Blockchain Security Risks for Financial Organizations | Deloitte US has been added to your bookmarks.
Risks posed by blockchain-based business models
Is your organization prepared?
Explore three categories of risk your financial organization will need to manage if it’s considering adopting blockchain.
- Distributed ledger technologies
- The future of risk management
- The risks of blockchain
- Transform your business processes
- Get in touch
Distributed ledger technologies
The successful adoption and operation of any new technology is dependent on the appropriate management of the risks associated with that technology. This is especially true when that technology is more than an application and is part of the organization’s core infrastructure. And distributed ledger technologies (DLT) have the potential to be the backbone of many core platforms in the near future.
The blockchain protocol is a special case of DLT, where the consensus protocol creates a daisy chain immutable ledger of all transactions that is shared across all participants. This framework allows for near real-time value transfer (e.g., assets, records, identity) between participants without the need for a central intermediary. Any transfer of value between two parties and the associated debits and credits are captured in the blockchain ledger for all parties to see. The cryptographic consensus protocol ensures immutability and irreversibility of all transactions posted on the ledger.
The future of risk management
Risk practitioners are very excited about DLT’s promise to help organizations minimize—and in some cases eliminate—the risks posed by current systems. DLT is being viewed as the foundational technology for the future of risk management. However, as the technology continues to mature and many theoretical use cases begin to get ready for commercialization, the financial services industry should start focusing on a less discussed question: “Do DLT-based business models expose the firm and market to new types of risk? And if so, what should firms do to mitigate those risks?”
The risks of blockchain
Blockchains fall under two types: Permissionless and permissioned chains. Permissionless blockchains allow any party without any vetting to participate in the network, while permissioned blockchains are formed by consortiums or an administrator who evaluate the participation of an entity on the blockchain framework.
Regardless of the type of blockchain, the business logic is encoded using smart contracts. Smart contracts are self-executing code on the blockchain framework that allow for straight-through processing, which means that no manual intervention is required to execute transactions. They rely on data from outside entities referred to as “oracles,” and can act on data associated with any public address or with another smart contract on the blockchain.
While the blockchain technology promises to drive efficiency or reduce costs, it has certain inherent risks. It is imperative that firms understand these risks and the appropriate safeguards in order to reap the benefits of this technology. Additionally, it’s important to understand the evolution of regulatory guidance and its implications.
These blockchain risks can be broadly classified under three categories:
- Standard risks: Blockchain technologies expose institutions to risks that are similar to those associated with current business processes but introduce nuances for which entities need to account.
- Value transfer risks: Blockchain enables peer-to-peer transfer of value without the need for a central intermediary. The value transferred could be assets, identity, or information. This new business model exposes the interacting parties to new risks that were previously managed by central intermediaries.
- Smart contract risks: Smart contracts can potentially encode complex business, financial, and legal arrangements on the blockchain, and could result in the risk associated with the one-to-one mapping of these arrangements from the physical to the digital framework.
Transform your business processes
The blockchain peer-to-peer framework offers the potential to transform current business processes by disintermediating central entities or processes, improving efficiencies, and creating an immutable audit trail of transactions. This provides the opportunity to lower costs, decrease interaction or settlement times, and improve transparency for all parties. This transformational framework could alter the way financial institutions conduct business, as many transactions are peer to peer in nature.
While the benefits are clear, there are myriad risks that may be imposed by this nascent technology. Understanding of blockchain and its associated risks may change and evolve as this technology continues to mature. It’s therefore imperative for all organizations to continue to monitor the development of this technology and its application to various use cases.
Blockchain technology will transform business models from a human-based trust model to an algorithm-based trust model, which might expose firms to risks that they may have not encountered before. In order to respond to such risks, firms should consider establishing a robust risk management strategy, governance, and controls framework.
Download the full report to learn more about the range of risks introduced by blockchain.