You've probably heard of the word "blockchain" in banking, investing, or cryptocurrency circles over the past 10 years. But what is blockchain? And why does it elicit feelings of excitement and confusion simultaneously within the structured finance market? Blockchain holds the promise of potential cost savings, new operational efficiencies, and improved transparency and accuracy, according to the market. With these benefits, the technology could also introduce credit risks to structured finance transactions, which we explore through the lens of different components of S&P Global Ratings' analysis.
What Is Blockchain And Tokenization?
Blockchain is a system that facilitates communication between transacting parties while distributing proofs for transaction agreements to all participants. Blockchain is a type of "distributed ledger," meaning it is a shared database that is replicated and synchronized by a decentralized network. Transactions on a blockchain (also referred to as distributed ledger technology [DLT]) are permanently committed to a ledger by groups of transactions called blocks. A blockchain network uses ordinary internet connectivity, and users can access blockchain applications via a browser or specialized desktop applications.
Blockchains incorporate "smart contracts," defined loosely by IBM as computer code that is stored on a blockchain and executed when defined terms and conditions are met. Smart contracts can enforce a variety of agreements in business collaborations. (See https://www.ibm.com/blogs/blockchain/2018/07/what-are-smart-contracts-on-blockchain/.) Because smart contracts are programs, it is possible to write them in such a way that they compensate for any features unavailable in the chosen blockchain.
Tokenization is the conversion of the value of an illiquid asset (such as property) into a fixed number of liquid tokens, which themselves have a fractional value of the original asset. The perceived value of the token can be limited to the blockchain on which the token is created and managed. Alternatively, the token can enjoy extended reach if it can be exchanged for other currencies, including fiat money.
Potential Blockchain Benefits For Securitization
Blockchain is exciting because it holds the promise of potential cost savings, new operational efficiencies, and improved transparency and accuracy, according to the market. Below, we discuss some of the potential benefits that we have heard from the market.
Originator and assets:
- Ability to create larger homogeneous asset pools to facilitate statistical analysis; and
- Diversification of assets can reduce vulnerability to economic stress.
Process:
- Set of smart contract templates developed for securitization will enable quick establishment of the trust, and the time frame of the securitization process could be reduced substantially;
- Data sets are provided in a structured format, enabling easy and quick programmable reconciliation;
- Full transparency of process setup and the data used; and
- Improved quality of available data on the blockchain, which could mitigate reporting errors or potential misrepresentation.
Execution:
- Quicker and more accurate cash flow reporting; and
- Real-time transparency during execution. Any revealed issues would be known.
Oversight:
- Real-time full transparency of all transactions; and
- Ability to statistically test health of the process, and predict the outcome.
Potential Blockchain Risks For Securitization
When assessing a structured finance transaction, S&P Global Ratings' analytical framework includes five key rating factors (or "five pillars") (see "Principles Of Credit Ratings," published Feb. 16, 2011):
- Legal and regulatory risks;
- Operational and administrative risks;
- Credit quality of the securitized assets;
- Payment structure and cash flow mechanisms; and
- Counterparty risks.
We believe legal and regulatory risks and operational and administrative risks would initially be the most affected pillars of our framework by the application of blockchain technology to the securitization process.
Legal and regulatory risks
Our assessment of legal and regulatory risks focuses primarily on the degree to which a securitization structure isolates the securitized assets from the bankruptcy or insolvency risk of non-special-purpose entities (SPEs) that participate in the transaction. When it comes to integrating blockchain into the securitization process, the question of how DLT will effectively isolate the securitized assets raises questions for us in our analysis.
To date, no clear legal framework for potential approaches to regulatory oversight of cryptoassets and DLT has been established in any jurisdiction. Some examples of recent legislative developments include:
- Some regulators, such as the U.K.'s Financial Conduct Authority (FCA), have begun to float proposals addressing these issues. The FCA's consultation paper (CP19/3, https://www.fca.org.uk/publication/consultation/cp19-03.pdf) proposes to define cryptoassets as being one of three types of tokens (CP19/3, 2.5): exchange tokens--used as tools to buy and sell goods (CP19/3, 3.31 – 3.37); security tokens--meet definition of a specified investment, which includes all debt instruments, bonds, etc. (CP19/3, 3.43 – 3.47); and utility tokens--grant holder an access to services offered by token issuer (e.g., a frequent flyer miles program) (CP19/3 - 3.51-3.52).
- Certain U.S. states have also passed or proposed legislation governing some aspects of blockchain. For example, several blockchain- and FinTech-related bills are making their way through the Wyoming legislature, including provision for a regulatory sandbox (HB0057) and a bill relating to digital assets (SF0125), defined as a representation of economic, proprietary, or access rights stored in a computer-readable format (for example, digital consumer assets, digital securities, and virtual currency).
With all of this still being debated, the use of DLT in securitizations raises a number of questions for us. How will the tokenization of assets via blockchain be defined under the law? Which legal regime will govern issues of ownership, security interests, and, with respect to the use of smart contracts, enforceability? Pursuant to our legal criteria (see "Structured Finance: Asset Isolation And Special-Purpose Entity Methodology," published March 29, 2017, and "Legal Criteria For U.S. Structured Finance Transactions: Securitizations By Code Transferors," published Oct. 1, 2006), we generally request legal comfort concerning bankruptcy-related issues under applicable law to determine that securitized assets will not likely be considered part of the bankruptcy estate of, or be substantively consolidated with the assets of, certain non-SPE transaction participants. If assets are tokenized via blockchain and/or if smart contracts are used to govern transactions relating to the assets or a securitization transaction more generally, it's not clear at this time which legal comfort would be relevant to our legal analysis, or what form of legal comfort we may request when analyzing transactions under our legal criteria, particularly for transactions involving public blockchains, for which there is no single control party.
Operational and administrative risks
Our operational risk criteria cover transaction parties that provide an essential service to a structured finance issuer (see "Global Framework For Assessing Operational Risk In Structured Finance Transactions," published Oct. 9, 2014). Under our criteria, in cases for which we believe operational risk could lead to credit instability and a ratings impact should a transaction party not perform as contracted, there could be a rating cap that limits the securitization's maximum potential rating.
In our view, the introduction of blockchain technology in transaction structures could introduce new key transaction parties (KTPs). We believe blockchain technology providers could have elevated risk above that posed by an administrative KTP, which we have generally considered to be nonmaterial, based on the administrative functions applicable to structured finance transactions today. It is possible that a blockchain provider could be assessed as a performance KTP under our operational risk criteria. To determine the maximum potential rating of a transaction, we assess the severity risk, portability risk, and disruption risk of each performance KTP.
Severity risk
To assess severity risk, we consider how the assets would perform should the KTP's services be disrupted. The primary factors are the credit quality of the assets being securitized and the asset class, which we would not expect to be affected by the introduction of blockchain. However, if collections on the assets aren't made, due to a service disruption of the blockchain provider (for example, if a smart contract that directs payments to the issuer's accounts isn't executed), the issuer's cash flows could be interrupted. This could create a liquidity risk, which would be a consideration in our assessment. We would also consider potential disruption of running the payment waterfall if executed through a smart contract, as this could lead to an event of default on the rated notes.
Portability risk
To assess portability risk, we generally consider five primary risk factors: (1) the market depth of qualified replacement KTPs; (2) the fee incentive for a replacement KTP; (3) the compatibility of systems and business practices; (4) issuer termination rights; and (5) the existence of a controlling party. The use of DLT introduces several unknowns with respect to these considerations, which we discuss in further detail below. For example, whether the replacement party is comfortable acting as replacement; whether its IT staff are knowledgeable (or work with consultants knowledgeable) in blockchain; and whether smart contracts are programed in a way to enable the replacement. Even in cases where market conditions, transaction-specific features, and other relevant factors are theoretically conducive to a successful transfer of roles and responsibilities, historical evidence of actual replacement (and associated timelines for such replacement) will be lacking given that the DLT is relatively new. This would be a consideration in our assessment.
Market depth: Given that application of DLT to financial markets is still in its early stages and not yet widespread, the depth of the pool for replacement providers is unclear. Although numerous DLT initiatives have been undertaken by start-ups and more established players alike, the extent to which such ventures are willing and able to provide DLT to support a securitization is unclear. Would technology companies, depending on their experience, capabilities, and successful project completion, among other considerations, be likely sources for suitable replacements? Initially, input from DLT providers themselves on the competitive landscape could be helpful in establishing a sense of the market for replacements.
We also question whether the availability of replacements could vary depending on the asset type and/or jurisdiction. For example, similar to servicers, will DLT providers focus on a specific asset type to maximize efficiencies given product nuances? Such specialization could limit the number of replacements for a given asset. Replacement prospects may also be limited by geography. While technology has the potential to make geographical boundaries irrelevant, it's not clear how easily blockchain providers will be able to cross borders given potential differences in legal/regulatory requirements for doing business. An open question is whether these difficulties would be more pronounced for public blockchains, which have to transition from a global operating platform to a local model, subject to varying legal and regulatory constraints.
Fee incentive: The likelihood of finding a replacement DLT provider will also depend on the fees the replacement would earn for taking on this role. It's currently unclear how blockchain technology providers will be compensated for their role in the securitization process in terms of the amount or priority of payment relative to other trust obligations. Our analysis would generally focus on any ongoing fees that would be paid from the cash collected on the securitized assets. However, there may be questions concerning the potential for replacement if all fees are paid to the provider up front in the securitization process such that no compensation would be available to a successive provider. While it's important that such a fee be adequate to attract a replacement, there is a trade-off, as excessive amounts would reduce cash flows to investors unnecessarily. In the absence of an established market for such services, we would likely look to information from DLT providers, issuers, and other market participants to assess the adequacy of fee arrangements for a given transaction.
Systems compatibility: The use of a public blockchain would appear to reduce issues concerning systems compatibility because source code would be openly available. This contrasts with some private (permissioned) blockchains for which lack of familiarity with proprietary code may be an issue. In these cases, we would consider the complexity and customization of the code, as well as the ability to access the code in the event of a problem with the initial provider. Examples include a copy of relevant passwords, source code, and other relevant data held with a custodian or other independent party.
Public blockchains may pose other compatibility risks with respect to data mining using certain consensus protocols and forks. If there are no adequate economic incentives for miners to use their hardware and electricity, mining could be delayed or discontinued altogether. Forking—a collectively agreed upon software update that introduces new rules to the blockchain—is one such factor that may influence miner incentives, as public opinion rather than economic considerations may drive the decision-making process. If the consortium decides to fork and proceed down a new path, but the securitization operates on the pre-fork transaction chain, it may be difficult to ensure that miners will continue to maintain the pre-fork transaction chain. Therefore, the distinction between the use of public or private blockchain could be a differentiator in our compatibility analysis depending on our assessment of these factors.
We also question whether any IT-related dependencies arising from use of a DLT, such as integration with servicing systems or other related platforms, could be affected in the event the provider needed to be replaced. Greater market transparency with respect to the various technologies used will make it easier to assess compatibility across providers.
Issuer termination: It's not clear at this stage what, if any, performance covenants a blockchain provider will be contractually bound to in a transaction. We don't know whether the issuer or other control party will have the ability to terminate the blockchain provider and appoint a replacement if there are performance issues such as errors in the setup of smart contracts and security breaches. Could manual execution of smart contracts and token storage in custodial e-vaults serve as potential mitigants to these issues; or could a transaction's performance nonetheless be constrained if the provider cannot be removed from its role with cause?
Control party: The introduction of blockchain to the securitization process may potentially displace the current control framework whereby a trustee, master servicer, or other responsible party acts on behalf of security holders to take action when needed to address KTP or other relevant issues. For example, could consensus or a majority vote of transaction participants on the blockchain trigger the execution of certain actions, such as KTP replacement via pre-set smart contracts? We will consider the potential benefits and drawbacks of any alternative provisions, as well as potential execution issues, as such procedures will be largely untested.
Disruption risk
Disruption risk concerns a material disruption in a performance KTP's services for which severity and portability risks are deemed moderate or higher. Assessments of operating condition and a variety of key performance attributes are combined to determine a performance KTP's ability and willingness to carry out its duties.
The first arm of the assessment examines the stability of a performance KTP's operating condition. A stable operating condition is evidenced by significant franchise value, a rating of 'BB' or higher, or profitability and positive net worth along with proven liquidity, experienced management focused on controlled growth, ample staffing, and operation through a downturn. While a plethora of providers has mushroomed over the last few years, DLT is still a relatively new phenomenon. A given provider may struggle to show that it has operated profitably through the cycle or demonstrated any of the other measures of operating health, likely placing its operating condition in the transitional, rather than stable, category.
The second arm of the assessment scrutinizes key performance attributes of the entity, such as its track record and years of experience. We would also consider whether its performance could be affected by systems capacity, weak internal controls, and regulatory or legal action. A relatively young DLT provider may well find itself vulnerable to at least some of these negative attributes. Little or no track record for a DLT provider, a more precarious operating condition, and concerns about key performance attributes could all contribute to elevated operational risk and cause us to cap a particular rating or even decline to rate a transaction altogether. We will also not issue or maintain a rating for which:
- A KTP has insufficient experience.
- A rating is based on information that is insufficient, unreliable, or not timely.
- The transaction parties' roles, responsibilities, and rights are unclear.
- A KTP can resign without a successor in place and its resignation would materially adversely affect the securitization's performance.
Such scenarios are more likely in the case of a newer, less well-established entity, particularly one that finds itself in the vanguard of a securitization paradigm shift. In addition to concerns about longevity and profitability, given competing technologies and platforms, the question of substituting a failing DLT provider remains a concern for us.
Credit quality of the securitized assets
We do not expect asset performance to be affected initially should blockchain be adopted, nor do we expect borrower behavior to be influenced by the use of blockchain. As such, we believe the credit quality of the assets would be the least affected pillar of our analysis.
Historical performance data used to size our base-case assumptions in certain asset classes would likely be fully transparent and less prone to manipulation if available on the blockchain. By migrating to a blockchain platform, there could be less reliance on third-party audit reports or other analytical overlays, which currently provide comfort on data reliability.
Blockchain could also allow for detailed loan-level performance data and collateral characteristics--for assets where this is not the current standard (such as auto loans and credit card receivables)--which could inform our credit analysis. For example, if emissions standards changed, it may be possible to identify in real-time the percentage of vehicles with engine types that could be impacted, or the specific location of properties in the event of natural disasters. Moreover, real-time performance updates, presumably available on the blockchain, would enhance our surveillance.
Payment structure and cash flow mechanisms
Smart contract execution should not affect our underlying assumptions about timing and allocation of funds.
Counterparty risks
The creditworthiness of traditional transaction counterparties should not be affected by the introduction of blockchain technology to securitizations. Whether or not blockchain technology introduces counterparty risks, in part, depends on which transaction party holds the asset tokens. For example, recent events concerning the Canadian cryptocurrency exchange QuadrigaCX and the reported death of its founder, while continuing to evolve, offer a cautionary tale. In this case, monies owed to clients apparently cannot be accessed because the founder died without sharing the password that would unlock them. The additional counterparty risks that blockchain could introduce, and the proposed mitigants, would be a consideration in our assessment.
Although There Is Excitement For Blockchain In Structured Finance, It's Still Wait And See
Whether or not blockchain is adopted by structured finance markets remains to be seen. Despite the purported benefits, there are technical hurdles as well as other barriers, including general market acceptance, to overcome. From our overview of how blockchain, if adopted, would affect securitizations, of our five key rating factors, it appears as though "legal and regulatory" and "operational and administrative" would initially be most affected. We will continue to analyze the potential impact of blockchain should its popularity among market participants grow and translate to practical implementation.
This report does not constitute a rating action.
Analytical Contacts: | Matthew S Mitchell, CFA, London (44) 20-7176-8581; matthew.mitchell@spglobal.com |
Timothy J Moran, CFA, FRM, New York (1) 212-438-2440; timothy.moran@spglobal.com | |
Criteria Contact: | Vanessa Purwin, New York + 1 (212) 438 0455; vanessa.purwin@spglobal.com |
Research Contact: | Tom Schopflocher, New York (1) 212-438-6722; tom.schopflocher@spglobal.com |
Technology Contact: | Thomas Zakrzewski, New York 1 (212) 438 8458; thomas.zakrzewski@spglobal.com |
No content (including ratings, credit-related analyses and data, valuations, model, software or other application or output therefrom) or any part thereof (Content) may be modified, reverse engineered, reproduced or distributed in any form by any means, or stored in a database or retrieval system, without the prior written permission of Standard & Poor’s Financial Services LLC or its affiliates (collectively, S&P). The Content shall not be used for any unlawful or unauthorized purposes. S&P and any third-party providers, as well as their directors, officers, shareholders, employees or agents (collectively S&P Parties) do not guarantee the accuracy, completeness, timeliness or availability of the Content. S&P Parties are not responsible for any errors or omissions (negligent or otherwise), regardless of the cause, for the results obtained from the use of the Content, or for the security or maintenance of any data input by the user. The Content is provided on an “as is” basis. S&P PARTIES DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE, FREEDOM FROM BUGS, SOFTWARE ERRORS OR DEFECTS, THAT THE CONTENT’S FUNCTIONING WILL BE UNINTERRUPTED OR THAT THE CONTENT WILL OPERATE WITH ANY SOFTWARE OR HARDWARE CONFIGURATION. In no event shall S&P Parties be liable to any party for any direct, indirect, incidental, exemplary, compensatory, punitive, special or consequential damages, costs, expenses, legal fees, or losses (including, without limitation, lost income or lost profits and opportunity costs or losses caused by negligence) in connection with any use of the Content even if advised of the possibility of such damages.
Credit-related and other analyses, including ratings, and statements in the Content are statements of opinion as of the date they are expressed and not statements of fact. S&P’s opinions, analyses and rating acknowledgment decisions (described below) are not recommendations to purchase, hold, or sell any securities or to make any investment decisions, and do not address the suitability of any security. S&P assumes no obligation to update the Content following publication in any form or format. The Content should not be relied on and is not a substitute for the skill, judgment and experience of the user, its management, employees, advisors and/or clients when making investment and other business decisions. S&P does not act as a fiduciary or an investment advisor except where registered as such. While S&P has obtained information from sources it believes to be reliable, S&P does not perform an audit and undertakes no duty of due diligence or independent verification of any information it receives. Rating-related publications may be published for a variety of reasons that are not necessarily dependent on action by rating committees, including, but not limited to, the publication of a periodic update on a credit rating and related analyses.
To the extent that regulatory authorities allow a rating agency to acknowledge in one jurisdiction a rating issued in another jurisdiction for certain regulatory purposes, S&P reserves the right to assign, withdraw or suspend such acknowledgment at any time and in its sole discretion. S&P Parties disclaim any duty whatsoever arising out of the assignment, withdrawal or suspension of an acknowledgment as well as any liability for any damage alleged to have been suffered on account thereof.
S&P keeps certain activities of its business units separate from each other in order to preserve the independence and objectivity of their respective activities. As a result, certain business units of S&P may have information that is not available to other S&P business units. S&P has established policies and procedures to maintain the confidentiality of certain non-public information received in connection with each analytical process.
S&P may receive compensation for its ratings and certain analyses, normally from issuers or underwriters of securities or from obligors. S&P reserves the right to disseminate its opinions and analyses. S&P's public ratings and analyses are made available on its Web sites, www.standardandpoors.com (free of charge), and www.ratingsdirect.com and www.globalcreditportal.com (subscription), and may be distributed through other means, including via S&P publications and third-party redistributors. Additional information about our ratings fees is available at www.standardandpoors.com/usratingsfees.
Any Passwords/user IDs issued by S&P to users are single user-dedicated and may ONLY be used by the individual to whom they have been assigned. No sharing of passwords/user IDs and no simultaneous access via the same password/user ID is permitted. To reprint, translate, or use the data or information other than as provided herein, contact S&P Global Ratings, Client Services, 55 Water Street, New York, NY 10041; (1) 212-438-7280 or by e-mail to: research_request@spglobal.com.