Blockchain, the secure distributed ledger of digital events that uses consensus and cryptography to validate each transaction while also protecting the identities of all participating parties, is more commonly associated with cryptocurrencies such as bitcoin, but it has applications elsewhere that could disrupt the established financial services industry. In this paper, part of Protiviti’s series exploring how new technologies are disrupting financial industries, Protiviti’s Ed Page, Tyrone Canaday fand Nirav Shah discuss the impending impact of blockchain technology.
What are the main uses and advantages of blockchain today?
Ed Page, managing director and Financial Services Industry IT practice leader at Protiviti: Blockchain is one of the more disruptive technologies available today, and it has broad implications for the payment space. There are many opportunities for blockchain to disintermediate some of the payment networks in place today. In so doing, blockchain has the promise to streamline much of the arcane processing that has evolved over time.
There are many challenges, however, including regulation and integration with the existing payment ecosystem. The regulatory response to blockchain will be something to watch carefully. Despite the promise of transparency that blockchain brings, there are questions about how things like Know Your Customer (KYC) and anti-money laundering (AML) compliance will manifest in a blockchain context. These will be solved over time, but how they will be resolved is still uncertain.
Blockchain is one of the more disruptive technologies available today, and it has broad implications for the payment space.
How susceptible is blockchain to hacking?
Besides cryptocurrencies, how can blockchain technology be used in financial services systems?
Canaday: Blockchain technology can be leveraged to facilitate person-to-person (P2P) payment transactions and the exchange of value between any two parties. It can also be used to provide simple and efficient post-trade clearing and settlement services. In addition, there are applications around security and privacy, since the underlying protocol accomplishes requirements around authentication. Because a historic record is kept for all transactions on the blockchain, there are also potential uses for compliance risk management as well as internal audit groups that have access to the ledger.
Page: Blockchains can also be used to facilitate the digital documentation transfer of legal documents and property titles. Indeed, any legal document that must be securely and verifiably transmitted between entities can benefit from blockchain technology. There is great potential for these “smart contracts,” particularly in the legal and accounting space.
Canaday: Risk and compliance executives could use blockchain technology and smart contracts for providing electronic sign-offs, which could aid in better controls for a bank’s environment and overall governance efficiency. For example, maker-checker validations around processes such as funds transfers could be made more transparent and streamlined. Some firms have pilots in place to test use cases around an internal permissioned ledger to manage systems.
Any legal document that must be securely and verifiably transmitted between entities can benefit from blockchain technology.
Blockchain won’t immediately replace the payment networks Visa, MasterCard and American Express have built, because they are already secure, fast, inexpensive and ubiquitous. Blockchain is slower in terms of approval or verification than a traditional network-based payments transaction. Where it will more likely have near-term impact is in money transfer. Blockchain will likely disrupt the worlds of cross-border wire transfers, ACH and P2P payments.
Most small businesses and middle-market businesses pay their international suppliers through wire transfer, or through ACH, electronic checks or e-payables solutions for domestic transactions. For international payments, which are increasingly common, unless the payee wants to accept credit cards, the payor has to go to a bank or log on to the bank’s website, and it has to use a complex routing mechanism. The money is transferred out of its account using Swift there are correspondent banks in the middle and, eventually, it winds up in the destination account. But the process is slow and expensive, and you can’t track your money during the funds transfer; it is 30- to 40-year-old technology.
One company uses bitcoin to speed up international money transfers. Using local money transfer rails, such as ACH in the United States, it moves money out of an account, then instantly transfers the money to bitcoin (but it could use any blockchain-oriented currency or mechanism). Within milliseconds, it transfers the funds out of bitcoin and into the destination currency in the destination country – currently, they support approximately 30 countries. Finally, the money is deposited into the recipient’s account using the local rails. This is relatively low risk, because the transfer into and out of bitcoin happens in less than a second, and the entire process is trackable. It takes half the time and a fraction of the cost, and it is starting to disrupt cross-border payments.
Does blockchain also offer advances for internal audit as well as security and privacy?
Canaday: The ability to view historic transactions and associated counterparties on the blockchain holds many potential uses for internal audit and security and privacy. Audit is essentially built into the blockchain itself, as a user is able to see a log of all transactions and who has committed them. We are starting to see companies analyzing the blockchain for irregularities in activity and adopting it for security and privacy.
There are banks experimenting with using blockchain to track transactions at the device channel level. For example, electronic payments initiated from a mobile device or via a website are monitored as endpoints on the blockchain of a closed-loop system. Combining those capabilities with additional multifactor authentication facets such as tokenization (the process of replacing sensitive data elements with nonsensitive elements), geolocation or biometrics allows even more layers of security. This is already happening at some organizations.
The blockchain has business continuity and disaster recovery built into its design, as all participants have a copy of the ledger and there is redundancy in the network in case a portion of it goes down.1 Furthermore, there are different analytics tools on the blockchain so firms can investigate other attributes of the transaction, such as currency types, frequency and location of payment origination, as well as type of customer channel utilized. Analytics applied on this data could provide powerful investigative tools for security and privacy teams.
How quickly do you expect blockchain to gain further traction in the financial services markets?
People are still trying to figure out its applications. The adoption of blockchain technology hasn’t moved more quickly because there remains a general lack of understanding about it. The teams working on it have deep expertise, but they are not necessarily the ones making adoption decisions. Blockchain will not be additive; it will replace something that exists today. There needs to be more understanding and simplification about it so senior-level decision-makers have comfort in moving from the tried-and-true to something disruptive.
Canaday: Penetration around blockchain will largely depend on how it is adopted by the various players in financial services. Consortiums like R3 are experimenting cross-bank to test various use cases.2 There seems to be a lot of interest in capital markets, especially around post-trade clearing and settlement applications.
We are starting to see that already; Nasdaq has successfully completed trades using blockchain, and there are efforts in Australia and China to do the same. Janet Yellen, governor of the Federal Reserve Board, is encouraging the central banks to study blockchain. If this technology can be applied to find revenue-generating applications and move top-line growth for firms, there will be an even more rapid adoption.
Blockchain will not be additive; it will replace something that exists today. There needs to be more understanding and simplification about it so senior-level decision-makers have comfort in moving from the tried-and-true to something disruptive.
What are the applications for risk and compliance issues such as Know Your Customer (KYC)?
Ranjane: Applications for KYC and risk and compliance are conceptual at this point. It is difficult to see how this will be applied to AML compliance and risk management as a whole.
Nirav Shah, director, Protiviti: It is certainly more developmental in these areas. A research lab that determines how you could use the ledger or transaction analysis in KYC would show you how to build that into your monitoring processes, but such applications are in an incubation space right now.
Security is inherent in the ledger, but it could do a better job on normal payment systems to use the type of security-of-privacy controls that are required to see how they line up when firms use blockchain technology. They will certainly gain more clarity, since they will not only be screening in the traditional way; they will also screen information that may be buried inside. How they do that will present some challenges.
Ranjane: Looking ahead to a blockchain-enabled financial world, the transaction monitoring process may need to change, because transactions are occurring more on the network using multiple institutions. In this more connected global marketplace, the regulatory approach to AML, KYC and transaction monitoring may need to change from being focused on an individual institutional level to being conducted at a state or even at a global level.
Page: Some senior AML executives are already discussing the idea that, rather than continuing to spend billions of dollars on partially effective compliance activities while still risking billions in AML enforcement fines, the industry would be better off simply paying an “AML tax” to the government, transforming AML requirements into a pure data-reporting regime and letting government staff handle transaction monitoring.
Although this is unlikely to happen – at least, not anytime soon – it demonstrates the fact that it is becoming increasingly difficult for any given institution to get a full picture of who they are really doing business with and what types of activities are behind the end of a transaction being monitored. Today, there is some degree of cross-institution information sharing as a result of the 314(b) provisions of the USA PATRIOT Act, but it is not universally adopted by all firms, and even for those that have signed on, it is done in a very ad hoc manner – there is no centralized or systemic data exchange, for example. I could certainly see something like that being set up as an interim step between where we are now and the fully centralized industrywide monitoring system of the future.
The blockchain cheerleaders say that AML monitoring will actually be easier and more effective under blockchain than legacy rails because of the ability to perform networkwide and cross-institutional behavioral monitoring, which adds more value than the limited KYC information subtracts. That said, even after significant investments and decades of development, behavioral monitoring remains in its infancy.
Can firms adopt blockchain technology without first modernizing their legacy systems?
Canaday: Firms can adopt blockchain technology without having to make wholesale changes to their legacy systems, but it would require careful consideration of where and how to apply the technology, and how to couple it to existing systems and processes. There may be specific business processes in organizations that could be made more efficient by using smart contract structures, however. Blockchain is definitely going to be disruptive. Banks will likely create new blockchain functionality in environments that run parallel to their existing production environments, and as they start to prove the concept out, they can start to roll it out more broadly. But this will need to be closely managed.
What are the main challenges for firms looking to implement blockchain?
Adoption must occur industrywide to gain the perceived efficiencies and the additional security of leveraging blockchain. That means creating partnerships with competitors, with upstream and downstream processing or data providers to implement blockchain simultaneously.
Canaday: The advent of blockchain is similar to the changes that occurred to entire business models when the internet was invented. People and organizations don’t yet know the impact and the promise of blockchain and which types of business models will spawn from it. From a change-of-management perspective, as with any new technology, new business processes are impacted, as well as the skills needed to support them.
Ranjane: Integrating blockchain within the ecosystem internally and externally is a significant challenge. Add to that compliance activities and operational nuances, as well as the engineering perspectives.
The advent of blockchain is similar to the changes that occurred to entire business models when the internet was invented.
What is the current regulatory response to blockchain, and how could future regulations impact its development?
Regulators around the world are telling firms to innovate with caution, but that means they haven’t figured out how to regulate blockchain and what the regulatory implications will be. Whatever innovation financial institutions create, they must be in step with the regulators, working closely with them so they understand the implications of the change to come.
Canaday: Emerging technology firms, by their very nature, tend to operate in new spaces where regulation likely does not exist or where it is emerging. Because of this, organizations may appear to be operating under the radar of regulation. There needs to be better collaboration between banks and regulators so as to not hamper innovation.
In some cases, there would be no regulation: Using blockchain for credit card payments, for example, wouldn’t be regulated per se, because the entities running it aren’t processing companies – they are technology firms. But the companies they plug into, such as banks and other financial services firms, will be regulated, and as such, new entrants need to understand the implications for those companies. For example, in 10 years, the major credit card companies could collectively decide to replace their existing rails and implement a blockchain-oriented system. Every card issuer, processor and merchant acquirer would need to work within that framework, and all those entities would be regulated.
Can firms predict the value of blockchain today?
Canaday: There is a time-cost benefit in certain areas of the market. Blockchain could reduce the cumbersome back-end processes (like clearing and settlement) from a number of days to real time. Firms would benefit from having a better sense of their real-time liquidity positions, which could provide better intelligence to make business decisions. Clearly, efficiency is one benefit, and reduced fraud could be another.
Shah: Blockchain could help a clearing corporation solve how derivative transactions are moving back and forth, but it could be used in tracking the movement of investments as well.
Blockchain could reduce the cumbersome back-end processes (like clearing and settlement) from a number of days to real time.
How will the expansion of blockchain impact the financial services market in the short-, middle- and long-term?
Canaday: It really depends on the sector of the market. At one extreme, clearinghouses could become obsolete if the trading and investment banks all switch to use blockchain technology. This would make the process more transparent, because all the parties will participate in those activities, as well as transact in real time. There have to be clear value propositions with tangible outcomes and benefits for blockchain expansion.