We have heard so much about Blockchain these past two years. Indeed, even though in its first steps, if we consider the big temporal picture of its implications, this technology already has a multitude of impacts – not only in the finance and banking sector, but in virtually all industries and disciplines.
Because of its nature, the first thing that comes to mind is the cybersecurity dimension of this technology. As a matter of fact, Blockchain has been praised precisely for setting an unprecedented level of security when it comes to its uses in the cyberspace, but also when it comes to the security of personal data. But what are the implications that this technology has in the way we manage risk today and, most importantly, in the way we will manage risk in the future? And when one thinks about this aspect of Blockchain, it is inevitable to ask: how can we manage risk in the usage of this new technology?
block·chain noun
a system in which a record of transactions made in a cryptocurrency is maintained across several computers that are linked in a peer-to-peer network.
Compliance and Regulations
While the premise of the usage of Blockchain in organizations is that it makes data transferring much more secure than the current systems, as well as less costly, more efficient and quicker, the novelty of this technology also poses new challenges when it comes to risk management. Risk managers have all the reasons to be excited about this new technology, but by the same token, they have all the motives to be intimidated by the challenges that it presents.
Moreover, there is also the compliance and regulatory aspect, which deepens the challenge, because as with every new technology, regulatory bodies will have to enact regulations as soon as possible to make sure that this technology does not pose a serious threat, especially to capital markets. However, because of its anonymous nature, its novelty and, therefore, also lack of experience and shortage of experts, it is much harder for regulatory bodies to form and enact truly efficient regulations for Blockchain.
In the United States, the Financial Industry Regulatory Authority (FINRA) – which is a private entity, that among other things acts as the arbitrary entity of the operations of the New York Stock Exchange – has already issued a comprehensive guidance which is to be carefully considered and followed by organizations which employ the technology in the New York Stock Exchange.
The “White Hat” and the “Black Hat” Blockchains
When it comes to risk management, it is important to distinguish between the two main types of Blockchains: permissioned and unpermissioned (or permissionless) Blockchain. In the risk and security dimension, the distinction between the two plays a big role.
Unpermissioned Blockchain is a system which allows all parties to participate without the need of vetting. At the very beginning of the commercialization of the theoretical usages of this technology (remember when cryptocurrencies, more specifically Bitcoin was the buzzword of the day?) almost every case we would hear was in fact based on this type of Blockchain – the unpermissioned one. Therefore, we would hear at lot about mining, and that is because unpermissioned Blockchain uses a pool of cryptocurrency at the beginning to pay the miners and other service providers. In an analogy to labor unions, this would be the “inclusive” type of union, where all the workers (in this case voluntary parties) would be allowed to join the union.
The permissioned Blockchain, however, is one where a number of administrators or an administrator strictly controls the access of parties into the framework. So this is the “exclusive labor union” – to continue the analogy. In other words, not everyone can be part of it other than the vetted parties.
Smart Contracts
When we talk about Blockchain within an organization, we are talking about the “permissioned Blockchain”, where it is easier to mitigate risk than almost any other kind of system. However, regardless of the type of Blockchain, the usage of smart contracts is a crucial element which contributes to a great extent to the minimization of risk through the usage of Blockchain. Tractability and irreversibility are the elements which ensure the minimization of the risk thanks to these self-executing codes (protocol) called smart contracts. They can also easily and quickly control or enforce the performance or negotiation of a contract. The straight-through processing that is enabled by smart contracts is also a major factor, which not only increases efficiency and lower costs, but also reduces risk through the reduction of settlement and interaction times.
Peer-to-Peer Framework
Another major component that contributes to risk reduction through the usage of Blockchain is transparency. The Peer-to-Peer framework – an architecture which distributes the workload between peers and which is commonly used in file-sharing applications in order to avoid single point failure and which gives peers equal privilege and makes them equipotent – is an excellent structure to increase efficiency and transparency as well. It is through the immutability of the audit trail of transactions that this dynamic and self-organizing technology increases transparency, reduces the chances of fraud and ultimately decreases risk.
From Humans to Algorithms
Ultimately, in general, not only in the Blockchain technology, the most genuine way to avoid risk is through the increase of trust. And attempts to mathematically represent trust have never stopped. A trust model – for those who are not familiar – is a compendium of rules that inform the application about the legitimacy of a digital certificate. In other words, it is a systematized way of informing the decision-maker to help in making a decision. The big risk management challenge that Blockchain brings is the creation and adaptation of new risk strategies from risk practitioners that would be able to tackle the transition to an algorithmic trust model from a human-based trust model. That is to say that we are forced to rethink to considerable extents the big picture of organizational governance as well as the nature of the controls we establish.
In every aspect of life, the transferring of tasks and duties from humans to algorithms looks every day more inevitable. There is no reason to believe that risk management is an exception. In this sense, it seems logical that the sooner we accept this reality, the smoother the transition and the lower the risks. Because the idea of automation has taken another, previously unimaginable proportion, risk managers should – on another note – not only premeditate the impacts of these incredibly disruptive technologies, but also think of ways to make the human factor useful in a future where it seems that it (the human factor) will become more of a liability than an asset.