risk management, Technology

Blockchain – Benefits & Risks

Posted by Shawn Pang on

On 1 Oct 2016, the value of Bitcoin was $831. One year later on 30 Sep 2017 it was $5711, a jump of close to 700%. The appreciation for Litecoin (another cryptocurrency) was twice that – 1400%. Over the same period, S&P 500 index rose by a mere 17%.

These wild investment gains are a proxy of the promise of an emerging phenomenon that could rival the Internet itself in importance.

These wild investment gains are a proxy of the promise of an emerging phenomenon that could rival the Internet itself in importance. It could even threaten to eclipse other pivotal technology ideas like Big Data and machine learning. This is the blockchain – which cryptocurrency like Bitcoin and Litecoin are based on.

The blockchain is a distributed digital ledger of transactions that can record not just financial transactions but virtually everything of value that requires non-repudiable ownership proof, e.g. title deeds, music royalty ownership, election vote. The data is shared with all participants “nodes” on the blockchain and is being continually added to in the form of “blocks” which is a batch of the latest transactions.

The blockchain is a distributed digital ledger of transactions that can record not just financial transactions but virtually everything of value that requires non-repudiable ownership proof.

The blockchain database is not stored or centralized in any single location, but rather in numerous computers around the world simultaneously. Every node has an exact copy of the data and a consensus protocol synchronizes the updates across them. The consensus protocol also makes it very difficult for malicious hacking or forgery of the data in the blocks, as all subsequent blocks would need to be altered as well; that requires a huge amount of computing power as well to override the entire network. So blockchain records transactions between 2 parties in a verifiable, permanent way. Some central authorities like banks have traditionally performed this duty – but blockchain now replaces this central consensus with decentralized consensus.

blockchain
More value than a gold chain

There are 2 types of blockchains:

  • Permissionless: This allows any party (without any vetting) to participate in the network.
  • Permissioned: Formed by consortiums, which evaluate the participants. The administrator predefines update process and consensus protocol in updating the ledger. Scalability, privacy and suspicious activity monitoring are more easily handled.

A typical blockchain transaction update process is as follows:

  • A user requests a transaction (e.g. pay someone) and signs it with his private key.
  • The request is broadcast to the blockchain peer-to-peer network, to computers known as nodes. So everyone knows it almost immediately.
  • The nodes now compete to “mine” the transaction. This essentially means that they try to solve a mathematical problem (known as Proof of Work problem) in a brute-force manner that requires an expensive computing calculation. The transaction is verified in the process.
  • The first miner who successfully solves the mathematical problem then broadcasts the result (known as Proof Of Work) to the other miners, which will verify the correctness.
  • For the job, the miner gets rewarded with a token of the cryptocurrency from the mining protocol.
  • Once verified, the transaction is considered “confirmed” and is combined with other transactions to create a new block. This block is then added to the blockchain at a pre-determined interval (e.g. every 10 min for Bitcoin). The transaction then becomes an immutable record.
  • Thus mining has served 2 purposes: verified the transaction legitimacy, and created new cryptocurrency with the reward to the miner. The “reward” is the only way that new cryptocurrency are created and there is a predefined limit to the total number in circulation, e.g. for Bitcoin it’s 21million.

BENEFITS

Blockchain offers important benefits to financial institutions. Due to its peer-to-peer nature there will be lower costs, reduced processing times and improved transparency.

Blockchain offers important benefits to financial institutions. Due to its peer-to-peer nature there will be lower costs, reduced processing times and improved transparency. Some examples of real-life uses:

bank-collapse1
Banks optional
  • Removal of need for intermediaries, clearing houses and manual processes. Typical are payment clearing and settlement, stock trade confirmations. In the trade finance industry, banks representing the exporter and importer can be eliminated and counterparties deal with each other directly.
  • Apart from the apparent benefits to financial transactions, with its non-repudiation nature blockchains are suitable for recording of events (e.g. voting), medical records, property registry, identity management, document provenance, copyright registration, etc.
  • Regulatory/auditing transparency: these authorities can see transaction specifics on blockchains instead of relying on the reports of financial institutions. Whether the latter group views this as a benefit remains to be seen.

One important tool of blockchain is the use of “smart contracts”.  These are self-executing codes on blockchain that enables automatic execution upon the fulfillment of certain pre-defined conditions for contract consummation. No middleman is required. E.g. you rent an apartment by depositing Bitcoins into the contract code and the landlord puts his apartment door keycode in there too.

On an agreed date, a third-party agent (called “oracle”) would verify the successful Bitcoin transfer to the landlord, and “trigger” the release of the apartment keycode to you by feeding the payment status to the blockchain. The smart contract is stored in the distributed ledger, which gives it a certain security and immutability.

RISKS

While blockchain technology holds great promises in terms of efficiency and savings, it carries its own set of unique and inherent risks.

While blockchain technology holds great promises in terms of efficiency and savings, it carries its own set of unique and inherent risks. Some are listed below:

Cyber Crook-HITN
Spending double is fun
  • First mover risk: Does the financial institution adopt a wait-and-see posture and risk losing out on first-mover advantage? Or move first and be exposed to uncertainty and a steep learning curve?
  • Data confidentiality risk: The consensus protocol requires all blockchain participants to be able to view transactions in the ledger. Even if only the Meta data are viewable, a financial institution may not be comfortable with another having certain knowledge of its clients. On the privacy front, an individual’s transaction details and habits are archived permanently on the blockchain, together with his personal info, viewable by the blockchain participants. Will this sit well with proponents of data privacy laws, e.g. Singapore’s PDPA (Personal Data Protection Act)?
  • Regulatory & compliance risk: Financial institutions need to ensure that regulatory requirements are addressed in the blockchain based business models, especially in their inter-operability with legacy infrastructure. And how does the regulator or auditor obtain artefacts from the blockchain to verify compliance, without encroaching into the data of other firms using the same blockchain?
  • AML / CFT / Criminal risk: Due to the peer-to-peer nature of blockchains, cryptocurrencies are the preferred choice of criminals and fringe characters to transact business. E.g. in the defunct Silk Route web (as well as in Dark Web), ammunitions and drugs are transacted using Bitcoins. In the recent Wannacry ransomware worldwide attack, Bitcoin was specified as payment mode by the attackers. As there is no central clearinghouse, money laundering could more easily go under the radar and financial of terrorism could be more easily funded.
  • IT security risks: Below are some examples:
    • Supposedly the large number of blockchain nodes will reduce the chances of a hacker taking over the blockchain. However the probability is not zero, and the consequences could be calamitous. The possibility is higher in the permissioned blockchain where the participants may not be that many (compared to the permissionless blockchain).
    • Smart contracts are vulnerable points for cyberattacks as they require “oracle” agents (which exist outside the blockchain) to trigger smart contract execution. These oracles may be hacked or corrupted resulting in undesired smart contract execution or non-execution.
    • Double-spending attack: E.g. after paying $5 for the Starbucks coffee you cannot use it again to buy the croissant. However, if the payment is in cryptocurrency and the perpetrator is determined enough the same money could be spent twice if the block creation window is too long and therefore the transaction confirmation takes a while. So theoretically Bitcoin (with block-creation window of 10 min) is more susceptible than Litecoin (2.5 min).
    • Key management risk: For all its world-beating innovations, blockchain still uses private/public keys. If keys were stolen, assets could still be taken over.
    • Open source risks: As Bitcoin and blockchain codes are open source and viewable by anyone, there is risk of tampering using malicious codes.
  • IT governance risk: Below are some examples:
    • Adequate policies and procedures need to
be updated to reflect new business processes.
    • Financial institutions will need to take into account the interface with legacy systems in implementing the technology.
    • As the turnaround times are greatly accelerated (e.g. vs. traditional clearance and settlement processes), business continuity plans need to mirror that quicker pace in order not to breach client SLA.
    • As much of the technology may be sourced from blockchain vendors, there is need to be aware of third-party vendor risks. Omission of such due diligence will compromise the business model.
    • Consensus protocol: The basic premise of blockchain is the arrival at consensus by all participating nodes before update is done. There exist different consensus algorithms. If consensus is not resolved then the ledger would not be updated and the transaction is not confirmed – this makes the transaction more susceptible to forgery, or may result in client SLA breach. How to govern the consistency and speed of consensus?
  • Blockchain options risks: There exist a slew of options when it comes to choosing which blockchain to adopt:
    • E.g. the Bitcoin blockchain is good for processing cryptocurrency but not for smart contracts. The Ethereum blockchain is good for smart contracts. This presents a fragmentation risk. Blockchain’s strength is a common, but decentralized distributed ledger. This commonality is diluted if there exist different types of blockchains, especially if there is overlapping claims of functional merits (e.g. in handling smart contracts).
    • Permissionless blockchains does not do vetting of participants, thus there is higher risk of AML and currency theft. Financial institutions may choose to use Permissioned blockchains instead.
  • Liquidity risk: E.g. in traditional trade financing arrangements, the financial institution representing the exporter could finance the exporter first while awaiting payment from importer-side financial institution. Without such intermediaries, firms are more exposed to funds shortages.
  • Legal risks: Blockchain opens up a whole new challenge on the litigation front. There is as yet no legalistic framework – which the writer is aware of – covering smart contracts in the event of disputes. The new breed of legal minds needs to be IT-savvy to assess if the smart contract algorithm implemented is fair and adequate in driving desired outcomes.
  • Impact on fiat currency: If cryptocurrency (which uses blockchain) becomes prevalent in a country instead of the country’s fiat currency, would the latter be weakened in its value and supply? Would the owners and investors even use cryptocurrency to bet against the fiat currency? The recent cryptocurrency ban in China could be a pre-emptive move against such an adverse development.
  • Non-adoption risk: Lastly, the risk of financial institutions NOT adopting blockchain is that their traditional “middleman” functions like clearing and settlements would be disrupted and supplanted without a viable replacement. That would only be the start of their troubles. They need to layout a blockchain adoption roadmap with appropriate risk management embedded.

CONCLUSION

code
Trust code, not humans

The human-based trust model – tedious and error-prone – will be replaced by the code-based trust model.

Blockchain technology will cause a paradigm shift in the “trust” model traditionally practised by financial institutions. The human-based trust model – tedious and error-prone – will be replaced by the code-based trust model. Adopters will be challenged by new risks that fall outside the legacy framework of risk management and governance. How they rise up to those risks will determine the success of blockchain implementation in their businesses.

Full disclosure: This is a research paper. While much of the above views and perspectives are from the writer, this article also draws from the insights of thought leaders on the topic.

Leave a comment