Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Mano Thanabalan: Otonomos – Simplifying Incorporation and Automating Corporate Governance
Episode Date: April 25, 2017Anyone who has ever started a company knows just how tedious that process that can be. Whether it’s establishing a shareholder’s agreement, defining the company’s constitutional structure, raisi...ng funds, or transferring shares, corporate governance procedures remain largely paper-based, requiring validation from multiple stakeholders, and their lawyers. Blockchain technologies, and specifically smart contracts, provide the rails upon which these processes can be digitized and streamlined, reducing operational costs, eliminating errors and automating menial tasks. Manu Thanabalan, CTO of Otonomos, joins us to discuss how his company is leveraging smart contracts to accelerate incorporation and automate corporate governance. Otonomos provides the tools and services which allow for anyone to start a company in any of the jurisdictions they support. Using their platform, founders are able to define board members and issue shares, while captables are kept up-to-date in real-time. Day-to-day governance mechanisms and standard procedures such as voting and share transfers are automated through a smart contact, which complies with local jurisdictional regulation. Topics covered in this episode: Mano’s background as a quantitative trader and how he transitioned into blockchain The fundamental problem Otonomos is addressing How we may be able to unlock a tremendous amount of value by liberating shares currently locked in private companies Leveraging smart contracts to automate standardized corporate legal procedures The types of constitutional rules which can be digitized and automated with smart contracts The ability to simplify accounting and auditing with Otonomos The Otonomos technology stack The current state of Otonomos and their product roadmap Episode links: Otonomos Website This episode is hosted by Meher Roy and Sébastien Couture. Show notes and listening options: epicenter.tv/180
Transcript
Discussion (0)
This is Epicenter, Episode 180 with guest Mano Tenabalin.
Hi, welcome to Epicenter, the show which talks about the technologies, projects,
and startups driving decentralization and the global blockchain revolution.
My name is Sebastian Kujo.
And I am Meher Roy.
Today we are talking to Autonomous, which is one of the leading crypto-legal plays in our space.
It's a company that allows one to make a digital representation of a company's constitution.
specifically we'll be talking to Mano Thana Balan, who is the CTO there.
Mano, it's great to have you on the show.
Thank you very much for having me, guys.
So before we start talking about autonomous and what that project is doing,
tell us a bit about your background and how you came to be involved in the blockchain space.
Sure. Maybe I'll start from the very start.
I've got a computer science, bachelor's.
Unfortunately, I didn't go down the route of typical.
software engineer. Instead, I went to the dark side and worked for a major car manufacturer
in the corporate treasury department. And there I did financial risk management,
FX risk, interest rate risk and so on. After that I did my financial engineering
masters. That's when I sort of decided that I'm going to move on from the risk management
world to the investment finance world, if you would. And quickly realized that the investment
finance world was as well as everybody sees it today, not the place you want to be.
Was a quant trader for a small hedge fund in Singapore that unfortunately closed down.
We didn't even get to launch the quant fund.
And then when I came out of that, I was looking for, so I had researched a bunch of
quant models, trading strategies.
And I came out of there thinking, okay, I'm just going to start my own fund.
or implement my own strategies for personal use.
I had to build a trading system.
I built that trading system,
took time off to build that trading system,
then realized I needed to test the trading system.
And that's sort of when I came across Bitcoin exchanges.
I was like, okay, this would be an easy way to test my trading system,
started interfacing with a bunch of these exchanges,
running some of my complex strategies,
which were a little bit too complex for these exchanges,
because they're not that mature yet.
And then quickly realized you could just run simple arbitrage strategies on these exchanges and make some money.
I did that.
And that's sort of when my interest peaked on the topic.
And I was like researching and I found out, oh, I was actually introduced to Bitcoin even a year or two years before that by a friend from college.
But unfortunately, I didn't take him seriously at that time.
I kind of regretted it now.
But yeah, so I started researching into the technology.
and that was also when sort of Ethereum was being spoken about.
So it's very interesting what's happening in the space.
I worked for the ex-CEO of Ethereum for a bit,
helping him out with the project.
And that was again before Ethereum was launched.
And, yeah, worked there for about two months.
Then I was looking for opportunities in the space.
Unfortunately, every opportunity I came across
was either payments or remittance play,
which was not where I,
saw the best use case for blockchain technology, if you would, or smart contracts on top of that.
But I came across Han on Angel's list. And I really, I was not a co-founder from day one. I
apply to him saying that I'll be very interested in the use case. I'll really want to help you
out and see if we can figure out something. He was also looking for somebody to build a platform.
So that's basically how we met. This was
2015 October. Before you knew it, three months later, we had a very early POC, and we already had people
who heard about what we were doing wanting to use our service. So that's when we came to
the realization that the POC could become a viable business plan or model. So that's basically
my background and how I joined autonomous. Cool. So you mentioned that you were a trader before,
And that's interesting.
And I think we'll get to talk a little bit about your experience there and, you know,
sort of, you know, the financial system and how we can, you know, how we can digitize some of the processes
in the sort of traditional financial system with smart contracts.
But I'm interested in knowing, you know, with regards to your experience as a trader,
what has that, you know, what lessons have you learned there that have ported over now to what you're doing at Autonomous?
So there's several parts of it.
First is
The main reason I find the Autonomous use case
Very interesting was also because
I was involved in the setup of the fund
That I was working for before
So I mentioned that we didn't get to launch
But we still had set up the fund
And that process, setting up a fund process
In Cayman Islands is a 50,000 US dollar process
Very laborious takes you three months
To generate a very standard set of documents
Before you can start approaching investors
to invest in your company.
So I already knew the friction behind what it meant to, in this case, it was a hedge fund,
which is just a special type of a private limited company,
what friction there existed to set up a company in the real world.
And the other thing that helps me a lot at Autonomous is also the fact that bridging theory
and practical implementation was a big challenge when I was building my trading strategies.
You could backtest your quantitative models all you want, and they will show you amazing results.
But when you actually try to implement some of these results and run them in a managed account as we did,
then you start figuring out that, hey, markets don't work like how your back tests work.
And why this was relevant for the autonomous platform was because when we built a platform, the initial idea was,
yes, let's represent private limited company shares using a suite of smart contract.
But hang on, this also has to be bridged to the real world, right?
Because if you say that these tokens represent private-limity company shares, how do you prove this in the real world?
So you actually have to build a bridge between theory and implementation.
And that is sort of how we approach anything that we do at autonomous is basically to look at it from a theoretical point of view, do all our research from a theoretical point of view.
And then in the implementation phase, figure out how we can make this work with exactly.
existing processes without trying to go to people telling them that they need to change existing processes just yet.
So tell us like, give us an overview of autonomous, what problem is it trying to solve?
The big problem it's trying to solve is the fact that if you need to incorporate a company today, if you want to govern a company today,
you still can't even do that like you would check out, as Han would like to say, a pizza.
you still can't electronically check out a company,
especially in common law jurisdictions like Singapore, Hong Kong, where we operate.
So that's the first step.
And Han, credit to him, he did an amazing job in the early days.
He's not a developer like me.
He used weeks to just generate a website that will allow you to check out such a company
and then process the order.
So that itself was the innovative part, right?
And then the second aspect was, okay, great that we are able to check these companies out,
but we also need to provide a platform for them to manage this company.
So essentially we are a corporate actions, corporate governance play on blockchain.
And that forms the fundamental basis for a whole bunch of other features,
like accounting, like doing a funding round that Sebastian and I discussed earlier.
And if you look at all these traditional process flows
and how cumbersome and laborious they are,
the autonomous platform in one word is essentially...
of these processes, specifically corporate law and even more specifically the company's constitutional documents.
So the idea, as I say it is, your initial product or your MVP is something that allows founders to create companies very easily
and have these companies also recognized in the jurisdiction that they were created.
right but this sort of product gives you an entryway into slowly offering other
services to the founders and managers of the company this could be like voting
governance accounting and so slowly your kind of product stack expands into
all of these other functions and you basically make money on sort of monthly
licenses or monthly usage fees software as a service
exactly okay all right so so tell us um tell us what's innovative about the way um you enable founders to incorporate
companies or maybe even before why hasn't this problem been solved by some other company
satisfactorily because it seems quite an obvious thing right i know it's so obvious but you must
you must do a tour of some of these companies
that do this business.
The traditional incorporations agents of the world,
you must actually visit the office to understand this problem.
And we visited one of them.
When you walk in, green carpet,
brass lamps,
legal books in a bookshelf,
and the most advanced thing in the entire place
was still a CRT monitor.
So this profession, as I mentioned earlier,
It's still one of the professions that nobody has attempted to automate, standardize password.
I think it's always been a big challenge.
Why?
Because you could standardize legal documents, but you still always need to go to a legal person for execution.
You cannot just standardize documents yourself, executed yourself, enacted yourself.
And we weren't able to do this as well before until we have the ability to build smart contracts on an immutable database.
like the blockchain, right?
So now instead of you having to go to a lawyer
and depend on processes that are at this law firm
to validate your contracts,
you can deploy your own based on certain templates
and the network bears witness to these contracts.
So in the crypto space, as you know,
there's this big debate that
are smart contracts really useful or like,
what is the utility of smart contracts, right?
And there'll be these endless debates on Twitter about how smart contracts are essentially useless slash useful and so on.
So like walk us through one process, like pick one process in company incorporation.
Let's say that without smart contracts, what it is.
And like with smart contract, what it can be or is through autonomous and why it is better.
Like try to sell smart contracts technology.
and like why is it important here at all?
Sure.
So I will not use incorporations an example.
I'm going to use a specific corporate action that you do typically in a private
limiter company, transferring of shares.
So say if I were to transfer some shares from me to you, what process do we need to
follow?
In the real world, in common law jurisdictions like Singapore and Hong Kong, the UK, first,
the both of us will need to sign a share transfer form.
Basically me saying, I agree to transfer you X number of shares for a certain amount of
and you're saying you accept this transfer.
After there's been done,
a board resolution that is signed by the directors of the company,
and we might not be directors of the company,
we could be, but we might not be directors of the company.
Board resolution needs to be deployed by the corporate secretary
for the directors of the company to sign.
And after this board resolution signed,
only then can the shares actually be,
the share transfer can actually be enacted.
So in the real world, what does your corporate secretary do?
She will tabulate or she will draft that share transfer form that both of us have to sign.
Make sure that's accurate.
She will see us executing it.
After that, go to the directors to the company.
Give them the board resolution to sign.
Again, make sure everything is pre-filled.
Sign that.
And then use their board resolution to file with the local regulators the share transfer that's taken place between the two of us.
In our process, so this is traditional process flow, right?
And you can already see with such a process flow, and again, this is not.
not numbers I'm making up, it's told to us by our in-house corporate secretary.
So we have, part of the team is a bunch of legal corporate secretaries, right?
And they are the ones that do filing with the local regulators and make sure everything
that we do is compliant.
Now, she tells me that in the old world, with the traditional firms, she used to work,
she could manage at most 80 companies in a given year.
Because the amount of due diligence that you actually have to do, the process that I just
discovered, I just described, which is a due diligence process, is intensive, right? So they can only
handle maybe 80 clients a year. Now, with the way we've built the system, what you do is maybe
let me also not talk about the identity aspect of it, which we can talk about later, but assuming
you've got an identity creator on your platform already, you would log into the platform,
you would initiate the share transfer. The share transfer itself would trigger a creation of a smart
contract that contains the share transfer form as data.
And then it would say, okay, this share transfer is happening between Mano and Meyer, and therefore,
the two of them have to be signatories on that transfer form.
And only the two of us will be able to sign this.
And the moment we've signed it, I've got an automated corporate secretary bought a back-end
process, if you would.
She recognizes that we've signed this and automatically deploys that second board resolution
that I was just talking about with the same.
details that are contained in the share transfer form.
So again, you eliminate another point of error
where in the traditional world, you could have had
the corporate secretary make a mistake in filling out that second
form, but because we've automated this process flow, the second form
just retrieves the information from the first form.
And who has to sign the second form? That is where the
need part comes in. So the second form, as I mentioned, have to be signed by directors of the
company. And guess what? The directors of the company are reflected in the company
smart contract. So your company smart contract
is a giant code version of your legal document,
which says who the shareholders to the company are,
who the directors of the company are, and so on,
and what the signing conditions of these individuals are.
So all the stuff that is typically reflected in your company's constitutional documents
are also reflected in the company smart contract,
such that when I deploy this board resolution,
the board resolution asks the company smart contract
and doesn't depend on any external source of information
who the directors at that point are,
and only those guys are able to sign that board resolution.
Once that board resolution is signed,
again, the automated backend process
will listen to this
and file that completed board resolution
with the company smart contract.
So the company smart contract simply will not transfer shares
from me to you without this valid board resolution.
Without that,
and that board resolution also has a dependency
on the share transfer form.
So without these two documents, that share transfer will not take place in the company smart contract.
So at the end of the day, when the share transfer has happened, and you see this in the company smart contract, you can trace right down this entire process flow I just described to do your due diligence.
That's very interesting.
We were talking about this before the show and talking about process digitization and how we can use blockchain technologies to digitize processes.
it turns out that the company that I co-founded Stratum is also doing something similar to this
at perhaps at a more abstract level, but it's very similar.
And so this example really speaks to me because for every step of this process, of this share transfer
process, you know, you're going to want to know who did what, at what time, in what order,
and for what reason.
And those are the five key questions.
You know, what you get with blockchain technologies, I mean, broadly speaking, and with Ethereum, and especially the way that you've implemented it, as far as I can understand, is that you really get all, you know, you can answer these five questions for every step of the process.
So, you know, we talked about, I think we mentioned KYC or AML, you know, so when you, when you do a share transfer, I would guess that in most jurisdictions, you're going to have to do some sort of KYC, AML at some point.
point on the participants in that transfer. You're not just going to transfer to some, you know,
anonymous party overseas. Is it possible to also do that process, that identity process within
the autonomous platform? Is that something that you're relying where you're relying on third parties?
And how does the smart contract, if it's done by outside parties, how does the smart contract
get the proofs or interpret the proofs from those trusted entities that would be doing,
you know, verification of IDs and things like that?
Very good question.
Yeah, so before, when we first started building a platform, we quickly identified that,
okay, we want to digitize assets.
The only way to digitize assets is to digitize the company's constitution.
Great.
But what's in the constitution, people.
So how do you digitize identities?
What's the next question, right?
And that is also why we have our own identities.
contract design. Unfortunately, because we started building this before Uport existed,
or at least Uport was there already at that time, but they did not have the specific features
that we needed to build our platform. So in the end, we had to build our own identity solution.
So what happens now when I invite you, so in this process that I described earlier, let's say
I'm about to transfer shares to a new shareholder, and I invite this new shareholder to the platform,
a regular email invitation, that person logs in for the first time,
they will need to deploy their persona smart contract.
This is just an electronic version of you,
and this is the smart contract that holds assets,
that signs documents,
and also is a holder for your identity information,
of course, encrypted.
So when you log into the dashboard for the first time,
you deploy a persona smart contract.
Again, on the front end, it looks like a form that you fill out,
first name, last name,
all the required details that are required for each jurisdiction.
So if you were in Singapore, you'll have a different form from,
if you're incorporating for Hong Kong.
But even at that level, we've abstracted commonalities
and modularized it in such a manner that if you did deploy for Singapore,
you don't ever have to deploy for Hong Kong,
and you might just need to augment the information
that you've already previously entered that is extra for Hong Kong, for instance.
And we also show you your private key,
or in our case the 12th or mnemonic seed,
we show you that so that you can,
and we instruct you to copy and paste it.
The future will obviously be that is generated also via a mobile device,
like your phone, for instance,
and you never even get to see the private key in it,
simply just get stored in your secure execution environment,
but we're not there yet, they're autonomous.
Sorry to interrupt.
Could one user certificate that would have been issued by a certificate authority
where that certificate authority would have done KYC prior to issuance?
So that process in our system is not possible at a moment.
So the way we've done it is you first deploy your identity
and then we've got what you call certification authorities.
We call them verification entities,
intentionally to move away from some of this conventional lingo
because in our context, you won't have just one certification authority.
You could have multiple certification authorities for different purposes.
So once you've deployed this persona smart contract,
what happens in the background literally is you have created,
we send a small amount of ether to your account
because in the Ethereum mode before you can deploy
a smart contract, you need ether, right?
But this is private network,
so don't worry, we're not spending a lot of money to do this.
At some point, we'll go public, but not yet.
So we send a small amount of ether to their account,
and then we get the end user to deploy
their persona smart contract on this account.
And then that's not the end of it,
because you could have basically deployed a persona,
smart contract, calling yourself,
Mickey Mouse, if you would like,
and uploaded garbage, proof of address,
and proof of identity documents,
which we also require.
So you still need a person to check your identity smart contract
or your persona smart contract.
And that's where we have the concept of verification entities,
and we've got administrators who manage the register
that this verification entity holds,
and this register basically says,
who are the validated identities under the autonomous platform?
So that is when we log into the platform as administrators,
we download your proof of address and you proof of identity
documents, which by the way, the way we've implemented,
the encryption of that is also above and beyond what is traditionally done.
It's PGP style where it's shared to the people that you need to share it with.
So even if I didn't have SSL on my website,
I still will not lose any sense of information.
The encryption is actually done client-side.
It's brilliant.
We had this in proof of process as well.
you know what
at the end of the day
everybody thinks that they came up with an identity
solution but essentially what I believe
is if we all are doing it the right way
we're going to converge to one solution
for identity
I don't think that's going to be much variation
on that that might be slight
nuances but the overall design
should be the same
so we really didn't do anything interesting
so we store that
encrypted
and even the key right
so in the early days
a lot of people ask us
okay so you're asking the end user
to keep the key
but what if they lose it
what are you going to do then?
And we said, okay, we were asked this question by a major financial institution,
and we're like, okay, we have to address this.
We used to say, oh, too bad.
But then later on we said, okay, you know what?
We'll just apply Shamir's sharing algorithm and split your key three ways.
And the three parts get encrypted in the early days by three individuals.
But we've quickly learned from that and realized you cannot trust your two other friends.
So you need to have three entities.
So at the moment, the way it works is autonomous is one entity and two other law firms would hold parts of your key.
Two of these need to come together to recover your key, and that's the only way your key can get compromised or can get retrieved, if you would.
I'd like to stay on this idea that, you know, this stock transfer use case.
And we can come back to the technology in a minute.
There was a really interesting blog post.
I'm not sure if it was you or perhaps the CEO.
Hans, who wrote it, talking about value.
And so this idea that today, when we think of where, where does value exist, you know,
is it paper notes, is it, you know, stocks or bonds, a publicly traded stock.
But in reality, like, there's a lot of value that's held in privately, in private companies that are not,
where the stocks are not available for trade on open markets.
And, you know, some, there are some secondary markets.
But for the most part, you know, if I think of, like, for instance, you know, my company,
all that value is sort of stuck there.
And the process of transferring value from one participant to another, as you've mentioned,
is a very long, complex process, as I've learned recently through going through a funding round,
that involves lawyers and a lot of,
this medieval type of process.
What do you see as a potential,
where do you see,
so if you think 15 years ahead of time,
can we envision a world in which one can trade private stocks,
as you do with a publicly traded company,
is that a technology barrier today,
or is that a regulatory barrier?
It's a regulatory barrier,
but we must understand before we lift that barrier,
across that barrier,
or blur that line,
why it exists.
It exists for consumer protection.
Because for a publicly listed company,
there has been due diligence,
that's been done of that company, right?
So that is why you know that this company is legit,
you know their business is legit,
the financials are legit,
and therefore you can open them up
for retail investors to take investment in.
But for private company, that's not the case.
For private company, there is no requirement for them to even, in some cases, have audited financials.
So as an investor, when you go in today, you need to be somebody that's a creditor.
You need to be somebody that understands the risks of investing in such a company.
So as much as I see that barrier, how are we sort of blurring their barrier?
We're blurring it by automating the corporate governance, making the company a lot more transparent.
And yeah, you're absolutely right.
Han loves to say that 80 or 85% of value in the world
is held in private limited companies,
but I say it's misheld.
It's not held properly.
Often what you realize,
you look at a cap table and you see,
oh, there's a missing shareholder,
or there was a share transfer not filed,
a whole bunch of mistakes, right?
So that's the part that we need to prevent
from being possible in that space.
So the way we see it,
and I presented a few times where I use this one chart,
which talks about how we approach traditional systems design,
whether it's law, education, a banking system,
we design it in one way.
We design a system in a way that it can be circumvented.
We then design a policing framework to police the people,
and then to police a system,
and then we design a punishment framework
to punish the deviance.
And each part of this layer,
each layer is additional cost, right?
And if we are in a paradigm right now
through the use of technology,
through the use of innovative systems design,
that we can finally design systems in such a way
that cannot be circumventable to begin with,
then, yes, we can indeed unlock the value
that is otherwise locked up
in this paradigm,
companies and narrow that line, blur that line between private-neutral companies and public-listen
companies, such that the due diligence for both would be at the same level.
We've also got another vision at Autonomous. At some point, once we've done this corporate
governance part via smart contracts, we're also going to do the accounting part via smart
contracts. And once you've got corporate governance and accounting in an incorruptible fashion
in a systems design, then the last part is really, instead.
of you having to list this company in an exchange, why not put the exchange into the company?
So what is an exchange?
An exchange is just a fancy order book and order management features.
You could put that auto book and the auto management features into the company smart contract.
And again, that is also where you can blur that line between a private company and a public company.
Now, I'm curious before we, maybe this is a good time to move on to the next topic that I had in mind,
which was regulation and perhaps some of the frictions that you've experienced when dealing with regulators.
It would seem to me, you know, hearing this, if I'm a regulator, right,
and I've got this company that's building this system where we can automate company governance
and we can automate share transfer and we can reduce the possibility of errors with accounting
and this sort of thing.
As a regulator, I'm looking at this, I'm saying, this is great.
I want to implement this.
I want to work with this company.
I want to build my processes and the regulation, my future regulation around this type of technology.
What has your experience been in working with or perhaps discussing this with regulators and lawmakers?
That is definitely not the experience.
That is definitely not the experience that I've had where they see this as, hey, great, this is going to make my life a lot easier.
but I think we also have to be realistic and understand
who these regulators are.
They are lawyers themselves.
They are accountants themselves.
I think at the other day,
they probably are also a little bit worried
that they might be disintermediating themselves.
They might disrupt themselves.
So I think there is a little bit of that at the moment.
And they often are not technologists either.
But what's happening,
and what we start noticing,
is a lot of these senior appointments now, the old guards are starting to retire, you've got
younger people joining the organization or these government entities, and these guys are a lot more
tech-savvy, and they see the opportunities of moving towards blockchain. But Hasfa, we've, maybe
with the exception of Dubai, where there seems to be strong, strong, top-down pressure to innovate
in the traditional jurisdictions that we operate in,
that's not necessarily the case just yet.
And also because I think the whole blockchain world
and the whole blockchain world
has still got a bit of a negative connotation to it
as a result of the Dow and a bunch of other things
that have happened before, right?
Yeah, that's definitely the case.
And I think if you take a step back
in a broader perspective, a lot of these, you know,
proceedings and legal documents
around sort of standard things like incorporation, share transfer, you know, raising funds.
A lot of the stuff is pretty standard, right?
I mean, these are templates, right?
They're internationally recognized templates, you know, if we look at some, you know,
a lot of these are standardized, basically.
And I think that I know people, you look at, for instance, the research that Prima Veri
DiFilippi is doing, you know, she's looking at, you know, how you can take these
processes and open source them in a way that they're made available for anyone to use, right? So
in any case, whether it's autonomous or open source communities or whatever, like these things are
going to get, you know, much, much simpler for people to use and to utilize and to build software
and build applications on. So, you know, fighting that as a regulator, like, you know, as you said,
and perhaps the younger generation coming in,
has much, much, it's more open to that idea than the old guard.
Indeed, indeed.
One of the questions I've been having when I listen to you is,
in all of these cases, whenever you have these forms or these contracts, right,
like, are there like pure programs or how do these contracts exactly work in a way that
they are also held up in court?
Okay, so let me give you a bit of background in terms of, say, this part of corporate law, right?
This section of corporate law specific to corporate governance and private limited companies,
it's by nature already very standardized.
So there exists a whole bunch of forms that you can use based on best practices over time,
and you don't have to have a lawyer look through them at all, and they're not customized.
So if you look at the share trust form I described earlier, it has got certain essential features.
number of shares, the type of shares, the, how much you're paying for each share.
That stuff is, you know, it's not, it's just a variable in the smart contract, and it's
completely abstractable. So that's essentially what we've done, is we've taken all these
parameters from these legal documents. We've put them in the smart contract because those
parameters need to be used, let's say, in the share transfer function or any other function
in the company's smart contract. And left the rest of the legal links.
go in there because they still need to be admissible in court.
So this legal lingo exists as a PDF document that is hashed into the smart contract and
that smart contract is a share transfer function I could use to move shares around something
like that.
Correct.
Exactly.
So basically when let's say I'm giving you some shares, we are in a sense filling out a paper form, putting it as a PDF.
and also calling this smart contract function
that allows us to move that around.
Yes, so you will see a conventional legal form
on the dashboard,
and you just type in the details.
So you say number of shares, whatever.
So you're filling in this legal form,
and then you're signing the legal form.
That's also essential, right?
You must also, it's,
I can't just show you a form
that just has number of shares
and the amount they're transferring,
and that's it.
I have to show you a legal document
so that you're actively sort of filling,
this out for it to have legal validity.
And then you use your 12-word secret phrase, your mnemonic seed, to then create the smart
contract which then signs that smart contract as well.
And that resolution smart contract, as we call it, we can generate a PDF out of this.
And during your persona creation, what I left out earlier was you also upload your signature,
your conventional signature.
Either you use the scratch pad or you upload an image of your signature, and that gets encrypted
again by your public key, so you're the only one that's able to decrypt it.
And then when you sign something, you decrypted and paste it onto that document.
So it still has that conventional signature, along with the QR code.
And the QR code has got details of when the transaction hash of this transaction on the blockchain.
So for example, if I create a company Autonomous, with Autonomous in Singapore, all of the
smart contracts themselves are running on a private blockchain that is maintained by Autonomous.
the company.
Right.
And whenever, let's say I'm doing a share transfer,
the form and the transaction that executes that share transfer
also happens on that private blockchain, right?
Correct.
Tell us why you went for the private blockchain architecture.
The private blockchain architecture only because
that's my last form of defense,
if something was not designed properly or if there was a problem with the system.
we need to get, because you can appreciate that this is a legal play,
we need to make sure we get the platform vetted.
We need to make sure the smart contracts are vetted.
We've done internal audits several times, but that is not enough.
We're looking for people who are capable enough in not just the legal space,
but also in terms of smart contracts and software, to audit some of the stuff that we've done.
we get, once we find such a person or an entity that can do this reliably, then, and we get it audited,
and everything is kosher, then we will absolutely deploy this in a public chain.
But for the moment, the reason we don't is simply just that it forms as a last line of defense,
just in case if we are not encrypting documents correctly, or if we're exposing some sensitive
information somewhere, that that problem is mitigated.
Sorry, sorry, I may have missed something.
What chain are you building this on?
Ethereum.
Okay.
But it's a private
chain.
Oh, okay.
It's a private Ethereum instance, yeah.
I see.
Okay.
And I'm curious, why did you choose to use Ethereum and not some other, I don't know, I would
say more robust, but another type of private chain system such as HyperLedger or
tenderment or something like that?
Fabric didn't exist at that time.
Tendarmint didn't exist at that time.
So actually we only had Ethereum to work with, in all honesty.
What I had before was color coins, counterparty you mentioned.
But to do that at that level was just as good as you're rewriting counterparty with the Bitcoin blockchain.
Yeah.
So with regards to the confidentiality and privacy considerations that are required for these types of operations,
is Ethereum, the public Ethereum network going to provide those features?
Is that something that you've looked at?
They are. I mean, Ethereum is now building proof of authority type of framework. And yes, we can. Was that the question? Are you talking about...
Well, if you're doing a share transfer on the Ethereum network, that share transfer would be public. How would you consolidate the privacy confidentiality considerations there?
Sure. So as I mentioned earlier, the only way you can identify a person on...
our platform is through the contract address, the persona contract address.
And when you do a get on the persona contract address, you will get an encrypted ID file.
You cannot decrypt the ID file unless you are a member, a fellow member of the company,
or you are an administrator like autonomous.
So anybody that sees your, the share transfer just sees that a set of hexadecimal numbers
have transferred to another set of hexadecimal numbers.
But they don't know who transferred to what and what company this is for.
in none of those other details.
So the encryption is at the identity layer
and not at the transaction layer.
That's how we solve the privacy.
Have you looked into the upcoming,
it's called RGPD in Europe,
that the regulatory, basically the privacy regulation.
The right to be forgotten?
Well, that's part of it.
That's part of the broader,
I forgot the acronym I know it in French,
but I think perhaps even with
the way you describe it,
there may have some friction there with the regulation in Europe.
The current way, as I understand it, even with the UK, we looked at this extensively.
In the event of some kind of litigation, a court process or criminal investigation,
we need to be able to present the information about the people that are concerned, right?
That's the obligation we have.
And we are able to do that because, as I mentioned before, we, by default, when you
encrypt your identity data, you share it with
the autonomous verification entity.
So that's the only entity that
has that access to the information.
Ideally,
in future,
maybe we could further decentralize that
and have some kind of a reputation-based identity
model
or a whole bunch of KYC
oracles, which we also haven't seen.
I don't know why people are not working on these things yet.
So you've got Reuters World Check, you've got
a whole bunch of service providers, just build
a K-YC Oracle to the service provider so that they will automatically stamp identities when
they deploy on the blockchain.
Haven't seen this happening yet, but that could also be one way you achieve automation
and minimize the risk that I have just mentioned.
But at least for now, we still need to be in control or not in control, must have access
to the identity data of our users.
Okay.
The regulation I was referring to is general data protection regulation, GDPR in English.
Gotcha. Which will come into an effect in May of 2018.
And I know that I'm not directly in contact with the data protection officers of the companies that we work with.
But one of the fears or some of the concerns with Ethereum, at least for the moment, with how the regulation is being interpreted and in the way that Ethereum is built, is that perhaps there will be some incompatibilities with regards to confidentiality.
and data privacy and right to be forgotten,
even if the data is encrypted,
although I'm not entirely sure.
You're probably right.
You're probably right.
I think what we have to do is not present this as a silver bullet solution,
but present this in the context of how traditional systems design is done
and then show that this is still better than traditional systems design.
And we all know what happens to companies like Target or Target.
How do you pronounce it in the U.S.?
with, yeah, Target.
And you know what has happened to them several times now.
So that is traditional systems design for you, right?
Oh, no, I totally agree.
I totally agree.
Traditional systems design and the way that we've been designing
architecture systems architecture for the last 50 years,
like it's not compatible with the world of today
and the world of tomorrow.
But we'll regulate this bite.
Regulators bite, you know.
there will always be some friction there.
But in our experience, at least, the way that we look at it is we really try to work with the regulator
and get them involved in a conversation very early on, justly so, so that we're working
with them in order to build this new architecture.
I completely agree.
We try to do that as well, but you can imagine how difficult that process is as well.
whenever you go to them with a specific system design and wait for them to give you approval,
you might be waiting for a long time and you might be, yeah, you might not be solvent
while you're waiting.
One key question I get is as an entrepreneur, if I, let's say, let's say I set up a private limited
company today.
My sort of privacy exposure is to the government.
right now, like the government sees my share registry, they see who all my shareholders
are, what sort of resolutions we have taken and things like that.
But in this autonomous architecture, I feel that I'm not only exposed to the government,
but I'm also exposed to autonomous the company itself.
So because autonomous is a corporate secretary of service provider, we are default, by default,
a corporate secretary in all the companies that we incorporate.
we in the real world we already have exposure to these companies we see them so this is also
in singapore for instance if you're not a licensed so we have to get a license to be a corporate
secretary or service provider you are not able to act as a corporate secretary so you can imagine
your corporate secretary knows everything about the company as well so today i would be exposed
to my corporate secretary and okay the corporate secretary is being uh
replaced sort of by autonomous i'm not i'm not creating an expert
party that I am exposing all my information to.
Correct.
Correct.
And on your private blockchain, when there are like multiple companies on that same blockchain,
then is any of my data exposed to the other companies that are on that same blockchain?
Yes. What data is exposed?
So your company's contract address, you might come to know about it.
So when you get the contract address, what can you do?
You can say, there are a few functions that you can run on it.
But let's say the most sensitive function is get me ID file.
And when it gets you ID file, it's again an encrypted file that can only be decrypted by the members of that company.
So that's what you're exposing.
But when you say do a get cap table function from the company smart contract, you will get a table, a two-dimensional array that's got shareholders and the assets that they hold.
But these are the hexadec decimal representations.
So the contract address of the shareholder, contract address of the assets.
So that can be considered sensitive information.
But so far, our analysis is it's not yet, it's not a critical breach, right?
This is what we would like to think of an acceptable risk.
In other words, the end component of the persona smart contract or the company smart contract
in terms of identity, that's encrypted.
But the transactions themselves are not.
And this is also not something that we can solve at the application layer.
This might be solved at the protocol layers at some point when they make encryption possible at the protocol layer.
But yeah, this is how we mitigate it so far.
Okay, so basically like when I'm creating a company using autonomous,
I am exposing my, not say my individual identities of the people who are running the company.
But the transaction structure of what happened inside the company.
So, for example, in my company, let's say there were two share transfers in March, followed by three in June, followed by five in September.
That kind of transactional structure is exposed to any other company that has also set up using autonomous.
Correct.
And like this is something that is different from the current system.
I mean, the current system, I'm not exposing that information to companies across the world that I don't know.
So this is a tradeoff that an entrepreneur is making in exchange for getting easy set up.
Indeed.
But also must be mentioned that this is also another reason why we're so heavy in the common law jurisdictions.
In the common law jurisdictions, there exist national registries that any person can go and query.
So in Singapore, you could pay $5 and you could figure out that I'm a director in a certain company,
you could figure out that I own a similar shares in the company.
So it's not necessarily private information.
In fact, in the legal world, should you wish to make things private?
You do that by, again, creative legal engineering, like you set up a nominee shareholder ship structure,
which is basically a contract between you and another person.
And you tell this other person that, hey, please hold these shares on my behalf,
but I do not want to appear in this company.
So again, it's not a technology problem to solve this privacy matter.
It's a legal problem to solve.
In other words, if you want to be kept anonymous in the company,
then have a legal structure that makes you anonymous
and do not depend on the system to make you anonymous,
despite the fact that it does its best job of doing it.
So we talked, I think, earlier before the show,
or no I think actually earlier we were talking about open sourcing sort of standardized contractual agreements
and just having sort of the parameters be configurable right for specific types of specific types of
use cases so if I understand correctly so your your platform is built is an interface to these smart contracts
How, as a user of your platform, what have you put in place that would allow me to, you know, check these smart contracts, make sure that everything in the back end is being done according to, you know, what the contract, the legal contract describes, that there are no bugs in there.
Is there any transparency?
Are those contracts open source?
You know, talk about that a bit.
So the contracts are not open source.
Actually, no part of our code is really open source.
reason for us not to make things open source is not because it's proprietary or IP. It's rather
because it's still very early on. And I think we should recognize the fact that blockchain
is still an experiment despite the fact that it might be version 1 point something. Smart contracts
are an experiment and the autonomous platform is another experiment. So we're a third layer
experiment if you would. So before we release anything to the public, we just want to be prudent and
make sure that we've done our best to verify that everything's kosher.
So it's not that we don't want to make things open source.
We do.
In terms of verifying the contracts that are deployed on the blockchain, anytime, so this is
the other thing, right?
Unfortunately, a lot of our clients are not technologies are not blockchain savvy, even,
huge majority of them are not.
They simply care about the fact that we're able to offer this service a lot cheaper than
the traditional incorporations agent because of the reasons I mentioned.
earlier. But
there are people who ask me this question, I tell them
feel free, I will invite you
to our blockchain network. So I could whitelist your
IP address. You just deploy
the node that we
give you. We did customize the node a little bit.
Why? Because we had to remove the proof of
work, the very inefficient proof of work
mechanism. So
that's the only thing that has been done on our
customized node. We'll provide you, even if you don't believe us
and you say, no, I want to make the same customization
myself, we will say, okay, this is the lines that we changed, and when you change there,
you should have the same ending hash for that node software as our node, so they should be able
to connect, and you can connect to our node network and pull the contracts for yourself and verify
them for yourself. We will white list you have to be.
So, okay, so I understand then. So you're sort of still in this experimental phase, perhaps
working with clients on on pox and not at a you know perhaps not at a production stage yet and
but but once you are once you have reached maturity yeah and audited then I suppose that
you know your your contracts would be made open source then absolutely someone can check the
validity of those contracts interesting and so what so you mentioned you pulled out
proof of the proof of work algorithm what have you replaced it with
We didn't really pull it out.
All we did was just make the difficulty constant.
Because we're the ones that are mining a network.
Okay.
So at this stage, there's one validator, and that's correct.
Correct.
Okay.
Correct.
And the idea is that when you move through the public Ethereum chain or, you know,
a consortium or perhaps a consortium network, or, you know,
depending on the use case, then you would rely on the validation of all the miners.
Indeed.
and hopefully the protocol is also developed to a point
where end users are able to, as part of the application,
when they deploy the application,
also easily able to deploy a node for that application.
So once they're able to do that, absolutely, what you said is valid.
And thank you for being transparent about the fact that you're in experiment mode.
A lot of times, we talked about this before the show,
a lot of times in this space, you just have people say,
yeah, we're doing this and we're doing that, we've got all these great stuff.
But you look under the hood and you realize that it's,
experiment mode. I think it really, you know, to have that humility to be able to say that, look,
you know, we're building this stuff, we're still working on it. We're still working out the
kinks. We're still constructing a use case is a very honest position to have and is one that I
try to have as much as possible too. First, it's an easy position to have also because remember
everything that we do on the platform is also backed up in the real world because we still have
the signed documents. They look like signed documents. We have.
have filed the corporate actions with local regulators, so that state this also exists.
So if there was anything to happen with our platform tomorrow, we can always fall back to
the real world.
So we have that option.
And that's also why it allows us to be frank about our state of implementation, if you
would.
As autonomous is going for the private blockchain, right?
Like, did you consider anything apart from a blockchain to do this?
So the reason I ask is there's always this debate that says that.
Correct.
If you're having a centralized chain, right, like with one validator,
then there would be many people that would say that a blockchain is actually useless in that case.
And there's a whole stack of technologies that will be better than the blockchain some way or another.
So tell us like what kind of tradeoffs you explored before picking the blockchain to make it completely private.
Absolutely. That's a very valid point. We get asked this question multiple times. You're right, but with one subtle difference, right? On a database, it's a lot easier for you to manipulate data than it is on a blockchain, right? Even if you are one validated, it's still a very involved process for you to be able to do it. And I can tell you none of my developers can even do this, just as one mitigation, but that is not good enough. The reason we do this on the blockchain is because we see this to be the future.
We want to be poised to the point where
I don't know when this is going to happen
hopefully within the next five years
that government countries start
deploying a countrywide network
for their citizens
and if we are poised and we build an application
in such a way
then hopefully when that happens for us
it will be a very simple switch
and we won't need to do what we're doing now
what we're building now as much as it can be done
in a database
for us it's about where this can go in the future
So your motivation force is you want to be sort of compatible with the latest blockchain standards
in the expectations that there would be some form of countrywide or global consortium networks
that you could migrate to.
Indeed.
Yeah.
Or eventually to a public chain as well, a public Ethereum chain.
We would definitely love to move there.
It's just that we're not ready even from an application point of view because we've...
Like you're saying that all of the contracts.
contracts are actually backed up by paperwork that holds up in code, right? So even if on the public
blockchain, there's a problem. The problem that I have, that I'm worried about in the public
blockchain is not transaction related, is how we store sensitive data related. So if on the
blockchain, if I'm storing any sensitive, on the public blockchain, I'm storing any sensitive
data because we made a small mistake in the algorithm or there's a bug, then I do not want
to deal with that kind of exposure.
just yet.
Okay, so before we wrap up, tell us where you're at right now?
What's the product roadmap looking like?
Are you raising funds?
Have you raised funds?
Tell us a bit about where you are at right now with Autonomics.
Sure.
We're in the pre, we're going to start our series A soon.
In terms of the product, the product itself, we spoke about incorporations and we spoke
about corporations like share transfer, but we've really done a lot more than share transfer.
corporate actions, whether it's adding of a new director,
adding of resigning directors, removing secretaries, and so on.
You could even execute any non-smart contract-related legal corporate actions on our platform.
So if you say, hey, I just need this board resolution for my meeting minutes, for instance,
then you could just draft that yourself on the platform and just use the platform to sign it
or use your personal smart contract to sign it.
We also offer that.
So in the end, what happens is your company smart contract becomes a central repository
of all actions that have taken place with the company.
And you could get this information
from the company's smart contract.
And then beyond that, what we've also done
is build an employee share option scheme,
smart contract.
So you can imagine in the real world
what happens when you issue options to employees
is first you need to have a master contract in place,
which is called all the general terms.
You've got the rule book.
Then you've got the allotman
or the allotment letters, the grant letters to your employees, right?
Then you say, okay, I've issued you this much conditional, non-conditional options and so on.
And on a monthly basis, or after the guy's first year clip, assuming, he exercises these options.
He has to do that by way of paperwork, correct?
But again, this is something that we've automated via our Employee Share Options Schem Smart Contract.
In the traditional world, an employee share option scheme also requires a committee, an independent
committee, typically headed by the directors of the company and, say, a third-party lawyer.
And the idea behind the committee is to make sure that when you've been told that you'll get
a certain number of options, that you actually get those shares in the end.
And the way we've designed the employee share option smart contract has eradicated even that need
for a committee.
Because once it's done, it's done on the smart contract, there's no way for you to reverse it, right?
And so we've done that. We also did SAFES. So you also have SAFES, so simple agreement for future equity, smart contract as well.
And what this basically does, the cool feature here is it works together with our funding module.
So even in the funding module, what we've done is we've automated the board resolutions that go to start the funding module to the term sheet, the shareholder agreement, the share subscription agreement, that process flow, right up to the last board resolutions that actually do the issuance of the new shares.
and when that last board resolution
triggers the issuance
of new shares, automatically safeholders
that are part of the company smart contract
get converted if the conditions
match. So again, we've eradicated all those
extra steps that are typically needed. So that's
the stage we're at now. Now
before we talk about the
future features in the interim,
we are also working on making
the platform scalable.
As you can imagine, what started
out has a POC
is still very much a pilot.
It's not really a production level application.
The initial idea was to get the business process right,
and it's been proven that the business process is right.
Now we're trying to build the scalability component into it
by splitting the application into minor modules and sub-applications and so on.
Together with that, we're also doing proof of concepts
for other big financial institutions that want to do something similar
to what we've done for the private company space.
So we also have that going on.
And with that, the future looks like either we will do a big proof of concept for one of these major financial institutions,
while still building our, making our platform scalable.
But beyond corporate actions, we also have the aim, the want to go and disrupt the accounting process that exists today.
So everything from, I just came back from a business trip where I now have to collate a whole bunch of receipts,
submit them to my accounting person
who checks them a second time
and then they get submitted to the person
that actually disperses the funds
if we could re-engineer that process
against smart contract driven so that
you don't have to do accounting once a month
and you do it as you go on a per
transaction basis where all these three actors
are involved
then that gives you that second component
of the finance component
to your company smart contract
and then when these two are done
maybe we talk about that beautiful future
where we narrow the line between IPO,
a private company and an IPO,
by offering exchange features also in the company smart contract.
But that's way beyond the future.
Just on the expense and accounting stuff,
like, where do I sign?
Where do I sign?
I think that's probably the most arduous thing
that any employee that travels a little bit has to do
is doing expenses every month.
So if you could automate that,
just take a picture of the receipt.
It's just done.
That'd be great.
I think that what's really fascinating about this and where it just overlaps with a little of what we're doing in Strata is the auditability of all this, right?
Because once you've created all these platforms, once you've created this platform where in effect you're digitizing on the blockchain, the entire process, you know, which is the life of your company, it becomes really easy for external auditors, regulators, regulators,
you know, any type of decision maker to look at this.
And, you know, when you think of auditing, you know, you implement a process and then you,
like you said a while, you throw a book at someone and then they look at see, they look to see
if that process was done according to the way that the book was written.
If you build sort of the process in accordance to the way that it's meant to be executed,
you can audit in real time or even not even have to audit anymore because, you know,
potentially those auditors, those external auditors, are building that process with you and are part
of the validation nodes. Indeed. You should be auditing the system once and every time the system
changes and not be auditing per transaction, which is what we do today. Right. Exactly. Yeah,
like you do with software. Excellent. Well, Mano, thank you so much for coming on the show today. It was
really fascinating to talk to you. And for our listeners, it's actually quite late. We, we, we, uh, we, uh,
managed to, we had an opening for this week and Mano agreed to do the show, although it is
close to 2 o'clock in the morning in Singapore where you are. So thanks again for coming on.
I really appreciate it. And we're really looking forward to seeing the developments and autonomous.
Thank you, Sebastian. Thank you, Mayor. Thank you for your opportunity.
And thank you so much to our listeners for tuning in. Episcenter is part of the Let's Talk Bitcoin
Network. You can find this show and lots of other great shows at Lex Talk Bitcoin.com.
We release episodes every Tuesday, and you can find those just about anywhere you find video or podcast.
You can find us on YouTube, SoundCloud, iTunes, or any podcasting platform.
Also, if you're interested in supporting the show, you can do that by leaving us a tip,
and the tipping address is in the show description.
So thanks so much, and we look forward to being back next week.