuticals and insurance. In such industries, innovation can often be impeded or even prevented by rigid regulatory frameworks. Applying innovative business models and technologies to existing regulation is rarely possible, and disrupting such highly regulated industries therefore generally requires great effort. The Cryptix group is undertaking exactly this endeavour.
What is the purpose of technology in general? To improve existing business processes and make them faster, cheaper and safer for all stakeholders. One technology with a huge potential to disrupt the financial industry is blockchain. But how does one introduce a technology that eliminates outdated systems from the equation and establishes the foundations of a true peer-to-peer decentralised economy to the circumspect European Union (EU) regulators and other supranational and national decision-making bodies?
Major disruption in the field of fintech (financial technology) began more than two years ago with the initiation of the legislative process to draft a new EU regulation for payment services (revised Payment Services Directive or PSD2). With this new regulation in place, fintech startups were able to directly compete with regulated banks. As could be read on various internet portals, the new directive “opened the door for fintechs to eat banks’ lunch.”
The birth of a new business model
More than one and a half years ago, Cryptix believed it would be possible to impact the financial industry in the EU (and globally) even more: While fintechs were starting to enjoy the benefits of the new EU regulation, we went a step further and began preparing the introduction of blockchain technology into regulated financial business. But how exactly would we do this? By introducing the first regulated electronic money (e-money) based on blockchain technology.
At the time when we began developing our core business model around e-money based on blockchain and preparing documentation to obtain a license as an EU-regulated e-money institution, there was no clear indication whether it would be possible to issue such e-money and still be fully legally compliant with EU regulations governing e-money and payment institutions.
The most important milestone for us from the perspective of legal compliance came at the beginning of this year. On the 9th of January, the European Banking Authority (EBA), the EU regulatory body for the banking sector, issued a document entitled “Report with advice for the European Commission on crypto-assets”. In this document, the EBA elaborated whether the existing legal framework for banks, payment institutions and e-money institutions should also apply to crypto-assets and if so, under which conditions.
The most important message contained in the EBA’s document is that a crypto-asset (e.g. a cryptocurrency) can qualify as an e-money if the financial instrument (e.g. e-money) issued with underlying blockchain technology fulfils all legal criteria for e-money. This verdict from the EBA had been eagerly awaited by many companies in the fintech industry – and we at Cryptix had bet on the EU regulators deciding the way they did.
Encouraged by the EBA’s publicly expressed opinion, we continued with the drafting of legal documentation, the establishment of our corporation, the development of the platform and other activities – all with the ultimate goal of becoming the first EU fintech with an e-money institution license for e-money issued on the basis of blockchain. Obtaining this license is exactly what we are currently preparing for.
What does this mean?
What will be the benefit for us in having this type of license? One of Cryptix’s subsidiaries will become a pioneer in the fintech industry. As first to market, it will offer clients an entire ecosystem in the form of a payment platform with the technology engine behind it running on blockchain. Our e-money, the blood of every digital payment platform, will also be based on blockchain.
Furthermore, the e-money institution license allows us to issue regulated e-money that is pegged 1:1 to the Euro and is usable as a payment instrument within the Cryptix ecosystem and beyond.
This e-money can be purchased from the issuer (Cryptix or a related company) by the users (consumers) and accepted as a point payment instrument at many points of acceptance. With such a stable and regulated electronic currency, we will be able to build a self-sustained and completely independent ecosystem in the form of a multi-layered payment platform.
Because we are gradually moving towards a cashless society, the importance of e-money will continue to grow exponentially, and the potential usefulness of Cryptix’s e-money for various financial services is thus practically limitless – not only for typical payment transactions, but also in relation to various digital platforms linking financial technology to other disruptive technologies such as blockchain (smart contracts), the Internet of Things, big data, etc.
Of course, all of this is conditional on obtaining a license from the competent regulatory institution in one of the countries of the European Economic Area, where the EU regulation for e-money institutions and payment institutions applies. Obtaining such a license requires a bullet-proof business model, open communication with the regulators and innovative technology. Given the associated risks, a strong team that believes and trusts and is willing to give its all is the essence and foundation of such a pioneer project.
Safety is key
Legal compliance for e-money institutions affects many different areas, not just the service of issuing e-money. It also includes strict rules on anti-money laundering measures, the collecting and processing of clients’ personal data (GDPR compliance), IT security, the security of clients’ funds, taxes, consumer protection, etc. The issuance of this type of license in itself will be proof of the resilience, trustworthy and stability of the Cryptix business model and its operations.
There is an obvious logic behind this strict licensing procedure. One aspect is that players on the financial market who handle clients’ money or assets in any way must be regulated. For us, this means we must make every possible effort to prevent misuse. The other aspect is what is known as EU passporting. In simple terms, this means that once one national regulator grants a license to the Cryptix group, we are able to offer cross-border transactions in the entire European Economic Area with no need for additional licenses – only a single license is required for the whole EU plus Liechtenstein, Norway and Iceland.
The technical foundation – blockchain in the cloud
Designing an innovative and future-proof technology for such an e-money requires a holistic view addressing various areas including scalability, security, financial regulations and the GDPR among others. At Cryptix, we decided to build our e-money based exclusively on blockchain in the cloud, since these two technologies form a very stable framework on which to build a financial product.
A payment solution should be auditable, secure and as unmanipulable as possible. On the other hand, we need to have the ability to intervene when it comes to preventing money laundering or other illegal use. Given these facts, we have built a centralised blockchain solution fulfilling essential legal requirements such as:
Verified audit logs
Due to the append-only nature of blockchain-based ledgers, all post-alterations of the database are visible and accountable. Any audit logs directly produced from the blockchain system are already verified by the technical setup itself. This technical verification derives from the consensus-based protocol, which always ensures that a defined majority of the nodes of the system verifies each transaction and propagates this information out to the entire network, thus establishing a single common source of truth. Additional mechanisms ensure that even if someone hacks the private key, the fact that the transaction was not initiated by the identified user but by another person is still trackable and visible.
Mitigating the single point of failure risk
Since the transaction ledger is distributed to all the nodes and each node keeps a full copy of it, the security of this type of database is considered stronger than that of a simple database (i.e. SQL) stored on a single server. In other words, in contrast to any commonly used database, blockchain technology mitigates single point of failure risks. In the event that a hacker should break into the system, it would be way more difficult to manipulate, and the chances are high that we would catch him or her in the act. To prevent hackers from getting into the system in the first place, our Research and Development Centre in Vienna and our external consultants are constantly improving our infrastructure and investigating new security measures.
According to the selected systems architecture, the only data stored in the blockchain system are the transaction amount, the timestamp, and the anonymised IDs of the transaction parties. Despite the blockchain database’s “inability to forget”, all GDPR requirements can thus be fulfilled by storing the user data in a separate and centrally controlled database.
Speed and control
Decentralised blockchain solutions are the future, but in some cases a centralised solution offers significant benefits such as transaction speed and legal compliance. The transaction speed allows us to process at least 1000 Tx/second, which is much easier to achieve with a centralised solution than with a decentralised one. In a centralised solution, the central authority must be trusted because it is in full control. From the legal perspective, this is desirable because there is an option to react in case of money laundering or other illegal activities. Many severe hacks such as the big DAO hack or the Parity bug caused serious issues for people and companies. Our centralised solution allows us to react in such cases, though due to the characteristics of blockchain it is far more complicated to react than it would be in a non-blockchain environment.
Using the benefits of the cloud
As a growing company, it’s important for us to be as flexible, fast and secure as possible. That’s why we decided to be a cloud-only company, which gives us the following advantages:
One of the biggest advantages of cloud solutions is scalability. If the solution is designed correctly, it can easily be scaled up and out across the globe. With the pay-as-you-go model, our business can start small, with few resources – and as our business grows, the infrastructure will grow along with it.
Security in the cloud is naturally a controversial topic, but as a growing company, we believe the cloud can provide far more security than a small or medium-sized company can achieve with in-house tools. We chose Microsoft as our cloud provider for several reasons. Over the past years, Microsoft has invested heavily into security, from 2-factor authentication for all users to Windows Advanced Threat Protection and Azure Sentinel. There are many options available that significantly increase the security of the solutions.
Compliance is another reason why Microsoft is our preferred partner. At the Microsoft Service Trust Center, all the reports and certifications Microsoft has received for their solutions can be viewed. SOC, FedRAMP, ISO 27001 or PCI/DSS are just a few of them. Furthermore, Microsoft is available all around the globe while always being compliant and adapted to the respective regions.
Maintaining a large number of servers and solutions takes a lot of time. Various different components such as domain controllers, mobile device management, databases and file servers need to be monitored, updated, backed up and – in case of problems – examined and fixed. Having a ready-made solution such as Microsoft Intune in the cloud offers a host of possibilities without the need for us to maintain a single server ourselves. This reduces load as well as costs in terms of IT.
Naturally, being a pioneer and creating something that has never been done before is exciting. But that’s not the only reason why we push ourselves each and every day. In our modern commercial world, people often forget about the local heroes – the small and medium-sized enterprises (SMEs) that create jobs, pay taxes at the local level and thus stabilise the entire community. It’s hard for these businesses to keep up with the big players when it comes to digital revolutions and new technologies without investing a lot of money and taking big risks. That is something we want to change with our e-money payment ecosystem: We want to give something back to these local heroes – a chance to keep up in the digital age.
“Treading a path no one has taken before entails great risks and big challenges. Having the right people to realise this vision is key, and finding them can be difficult. I am extremely proud and grateful to say that we have assembled an outstanding team of talented people who complement each other with their skills and personalities. We are still at the beginning, but willing and qualified to accomplish great things – and with our blockchain-based e-money, we have taken the first step.” – Bernhard Koch, Founder Cryptix
Cryptix group was founded in 2017 with this vision in mind. We’re acting as a full-service provider, helping SMEs to build digital payment solutions and realise ideas based on blockchain and DLT. Headquartered in the Swiss “Crypto Valley”, we also develop our own products in the context of disruptive technologies and innovative ideas.
This article was written in a team effort. Special credit goes to Armin Reiter and Peter Merc.