20181106 - The blockchain and what financial crime risk officers need to know: Page 2 of 2

20181106 - The blockchain and what financial crime risk officers need to know

Nigel Morris-Cotterill

The near-Messianic fascination with all things "blockchain" introduces a risk for financial crime risk officers. While the blockchain, as a part of a suite of technologies that work together can provide certain forms of security, there is a flip-side. The same security protocols can obscure information that FCROs would ordinarily expect to have as part of their routine KYC data.

What do FCROs/ MLROs / AML Risk Officers need to know?

So, where is the blockchain useful? There are certain applications that it, along with the distributed ledger which really needs to be renamed, can do brilliantly. It can, for example, track and trace batches of pharmaceuticals which will help prevent the scourge of counterfeits and re-dated packaging. It can track and trace batches of food. Add in e.g. rfid chips and food security and safety can be immensely improved from farm to plate even where the farm and the plate are on different continents. The reason is simple: each movement is a transaction that can be recorded. Does it need the blockchain? No. Can it help? Yes. The reason for that is the relative security of the data and its availability to e.g. every hospital, clinic or doctor where the internet reaches and, ditto, every wholesaler, retailer and chef. Moreover, in relation to processed food, the exact composition can be identified and not changed, counterfeit goods, for example, can be identified by batch numbers and the history of that batch identified. Just think if a user can scan a QR code in a shop and confirm that the product is, indeed, where it is supposed to be.

The blockchain and the distributed ledger do not originate data: like any database, they contain only what they are fed. Like any database, they can be interrogated and the data extracted analysed. So any argument that there is something magical about deploying the blockchain in a compliance / risk management environment is fictitious.

Where it can help is if a financial institution moves all of its accounting and record keeping to a blockchain-distributed ledger system (but to which access is, necessarily, restricted). But that is the same objective that I have been agitating for for a quarter of a century: one, compatible, data system in use across the organisation. Who has blocked that? Software providers, mainly, for whom proprietorial data structures and formats have created inertia and barriers to change but they have been supported by a) consultants whose business has been built on keeping multiple systems running - blame the big accountants and their tie-ups with hardware companies and b) a combination of those holding the purse strings and the constant demands to build, or at least not diminish, shareholder value in the short term.

The fuss over the blockchain is, one should notice, now being supported by the big hardware companies and the accounting/consulting firms that work with them.

Where does the blockchain and distributed ledger (let's call it B/DL to save pixels) fit in with big data? This is interesting, partly because, of itself, it's a non-starter. But, once there has been effective and comprehensive data acquisition, and that is fed into a B/DL system, then the system (not, of course, the data per se) can deliver benefits. Let's assume that a company (legally, if that's possible) collects data from millions of social media accounts and cross-references that data (for which B/DL is not required) and then creates a B/DL record for each person it found with that record delivering all that person's history. Consider closed data systems such as a national healthcare system and the idea of a permanent record from cradle to grave and that information being available to all subscribers to the system, instantly. Oh, wait.. the UK's National Health Service tried to do that with one of those huge software/hardware companies and their accounting company related consultants. It over-ran by years, hundreds of millions of pounds and, so far as I know, has never worked as designed. Why, then, would we trust those same people when they come along with a new technology just because it's shiny?

So, if the benefits in financial institutions are at best uncertain, what are the risks?

Oddly, they, too, are nothing new.

They centre around the old chestnuts of fraud, false identities and so on. B/DL is a different presentation of the same risks as have been present for thousands of years. It's that different presentation that I'm making available in a one day seminar.