COLL 6 Annex 4 Use of distributed ledger technology for the operation and maintenance of registers for authorised funds

The guidance sets out the FCA’s views on how distributed ledger technology (DLT) may be used in the operation and maintenance of the register of an authorised fund. It also identifies a number of other matters which firms should consider.

The guidance is designed for authorised fund managers and depositaries of authorised funds that are using or considering using DLT in this way.

In COLL 6 Annex 4.32G to COLL 6 Annex 4.34G (Personal data and other information recorded on a register using DLT), a reference to a ‘data controller’ has the same meaning as in data protection legislation.

Where the responsible firm utilises DLT to establish and maintain a register of unitholders in compliance with the rules and guidance in COLL (including in this Annex) and, where applicable, the requirements of the OEIC Regulations, the on-chain DLT record of transactions may be considered the primary books and records for this activity.

The rules in COLL and provisions of the OEIC Regulations require the authorised fund manager or the depositary of the authorised fund to establish and maintain a register of unitholders and ensure it is complete and up to date. 

The requirements on the responsible firm to establish and maintain a register in relation to a UCITS scheme or a non-UCITS retail scheme and keep it up to date are set out in the following places:

1. 1. (1) in relation to schemes that are AUTs or ACSs, COLL 6.4.4R (Register: general requirements and contents); and
   2. (2) in relation to an ICVC, paragraphs 1 and 3 of Schedule 3 to the OEIC Regulations.

To ensure that a register recorded on DLT is accurate and kept up to date, the responsible firm will need to have the power and the ability to make amendments to the register. Where the register is recorded on DLT, or utilises records on DLT, the responsible firm will need to ensure that it can amend that register as necessary without requiring the consent or agreement of any third party. This does not extend to consents or agreements that support the normal operation of the DLT network, such as standard consensus mechanisms that validate the authority of those providing instructions to the network.

The ability of the responsible firm to make unilateral changes to such a register may not exist by default. Such functionality could be delivered through ‘smart contracts’ (see COLL 6 Annex 4.14G to COLL 6 Annex 4.18G (Smart contracts and eligibility verification)), or through off-chain functionality embedded into contractual terms with unitholders. The responsible firm may also be able to effect updates to the register through direct control of private keys, or a ‘master-node’ function.

The responsible firm may utilise multiple DLT networks to establish and maintain a register of unitholders, even within the same class of units, provided the arrangements are consistent with our rules and the broader regulatory regime. For example, some units in a given class may utilise blockchain A, while other units in the same class may utilise blockchain B. The underlying rights of unitholders, and the charges per unit taken from scheme property, should remain the same within a class.  

COLL 6.7.4R(4) does not permit payments to third parties for the safekeeping or administration of units on behalf of unitholders, rather than on behalf of the authorised fund itself.

In addition to being used to operate a register, DLT may provide other opportunities. For example, DLT may allow distributors or unitholders to instruct or request amendments to the register. Records on DLT are formed by reference to a series of transactions, including ‘burning’ and ‘minting’ tokens representing units, or functionality to ‘freeze’ or ‘unfreeze’ or effect a forced transfer of tokens. DLT may allow distributors or unitholders to instruct or request amendments to the register by submitting new records to the DLT.

In the FCA’s view, the use of DLT to allow parties other than the responsible firm to alter the register of an authorised fund may still be compatible with the rules and the OEIC Regulations, provided the responsible firm is able to make unilateral changes to the register – for example, to reverse incorrect entries or create new ones. The responsible firm will also need to have processes and procedures in place to identify incorrect entries and take remedial action.

The use of DLT may enable unitholders to transfer units between themselves or to third parties. This gives rise to risks that the register is incomplete and not up to date and also that a unit may be transferred to a person who is not an eligible unitholder under the rules, the Act, the instrument constituting the fund or the prospectus.

To address these risks, the responsible firm should consider whether additional technology controls are required to ensure that the units are transferred only to, from, or between eligible unitholders. 

One way in which such transfers of units could be controlled is through arrangements whereby tokens are transferred only to known account numbers that the authorised fund manager has verified as belonging to a person who is an eligible unitholder. This is often referred to as ‘whitelisting’, or having an ‘allow list’ that references a set of addresses on the DLT enabled through ‘smart contracts’. 

Such functionality could also be used to keep track of a unitholder’s tax status or their right to access certain classes of unit with a particular fee rate or minimum investment limit. A firm may utilise accepted token standards that allow for the verification of a unitholder’s identity and ensure that they have the necessary capacity and credentials to hold units.

Where the responsible firm relies on smart contracts for the verification of unitholder addresses or the operation or management of the fund, these smart contracts should be regularly audited to meet evolving industry standards – for example, in relation to security. This will help the responsible firm demonstrate compliance with its obligations under Principle 2, which requires a firm to conduct its business with due skill, care and diligence, and Principle 3, which requires a firm to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.

In broad terms the COLL rules and the OEIC Regulations also require that a register specifies the number of units in each class held by a unitholder (see COLL 6.4.4R(3)(b)) and paragraph 6(1)(c) of Schedule 3 to the OEIC Regulations).

This may be challenging where an authorised fund uses DLT. For example, transactions may be recorded across blocks on a blockchain and a unitholder may hold positions through different wallets represented by different addresses.

To comply with the requirements referred to in COLL 6 Annex 4.19G, the responsible firm should ensure there are systems in place (whether on or off DLT) that can aggregate the information held on the DLT.

An interruption to a DLT network could prevent the authorised fund manager, unitholders or the responsible firm from inspecting the register, or prevent unitholders from effecting or instructing transactions in units.

As already noted, Principle 3 requires a firm to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems. Firms are also required to assess and manage risks including operational risks under the requirements in one or more of SYSC 7 (Risk control), COLL 6.11 (Risk control and internal reporting), COLL 6.12 (Risk management policy and risk measurement), FUND 3.7 (Risk management) and articles 38 to 45 of the AIFMD level 2 regulation. 

To comply with these requirements, the FCA expects the responsible firm to include within its risk management policies and procedures the risks of DLT network outages. An authorised fund manager should ensure that it has appropriate operational and business resilience plans that enable it to manage such risks. 

The authorised fund manager should have alternative processes and contingencies in place to allow for unitholders to buy, sell or transfer their units in the event of a network outage, including where use of fiat money or off-chain processes may be necessary. 

In exceptional circumstances where the DLT network becomes unavailable for an extended period of time, the authorised fund manager and the depositary should have processes and procedures in place to allow the authorised fund to be wound up in accordance with the rules in COLL 7, by realising the assets and distributing the proceeds to unitholders proportionately to their respective interests

COLL 6.4.4R(6)(c) requires the responsible firm to make the register available for inspection free of charge in the United Kingdom. Paragraph 9 of Schedule 3 to the OEIC Regulations requires the register to be kept available for inspection at the company’s head office or at another place in that part of the United Kingdom where the company is registered and which has been notified to the FCA under regulation 36(3)(b).

To comply with these requirements, a firm should use systems that combine both on-chain and off-chain records where this cannot be achieved fully on DLT. 

Where public or consortium-based DLT networks are utilised to establish and maintain a register of units, this activity may take place overseas or the location of this activity may be uncertain. The responsible firm should consider whether any use of such DLT networks affects the scheme’s domicile.

The responsible firm will need to ensure it complies with the requirements of the Money Laundering Regulations and applicable sanctions regimes. 

A firm may need to be registered as a cryptoasset exchange provider or custodian wallet provider under the Money Laundering Regulations where it is carrying on an activity which requires registration under the Money Laundering Regulations. 

Where an authorised fund uses DLT to operate the register, the responsible firm and/or any other person who is the data controller of the personal data in the register (if different) will need to ensure they comply with data protection legislation. This is particularly the case where public networks are used, and recorded information is not secured through encryption by default.

When considering how to comply with the data protection legislation, the responsible firm and any other person who is a data controller should consider inherent risks, such as the permanence of records on the DLT network, and that emerging technology, such as quantum computing, could compromise information about unitholders. 

Information on DLT may also allow trading strategies to be identified or deduced. For example, where transactions in units are recorded or instructed on DLT before execution at a future valuation point, it may be possible for third parties to anticipate large deals in underlying securities. Where relevant, a firm should consider the implications of this in product design and ongoing liquidity monitoring controls and ensure that unitholders are not adversely affected.