Tag Archives: regulatory compliance

How Blockchain helps achieve more efficient regulatory compliance

[Dec 2016]

Could the speed, security, and immutability of blockchain help financial institutions achieve regulatory compliance in a more efficient manner?  There are good reasons to think so.

Blockchain technology has the potential to transform many business processes, making the data used in those processes more available, transparent, immediate and secure. It can also strip out large amounts of cost, delay, error handling, and rework.  Possible uses include trade reporting; clearing, confirmation, validation and settlement; record keeping; monitoring and surveillance; risk management; audit; management accounting; financial accounting; and, regulatory compliance including financial crime prevention. The immutability, immediacy and transparency of information captured within a blockchain means that all necessary data can be recorded in shared ledgers and made available in near real-time. In such a world, stakeholders will no longer be simple recipients of post-hoc reports; instead, they can be part of the real-time process.

By necessity, blockchain technology is complicated but the underlying idea is simple: It is a distributed ledger or database running simultaneously on many (possibly millions) of nodes that can be distributed geographically and across many organisations or individuals.  What makes blockchain unique is its cryptographically assured immutability, or irreversibility. When transactions on the ledger are grouped into blocks and written to the database they are accompanied by cryptographic verification, making it nearly impossible to alter fraudulently the state of the ledger.

Blockchain’s immutability lends itself to proof-of-process for compliance; eg keeping track of the steps required by regulation.  Recording actions and their outputs immutably in a blockchain would create an audit trail for regulators to verify compliance. Perhaps more importantly, regulators could have read-only and near real-time access into the private blockchain of financial organisations.  This would allow them to play a more proactive role and analyse information in real time, and even issue alerts and warnings automatically.  Such a change could reduce dramatically the time, effort and cost that financial institutions spend on regulatory reporting, as well as improve the quality, accuracy and confidence in the process.

A further possible extension is blockchain being used as a digital identity management grid, with all of the information required for screening and compliance being held about individuals and/or firms in a chain.  This would reduce KYC/AML (know your client / anti-money laundering) processes to simple automated checks of a blockchain-powered, market-wide utility.  

It is likely that sharing sensitive information about customers between financial organizations will start to become the norm, once trust is established in a blockchain-enabled ecosystem.  For example, SWIFT has announced that their own KYC registry — which already includes more when 1,000 member banks — will be shared with trusted partners and customers in future.  This is one of the early steps to achieving fully trusted digital identities in the industry – a so-far unachieved target for the industry.

So what are the barriers to blockchain being adopted?  Mainly they are privacy and performance issues. Using blockchain for trade reconciliation, settlement and the like would require sophisticated privacy controls and the management of access to the information residing in the blockchain.  Out of the box, private (permissioned) blockchains can provide two types of access control: read-only and read/write. Additionally, it is possible to introduce permissions to mine, receive or issue assets.  Real-world applications in capital markets and other sectors, however, require more flexible and granular access management schemas: Simply putting complete information about all transactions on a shared ledger open to anyone on the network is something no market participants could accept.  Speed is also a possible issue for the immediate adoption of blockchain in high-frequency processes. Performance with Blockchain-enabled databases is significantly slower than conventional databases due to the cryptographic component, which is very calculation intensive. But speed issues are always solved in the tech world, so this may just be a waiting game in which we migrate processes to blockchain once the technology catches up.

In summary, Blockchain technology has the potential to revolutionise many business processes in financial services and capital markets, as well as regulatory processes, bringing great benefit to the regulatory compliance profession.

Cliff Moyce, December 2016

This article was first published on the blog of the Financial Crime Prevention Association at https://fcpablog.com/2016/12/2/cliff-moyce-how-blockchain-helps-achieve-more-efficient-regu/

How Blockchain Can Revolutionize Regulatory Compliance

[August 2016]

Blockchain is currently one of the hottest topics in financial services and capital markets. The technology has the potential to transform many business processes, making the data used in those processes more available, transparent, immediate and secure.  It could also strip out large amounts of cost, delay and error handling/rework.  Possible use cases include trade reporting; clearing, confirmation, validation and settlement; recordkeeping; monitoring and surveillance; risk management; audit; management and financial accounting; and regulatory compliance (including – but by no means limited to – financial crime prevention). The immutability, immediacy and transparency of information captured within a blockchain means that all necessary data can be recorded in shared ledgers and made available in near real time.  In such a world, stakeholders will no longer be simple recipients of post-hoc reports; instead they can be part of the real-time process.

Blockchain first emerged as the technology that powers the cryptocurrency bitcoin.  However, since its first appearance in 2009, blockchain’s potential uses have far exceed cryptocurrency applications.  By necessity, blockchain technology is complicated in its implementation, but the underlying idea is simple: it is a distributed ledger or database running simultaneously on many (possibly millions) of nodes that can be distributed geographically and across many organizations or individuals. What makes blockchain unique is its cryptographically assured immutability, or irreversibility.  For example, when transactions on the ledger are grouped into blocks and written to the database, they are accompanied by cryptographic verification, making it nearly impossible to alter fraudulently the state of the ledger. Another way to think about blockchain is as trust/consensus technology: the changes in the data are recorded into the blockchain when network participants agree that a transaction is legitimate in accordance with shared protocols and rules.

Interest in blockchain in financial services and capital markets continues to grow – and will accelerate as live solutions make their way to market.  Many organizations – including banks, exchanges and fintech firms – have announced initiatives in 2016, while the list of possible use cases being proposed in articles and forums is lengthening.

Applications in Compliance

One of the most exciting features of blockchain from the compliance perspective is its practical immutability: as soon as data is saved into the chain, it cannot be changed or deleted. That is why blockchain is used as the document or proof for the transfer of any digital asset, for example bitcoins or other digital currencies. By the same token, it can be used as record of ownership of physical property – an approach currently undergoing testing by Sweden’s national land survey, where a blockchain-powered system for registering and recording land titles is attempting to digitize real estate processes.  Blockchain’s immutability also lends itself to the application of proof-of-process for compliance.  Blockchain could be used to keep track of the steps required by regulation. Recording actions and their outputs immutably in a blockchain would create an audit trail for regulators to verify compliance.  Almost as importantly, regulators could have read-only, near real-time access into the private blockchain of financial organizations.  This would allow them to play a more proactive role and analyze information in real-time mode.  In other words, this brings them closer to becoming participants in – rather than customers of – the process. Such a change could reduce dramatically the time and effort (and therefore cost) that financial institutions spend on regulatory reporting, as well as improving the quality, accuracy and confidence of and in the process.

Another regulatory field where blockchain could play an important role is in KYC (know your customer) and AML (anti-money laundering). Banks and other financial institutions have to complete many tasks and steps as a part of the onboarding process for new clients. In addition to data collection, there are important rules around validation, confirmation and verification to be completed before new clients can be onboarded.  In some markets, the process can take several months.  Many of the steps could be eliminated if the information existed already in a secure, tamper-resistant database – an immutable blockchain. Any changes to customer data will be distributed to participants in the blockchain immediately. The chain would provide records of procedures and compliance activities for each client.  Blockchain would play the role of proof-of-process, so all that steps are easily traceable and regulators can be confident about the veracity of the information. Moreover, individuals would be co-custodians of the information on the blockchain, which could provide additional protection against identity theft (impacting or even disintermediating businesses like credit-monitoring services).

A further possible extension is blockchain as a digital identity management grid, with all information required for screening and compliance being held about individuals and/or firms in a chain.  This would reduce KYC/AML processes to simple automated checks of a blockchain-powered, marketwide utility.  It is likely that sharing sensitive information about customers between financial organizations will start to become the norm once trust is established in a blockchain-enabled ecosystem.  Interestingly, SWIFT has announced that their own KYC registry, which already includes more than 1,000 member banks, will be shared with trusted partners and customers in the future.  This is one of the early steps to fully trusted digital identities in the industry – which must be the target business and legal outcome.

Smart Contracts

It is hard to explore potential applications of blockchain without mentioning smart contracts. In short, smart contracts are custom, self-executing programs (distributed applications) that run on a blockchain and are triggered by some external data or event that lets them modify some other data; if certain conditions are met, a smart contract can update the blockchain according to predefined rules (e.g., transfer digital assets from one participant to another).  Once this technology gathers enough momentum, its proponents believe smart contracts will be no less revolutionary than the invention of HTML, which transformed the internet and, subsequently, the entire world economy. The appeal of smart contracts is undeniable, as they could potentially replace many functions currently executed by costly or inefficient intermediaries.  However, smart contract technology clearly isn’t ready for prime time yet, as evidenced by the recent much-publicized DAO debacle, where a poorly formulated contract allowed a savvy user of Etherium, a popular public blockchain, to obtain millions of dollars’ worth of digital currency. Smart contracts need to become much more robust to reach the comfort level necessary for widespread adoption by industry.

The smart contracts issue reminds us that with all its promise, blockchain is still quite experimental and not without its challenges with regard to the use cases being discussed in the industry.  Some of the barriers to adoption that come to mind are privacy, performance and infrastructure.  Using blockchain for trade reconciliation, settlement and the like would require sophisticated privacy controls and the management of access to the information residing in the blockchain. Originally, blockchain was designed for precisely the opposite – namely, to enable every network participant to view the entirety of the data.  With Bitcoin, for example, anyone can view the entire ledger if they wanted to. Out of the box, private (permissioned) blockchains can provide two types of access control: read-only and read/write. Additionally, it is possible to introduce permissions to mine, receive or issue assets. However, real-world applications in capital markets and other sectors require more flexible and granular access management schemas; simply putting complete information about all transactions on a shared ledger open to anyone on the network is obviously something no market participants would agree to. In a perfect world, blockchain would allow enterprise companies to map their existing LDAP (Lightweight Directory Access Protocol) users/groups in it. This is a non-trivial problem that remains unsolved at this time, to the best of our knowledge.

Challenges

Speed is often cited as a big problem for the wider adoption of blockchain. Performance of blockchains is significantly slower than conventional databases, and with good reason: the cryptographic component, which is what gives blockchain its most attractive features, is very calculation-intensive. For example, the throughput capacity of bitcoin is only around seven transactions per second. This does not compare very well, for example, to the average of 2,000 transactions per second processed by the VISA payment system, with the peak capacity of 56,000 transactions per second (although they never actually use more than about a third of this, even during peak shopping periods). There are attempts being made to build blockchains capable of higher performance. Most notably, BitShares claims the ability to handle up to 100,000 transactions per second, which would be plenty fast enough if this were an apples-to-apples comparison.  However, the definitions of performance used by BitShares in their publicized explanations seem different from the accepted norm. These comparisons are further complicated by factors like collocation and the distributed nature of blockchains, but in the grand scheme of things, for now the performance gap remains unbridged.

Setting up and managing the infrastructure to support blockchain solutions is another challenge to organizations experimenting with the technology. As information security, operations, cloud and other teams start introducing blockchain as a new data/code layer in their firms, the process can be quite disruptive, in particular because there are no best practices available that would streamline the roll-out process. There are early attempts to improve the situation, like Microsoft’s Project Bletchley or Hyperledger, but they are not yet finalized for production use.

In summary, blockchain technology has the potential to revolutionize and improve many business processes in financial services and capital markets. Of the many processes that could be improved by the technology, it is regulatory processes such as KYC and financial crime prevention (e.g., AML) that may be early converts.  If this turns out to be the case, the benefits to the industry will be enormous.

Cliff Moyce

This article first appeared in Corporate Compliance Insights, the global premier news site for compliance, ethics, audit and risk: