Blockchain risk management

Risk functions need to play an active role in shaping blockchain strategy

Any new technology requires appropriate risk management before adaptation and operation can commence. When that technology is the core of the organisation, it is even more important to step up risk management, as is the case in distributed ledger technologies which are popularly known as blockchain. But we may ask, is your organisation prepared for this new technology?

Blockchain framework

Blockchain comes with an array of potential benefits which may help a variety of organisations to mitigate, or in some cases, eliminate risks posed by current systems. Proponents are hailing the benefits of having data records which are difficult to alter, aiding record preservation and evidence.

Efficiency is also one of the most discussed features of blockchain. Because blockchain offers a near real-time settlement of recorded transactions, there is less need for the “middleman” as two parties can transact directly between themselves using blockchain.

However, it is critical for those interested in the technology to understand the potential risks blockchain brings with it. As the technology matures, and theoretical uses are commercialised, the financial services sector must start understanding the new challenges it faces.

Blockchain technologies expose institutions to familiar risks. Yet, these risks have new nuances. For example, whilst blockchain promises efficiency, one has to look at how it works. A blockchain operates in two ways; Permissionless and Permissioned.

  • Permissionless blockchains: Permissionless blockchain allows anyone to participate in the network without any vetting. These blockchains start out with a pool of crypto-currency to pay service providers, or miners, to participate in the process. These service providers update the general ledger with the transactions executed by participants. If one has all the necessary requirements dictated by the network, one can become a miner.

Permissionless blockchain has been criticised for potential anonymity issues that aid in money laundering and currency theft from a user’s blockchain account.

  • Permissioned blockchain: This type of chain does not require crypto- currency, as the administrator can predefine the process. A choice of consensus algorithm is deployed on the network to update the blockchain ledger.

Scalability and anonymity issues in this matter are not likely to happen as the permissioned blockchain allows the participant to choose the infrastructure and any suspicious activity is monitored by the administrator. Therefore, this framework is more suitable for institutions to use with a group of known and trusted parties.


Irrespective of the type of blockchain chosen by the participant, the business logic is encrypted using smart contracts. Smart contract are self-executing code on the blockchain network that help ease transactions with a straight-through processing system, which means that there is no need for manual intervention to execute transactions.

This comes with risks, as a smart contract can mimic a contract and execute the contract automatically if conditions required to consummate the contract have been met. Such contracts are generally vulnerable to cyberattacks and technology failures, as they rely on outside oracles to trigger contract execution. Such issues could be prevented with robust testing and through setting up suitable controls to mitigate potential risks.

The blockchain peer-to-peer framework offers the potential to transform current business processes by disintermediating central entities or processes, improving efficiencies, and creating an immutable audit trail of transactions.

This could provide an opportunity to lower costs, decrease interaction or settlement times, and improve transparency for all parties. Organisations will however need to manage new risks or ones which were previously managed by central intermediaries.

Did you find this useful?