Blockchain: what risk managers need to know

Published on Mon, 27/03/2017 - 16:10

Blockchain is the future. It will enable businesses to transfer data quicker, more securely and at lower cost. It is likely to become a core pillar of cyber resilience. Richard Magrann-Wells of Willis Towers Watson explains what it is, why it matters and what risk managers should be doing.

There is no greater risk to our global economy in the coming years than a large-scale cyber event.  Blockchain may represent the best hope for preventing or limiting such an incident in the future.  For this, and other reasons, blockchain may be the world’s economic salvation.  But in the case of blockchain, salvation will be slow and difficult – but it is inevitable.

The term blockchain is confusing to many, but at its core it is a relatively straightforward concept – it is a type of distributed ledger. A distributed ledger is a consensus of replicated and synchronized digital data shared and spread across multiple sites among market participants.   

The benefits of a distributed ledger

There are five key benefits to a market that is engaged in transactions that are managed by means of a distributed ledger:

  • Transparency: activity can be monitored in real time by all market participants;
  • Faster settlement: by removing third parties, settlement is virtually instantaneous;
  • Cost reduction: removing the need for intermediaries results in lower costs;
  • Reduced fraud: with a permanent, immutable record of every transaction, fraud becomes more difficult;
  • Resilience: when your data is replicated and synchronized amongst all market participants it creates the most resilient, decentralized database possible.

While cost savings and faster settlement may appeal to the financial management of an institution, it is the resiliency aspect of blockchain that will have the attention of the risk management community.

Why blockchain exploded on the financial scene

To understand the role of distributed ledger technology it is important to understand its origins. The idea of a shared ledger is not new.  Various markets have explored the idea of common databases in the past.  Even trusted counterparties, willing to share data, faced an insurmountable hurdle – storage capacity.  Ten years ago the possibility of synchronizing large amounts of encrypted data instantaneously would have seemed like science fiction, but now institutional markets have access to virtually unlimited storage capacity.  This has made distributed ledgers scalable in way that was never possible before.  

The bewildering Bitcoin connection

In 2009 the first public blockchain was launched. The distributed ledger for Bitcoin was created and the source code released by a still unidentified person(s) known as Satoshi Nakamoto.  The result was that individuals around the world could earn the digital currency by verifying and recording transactions on this new encrypted distributed ledger. 

Why should risk managers care about Bitcoin? While Bitcoin may, or may not, play a role in the future global economy, it did something incredibly valuable - it provided a proof of concept for the viability of a public blockchain.  Less informed pundits will argue that there have been numerous “hacks” of Bitcoin companies like Mt. Gox and other exchanges. However, the reality is that while companies holding the passwords (or private keys) of Bitcoin holders have been breached, the actual distributed ledger itself has been inviolate. 

This perfect record of bitcoin transactions, or to use the terminology, this “bitcoin blockchain”, has remained tamper-proof despite myriad hackers attempting to breach and steal the digital currency.  It stands as proof that a distributed ledger, even a public ledger, can remain secure if it is distributed broadly.  This concept will be important to global institutions and their risk managers in the coming years.

The key factors risk managers should know:

  • Cutting out the middleman
    Most financial transactions require either an abundance of faith between two counterparties or a trusted third party to facilitate the transaction. (Property escrow companies act as trusted third-party intermediaries between the buyer and seller of a home.)  Distributed ledgers mean that a buyer can be assured that a seller has a clean title to an asset.  Digital recordation means that the ledger is updated and title transferred to the new owner when consideration is received - simultaneously.  Potentially, digital ledgers could one day remove the need for any middlemen. 
  • Blockchains can be public or private / permissioned or permissionless
    Anyone, including risk managers, who plan on delving into distributed ledger technology needs to understand that there are different kinds of blockchains. There are serious distinctions between a public blockchain that anyone in the world can read and a private or restricted blockchain that can only be accessed by authorized parties.  In addition, blockchains can be written so that only authorized or permissioned parties may transact.  Most large financial institutions consortiums are developing private, permissioned blockchains at present.
  • Testing is already under way
    While full integration of distributed ledger technology may still be a decade away, make no mistake, development is already underway and large sums are being spent in the pursuit of this innovation.  A number of high profile bank and insurance consortiums have already made significant progress towards creating working financial blockchains.  In addition, a number of large computing and consulting firms, and over a dozen well-funded blockchain start-ups, are working with companies, banks, securities exchanges and others to create private blockchains. 

Beyond simply reading up on the topic there are certain measures that risk managers should be taking immediately:

  • Assess your firm’s activity to date
    Reach out to your institution’s technology department and the various lines of business to understand what they have done in this area so far.
  • Stay plugged in
    Rather than wait until testing or launch of blockchain initiatives, ask for regular updates from those that are working on the development.
  • Monitor the insurance market’s response
    The role of blockchain in insurance purchase is still uncertain.  The most immediate impact is on how insurance will be purchased. Blockchain (together with smart contract technology) will enable blockchain participants to automatically purchase precisely the coverage they need, for precisely the tenor they need it.  Network security, surety bonds and other traditional coverages will certainly come into play as the technology develops, but perhaps the most dramatic and immediate impact will be in the way insurance is purchased and delivered via the technology.  Risk managers will need to be focused as these developments as they quickly and quietly become integrated into day-to-day business.
  • Consortium and colleague intelligence
    If your firm is already involved in one of the large consortiums – plug into that knowledge.  If you are a member of an association that is holding training sessions, attend and meet your counterparts.  Those risk professionals are likely part of similar (or perhaps the same) blockchain efforts.  Because we are talking about distributed ledger technology, it will be data shared by market participants.  The risk managers of those participants should be reaching out to each other now and not waiting.

Richard Magrann-Wells is executive vice president - Financial Institutions Group, Willis Towers Watson.  richard.magrann-wells@willistowerswatson.com.