By 
Permissionless blockchain networks, such as Ethereum, introduce several risks that banks are still grappling with, according to a recent paper published by the Bank for International Settlements (BIS).
On August 28, the Basel Committee on Banking Supervision (BCBS), a global committee of banking regulators under the G10 central bank governors, released a working paper titled “Novel Risks, Mitigants, and Uncertainties with Permissionless Distributed Ledger Technologies.” This 25-page document delves into the risks associated with permissionless blockchains and potential strategies for banks to mitigate these challenges.
The paper, while hosted on the BIS website, clarifies that its views represent the authors’ perspectives and not the official stance of the Basel Committee.
Understanding Permissionless Blockchains
Permissionless blockchains, also referred to as public blockchains, are decentralized networks that allow anyone to participate in validating transactions without restrictions. Examples include Bitcoin and Ethereum, which contrast with permissioned or private blockchains like Ripple’s XRP Ledger.
The paper highlights that banks involved in permissionless blockchains or similar distributed ledger technologies (DLTs) face various risks, including operational, security, governance, legal, and compliance challenges. These risks encompass issues like money laundering, terrorism financing, and concerns over settlement finality. The paper states:
“Certain risks stem from the blockchains’ reliance on unknown third parties, which complicates banks’ ability to perform due diligence and oversight. […] Current risk mitigation practices are still evolving and have not been fully tested under stress conditions.”
The working paper also notes that at least 10 jurisdictions, including Canada, Europe, France, Italy, Japan, Singapore, Spain, Switzerland, and the United States, are actively involved in exploring permissionless DLTs.
Proposed Mitigations for Public Blockchain Challenges
To tackle the challenges posed by public blockchain implementations in banking, the paper suggests several mitigative measures, including business continuity planning and technology-driven transaction controls.
One proposed measure involves creating an off-chain registry to recover ownership in the event of disruptions like hard forks or attacks on the blockchain. The paper explains:
“In the event of a hard fork or an attack that creates uncertainty about the distributed ledger’s accuracy, off-chain records could be used to identify the rightful owner of assets or determine the correct branch of the fork to follow.”
Another recommendation is to appoint a designated entity, or controller, to oversee specific tokens within a blockchain, enabling them to block or reverse fraudulent transactions. The paper clarifies:
“The controller would not control the permissionless network itself but would have authority over specific tokens. This could help mitigate legal or compliance risks.”
Additionally, the paper suggests leveraging privacy-preserving identity verification technologies, such as zero-knowledge proofs (ZKPs), which could allow identity verification while maintaining transaction privacy. However, the paper notes that such technologies are still in the early stages of development and application.
The working paper concludes by acknowledging that while technology-based solutions to these risks are not yet fully mature, ongoing advancements may offer new avenues for addressing these challenges, warranting further exploration.
Comments