More financial services providers are seeing the potential in blockchain. Image: 5 Second Studio/Shutterstock
As financial organisations move from exploring blockchain to actually implementing it, Deloitte publishes six control principles for success with the technology.
Blockchain technology is brimming with transformational potential, particularly in the financial sector, but up until now, it has been generally discussed outside traditional institutional governance, legal and accounting frameworks.
Deloitte has published a report today (31 October) that outlines how blockchain can have a positive effect on the financial sector while ensuring long-standing principles and working practices are protected with minimal disruption.
In the Blockchain Control Principles in Financial Services report, Deloitte has considered what it deems to be crucial for the successful implementation of blockchain within the financial services space.
Lory Kehoe, EMEA Blockchain Lab lead at Deloitte, explained that the technology has “attracted significant attention from the financial services industry in EMEA and around the globe, with many organisations exploring different structures and governance models as they move from exploration to implementation”.
Kehoe stressed the importance of a holistic approach to blockchain implementation and enforcement of key control principles. “Failure to consider these principles, or to consider them in isolation, may become riskier as alignment between business and IT is critical for successful implementation of this new and powerful technology.”
The six control principles
Best-practice standard for blockchain development
This looks at critical elements including governance, law, regulation and standards, particularly in relation to developing appropriate structures for adoption and governance models, which must be considered for consortia, joint ventures and statutory organisations.
Interoperability and system integration controls
This principle examines the introduction of the technology into an enterprise, and the need to ensure that it is capable of integrating and interoperating with other systems, including other blockchain solutions and technologies. There are four key areas to note here: security considerations, integration with legacy systems, data integration and security mechanisms.
Audit rules
This looks at how the function of an audit will transform as a result of implementation. Deloitte maintains that blockchain will not remove audits or the need for an independent auditor from the equation. It will more likely transform the way in which audits extract, test and analyse data.
Standardised and sophisticated layering of blockchain technology with audit analytics could result in near real-time evaluation of transactions across the blockchain. It focuses specifically on the immutable record, auditing smart contracts, technical controls and audit transformation.
Cybersecurity controls
This explores cybersecurity considerations related to the cryptographic and immutable nature of the technology, encompassing key management, risk of attacker overpowering a private blockchain, centralisation of authority within the network, and privacy and the right to be forgotten.
Enhancement of traditional ICT protocols
This principle details the means of originating, processing, storing and communicating information, and it covers recording devices, communications networks, computer systems and other electronic devices. ICT infrastructure management calls for a specific set of procedures to guarantee that risks related to technology can be identified, measured, monitored and controlled.
Within the report, this takes a deep dive into several shifts that must be considered before implementing blockchain, including security management, systems development, change management and information processing.
Business continuity planning
Collation and aggregation of existing business processes into a unified package is crucial for successful implementation. Some considerations include the business continuity plan (BCP) itself, BCP with public key infrastructure, BCP of network nodes and security specialists.
