The Basel Committee on Banking Supervision (BCBS) has addressed its concerns around permissionless blockchains that are accessible by the public. In an official blog post, the body that sets the international standards of global banking, stated that its issue is not with these blockchains being public, but concerns arise because of these networks being permissionless. The authors who have collaborated on this blog posted by the BCBS have addressed concerns and offered workable solutions to mitigate risks around the uses of permissionless blockchains by financial institutions.
Understanding Permissionless Blockchains
Permissionless blockchains are also known as trustless or public blockchains, that are open networks that anyone can access. These networks have fewer restrictions to guide users toward ethical financial practices. As explained by the Federal Reserve Board, a “permissionless blockchain network is a system of physically distributed computers running a copy of a shared ledger and using the same software rules that enable all network participants to read, submit, and validate transactions.”
Permissionless blockchains allow anybody with web connectivity to join the network and process financial transactions, view the blockchain code, operate a node, and even participate in the governance of the network. Bitcoin, Ethereum, and BNB Smart Chains have been listed among permissionless blockchains by Binance Academy.
BCBS' Paper Lists Concerns About Permissionless Blockchains
The paper describes permissionless blockchains as networks that do not limit who can participate in the consensus process used to validate transactions and data. They are decentralised across unknown parties. The distributed governance model of permissionless blockchains is a major concern for banking systems, according to the BCBS paper.
“This distributed governance may pose challenges in addressing bugs or security vulnerabilities and increase the risk of loss associated with assets that exist on these blockchains,” the paper said. “Depending on the degree to which governance is decentralised, banks could struggle to conduct effective due diligence and oversight of third parties.”
Other issues with permissionless blockchains listed by the BCBS include risk of being technologically attacked, legal and compliance risks, exploitation for money laundering and financial terrorism, and foreseeable lapses in processing settlements.
Proposed Solutions to Mitigate Risks
Business Continuity Planning (BCP) has been identified as a key mitigant for addressing issues related to permissionless blockchains. BCP helps establish rules and protocols to prevent and recover from system failures, such as cyber-attacks or data loss.
The BCBS suggests that technology-based controls could be implemented to manage issues surrounding these blockchains, specifically to oversee transactions and address risks related to privacy, confidentiality, and consumer protection.
“Permissionless blockchains create risks that fall into existing risk taxonomies – chiefly operational risk and to a lesser extent liquidity risk and market risk. Banks have experience managing these kinds of risks, but permissionless blockchains present some novel challenges that may require new or additional methods to manage risk,” the paper said.
The financial institution has acknowledged that risk mitigation practices for permissionless blockchains are still in development. These practices will need to be tested to ensure they perform as expected under stress.
“While technology-based solutions to these risks are not yet mature, rapid developments may generate new solutions (and risks) which may benefit from further examination,” the paper added.
