REGTECH: How Distributed Ledger Technology Can Help Regulators and Businesses In Pakistan

REGTECH: How Distributed Ledger Technology Can Help Regulators and Businesses In Pakistan

[This paper originates from interactions with the SECP].


Regulatory technology (regtech) focuses on technologies that may facilitate the delivery of regulatory requirements more efficiently and effectively than what is possible at present. This paper considers how the regulators in Pakistan, in particular the Securities and Exchange Commission of Pakistan (SECP), can take advantage of regtech to improve compliance, data handling and supervisory functions.

Distributed ledger technology (DLT) is a type of regtech which is rapidly evolving and likely to take centerstage in the future. A distributed ledger is a database that is shared, replicated and synchronized among the members of a decentralized network.[1] DLT records transactions (such as the exchange of data or assets) among the participants in the network. DLT as a technology has come to the forefront due to its recent success in the form of blockchain.[2] Other reasons for the growing interest in DLT include its potential to stop fraud, expedite and reduce the amount of work involved in ordinary processes like approvals and non-executive actions, and increase transparency in the mode and manner in which a transaction is conducted. These abilities are much sought after in many industries.

As pointed out above, blockchain is one of the well-known, and may we say successful, uses of DLT. It is noteworthy that not all DLTs are blockchains but all the blockchains are DLTs. Not all distributed ledgers use the chain of blocks to secure and validate distributed consensus – which is what blockchain is.[3] Let us now endeavor to look at some of the uses of DLT.


Blockchain is one use of DLT and Bitcoin is one form of utilization of blockchain. The most common uses of blockchain currently include:

  1. recording and maintenance of data (‘transactional use’) and
  2. creation and transfer of crypto-assets (‘financial use’).

Our focus is on the former of the two i.e. the transactional use. For example, regtech has the potential to be used by the SECP to regulate different stakeholders in the market so that they function in a fair, efficient, transparent and orderly manner. The SECP can also supervise the issuance or registration of securities and keep the record of shareholders, prospective shareholders and creditors, etc. Another use of regtech is by the compliance arm of the regulated entities to monitor regulatory changes and monitor risks. In this context, it is also important to know that the SECP has been empowered by the amendments made in the Companies (Amendment) Ordinance, 2020 to adopt such new ideas.

Let us now look at transactional use in further detail.


Blockchains store distributed data on a particular network and due to their decentralized and distributed nature they guard against potential risks attached to a centralized system. In this regard, regtech offers certain value additions such as the following:

(i) it reduces the compliance burden;
(ii) it has the potential to prevent hacks;
(iii) it provides the monitoring of transactions, resulting in enhanced security and scrutiny;
(iv) it enables document tracking, ensuring visibility of approval processes; and
(v) it provides automation of approval processes.

With an increased need for compliance and regulations in the wake of the global financial crisis of 2008, FATF/CFT laws and the growing risk of hacks, fraud and mismanagement, regtech has the potential to be the most efficient way forward. Within regtech, DLT/blockchain provides enhanced security, flexibility and robustness to achieve the aforementioned objectives. The inherent nature of blockchain makes it secure to store data. Blockchain acts as a ledger of information distributed across a network, therefore, it eliminates the risk of having any one point of failure. Even if one of the points in the network fails, the decentralized nature of blockchain ensures that key data remains secure elsewhere.[4]

One of the most noticeable advantages of using blockchain and DLT is the level of transparency and automation in the process. This means that the regulator can covert the traditional paper-based process to a digital and automated system that will save time and improve efficiency for companies as well as other stakeholders.

According to a press release in August 2019, under the regulatory impetus of the SECP, the life insurance industry in Pakistan signed an MoU with the Central Depository Company of Pakistan (CDC) for digitization and centralization of policyholder information through the development of a Centralized Insurance Repository (CIR) in Pakistan, with technological support from CDC. A similar approach can be adopted by the SECP for the rest of the corporate sector through the establishment of an e-repository as well as e-compliance using blockchain.

Blockchain can be used as a permission-based platform to address any privacy concerns usually arising from permissionless blockchains.[5] There can be four key categories of participants in this blockchain:

  1. regulators (such as the SECP, State Bank and FBR);
  2. shareholders and proposed shareholders;
  3. creditors; and
  4. company’s management.

Once such blockchain is formed, it can be utilized for both transactional and financial uses.

The proposed blockchain can be particularly useful to small companies. Small companies and startups usually do not have the resources and expertise to file various compliance forms with the SECP. As is often seen in legal practice in Pakistan, this normally results in many small companies filing mandatory forms, such as Form A and Form 29, with delays and penalties and that too only when there is a commercial need to do so (such as for the purposes of due diligence by a potential investor).

Fintech companies are expected to comply with heavy legal regulations not only by the SECP but also by the State Bank. Making regulators a part of the blockchain will help the company as well as the regulators with legal compliance processes. Each and every transaction of the company could be recorded and traced and it would also be convenient for shareholders and regulators to have access to the trail of every transaction. As blockchain is viewable by everyone within the network and all transactions are immutable, greater transparency can be ensured. This can potentially reduce the need to have a lot of paper-based reporting, which is presently a burdensome requirement for those being regulated.

Paperwork is considered to be an infamous characteristic of corporate governance, which makes the decision-making process more cumbersome, expensive and time-consuming.[6] In this regard, for instance, the offer or transfer of shares by a member of a company to all the other members is a very simple process which can be executed through blockchain.


A smart contract is a self-executing software code which ensures that certain steps are taken as soon as another (independent) event has taken place. Smart contracts are executed by the nodes of the distributed ledger after the aforementioned event has taken place. Some of the characteristics of smart contracts include security and certainty, therefore, when the terms of a smart contract are stored in blockchain, it implies that the terms cannot be overridden by a single party with malicious intent, as opposed to traditional systems where a third party (such as a court) is necessary to enforce a contract.

Smart contracts can be used by the SECP for the effective supervision of transfer of securities. Smart contracts not only provide data accessibility to all parties involved, they can also store information in real-time and can track the information related to securities. This will reduce the need for intermediaries, such as stock brokers. Smart contracts can be programmed to follow specific rules on the chain and each side being aware of the consequences of its actions, will try to ensure transparency. At present, courts are inundated with disputes involving rectification of the shares register. The proposed DLT/blockchain will help reduce such disputes.

In the event that we have creditors on blockchain, smart contracts can help a company raise debt in a more efficient manner, providing the creditors with greater security and transparency (and potentially reducing cost of finance). The creditors will be able to review the risk of their lending. Any hypothecated charges and mortgages over the company’s assets are to be notified to the SECP and registered. Such information is important for financial institutions, shareholders, creditors and other stakeholders. The hypothecation register maintained by the SECP can be part of the blockchain. Other securities for loans can also be maintained on blockchain.

In addition to simplifying debt financing, blockchain will also make it easy to structure lending arrangements, where disbursement as well repayment will get recorded. Repayment once recorded will automatically remove a charge without the need to file additional paperwork. Once the record on a registry is updated, it is recorded on a semi-public blockchain and is immutable and verifiable, thereby reducing the risk of tampering for any reason. The underlying assets can also include moveable assets, such as inventories or assets in a warehouse (with appropriate tagging mechanisms), which may be used to enhance credit worthiness and open up more avenues for greater access to credit.[7]

Smart contracts inherit the properties of DLT, therefore, they can never be changed, tampered with or altered. They are are distributed, which essentially means that the outcome of a smart contract will be validated by everyone in the network, the same way any transaction on blockchain is validated.

The SECP can create blockchains for both private and public companies, separately. For private companies, blockchain can be based on storing information like share-ownership, management details, assets of the company and charges on the assets which are open to a limited number of stakeholders such as the members, the SECP itself or the creditors of the company, etc. On the other hand, a public company can have a much wider set of stakeholders who can access a blockchain, including prospective investors, financial advisors and consultants, etc.

A smart contract can also offer a platform where each node is responsible to validate the integrity and authenticity of registered actions, such as the number of assets owned, offer and acceptance, market price of shares, settled price and registration of shares, etc.


As pointed out above, blockchain has many benefits. An immutable blockchain ledger will improve the traceability, and indeed the auditability, of transactions. This means that it is possible to find out how and by whom the ledger was updated. That being said, providing reasonable assurance about the accuracy and reliability of financial statements and internal controls over financial reporting require more than simply being able to verify the occurrence of a transaction on a blockchain ledger. New regulatory reporting requirements may easily be added to the existing reporting requirements with minimal effort.

Having the compliance department of a company on blockchain can make it possible for the company to ensure that the management has visibility over the processes that a particular department of the company may be required to fulfil. Once regulatory compliance has been completed, the same can be reported to the regulator. 


This paper is intended to encourage discourse around the use of regtech by regulators in Pakistan and proposes the adoption of blockchain for the recording and maintenance of data and the use of smart contracts for the recording of transactions that need to be reported to regulators.

As discussed above, the adoption of regtech reduces reconciliation and data management costs and increases the ease with which such transactions can take place. The paper further suggests that blockchain can enable entities and regulators to cope with the ever-increasing regulations as well as ensure efficient enforcement of such regulations.

The world is moving fast towards adopting blockchain and other forms of DLT. This paper merely introduces and suggests the potential uses of blockchain for regulators in Pakistan. More research is still needed to further articulate and explore the cases in which the SECP can put blockchain to use in its current legal framework.

One way to go about this is by using the Australian model under which the Australian Securities and Investments Commission has established the ASIC Regtech Liaison Forum involving the industry, technology firms, academia and consumer bodies. It has also incorporated technology trials and problem-solving events.[8] The move towards regtech to regulate corporations appears to have extended beyond a mere trend to a general and genuine need. A similar approach can be adopted by the SECP to work with stakeholders in developing such a system.


[2] Below are some of the salient features of blockchain:
  • Blockchain is a particular type of data structure used in some distributed ledgers which stores and transmits data in packages called blocks that are connected to each other in a digital chain and DLT on the other hand is a scattered database spread across different nodes.
  • The data stored on blockchain are in specific order and difficult to change whereas data on a DLT can be organized in different ways.
  • The consensus mechanism in blockchain is stronger i.e. proof of work is required in blockchain as compared to a DLT. Thus, making the DLT more scalable and malleable.
  • Blockchain ensures transparency owing to its immutability that is a product of the consensus mechanism.
  • In blockchain technology blocks are added to the chain when a consensus is reached and each block has transactions on the other hand the DLT includes a consensus algorithm that ensures an agreement.
  • Blockchain is generally a token economy, but the DLT doesn’t require their usage.
[3] If you are inclined to look at the technicalities of how blockchain works please see  <>  Prospective Hybrid Consensus for Project PAI Authors: Mark Harvilla, PhD 1 Jincheng Du 2 Peer Reviewers: Thomas Vidick, PhD 3 Bhaskar Krishnamachari, PhD 4 Muhammad Naveed, PhD 5 and <>. In summary Blocks are so called since they stack up data points in them. The code which creates the blocks will also limit its size, for example a block in Bitcoins is limited to 1MB only. The data points in blockchain can be any data, from important financial transactions to data such as which coffee brand is the most consumed. Once a block stacks up data points to its maximum a new block is formed. Each block in blockchain is timestamped. The blocks are interconnected via a chain of ‘Hash’, which is a unique identifying number that the code of the blockchain allots to each transaction. Transaction can refer to either financial- as in the case of Bitcoins- or it may refer merely to storage or update of data. Each transaction goes through a Hash Algorithm. This Algorithm will convert each transaction into a Hash Number. This process of allotting a Hash Number to each transaction is known as Hashing. . A data point is put through a Hash Algorithm. Once a Hash number is allotted to the data point this Transaction is added to a block. If this is the very first block in the blockchain it is called the ‘Genesis Block’. More Transactions will be stacked up on the first Transaction after Hashing. Let’s say one Block is coded to retain three Transactions, a new Block will be created upon the Hashing of the fourth Transaction. The previous Block will have its own Hash Number. This Hash Number will be added to the new Block. This process will be repeated over and over again forming a chain. Every new Block formed will contain the Hash Number of its immediate predecessor.
In addition to linking the Blocks together, a Hash Number most importantly provides verification of each transaction. A transaction will be identified by its Hash Number and that of the Block in which it is contained. Firstly, any change in the data/ transaction will trigger the Hashing process at the end of which the changed transaction will be allotted a new Hash Number. This means that even the slightest and smallest changes to any data/ transaction will be identified and recorded as a new transaction. This gives security and credibility to the data stored in blockchain. Secondly, since a change will mean a new transaction, it will also necessarily mean being stored on a new Block. So, let us suppose that the word ‘Phone’ had the Hash Number 3 and was stored on the Block Number 4, but now the spellings are changed to ‘Fone’. This change will be recognized as a new transaction and it will get a random Hash Number and will be stored on the Block that has space left. So, using Hash Number 3 and Block Number 4 one can only access the word ‘Phone’ and not ‘Fone’. This is how Hashing verifies each transaction and lends the whole process security and credibility.
[4] Since the blockchain is a decentralized ledger it lacks a central authority otherwise necessary for to maintain and update a ledger. The lack of central authority is compensated for by the Consensus Mechanism. This ensures that the blockchain remains functional, reliable and secure. The participants of a blockchain are asked to arrive at a consensus regarding a transaction for it to be verified as authentic and thereafter be registered in the blockchain. Hashing, explained above, is a manifestation of the Consensus Mechanism. Hashing can be done through Proof of Work (‘POW’) or Proof of Stake (‘POS’), two of the most common consensus mechanisms. POW and POS lay down the criteria for who is allowed to take part in the Consensus Mechanism to allot the Hash Numbers. In POW the nodes/ participants of a blockchain compete against each other to solve a mathematical equation. The solution of this mathematical equation is the Hash Number. In a POS the node who has the highest stake in the blockchain gets to solve the mathematical equation and generate the Hash.
[5] Permissionless: In this type of blockchains, ledgers are visible to every node of the blockchain. It allows anyone to verify and add a block of transactions to the blockchain. Public networks have incentives for people to join and free for use. Anyone can use a public blockchain network. Permission-based: A permission-based blockchain is within a single organization. It allows only specific nodes to verify and add transaction blocks. However, every node is allowed to view the ledger.
[7] Distributed Ledger Technology (DLT) and Blockchain, by International Bank for Reconstruction and Development.
[8] regulator

The views expressed in this article are those of the authors and do not necessarily represent the views of or any organization with which they might be associated.

Download a copy of this paper here: Concept Paper and Case Study on Blockchain Utility

Ahmed Uzair

Author: Ahmed Uzair

The writer is a Partner at AUC Law, a firm that specializes in corporate law. He can be reached at [email protected]

Author: Daraab Wali Furqan

The writer is a Senior Associate at AUC Law. He can be reached at [email protected]

Taimur Malik

Author: Taimur Malik

The writer is a Partner at Clyde & Co, a global law firm. He is also the Founder of Pakistan’s leading law and justice initiative, Courting The Law.