Forbes interview with KoreConX founders

Do you know how to invest in the private capital market?  Not many people do.  It is complicated, requires a lot of paperwork, has low transaction volume, comes with risk and volatility, and not very liquid.

Could distributed ledger technology (DLT) be used to reduce back-office fees and expand the market for this asset class?

I interviewed Oscar Jofre, CEO and co-founder of KoreConX, who believes his platform and infrastructure can help.

KoreConX is a company working to change how businesses raise capital.  Mr. Jofre is an advocate for using DLT to bring transparency to a fractured process.  Mr. Jofre mentioned, “There are over 90,000 companies in our platform from around the globe who have raised more than $6.6 billion. Companies who use the KoreConX platform raised capital working with broker-dealers or direct offerings on their own. We are purely providing the technology to make sure they are fully compliant and to manage the entire process.”

What is the private capital market?  What are the problems?

The private capital market represents companies not publicly traded on stock exchanges. Private funds, venture capital investors, and some mutual funds are typically the main buyers.  Investments can be in new start-up enterprises, mature business, or sometimes struggling firms. This type of asset is considered to be highly risky.

One critical problem, the team at KoreConX explained, was the lack of market access for small firms. Dr. Kiran Garimella, KoreConX’s CSO and CTO, said, “The majority of participants in private capital markets are smaller entities who are closely connected with local companies and investors. They cannot afford huge expenses for integrated systems.”  KoreConX specializes in connecting all sizes of firms rather than limiting their scope to more mature enterprises.  Interestingly CEO Oscar Jofre’s background is crowdfunding, which is a driving influence in his business.

Jason Futko, CFO and co-founder, said, “It is often difficult for companies in the private capital markets to identify investors to present their opportunity. The fragmentation in this market can make it difficult to find investors or other professionals to help you grow your business.”

On June 26th, 2019, Broadridge bought from Northern Trust a similar blockchain platform.  There is competition in this space from many players. Mr. Jofre said, “There are companies like Carta, Capshares, ComputerShare, AST, and Link Group that offer some of the features KoreConX provides in our all-in-one platform. We have a much different view of the market. To truly transform it, we need to make sure all participants have all the tools they need. If they don’t, then we will never see any great change in the private capital markets.”

KoreConX launched on October 11th, 2019, their new blockchain ecosystem for fully compliant digital securities worldwide.  Their mission is to ensure compliance with securities regulation and corporate law.  The KoreConX platform includes securitized token issuance, trading, clearing, settlement, management, reporting, and corporate actions.

As explained to me by the management team, the lack of data integrity and regional knowledge of jurisdictional compliance can restrict investment opportunities offered to the public.  Mr. Futko continued, “Obviously part of the solution under KoreConX has to be around connecting document fragmentation, providing access to professionals and creating trust through our blockchain, which ensures both business and regulatory logic.”

Why can blockchain technology help now?

The KoreConX team stated that the private capital markets serve over 450 million private companies worldwide today.  They have a lack of document transparency and high fees. Compare this to public capital markets, which have established listing standards and rules.  Furthermore, open markets are used every day and can handle many transactions.  Dr. Garimella said, “Blockchain offers technology that provides solid mechanisms for trust through immutability and consensus among parties.”

I asked Mr. Jofre to explain why his work was different from larger companies, like Broadridge? He responded, “KoreConX is entering a market with many providers who have a single feature or application. For private capital markets to be as efficient, as public listed markets, it needs an infrastructure layer and an application layer.  KoreConX brings both.  We do not exclude anyone because of size or geography.”

Many Rights Make the KoreProtocol Right

Over the last few weeks, we have seen the highly entertaining farce of Craig Wright claiming to be Satoshi Nakamoto by registering a copyright to the original bitcoin whitepaper and code. He may very well be Satoshi. However, registering a copyright does not confer an official recognition of identity. Wei Lu, CEO of Coinsumer, proved it. Reacting to the press releases and social media statements made by Craig Wright and his supporters, the US Copyright office took the extraordinary step of publicly refuting the claim that a copyright registration is the same as official & proven recognition. This prompted the subject line of Coindesk’s May 23rd Blockchain Bites email: “Wright is wrong.”

The public blockchains provide an endless source of fun. Whatever their faults, one can’t blame them for being boring. The responsible, permissioned chains are, in contrast, boring. KoreChain in particular is relatively dull to thrill-seeking outsiders, while extremely exciting to those who truly understand private capital markets and how the KoreProtocol is spearheading innovation for private issuers and investors.

The KoreProtocol defines many types of shareholder rights in private digital securities. These rights, some mandatory and some discretionary, are well-established in securities law and corporate law. The innovation and complexity of shareholders rights is only limited by the willingness and imagination of the participants. In the absence of automation and a single source of immutable truth, the implementation of rights can become a bureaucratic nightmare. This, more than anything, becomes a limiting factor for innovative contracts. By defining shareholder rights rigorously in the KoreProtocol and implementing the full workflows in KoreChain for their exercise, the KoreProtocol and the KoreChain take away the pain and effort of managing these rights. This opens up private capital markets to very flexible and complex shareholder agreements to suit the needs of the participants.

The KoreProtocol and the implementation within KoreChain include rights such as (to give a few of the more prominent examples):

  1. Voting/non-voting
  2. Financial participation in the form of dividends or revenue
  3. Distribution of revenue or dividends as cash, reinvested securities, or other forms of payment
  4. First right of refusal
  5. Tag-along rights
  6. Drag-along rights
  7. Pre-emptive rights

Each of these rights and their numerous variations have implications and consequences in secondary market trading and in corporate actions. The KoreProtocol provides a structured way to define these rights and their impact on securities transactions. The KoreProtocol implements complete end-to-end management of financial transaction processes, some of which may be very long-running.

The definition of protocol functions to handle all the complex scenarios in securities transactions is not a trivial undertaking. However, it is much easier than the actual implementation of the protocol since that requires handling long-running processes and making tradeoffs between manual and automated processes, data sharing mechanisms, and choice of endorsers. Every step of the process must be fully compliant with securities laws, corporate laws, and the provisions of the underlying contracts.

Trying to shoehorn securities transactions into inadequately defined protocols and delegating the implementations to someone else is to do the worldwide financial community a huge disservice. Implementing the rights of issuers and investors is a very complicated undertaking. For example, ERC-1404, in the words of its creators, “…solves for the compliance challenges that are part of the issuance process and beyond.”

How does ERC-1404 solve the problem of whether senders can send tokens to a receiver and whether receivers can receive tokens from a sender? By defining two functions: CanSend() and CanReceive(). The github code itself shows one function:

detectTransferRestriction(fromAddress, toAddress, numTokens) //I made it a bit readable.

With no trace of irony, the authors of this protocol point out that: “The specific logic covering who can send and receive can be configured outside the token contract itself.”

It is easy enough to write protocols as long as we leave the messy details of implementation to someone else!

In reality, the transfer of digital securities in a fully-compliant way is quite complicated. It is not just a matter of “who can send and receive”, but also a question of the circumstances under which securities can be transferred or not. There are complex workflows and numerous checks that need to be followed before any transfers, whether P2P, beneficial, or trade-related, can occur. The checks relate to the jurisdictions and exemptions under which the securities are issued, domicile of the participants, securities laws that govern all subsequent inter- and intra-jurisdictional securities transactions, corporate laws, the rights spelled out in the shareholders’ agreements, and the presence or absence of various types of events such as corporate actions, regulatory actions, and economic events.

To be fair, the creators of simplistic protocols may very well be aware of these complexities; however, the fact remains that they come nowhere near expressing the richness and complexity of global private capital markets. Also, they offer no guidelines for implementation or even a hint of the treacherous complexities.

At KoreConX and in KoreChain, knowing the business as we do by being an SEC-registered transfer agent, we chose to not only develop a comprehensive protocol but also implement it in all its complexity. Tapping into our worldwide partner network of securities lawyers, secondary market operators, broker-dealers, academics, and other thought-leaders, we tackled the problem by creating a legal base that incorporates much of the complexity of securities law and corporate law worldwide. This includes inter-jurisdictional transactions, Blue Sky laws in the US, Canadian provincial laws, etc.

Private capital markets provide enormous flexibility for creating complex shareholders’ agreements. We have so far not seen two offerings or agreements that are similar. The public markets are relatively standardized, which can be a strength in terms of offering liquidity at the expense of flexibility of contracts. Private companies and their investors want more control and flexibility.

By incorporating the various types of rights (some mandatory, some optional, and some that are negotiated) into the KoreProtocol and implementing through the KoreChain, our mission is to create the right infrastructure to preserve and foster innovation in global private capital markets while also furthering the cause of efficient liquidity.

KoreChain & KoreContract

What is the KoreConX blockchain strategy & why choose KoreChain?

In this video, KoreConX Co-Founder and CEO, Oscar Jofre, and our Chief Scientist/CTO, Kiran Garimella, share the details of our permissioned blockchain. Built on the Hyperledger Fabric, it is secure and governed with the ability to have full lifecycle management of contracts for tokenized securities for global private capital markets.


The Three Fallacies of Smart Contracts

Smart contracts have become popular due to the extensibility of the Ethereum blockchain beyond its main foundation as a cryptocurrency platform, where it competes with Bitcoin. The phrase ‘smart contract’ caught on in the popular imagination. After all, contracts are important mechanisms for transacting business, and what better than to make our contracts smart with computers and artificial intelligence.

Unfortunately, the glib phrase ‘smart contracts’ hides the ugly truth, which consists of three fallacies:

  1. Smart contracts are smart
  2. Smart contracts are contracts
  3. Smart contracts are comprehensible

Smart contracts are approximately dumb

There’s nothing smart about smart contracts. Perhaps ‘smart’ is a matter of definition, so let me rephrase. If a simple “Hello, World!” program is considered smart, then so is a smart contract ‘smart.’ Maybe we can raise the bar one notch. Let us consider a simple program that, when you access it, determines the time of day (wherever the server on which the program runs or perhaps the browser from which a user invokes it). The code in the program implements the following logic:

If Time >= 6:00 am AND Time < 11:30 am THEN say “Hello, good morning!”

If Time >= 11:30 am AND Time < 3:00 pm THEN say “Hello, good afternoon!”

If Time >= 2:00 pm AND Time < 9:00 pm THEN say “Hello, good evening!”

If Time >= 9:00 pm AND Time <= 12:00 am THEN say “Good night, sleep well!”

If Time > 12:00 am AND Time < 6:00 am THEN say “Hi, you are up late – or did you get up early?”

The above are examples of what is called an IFTTT or “If This Then That” code. This is a bit more intelligent, but just barely. However, this is not necessarily smart enough in the financial world. The ERC-20 and its derivatives in the Ethereum world would have, one hopes, a bit more complicated IFTTT ‘rules’. For example, the protocol has a function that checks to see if the sender of the cryptocurrency actually has the amount in their account. This check is obviously important and a ‘smart’ thing to do. But, this type of check is performed by your bank when you use your bank’s debit card or credit card. However, banks don’t call their cards ‘smart cards’, even though there is more intelligence built into card processing than we give credit for.

In the age of artificial intelligence and machine learning, calling the above types of simple functionality ‘smart’ is an insult to the definition of ‘smart’. Even the earliest examples of AI software of the 60s were smarter. So, calling these ‘smart contracts’ smart is a throwback to prehistoric days of software engineering.

Incidentally, the moniker “IFTTT” is a bit of intellectual plagiaristic packaging passing off as a recent innovation. In reality, IFTTT has been around ever since the very first days of computing. All programmers know this, as well as it’s cousin, IFTTTE, which is “If This Then That Else.” Enough of this remarketing of old and well-known programming constructs.

Smart contracts are not contracts

Technologists who drool over smart contracts are obviously unfamiliar with what constitutes a contract. A loose definition of ‘contract’ may be fine for most casual applications, but for the financial world, the definition has to be legal and enforceable. Legally enforceable contracts have certain specific characteristics without which they don’t stand a chance of being defensible or enforceable. These characteristics include offer and acceptance, competence, unforced, mutual consideration, legal intent, and enforceable.

Transactions involving cryptocurrency or security tokens do not automatically become contracts because the transactions may violate one or more of the above provisions.

  1. Offer and Acceptance: One of the parties must make an offer; the other must accept it. The offer and acceptance are subject to the other requirements of contracts. For example, if someone comes up to your car when you are stopped at a red light, polishes your windshield without your consent, and demands payment, it does not obligate you, legally or morally, to pay; there was no offer of a service and you did not consent to the polishing of your windshield.
  2. Competence: Both parties must be of sound mind and competent to enter into a contractual relationship. For example, those who are mentally incompetent (in the legal sense) and minors may not enter into contracts. This assumes that the identity of the parties is known to each other and each party – or perhaps an intermediary – can assess competence. This may not be true in a decentralized crypto world.
  3. Unforced: Both parties must have entered into the contract of their own free will and knowledge. This may not be true in the crypto world where cryptocurrency can be stolen, forced at gunpoint, or mistakenly sent to another party. In all cases, the sender (or victim) has no recourse or recovery.
  4. Due mutual consideration: All parties to the contract must receive something in return in this exchange; transactions cannot be one-sided (gifts are not contracts, by definition, but otherwise perfectly legal). In a crypto world, there may not be clarity about exactly what this due consideration is and if it was mutual.
  5. Moral and legal intent: A contract to kill someone or commit an immoral act is null and void. A payment for such an action is illegal and does not constitute a contract. Obviously, this may not be easy to detect in a crypto world.
  6. Enforceable: The performance of the terms of the contract must be enforceable and observable. None of this may be true in the crypto world, because in a decentralized system with no governance, no auditing, and indeed no identity, who could observe and who could enforce?

Smart contracts are incomprehensible

In general, people find regular contracts impenetrable, especially the fine print clauses. The article “Does Anyone Read the Fine Print? Consumer Attention to Standard Form Contracts” (by Yannis Bakos, Florencia Marotta-Wurgler, and David R. Trossen) generally concludes, unsurprisingly, that very few people do so.

In those rare cases when people read contracts, they may not actually understand them fully. Contrary to popular feeling, legal contracts are not obtuse by deliberate intention. If anything, they are as incredibly precise (or at least, strive to be) as possible without the use of mathematics. Despite the attempt at precision, there is still room for miscommunication and misunderstanding, whether that is due to the inexperience of the legal counsel (rare), the inexperience of the participants (very often), or the lack of clarity of the underlying regulation (probably rather common). When the application of the law is unclear in complicated cases, the courts resort to case law. All this points to the difficulty of understanding legal contracts. If that is not persuasive enough, consider that just about in all lawsuits both parties have previously signed contracts that were drafted and reviewed by experienced lawyers on both sides, yet one of the participants had to resort to a lawsuit.

In the case of smart contracts, the primary representation of the so-called contract is not the legal document but the computer program. Even simple transactions, when implemented in code, are very difficult to understand. Computer programmers are notorious for being poor documenters (or for their writing skills in general). What is less well-known is that programmers are deeply reluctant to read other programmers’ code because code is generally impenetrable, even when that code has been written by the same programmer who is reviewing it after a lapse of time.

Lay participants of contracts, such as investors and issuers, are asked to read the code in order to infer the underlying legal provisions! This is several steps removed from the requirement to read the actual legal document itself. Every step in the process has enormous potential for misrepresentation, misinterpretation, information loss, and outright incomprehensibility.

Indeed, the research data shows that many ICOs have “backdoor centralization”, but in the most negative sense of the term (unlike responsibly governed centralization), including pump-and-dump, insider trading, no expression in code of promises made on the website or whitepaper, unauthorized and unadvertised rights of modifiability, and so on. See “New Research Finds Backdoor ‘Centralized Control’ In Many ICOs” for a good summary.

You may think that the situation with smart contracts cannot be direr. But wait, it gets worse! In a 104-page study, “Coin-Operated Capitalism,” by the University of Pennsylvania Law School, “If ICO investors  were scrutinizing smart contract code before buying into an ICO, we would expect to see (all else [being] equal) higher capital raises by teams that faithfully coded supply and vesting protections, and also disclosed their modification powers. We find no evidence of that effect in our sample.

What this means is that ICO investors are either the dumb money (generally, the uninformed retail investors), highly speculative and risk-tolerant (hopefully in amounts small enough not to matter, or those with intense fear-of-missing-out), or outright criminal in nature with deeper motives. Obviously, this is a general conclusion and does not implicate the legitimate investors who may have invested in ICOs for diversification (though the use of the word ‘invest’ or ‘diversification’ in connection with ICOs is highly suspect).

As far as ICOs go, none of this should paint all ICOs with the same broad brush. But it does call into question the underlying architectural philosophy of smart contracts in general. Smart contracts should be designed by lawyers because smart contracts are primarily contracts. Only when contracts are truly legal contracts can technologists then strive to make them more or less automated and intelligent. All this automation should be wrapped into governance, risk, audit, and manual review functions precisely because even the smartest contracts cannot anticipate all scenarios in the real world.

Now, that’s smart!

A Security Token for Full Lifecycle Compliance

ICOs suffer from disapproval from not only the SEC but also several media that have banned ICO advertising. This disapproval seems justified, since many of the ICOs had no business plans, no product, no service, no credible team, and no roadmap for generating value. Of the remaining well-intentioned ones, the problem of passing regulatory scrutiny for a utility token is insurmountable since it is a utility in name while a security in intent and form. The only way out is to re-classify it correctly as a security token.

The Responsible Approach of the KoreToken Security Protocol

The ERC-20 protocol and the concept of smart contracts are steps in the right direction for many use cases and great for many applications. However, for the financial markets, we need a protocol that can meet all regulatory requirements. We have taken an approach that originates solidly from securities law. We recognize the paramount need for safety, security, and risk management. We know all parties in a securities transaction must be protected at all times – these are the investors, issuers, directors, officers, lawyers, broker-dealers, transfer agents, secondary exchanges, and secondary token holders. There must be complete traceability and auditability.

Blockchain, in creating an immutable record, guarantees validity and (perhaps eventual) finality. However, this validity is technical validity and finality is the committing of the block to the chain. In the securities world, validity and finality means a lot more. Technical validity is necessary but not sufficient. Validity should include contractual validity and legal validity. Similarly, finality is achieved only upon authorized approval of transactions. KoreChain, our implementation of blockchain using Hyperledger Fabric, addresses this broader and more comprehensive definition of validity and finality. The KoreToken protocol and specification includes modular methods to implement various aspects of business validity and finality.

A Comprehensive Specification and Implementation

The KoreToken’s specification and protocol address the requirements for data and methods for the complete lifecycle of a security token. KoreConX will itself use this specification and protocol to create its own security token as well create security tokens for its issuers. The protocol includes data and methods that fall into three broad categories: public interface layer, business layer, and governance layer. The methods themselves can be invoked by participants in various transactions.

The execution of security transactions, from issuance to corporate actions to exit, cannot happen in a vacuum. Registered entities are accountable for knowing where these securities are, who are their holders, and the state of their compliance. More than issuing a protocol, KoreConX has taken the unique approach of providing a full operational platform as well as partnerships with other participants in the ecosystem such as broker-dealers and secondary market operators. KoreConX itself is an SEC-registered transfer agent, meaning that we can offer full custodianship services for securities.

The KoreToken architecture is modular, allowing security token designers to compose entire securities transactions and implement various use cases. The heavy lifting of blockchain functionality as well as business-related functionality such as event management, transaction management and process management are handled by the KoreChain.

Please see the following Executive KoreBriefing on The KoreToken Specification and Protocol.

We will release the detailed technical whitepaper shortly.


Introducing the KoreChain

The KoreChain is the first blockchain on a serious industrial-strength infrastructure that is focused exclusively on the complex world of global financial securities. The KoreChain is a permissioned Hyperledger Fabric blockchain. This gives it the native advantage of Fabric, a blockchain platform that has been engineered from the ground up for handling enterprise-class applications. KoreChain is implemented on IBM’s hosting platform since it provides the highest level of security as define by the US National Institute for Standards and Technology.

In electing Hyperledger Fabric to be the foundational blockchain infrastructure for KoreChain rather than Ethereum, we made a clear commitment to good engineering, enterprise-class architecture, and implementation with well-established tools rather than new and untested programming environments.

Hyperledger Fabric Strengthens KoreChain

The following benefits of Fabric come to us practically out of the box:

  1. Membership and access-rights management: The securities world has many complicated rules about data privacy, KYC, AML, need-to-know, etc. Some of these vary by region or by exemption rules. In addition to regulatory constraints, the platform also has to accommodate privacy conditions of participants in various transactions. Fabric provides this flexibility through channels.
  1. High levels of performance and scalability: Securities transactions are more complicated than point-of-sale authentication and authorization. While all securities transactions don’t require response and completion within seconds (as, for example, in trading), the sheer volume of multiple transactions and subsidiary events in capital markets requires a robust infrastructure that can stand up to spikes and also support secondary trading.
  2. Security and safety: The combination of Hyperledger Fabric and the hosting infrastructure at IBM provide a protected environment that includes end-to-end cryptography and the highest level of security defined by the US National Institute of Standards and Technology (NIST), the level 4 of FIPS 140-2, that includes, for example, Hardware Security Modules.

KoreChain’s Specialized Capabilities

In addition to these, KoreChain provides a number of specialized capabilities such as several layers of artificial intelligence, event management, and transaction management for securities.

All this makes the KoreChain an industrial-strength engine for KoreContracts, which are true smart contracts for financial services. One special category of KoreContracts is the  KoreTokenContract, which is the fundamental template for KoreTokens. The KoreChain is carefully designed to ensure a safe and secure environment for security tokens and their management throughout their entire lifecycle, including provision for various corporate actions.

More on these exciting developments in subsequent blogs and articles!
Please see the following introductory Executive KoreBriefing on What is KoreChain?
We will release the detailed technical whitepaper shortly.