Blockchain will improve data privacy – but what steps must organizations take prior to adoption?

Blockchain is currently one of the hottest topics in financial services and capital markets. The technology has the potential to transform many business processes, making the data used in those processes more available, transparent, immediate and secure.  It could also strip out large amounts of cost, delay and error handling/rework.  Possible use cases include trade reporting; clearing, confirmation, validation and settlement; recordkeeping; monitoring and surveillance; risk management; audit; management and financial accounting; and regulatory compliance (including – but by no means limited to – financial crime prevention). The immutability, immediacy and transparency of information captured within a blockchain means that all necessary data can be recorded in shared ledgers and made available in near real time.  In such a world, stakeholders will no longer be simple recipients of post-hoc reports; instead they can be part of the real-time process.

Blockchain first emerged as the technology that powers the cryptocurrency bitcoin.  However, since its first appearance in 2009, blockchain’s potential uses have far exceed cryptocurrency applications.  By necessity, blockchain technology is complicated in its implementation, but the underlying idea is simple: it is a distributed ledger or database running simultaneously on many (possibly millions) of nodes that can be distributed geographically and across many organizations or individuals. What makes blockchain unique is its cryptographically assured immutability, or irreversibility.  For example, when transactions on the ledger are grouped into blocks and written to the database, they are accompanied by cryptographic verification, making it nearly impossible to alter fraudulently the state of the ledger. Another way to think about blockchain is as trust/consensus technology: the changes in the data are recorded into the blockchain when network participants agree that a transaction is legitimate in accordance with shared protocols and rules.

Interest in blockchain in financial services and capital markets continues to grow – and will accelerate as live solutions make their way to market.  Many organizations – including banks, exchanges and fintech firms – have announced initiatives in 2016, while the list of possible use cases being proposed in articles and forums is lengthening.

Applications in Compliance

One of the most exciting features of blockchain from the compliance perspective is its practical immutability: as soon as data is saved into the chain, it cannot be changed or deleted. That is why blockchain is used as the document or proof for the transfer of any digital asset, for example bitcoins or other digital currencies. By the same token, it can be used as record of ownership of physical property – an approach currently undergoing testing by Sweden’s national land survey, where a blockchain-powered system for registering and recording land titles is attempting to digitize real estate processes.  Blockchain’s immutability also lends itself to the application of proof-of-process for compliance.  Blockchain could be used to keep track of the steps required by regulation. Recording actions and their outputs immutably in a blockchain would create an audit trail for regulators to verify compliance.  Almost as importantly, regulators could have read-only, near real-time access into the private blockchain of financial organizations.  This would allow them to play a more proactive role and analyze information in real-time mode.  In other words, this brings them closer to becoming participants in – rather than customers of – the process. Such a change could reduce dramatically the time and effort (and therefore cost) that financial institutions spend on regulatory reporting, as well as improving the quality, accuracy and confidence of and in the process.

Another regulatory field where blockchain could play an important role is in KYC (know your customer) and AML (anti-money laundering). Banks and other financial institutions have to complete many tasks and steps as a part of the onboarding process for new clients. In addition to data collection, there are important rules around validation, confirmation and verification to be completed before new clients can be onboarded.  In some markets, the process can take several months.  Many of the steps could be eliminated if the information existed already in a secure, tamper-resistant database – an immutable blockchain. Any changes to customer data will be distributed to participants in the blockchain immediately. The chain would provide records of procedures and compliance activities for each client.  Blockchain would play the role of proof-of-process, so all that steps are easily traceable and regulators can be confident about the veracity of the information. Moreover, individuals would be co-custodians of the information on the blockchain, which could provide additional protection against identity theft (impacting or even disintermediating businesses like credit-monitoring services).

A further possible extension is blockchain as a digital identity management grid, with all information required for screening and compliance being held about individuals and/or firms in a chain.  This would reduce KYC/AML processes to simple automated checks of a blockchain-powered, marketwide utility.  It is likely that sharing sensitive information about customers between financial organizations will start to become the norm once trust is established in a blockchain-enabled ecosystem.  Interestingly, SWIFT has announced that their own KYC registry, which already includes more than 1,000 member banks, will be shared with trusted partners and customers in the future.  This is one of the early steps to fully trusted digital identities in the industry – which must be the target business and legal outcome.

Smart Contracts

It is hard to explore potential applications of blockchain without mentioning smart contracts. In short, smart contracts are custom, self-executing programs (distributed applications) that run on a blockchain and are triggered by some external data or event that lets them modify some other data; if certain conditions are met, a smart contract can update the blockchain according to predefined rules (e.g., transfer digital assets from one participant to another).  Once this technology gathers enough momentum, its proponents believe smart contracts will be no less revolutionary than the invention of HTML, which transformed the internet and, subsequently, the entire world economy. The appeal of smart contracts is undeniable, as they could potentially replace many functions currently executed by costly or inefficient intermediaries.  However, smart contract technology clearly isn’t ready for prime time yet, as evidenced by the recent much-publicized DAO debacle, where a poorly formulated contract allowed a savvy user of Etherium, a popular public blockchain, to obtain millions of dollars’ worth of digital currency. Smart contracts need to become much more robust to reach the comfort level necessary for widespread adoption by industry.

The smart contracts issue reminds us that with all its promise, blockchain is still quite experimental and not without its challenges with regard to the use cases being discussed in the industry.  Some of the barriers to adoption that come to mind are privacy, performance and infrastructure.  Using blockchain for trade reconciliation, settlement and the like would require sophisticated privacy controls and the management of access to the information residing in the blockchain. Originally, blockchain was designed for precisely the opposite – namely, to enable every network participant to view the entirety of the data.  With Bitcoin, for example, anyone can view the entire ledger if they wanted to. Out of the box, private (permissioned) blockchains can provide two types of access control: read-only and read/write. Additionally, it is possible to introduce permissions to mine, receive or issue assets. However, real-world applications in capital markets and other sectors require more flexible and granular access management schemas; simply putting complete information about all transactions on a shared ledger open to anyone on the network is obviously something no market participants would agree to. In a perfect world, blockchain would allow enterprise companies to map their existing LDAP (Lightweight Directory Access Protocol) users/groups in it. This is a non-trivial problem that remains unsolved at this time, to the best of our knowledge.

Challenges

Speed is often cited as a big problem for the wider adoption of blockchain. Performance of blockchains is significantly slower than conventional databases, and with good reason: the cryptographic component, which is what gives blockchain its most attractive features, is very calculation-intensive. For example, the throughput capacity of bitcoin is only around seven transactions per second. This does not compare very well, for example, to the average of 2,000 transactions per second processed by the VISA payment system, with the peak capacity of 56,000 transactions per second (although they never actually use more than about a third of this, even during peak shopping periods). There are attempts being made to build blockchains capable of higher performance. Most notably, BitShares claims the ability to handle up to 100,000 transactions per second, which would be plenty fast enough if this were an apples-to-apples comparison.  However, the definitions of performance used by BitShares in their publicized explanations seem different from the accepted norm. These comparisons are further complicated by factors like collocation and the distributed nature of blockchains, but in the grand scheme of things, for now the performance gap remains unbridged.

Setting up and managing the infrastructure to support blockchain solutions is another challenge to organizations experimenting with the technology. As information security, operations, cloud and other teams start introducing blockchain as a new data/code layer in their firms, the process can be quite disruptive, in particular because there are no best practices available that would streamline the roll-out process. There are early attempts to improve the situation, like Microsoft’s Project Bletchley or Hyperledger, but they are not yet finalized for production use.

In summary, blockchain technology has the potential to revolutionize and improve many business processes in financial services and capital markets. Of the many processes that could be improved by the technology, it is regulatory processes such as KYC and financial crime prevention (e.g., AML) that may be early converts.  If this turns out to be the case, the benefits to the industry will be enormous.


Cliff Moyce

Aug 10 - Cliff Moyce headshotCliff Moyce is Head of the Finance Practice at DataArt. Cliff has spent most of his career transforming organizations in financial services and capital markets. Everything from building and launching major new companies to automating trading at Europe’s largest derivatives exchange and setting up a UK private equity company for a large Japanese conglomerate.

Prior to joining DataArt, Cliff was COO at Credit Market Analysis, where he led the company through a period of significant change, culminating in its acquisition by McGraw Hill Financial.

Cliff is a regular press commentator on topics such as the future of banking, IT security, transforming legacy systems architectures and fintech. He is a Fellow of the Institute of Management Services and holds an M.Sc. in Organisational Psychology from Birkbeck, University of London.

Related Post