Blockchain technology - those unanswered questions
09 December 2016
This blog is the second in a series of blogs on the challenges faced by UK banks trying to implement blockchain technology. It looks at some of the difficult questions for which there don’t appear to be satisfactory answers yet. If you missed the first blog you can access it here.
At the top of the list of tricky topics are regulatory compliance (specifically around data privacy and anti-money laundering), key management, endpoint security and reporting. Let’s look at these areas in a bit more detail.
When we consider a blockchain to be a trusted source of data, access management and endpoint security are crucial to ensure that the data on the chain is of the type expected and was written to the chain by an authorised entity / individual. Key management plays into this and is going to be a high risk area for any blockchain implementation. Testing around access to private keys and how keys are stored will be important, related safeguards and control equally so. There are already some good solutions being created, Ledger are one such company that are playing in this space, but it is not clear whether enterprise grade solutions are well understood by the UK’s banks or even suitable in their current form.
Data privacy is going to be a hot topic. Where all nodes in a network need to be in sync they all need to have the same version of reality which means they all need the same data. How does this fit in with the current regulatory environment around data privacy and with the new GDPR coming in? Innovations such as Zcash and Hawk are promising but are they ready and is anyone experimenting with them or testing them among the UK banks? One point that has cropped up recently is the compatibility of blockchain-enabled solutions with the right to be forgotten. Perhaps personal data won’t be anywhere near the blockchains of the future but the immutable quality of blockchains doesn’t cater for erasure.
Anti-money laundering has been a bone of contention in the blockchain (more specifically cryptocurrency) space since the beginning. Private implementations should be easier to make compliant with existing AML and KYC regulations however if banks look to leverage the public chains or do business with companies who do then we get into murky waters. Companies such as Elliptic are making good headway with blockchain analytics tools but it will take more than that to satisfy a bank’s compliance team.
Let’s also not forget that regulators have a tough time keeping up with the rapid pace of technological change at the best of times, blockchain technology’s novelty and surprisingly quick traction amongst the UK banks has compounded matters. Early engagement with regulators is a must, their input is going to be essential in developing an environment where blockchain technology can thrive and benefit industry and society. More on this topic in our next blog.
Reporting is an interesting topic. Blockchains are optimised for writing data not reading data. Again there are early stage solutions on the market, Libra being a good example, however the reporting requirements of a UK bank are many and varied and as of yet we don’t believe there is an elegant solution to meet all of these requirements. Of course reporting in a blockchain environment may look very different but is anyone prepared for this?
Concerns around scalability and other non- functional requirements are well documented elsewhere but in the private space there are a number of companies working on blockchain solutions that scale and I think we’ll see technical solutions to scalability in the public space in the next couple of years.
UK banks have spent a great deal of time experimenting with and trying to understand blockchain technology and its use cases. There is quite a bit of enthusiasm amongst this group as to the technologies’ potential to drive efficiency, transparency and reduce friction in a number of financial processes. However there are still some key areas that require further work and need input from a range of stakeholders, not just the technologists. We have highlighted some of the areas we think banks should focus on next if they are serious about creating production ready solutions, there are no doubt others.
In the next blog we’ll take a more in depth look at the regulatory environment in the UK and what it means for UK banks experimenting with blockchain technology.