With many industry players testing blockchain technology, it seems less a case of if than when distributed ledgers will make their mark on banking. But what are the operational and security implications of a system built on shared trust, and will its introduction to payments systems more widely help or hinder banks? Sarah Williams speaks to Chris Huls, blockchain specialist at Rabobank Group to find out.
Talking about ‘the’ blockchain today is like going back a decade in time and describing ‘the’ social network – the idea of one specific and all-encompassing digital communications platform. In reality, just as the start-up-driven world of social media means multiple channels and offerings, in distributed ledger technology (DLT) it is really blockchain (or blockchains) that we should be thinking about in addressing the potential challenges and opportunities for banking.
The original framework underpinning bitcoin transactions may have given DLT its popular name but, today, there are multiple blockchains, approaches and transaction types being trialled and implemented. Definitions likewise abound, but in the eyes of Chris Huls, blockchain specialist at Rabobank Group, several elements are key.
“I interpret the term blockchain as technology to create a shared immutable database that multiple parties can use in order to trust the majority of actors in a system, rather than only one central party,” he says. “So you have a shared database in which you store all types of value or data or transactions – and each party participating in the database can rely on that information.”
Huls’ emphasis on the importance of immutability is significant, bound up as it is in the idea of trust, with all parties involved bearing witness to events that occur ‘in public’ within the network and cannot be rubbed from the record.
This is, after all, the logic behind the original name – each bitcoin transaction is recorded in a ‘block’, and this information is necessarily passed on during the transactions that follow, creating a chain that stands as a comprehensive ledger of historic transactions. This process is enabled by so-called miners – individuals who collaborate to solve the complex mathematical problems required to build the digital architecture of each block, creating a consensus that a transaction can take place. In this way, the network is governed by a shared trust rather than one central party. As such, illicit transactions should not be facilitated, as the oversight of the majority will prevent these being completed.
As recent high-profile cases have shown, however, neither the ability to weed out corruption, nor the immutability of the ledger in light of such deviances is assured.
At the end of April 2016, a new blockchain application was launched using Ethereum (a blockchain platform with its own virtual currency, ether) and an unexpectedly effective crowdfunding drive began. According to Coindesk, more than $150 million was raised by a membership of over 11,000 users, making the project the largest instance of crowdfunding to date. Branded the DAO, the network took its name from the model it follows, a decentralised autonomous organisation (of which bitcoin is the front runner).
Soon, however, the DAO was making headlines for much less desirable reasons. Experts began highlighting security flaws in the system and, on 12 June, the DAO founders announced that a fix was in place. In fact, within under a week, 3.6 million ether had been removed from the DAO by a hacker – an amount worth around $34 million today and nearly twice that at the time.
Undesirable though it may have been, were the DAO blockchain really immutable, the action could not have been reversed. Instead, in contrast to the automatic consensus by which blocks of transactions normally occur, the founders oversaw what was effectively a ‘manual consensus’ of the majority of users in the community. They encouraged them first to freeze and then, on 20 July, to mine those assets away from the culprit and back into the DAO. The immutable was now mutable, plain and simple.
The take away for banking seems clear. In an industry attuned to fighting fraud and cybercrime, it’s surely inevitable that any system used by banks would likewise need to be reversible in such a situation. Simple banking errors too would need to be amended without consulting the whole community.
Some early models within the industry support this. A prototype unveiled by Accenture in September 2016 enables edits to be made in what an accompanying press release described as “extraordinary circumstances”. A long list of what these extraordinary events might entail then followed, including human errors, and legal and regulatory requirements such as “the right to be forgotten”. Designed with banking, insurance and capital markets in mind, the model’s creators believe the approach makes blockchain more practical for enterprises and will lead to faster adoption.
But the DAO incident throws up a number of questions when applied to what blockchain might look like in a banking scenario, not least the central question of ‘permissioned’ versus ‘permissionless’. In the traditional democratised model, built by bitcoin and seen in networks like the DAO, a blockchain is permissionless because any actors in the network can facilitate transactions by working together. By contrast, a permissioned model – such as Accenture’s – relies on selected ‘invite-only’ parties being able to govern transactions.
Bank on it
While permissionless may result in a widely shared trust, applied to a banking context, a system reliant on majority consensus has its pitfalls.
“Imagine a very big elephant wearing tiny skates on two of its feet, coming at you down the staircase,” Huls says. “That’s the image I get when we talk about permissionless blockchain. They have a huge impact on society; they have a huge market cap – millions of users – but there is no single organisation that controls it. So the direction a permissionless blockchain goes towards is the default option for the community.
“In the case of the DAO, the community altogether decided to rewrite history and undo the transaction, and as long as public opinion has the same default consensus, permissionless blockchain will evolve and be good for that community. But in the case of transactions that many people do not want, then you have a problem. If you’re making a very politically sensitive transaction for example, then the rest of the world could stop that, and prevent that taking place.”
For Huls, though, the debate between permissioned and permissionless is less a battle and more an inevitable divide into very different use cases. Bitcoin and similar networks will continue to operate according to the permissionless model whether banks like it or not.
“We can make use of it or we can choose not to make use of it,” he says, “but the public ledger, the permissionless ledger, will stay there.
“On the other hand, banks are themselves coming up with public ledgers that only banks will run, and in which only licenced parties can act as validators. I think they will succeed in this; it just might take a couple of years.”
Off the chain
According to a World Economic Forum report, more than 2,500 patents have been filed over the past three years, at least 24 countries are currently investing in blockchain and, by 2017, 80% of banks are predicted to have initiated blockchain projects.
Numerous financial projects are already underway. Citibank began testing its own digital currency, CitiCoin, in labs last year. And in August 2016, BNY Mellon, Deutsche Bank, Santander and broker ICAP joined the second phase of an initiative by UBS and Clearmatics to develop a digital ‘utility settlement coin’.
What seems clear is that whichever ledger or ledgers may emerge dominant, interoperability with other networks will be essential. This is particularly apparent in light of the many potential uses beyond a strictly trade or customer finance setting, in which Rabobank is itself taking a leading role.
“You could have one global ledger that everyone is on somehow, or one blockchain that secures the other blockchains, but you can also have multiple blockchains for multiple-use cases, such as payments, trade finance, customer loyalty points, or your own stock markets. And the point is this can be successful only if those blockchains can interoperate together, and can easily switch from one to the other without being too dependent on the party in the middle.”
For Rabobank, two different core focus areas are in development. The first is looking at how blockchain technology can improve and accelerate current processes, from correspondent banking to loyalty points. The second, and the one by which Huls himself is most intrigued, is exploring how blockchain can be used for cases that don’t currently exist. An example is Rabobank’s development of a pay-per-use framework, through which internet-connected devices – from washing machines to printers – can be used without the initial outlay of purchase; a new business model for how we equip our homes and offices, built on blockchain technology.
The first focus area provides the biggest savings potential, Huls feels, with an opportunity for greatly improved efficiency as banks move from legacy systems to blockchain. However, he cautions that the fact that existing players must first agree on a new system may be a sticking point.
What’s more, while exploration of the blockchain now seems an inevitable and necessary move for financial institutions, its wider adoption across the payments landscape feeds into a movement of ownership – and potentially profits – away from banks to a wider range of players.
“It is a threat and a chance for banks,” Huls says. “There’s the whole payments business, and blockchain will change this a lot in the coming years. You have PSD2 [The EU revised payment service directive, coming into effect in 2018] and so more actors will need to be able to issue payments without needing the banking system – and blockchain is one way of doing that. So the banking system will become more open.
“Currently, banks are making great progress, but if at some point they fail to implement it, and other actors do – big companies like Facebook and Google or even smaller start-ups – then banks might be too late, and customers might switch their payment accounts over to those actors.”
Huls meanwhile regards Rabobank’s second focus area, which includes the use of blockchain in the internet of things (IoT) as the most significant because it is essentially virgin ground, with no current actors to disrupt.
Certainly, as the prevalence and importance of the IoT grows (Gartner predicts 21 billion connected devices by 2020, for example), so too does the role that blockchain might play within this. And with developments like PSD2 set to erode banking’s monopoly, big players may need to harness the ‘democratising’ influence of blockchain to stay relevant.