In This Post:
- BIS highlights risks in banks using public blockchains like Ethereum.
- Permissionless blockchains pose challenges in security, compliance, and governance.
- Suggested solutions include appointing a controlling entity and using off-chain records.
- The paper calls for mature technology-based solutions to mitigate these risks.
Banks are increasingly venturing into the world of blockchain, especially with the rise of permissionless networks like Ethereum. However, the Bank for International Settlements (BIS) has issued a stark warning: these public blockchain networks bring significant risks that traditional financial institutions have yet to fully address.
Banks and the Threat of Permissionless Blockchains
Permissionless blockchains, such as Bitcoin and Ethereum, operate on decentralized networks where anyone can participate in validating transactions. This openness, while a hallmark of blockchain technology, introduces a unique set of challenges for banks. Unlike permissioned or private blockchains, where access is controlled and restricted, public blockchains are vulnerable to a wide array of operational and security risks.
The Basel Committee on Banking Supervision (BCBS), under the BIS umbrella, recently published a working paper titled “Novel risks, mitigants and uncertainties with permissionless distributed ledger technologies.”
This 25-page document delves into the myriad risks associated with banks engaging in transactions on these open networks. These risks include issues related to governance, compliance, and technology, with specific concerns about money laundering, terrorist financing, and the difficulty of ensuring settlement finality.
One of the critical issues highlighted in the paper is the challenge of due diligence. Permissionless networks rely on a decentralized system with no central authority, making it difficult for banks to conduct the necessary oversight. The paper notes that current risk mitigation practices are still in developmental stages and have not been thoroughly tested under stress.
Proposed Solutions
To address these risks, the BIS paper suggests several potential solutions. Among the most notable is the proposal to appoint a designated entity, referred to as the “controller,” to oversee specific crypto assets. This controller would not control the blockchain network itself but would have the authority to limit access to assets, block fraudulent transactions, and even reverse them if necessary. This approach aims to introduce a level of oversight and control that banks require to manage legal and compliance risks effectively.
Another proposed solution involves business continuity planning, which could include creating off-chain registries. These registries would serve as a backup to recover ownership in cases of blockchain disruptions, such as hard forks or cyberattacks. This would ensure that the rightful owners of assets can be identified, and the correct version of the blockchain can be followed.
The paper also discusses the potential of using privacy-preserving technologies like zero-knowledge proofs (ZKPs). These technologies could allow for identity verification without compromising transaction privacy, addressing concerns about anonymity on public blockchains. However, the paper cautions that these technologies are still in their early stages of development and require further exploration and refinement.
Despite these proposed solutions, the BIS paper underscores that the current technology-based approaches are not yet mature enough to fully mitigate the highlighted risks. The rapid pace of blockchain development means that new solutions may emerge, but these will need to be carefully examined and tested before they can be relied upon by the banking sector.
As banks continue to explore the possibilities of blockchain technology, the BIS’s warning serves as a crucial reminder of the challenges that lie ahead. The banking industry must tread carefully, balancing innovation with the need for robust risk management strategies.