Banks struggle to make blockchain fast and secure
By Philip Stafford for FT
Blockchain has become the financial markets’ biggest buzzword as banks seek modern ways to resolve old problems. But the technology is overshadowed by questions about how it can be made both secure and fast enough for large financial institutions.
The blockchain concept aims to combine the peer-to-peer computing ethos of Silicon Valley with the money management of Wall Street, automating the networks of trust on which modern finance sits.
Blockchain works as an electronic ledger of payments that is continuously maintained and verified in “blocks” of records. The ledger is shared between parties on computer servers and protected from tampering by cryptography, doing away with the need for a central authority.
Its supporters believe blockchain could cut billions of dollars of hidden costs in the financial system by eliminating inefficiencies and the need for trade insurance. Switching to a blockchain system could speed up services such as global payments, trade finance, syndicated loans and equity clearing.
The World Economic Forum estimates that more than 25 countries are investing in blockchain technology, filing more than 2,500 patents and investing $1.3bn. In one example last month UBS, Deutsche Bank, Santander, BNY Mellon and interdealer broker ICAP pioneered a blockchain-based digital token, which they hope could form the industry standard to clear and settle trades.
To date, the most notable use of blockchain has been as a mechanism to distribute bitcoin, an electronic currency. The credibility of bitcoin has been undermined, however, by a series of scandals, from theft of assets to concerns it could be used to fund criminal activity.
The financial services industry says its blockchains will have to be built on very different foundations. Huw van Steenis, an analyst at Morgan Stanley, points out that banks still need to comply with rules about verifying the identity of customers and preventing money laundering.
“Not one bank nor policymaker that we have met with on blockchain gives even a second thought to an unpermissioned public network,” he wrote earlier this year.
Peter Randall, chief executive of Setl, a UK blockchain start-up, says all systems must include the capacity to handle billions of trades a day, have a mechanism for approving and identifying participants and must interoperate with other chains.
Even then, there is an acknowledgment that deals must ultimately be settled in central bank-backed cash. Michael Thomas, financial institutions sector partner at law firm Hogan Lovells, says the UBS-pioneered digital token was a “key step” in the technology’s development.
“But clearing is complex,” he warns. “If title to an asset is to be transferred using a blockchain system, it is also important to have a system for the transfer of any corresponding cash payment for that asset — otherwise any benefits in reducing counterparty risk from the blockchain will be imperfectly realised.”
Equally, disasters and scandals continue to raise questions about blockchain’s ability to build scale.
In July around $70m of assets were removed from Bitfinex, a Hong Kong-based bitcoin trading venue. Details are scarce but experts on internet forums like Reddit have speculated that the flaw lay in the management and storage of the private keys to blockchain — the codes or passwords that prove ownership of digital assets. Tightening procedures and security could add significant extra costs.
“Although these solutions can be highly secure, this security comes at the cost of lower efficiency and higher administrative overhead,” says Richard Johnson, a partner at Greenwich Consulting, a capital markets consultancy. “It was shortcuts taken by the Bitfinex exchange that led to the theft and not the technology itself.”
Another hack in June funnelled more than $50m of digital cash away from a crowdfunded digital currency project called the Decentralised Autonomous Organisation (DAO), which used a blockchain run by a small start-up called Ethereum.
In this case the hacker exploited a vulnerability in the computer code but resolving the problem raised fundamental problems. Ethereum’s response was effectively to reset the blockchain to a pre-hack version.
That set off furious debate. A key attraction of blockchains is that records cannot be altered but Ethereum in effect did just that. Furthermore, making changes in blockchain requires a consensus among participants that is at odds with the workings of the financial services industry.
At present financial services companies can cancel erroneous or fraudulent transactions. For example, Barclays can cancel a fraudulent transaction it discovers in a customer account, and does not have to ask permission from a network of other banks to do so. Would blockchain cancellation rules operate differently?
Mr Johnson points out that the issue will have to be addressed: “Should the industry build functionality to record or impose counteracting transactions that have the same effect as reversal but preserve the benefit of a complete historical transaction record?”
That may be one solution. But at that point, critics point out, it begins to resemble existing systems.