Chapter 24: Exercises — Blockchain, Smart Contracts, and Immutable Audit Trails

Exercise 1: Classifying Blockchain Use Cases by Compliance Relevance

Objective: Apply the permissioned/permissionless distinction and the six-question assessment framework to evaluate five proposed blockchain use cases.

Instructions: For each of the five use cases described below, answer the following three questions:

  • (a) Is this a permissioned or permissionless application? What evidence in the description supports your classification?
  • (b) Which of the six assessment questions from Section 24.7 are most critical for this use case, and why?
  • (c) Is this use case "compliance-relevant" — meaning does it directly support or interact with a regulatory obligation? If so, which regulatory obligation?

Use Case 1: A syndicated lending platform (built on Hyperledger Fabric) shared among twelve major banks that digitizes the loan administration process, recording facility agreements, drawdown requests, repayment schedules, and fee calculations as on-chain events. Participant banks are admitted through a consortium governance process. The platform vendor operates two of the validator nodes.

Use Case 2: A decentralized finance (DeFi) protocol on the Ethereum mainnet that allows users to lend and borrow cryptocurrency using smart contracts, with interest rates set algorithmically by supply and demand. The protocol has no administrator: governance decisions are made by holders of a governance token, and the smart contracts cannot be paused or updated without a governance vote.

Use Case 3: An internal compliance audit trail system at a single financial institution, implemented as a private blockchain with five nodes, all operated by the institution's own infrastructure team. The system records compliance review decisions, sign-offs, and parameter changes. It is not shared with any external party.

Use Case 4: A tokenized bond issuance platform used by a European development bank to issue green bonds as DLT financial instruments under the EU DLT Pilot Regime. The platform is operated by a registered DLT Settlement System (DLT SS) with ESMA oversight. Investors hold tokens representing ownership of the bond; interest payments and redemption are handled by smart contracts.

Use Case 5: A public blockchain-based identity verification system that allows individuals to store cryptographic proofs of their identity documents (passport hash, address verification hash) and selectively disclose them to financial institutions for KYC purposes. The underlying blockchain is permissionless; the identity proofs are held in user-controlled wallets.

Exercise 2: Designing a Blockchain Audit Trail Architecture

Objective: Apply the principles from Section 24.4 and 24.5 to design a blockchain audit trail for a specific compliance scenario.

Instructions: You are the compliance technology lead at a UK wealth management firm regulated by the FCA under MiFID II. The firm has approximately 8,000 retail clients, and it executes discretionary investment management on their behalf. The FCA has recently written to the firm about weaknesses in its audit trail for investment decisions — specifically, it is not always possible to establish who authorized a departure from a client's investment mandate and when.

Design a blockchain audit trail architecture that addresses this regulatory concern. Your design document should cover the following:

  1. What events should be recorded? List at least eight specific compliance events that should be recorded in the audit chain (examples: client onboarding, mandate change, investment decision outside mandate, client communication). For each, specify what data should be recorded.

  2. Who are the participants? In a permissioned audit chain for this use case, who would run the nodes? Consider: the firm itself (which departments?), the custodian, potentially the regulator. What are the governance implications of each participant configuration?

  3. GDPR compliance: What personal data elements in this audit chain create GDPR exposure? For each, specify whether you would store the data on-chain or off-chain, and why.

  4. Regulator access: How would you configure the system to allow the FCA to independently verify the audit trail in response to a data request or enforcement inquiry?

  5. Limitations: What compliance questions does this system answer, and what compliance questions does it not answer? Be specific about what blockchain adds and what it does not replace.

Exercise 3: Identifying GDPR Conflicts in a Blockchain Architecture

Objective: Analyse a given blockchain data architecture for GDPR compliance issues and propose remediation.

Instructions: The architecture description below was extracted from a vendor's technical specification for a permissioned trade finance blockchain platform. Read it carefully and answer the questions that follow.

Platform Architecture Description (vendor summary):

"Each trade record on the network is stored as a Corda state and contains the following fields:

  • Issuing bank name and BIC code
  • Confirming bank name and BIC code
  • Applicant legal name, registered address, and company registration number
  • Beneficiary legal name, registered address, and company registration number
  • Contact name and email address at the applicant company
  • Contact name and email address at the beneficiary company
  • LC issuance date, expiry date, and credit amount
  • All amendment history, including the text of each amendment and the identity of the authorizing bank officer (name and email)

All fields are stored as cleartext on the Corda ledger and are visible to all consortium participants with access to the relevant trade channel. Records are retained on the ledger indefinitely unless the consortium's governance board votes to archive specific records, which requires unanimous consent of all 14 consortium banks."

Questions:

  1. Identify every field in the data model that constitutes "personal data" under the GDPR. For each, specify why it is personal data (i.e., which natural person it relates to, and how).

  2. The architecture requires unanimous consent of all 14 consortium banks to archive records. Evaluate this governance mechanism against the GDPR requirements for handling erasure requests. Is unanimous consent from 14 banks a realistic response time for the typical Article 17 erasure request?

  3. Propose a revised architecture that addresses the GDPR issues you have identified while preserving the core compliance value of the platform (immutable, multi-party visible audit trail of trade events). For each field you identified as personal data in Question 1, specify whether it should be stored on-chain (and if so, how), off-chain, or removed from the record entirely.

  4. The authorizing bank officer's name and email are recorded for each amendment. This information has clear compliance value (it establishes who authorized each change). How would you preserve this compliance value while addressing the GDPR concerns around storing this data on a 14-party ledger with no reliable erasure mechanism?

Exercise 4: Code Exercise — Extending the Compliance Audit Chain

Objective: Practice working with the ComplianceAuditChain implementation from Section 24.5 by adding a new capability.

Instructions: Using the ComplianceAuditChain, AuditBlock, AuditEvent, and EventType classes from Section 24.5, implement the following additional method on the ComplianceAuditChain class:

def search_by_event_type(
    self,
    event_type: EventType,
    entity_id: Optional[str] = None,
) -> list[AuditBlock]:
    """
    Retrieve all blocks matching a specific event type.

    If entity_id is provided, further filter to blocks for that entity.

    Args:
        event_type: The EventType to search for.
        entity_id: Optional entity ID to narrow the search.

    Returns:
        List of AuditBlock objects matching the criteria, in chain order.
    """
    # Your implementation here
    pass

Then write a demonstration that:

  1. Creates a ComplianceAuditChain and records at least ten events across at least three different entities and at least four different event types.
  2. Uses search_by_event_type(EventType.KYC_UPDATED) to retrieve all KYC updates, regardless of entity.
  3. Uses search_by_event_type(EventType.TRADE_EXECUTED, entity_id="CLIENT-4471") to retrieve all trade executions for a specific client.
  4. Uses search_by_event_type(EventType.REGULATORY_REPORT_SUBMITTED) and prints the total count of regulatory reports submitted, the earliest and latest report timestamps, and the unique entities for which reports were filed.

Extension question (optional): The search_by_event_type method searches the chain sequentially from genesis to tip. For a long chain with hundreds of thousands of events, this is inefficient. Describe (in comments or a brief note) how you would add an index structure to the ComplianceAuditChain class to make event type searches more efficient, without compromising the integrity verification properties of the chain.

Exercise 5: Evaluating a Blockchain Vendor Against the Six-Question Framework

Objective: Apply the compliance assessment framework from Section 24.7 to a realistic vendor scenario.

Instructions: Your firm has received the following pitch summary from a blockchain RegTech vendor:

ClearLedger Platform — Summary for Compliance Teams

ClearLedger is a permissioned blockchain platform for regulatory recordkeeping, built on Hyperledger Fabric v2.5. Our network currently has 23 financial institution participants, each operating their own validator node. ClearLedger is governed by the ClearLedger Foundation, a non-profit consortium governance body with elected representatives from participant institutions.

Records stored on ClearLedger are immutable and cannot be deleted. We recommend this as a feature for compliance purposes: regulators cannot claim records have been altered or destroyed. All personal data is stored in hashed form on-chain; the underlying data is held in each participant's own off-chain database, which they control.

ClearLedger supports a "regulatory observer node" facility, through which a nominated regulator can be granted read-only access to the portions of the chain relevant to their supervisory mandate. This facility has not yet been tested with a live regulator but is included in the platform design.

Smart contract updates require approval from the ClearLedger Foundation's Technical Committee (9 of 23 participant votes required for ordinary updates; 14 of 23 for security-critical changes). The Foundation publishes a target update turnaround of 30 business days for ordinary contract updates.

Participants may exit the network by submitting a withdrawal notice. Upon exit, the participant's node is decommissioned, but historical records remain on the remaining participants' nodes. Participants may request an extract of their own records prior to exit; extract requests are processed within 90 calendar days.

ClearLedger's legal counsel has obtained a legal opinion confirming that records stored on the ClearLedger network are admissible as evidence in English law proceedings.

Current pricing: £180,000 per year per participating node, inclusive of infrastructure and governance costs.

Using the six-question framework from Section 24.7, evaluate ClearLedger's pitch.

For each of the six questions, answer the following:

  • (a) What does the pitch tell you about this question?
  • (b) What is unclear or insufficiently addressed in the pitch?
  • (c) What additional information would you request before reaching a compliance assessment on this dimension?

Finally, write a one-paragraph overall recommendation to your firm's CTO and General Counsel about whether to proceed with ClearLedger due diligence, citing the most material compliance considerations for and against.