Filed Under:Risk Management, Cybersecurity

Blockchain technology: Balancing benefits and evolving risks

With uses of a blockchain, financial institutions and corporations must consider new sources of risk when reformulating their risk management systems and insurance programs. (Photo: Shutterstock)
With uses of a blockchain, financial institutions and corporations must consider new sources of risk when reformulating their risk management systems and insurance programs. (Photo: Shutterstock)

A recent technological innovation called the “blockchain” has the potential to transform the way financial institutions process transactions and corporations conduct business.

Financial institutions and corporations have traditionally relied on written documents exchanged during in-person closings to complete transactions and loans, and relied on written checks to document the transfer of funds. Transactions are also subject to time-intensive, complex, and laborious regulatory and compliance reviews. Now blockchain technology offers corporations and financial institutions the opportunity to eliminate billions of dollars in operating costs from the myriad transactions they engage in every year.

Related: Blockchain in insurance: Guiding the hammer toward the real nails

Although blockchain was first introduced as the technology underlying cryptocurrencies, it is now being applied in traditional businesses. For example, a consortium of leading banks — including Morgan Stanley and Credit Suisse — recently partnered to apply the blockchain to streamline cross-border payment settlement, with other banks such as Goldman Sachs and Banco Santander developing their own competing blockchain-based system.

Credit card companies are actively exploring blockchain-based transactions, with Visa–Europe actively seeking banking partners for a pilot of a blockchain-based interbank settlement solution. Blockchain technology has also piqued the interest of Wall Street, which is studying the trading of private stocks on a new kind of blockchain, as a means of replacing paper share certificates, substantially reducing the time spent managing the certificate process and even facilitating shareholder voting.

Use of a blockchain opens companies to new types of risks and hazards not contemplated by current risk management systems. One problem is the lack of consensus on blockchain standards, with a number of different startups developing technologies that use their own standards.

New private blockchains, which are growing in popularity because they enable companies to streamline and share confidential and proprietary information in one place, may be especially valuable for hackers, and so might result in catastrophic losses if compromised. Private and semi-private blockchains also present concerns around determining who has access to potentially relevant transactional information and ensuring that limitations on access are fully in place.

Another issue is the lack of a regulatory structure addressing authentication requirements, risk transfer, and loss allocation. Financial institutions and corporations must consider these new sources of risk when reformulating their risk management systems and insurance programs.

What is the blockchain?


The blockchain stores data about individual financial transactions in a decentralized way that should, in theory, provide greater security and limit the risk of fraud. And although it relies on cutting-edge cryptography, the basic concept underlying blockchain technology is similar to that of a simple Excel database. The difference lies in the way financial institutions, corporations, and individuals interact with the database and confirm transactions on that database.

Traditionally, global financial systems have always used a centralized entity to verify and memorialize every transaction. In contrast, a blockchain stores data semi-publicly, transferring authority and trust to a decentralized network. When a transaction is executed, it is signed with a private key unique to the sender. Then the transaction is broadcast between users and confirmed through a process called “mining,” in which separate, independent software systems (“miners”) continuously and sequentially record transactions on a public (in the case of traditional blockchain) “block.” These independent confirmations of the transaction purportedly guarantee its authenticity.

Cryptography secures the authentication process. Before recording a block of transactions, miners authenticate them by applying a mathematical formula that results in a seemingly random sequence of letters and numbers known as a hash. The hash is produced using the hash of the preceding block, in a math problem. Although the math is difficult to solve, the solution is easy to verify. Thus, the hash becomes the digital version of a wax seal.

After using this process to authenticate a transaction, miners store the “block,” along with its hash, in a unique “chain.” If you change just one character in a block, its hash will change completely. The ramification for security is that if someone tampers with the block, the change becomes public.

A blockchain documents each transaction’s details, identifying the sender, recipient, input amount, and output amount. Only the parties to a transaction can unlock the contents of the block because only they hold the private key necessary to open the data. But since each entry bears a hash, anyone can verify the existence of a transaction within the block.

Ultimately, a blockchain behaves like a database, except for two characteristics: first, in traditional blockchain, the information contained in the “header” is stored publicly, and second, transactions may only be added — nothing can be deleted. Thus, a blockchain is the cyber equivalent of having a write-only spreadsheet with certain fields shared openly on the internet. And because it enables users to verify the existence and authenticity of each transaction, a blockchain removes the need for a central intermediary in the clearing of transactions.

Bitcoin: Infancy, publicization of the blockchain


For thousands of years, money has taken the form of either physical objects whose supply is scarce (e.g., precious metals), or coins and notes issued by a government. Cryptocurrencies that have emerged in recent years, such as bitcoin, present an alternative medium of exchange. They replace the physical forms of money with a computer file that is accepted (by some sellers) in exchange for goods or services. In doing so, they raise security questions that never come up for users of traditional currency.  

Cryptocurrencies such as bitcoins run through a blockchain, essentially a global ledger through which a large peer-to-peer network verifies and approves each transaction. The blockchain is public and resides on a network of connected computers around the world, rather than in a single database. Every 10 minutes, the transactions are verified and a new link is created, permanently time-stamping and storing the exchanges of value on the ledger.

When a physical object is offered as payment, there is rarely doubt that the payer owns it, or that the payer hands it to the recipient. In contrast, a digital file is easily created and duplicated. The blockchain helps mitigate this risk by ensuring that any time an owner of a cryptocurrency cedes that ownership to another party, the transaction is validated and recorded. This process helps prove that the recipient subsequently owns the cryptocurrency.

Validation could be entrusted to a central record, as medieval merchants did when they paid one another by transferring sums on a bank’s books, or as modern banks do when they settle their transactions on the books of the Federal Reserve. Instead, with cryptocurrency, the recording is decentralized. Proposed transactions denominated in a cryptocurrency are broadcast to a large network of miners on the internet. Every 10 minutes, the miners gather up the new proposed transactions and attempt to add them to the blockchain.

The key to preventing falsification in the blockchain is to make the additions costly. The mining process is expensive in terms of computer hardware required, electricity consumed, and time expended — and the safety of this process has enhanced the reputation and viability of cryptocurrencies. Once a medium of exchange for criminals, they are increasingly accepted by commercial entities — everyone from Microsoft to Overstock to AirBaltic.

The next blockchain frontiers


While blockchain was originally used solely to support cryptocurrencies, it is now being applied in traditional business, to everything from the exchange of securities to supply chain management.

Blockchain technology leapt toward mainstream acceptance when Nasdaq announced that it had experimented with incorporating it into a pre-IPO trading arm. Nasdaq Private Markets, a subsidiary that assists with investment in firms that are not publicly traded, started to document trades into a blockchain, in hopes that the process would “provide extensive integrity, auditability, governance, and transfer-of-ownership capabilities.”

The blockchain usually logs the transfer of money, but it can also hold other information, such as data around the transfer of securities. Bob Greifeld, CEO of Nasdaq explained, “Utilizing the blockchain is a natural digital evolution for managing physical securities. Once you cut the apron strings of need for the physical, the opportunities we can envision blockchain providing stand to benefit not only our clients, but the broader global capital markets.”

Investment banks are now joining the revolution. Notably, these banks are not focused on currency. They are exploring ways to reshape daily operations, upgrade old back-office systems, and outsource costs associated with contract execution. For example, more than 75 of the world’s leading financial institutions have joined in a partnership named R3 CEV. R3 CEV, which is led by the financial innovation firm R3, seeks to create a distributed ledger system for the financial sector that is based on adapted blockchain technology. This distributed ledger system, Corda, will record, manage and synchronize financial agreements between financial institutions.

As with blockchain, Corda will coordinate information between participants without a central controller. Corda will allow financial institutions to view the relevant details about a transaction into which they are entering; determine whether that deal is valid, based on the validation requirements entered by each party to the transaction; and determine whether the deal needs to be agreed on by another party, or whether the transaction conflicts with an existing transaction. However, unlike traditional blockchain technology, Corda will limit knowledge about transactions. Only those parties that need to know the data within an agreement will be able to see the relevant information, and verification of transactions will be limited to the parties to the transaction.

Although Corda appears to be a strong tool and is backed by many major banks, several investment banks such as Goldman Sachs and Banco Santander have withdrawn from R3 CEV. However, these banks do not appear to be abandoning blockchain technology. Rather, Goldman and Santander are investors in Digital Asset Holdings, a rival blockchain startup headed by former J.P Morgan executive Blythe Masters. Therefore, it appears that financial institutions will be using a variety of blockchain-based systems to replace their back-office software and databases, to support more accurate and efficient transactions, and to verify compliance with internal requirements and the myriad of regulatory requirements.

Hu Liang, senior vice president and head of emerging technologies for State Street, suggests, “These new technologies could transform how financial transactions are recorded, reconciled, and reported — all with additional security, lower error rates, and significant cost reductions.” The technology underlying these financial transactions seems to also have potential use for businesses in other industries, which need to share information, enter into agreements, and validate transactions with the relevant parties.

The implementation of blockchain technology is not limited to financial institutions. Blockchain can provide a “single source of truth,” enabling a revolution in compliance and audit functions, and enhance the transparency and security of banking activities for financial institutions and corporations alike.

Blockchain technology is also being used by corporations to meet everyday business needs. Walmart has unveiled a trial run of blockchain technology in its food safety supply chain for pork in China and a “packaged produced item” in the U.S. Blockchain enables Walmart to pinpoint the source of contaminated food and to quickly pull the affected products, increasing the accuracy and efficiency of product recalls.

Blockchain technology is also behind supply chain tracking in industries ranging from the diamond industry to the automotive industry. It’s also in tamper-resistant pharmaceutical supply-chain-tracking seals. BHP Billiton Ltd. will start using blockchain technology to create a shared real-time system in which its employees can track rock and fluid samples and analyses to help the company determine where to dig new oil wells. Recognizing the wide range of potential uses of blockchain technology, the healthcare industry is exploring blockchain’s utility for facilitating clinical trials, securing and managing patient health records, and improving claims processing.

Corporations are also using blockchain technology to issue stock and obtain stockholder approval for corporate decisions. Overstock.com Inc. is close to unveiling a securities-trading system using the blockchain. The discount retailer announced that it will issue a digital version of its stock that will then be traded on Pro Securities LLC, a trading system in which Overstock invested. According to CEO Patrick Byrne, Overstock is “ready to start a crypto Wall Street.” He explains: “Like Jonas Salk injecting himself with polio, our first client is going to be ourselves.” While Overstock’s initial offering is limited to Overstock equity, Nasdaq announced in December 2015 that it had used blockchain technology to complete and record a private securities transaction.

Risk management challenges


Blockchain technology was created to transfer value and ensure that each counterparty to a transaction fulfills its end of the deal. However, the application of this technology creates a plethora of new concerns:

  • Will there be a formal original agreement or other document evidencing ownership, or will all information be encoded?
  • If institutions rely on technological coding, how will the integrity of this information be ensured?
  • What if the securities or other assets memorialized in the blockchain are forgeries or misrepresentations? Does the blockchain ensure adequate recovery for losses incurred when a party to a transaction makes decisions based on false information? This may be especially top-of-mind for financial institutions that may be entering into transactions with parties using multiple blockchain-based technologies.
  • How do parties to a transaction ensure that all requirements for validation and potential conflicts are properly encoded in the blockchain? Who bears the risk of an inaccurate or incomplete encoding of validation requirements?

The application of blockchain technology to the transfer of securities and negotiable instruments could potentially increase the risk of fraud. That’s because a blockchain transaction may not undergo a comprehensive review looking for fraud, alteration, and forgery. The participating financial institutions may not receive the original documents on which the transaction is based, and thus may not have an opportunity to analyze those documents’ authenticity. If the technology evolves such that original documents are no longer provided, that could introduce the potential for information to be lost through hacking or through a technological failure.

Related: 9 factors impacting claims in 2017

blockchain

The efficiency advantages created by blockchain technologies must be weighed against the risks. (Photo: iStock)

Since financial institutions appear to be moving toward competing blockchain-based platforms, there is also a potential for assets to be double-pledged or for parties to enter into conflicting financial transactions on different platforms. For example, the seller of a promissory note could use one proprietary blockchain-based platform to sell a note.

Absent a means to compare transactions effected on one platform against transactions effected on another platform, the same seller could attempt to sell the same note through a different proprietary blockchain-based platform, thereby defrauding the purchaser (who, absent strict verification procedures, could be induced to unknowingly purchase a note the seller did not own). Such a situation would create room for error and fraud, so parties using blockchain to validate transactions in the future may need to find ways to compare information between different blockchain-based platforms. 

Allowing participants to encode their own validation and conflicts information could create a further risk of error or fraud. As an example, when forensic document examiners are trying to detect alterations or forgery, they generally require original documents. According to the National Forensic Science Technology Center, “Original documents may bear defects, flaws, or characteristics that are not reproduced in a copy.”

Every time a physical document is photocopied, a small amount of information is lost. The issue is exacerbated with multigenerational copies (i.e., copies of copies), many of which contain insufficient quality for forensic examination and comparison. These types of original documents do not exist in the context of a blockchain transaction. Businesses engaging in blockchain-based transactions will, therefore, have to modernize their practices and adopt computer-savvy protocols to ensure that transactions are properly verified and recorded, in order to avoid the risk of invalid or fraudulent transactions.

The efficiency advantages created by blockchain technologies must be weighed against the risks. Blockchain provides a relatively safe method for memorializing the chain of ownership and transfer of securities. Still, banks and other financial institutions may need to obtain and review an original copy of all relevant documents prior to entering into a blockchain-based transaction. This would add an extra step to the transaction, but it would also provide a greater degree of certainty.

As corporations and financial institutions move forward into the brave new world of blockchain technology, they must remain mindful of the fact that this is just another means of conducting business transactions, and the time-honored principle of caveat emptor still applies. Parties entering into blockchain transactions should ensure that they are doing their due diligence on the representations underlying those transactions. This includes, when applicable, examining original documents on which the transactions are based. Also, participants should be mindful that if multiple blockchain-based platforms support the type of transaction they’re entering into, a competing or conflicting transaction might be entered into on another platform.

Finally, in order to maintain prominence, all parties to a transaction may want to seek out others who are leading the way on the use of blockchain technology, whether it is to stay abreast of solutions to industry problems or to use technology to increase efficiencies in order to remain competitive.

Related: 21 emerging risks for the insurance industry and the global economy

Scott Schmookler is a partner at Gordon & Rees. Based in Chicago, Schmookler's practice focuses on insurance coverage, cyber security, and commercial litigation. Contact him at sschmookler@gordonrees.com.

Greg Bangs is senior vice president, global crime product leader, and head of crisis management in the Americas with global (re)insurer XL Catlin. He is based in New York. Contact him at gregory.bangs@xlcatlin.com.

Katherine Musbach is an associate in Gordon & Rees’ Chicago office. Her practice focuses on insurance coverage, cyber security, and commercial litigation. Contact her at kmusbach@gordonrees.com.

Originally published on Treasury and Risk. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Related

Blockchain in insurance: promise for the future

Blockchain is likely to play a major role in the reshaping of insurance — but the big implications are two...

Featured Video

Most Recent Videos

Video Library ››

Top Story

The best cars for senior drivers in 2017

As the baby boomer generation continues to age, older drivers are a growing auto insurance market for agents. You might want to share these Consumer Reports' picks for vehicles with senior-friendly features with your clients.

Top Story

How to empower others to reach greater levels of insurance agency success

High-achieving insurance agencies understand that the emphasis should primarily be on their people, not policies or procedures.

More Resources

Comments

eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.