Along with the all the hype of Blockchain, however, comes a healthy dose of the scepticism and wariness that generally accompanies all new technology releases.
For blockchain, this comes under two main areas – security and suitability of blockchain as a technology for financial services, and the regulatory complexities involved in rolling it out.
This wariness has not dampened the media’s appetite for the topic, nor has it daunted the wide variety of companies and consortia from announcing projects in research and live activations in the financial services industry.
In fact there is evidence to suggest financial services are backing the tech, with some 65% of banks expecting to be in production and at scale by 2020, and 14% of financial markets institutions expecting to have blockchain solutions in commercial production and, more critically, at scale in 2017.
Key to this growth and scale is momentum in adoption. In the study cited above, the top barrier to adoption among the banks interviewed (with 59% citing it as top concern) are regulatory complexities and constraints.
>See also: Beyond bitcoin: the legacy of blockchain
The concern is shared by regulators too – the Financial Stability Oversight Council, a group of US regulators, has warned that because these are new systems any flaws in code or design may not become clear until they are deployed and tested under stress at scale.
In the UK however, a more positive view is being adopted with a progressive frame applied to the regulatory discussion. The UK’s Financial Conduct Authority and the European Parliament have come out with positions broadly supportive of the technology, and the Bank Of England (pg. 42) recognises the potential for distributed ledger technology in real-time payments.
Among other items being examined by regulators, such as money laundering risks and governance gaps, are issues of cyber and data security.
The German regulator, BaFin, notes “the (cyber) risks to which a trade repository based on DLT is exposed cannot be foreseen as yet.” How, and at what level of visibility, access is granted to individuals on the network to retain privacy but also allow for distributed verification of transactions remains to be seen.
These concerns draw neat parallels with discussions already happening in the cybersecurity space, as well as financial services. Privacy and access to information is assured in a blockchain network through careful use of cryptographic standards.
The question therefore becomes one of what cryptography to use on these new networks to provide maximum security for the purpose, and also who has the authority to decide and ensure use of those standards. .
Consider a financial services company launching a private blockchain network as an example. What are the operational and regulatory drivers determining the cryptographic strategy?
In a multi-jurisdictional blockchain, how do you manage interoperability? Should the cryptographic standard be aligned to the regulator in the bank’s home office? Or perhaps where the blockchain’s Registration Authority sits (which is a body that registers the cryptographic certificate encapsulating a user’s confidential data). Or instead, where it expects most of the transactions to take place.
A fourth possibility is that the institution would have to ensure that the encryption used fits with all regulatory jurisdictions the network could possibly touch, even if a closed network with no external access.
The general principle in financial services is where there is sensitive information in question, native country systems and standards are used. In markets like China, Korea, Russia and even some European regions, there are national cryptographic standards that must be adhered to.
However, with blockchain being so new, there are real questions being asked and not a lot of clear answers given yet.
Consortia like the Hyperledger project are looking at this, consulting on ways to stay secure and allow for cross-border transactions and flow of data. But there is feeling among those looking into this on behalf of the banking industry that there’s, so far, a lack of guidance on the issue of cryptographic standards which is leading to uncertainty while these issues are resolved. Given how important data protection is to the industry, this lack of knowledge is proving a real block to implementation.
Regulators are really looking to industry to lead on this, which may turn out to be a smart move. The industry needs a flexible approach to this tricky question so business can choose appropriate levels of security and access for each deployment.
Industries face a radical change in cross-border information flows and the technological and regulatory standards around those transactions.
This open and consultative approach by regulators and financial authorities is to be welcomed, perhaps leading to a new model in how standards of this type are created in future.
Where once it took years and multiple versions to decide standards in the financial industry, are we about to see a new approach to regulation design driven by blockchain?
It’s an exciting time to be involved in this technology, and once this hurdle is passed, the future’s looking bright for blockchain in banking.