Decentralised ledger technology (DLT) has immediate applications in the context of fraud prevention and security as it provides financial institutions with the ability to maintain a centralised ledger of transactions; this is cryptographically secured making it immutable and more secure than traditional systems. Its decentralised nature ensures that to have any effect on the network, a majority of distinct nodes must be attacked and altered, which given a large network size, becomes practically impossible.
This would allow financial institutions to have greater confidence in the security of their records, stores of personal data and sensitive legal documents. Many other features of the blockchain ensure the secure sharing of data and documents, which is of particular use in complicated lending arrangements and OTC derivatives transactions.
A necessary step to establishing a banking relationship with a new client is a series of regulation-mandated checks involving identity verification and anti-money laundering; these often involve ‘Know your Client’ (KYC) and ‘Source of Wealth’ (SoW) requests.
In spite of their value, they cause significant delays in securing new clients, ensuring that a firm that can process these requests faster has a sizeable advantage and ability to gain market share. There is also evidence that banks are duplicating due diligence for existing clients when their business spans multiple divisions, as is often the case with larger clients.
Credit Suisse is currently the victim of this, experiencing an 8-month backlog of SoW requests preventing it from rapidly expanding its wealth management business in Asia, in spite of exceptionally high demand1. These problems could be mitigated through the application of DLT in creating a network of verified clients, spanning multiple financial institutions. Such a network would operate similarly to a current KYC registry operated by SWIFT, the financial messaging service, although the use of DLT would offer various improvements.
A DLT-based network is decentralised, preventing any actor from corrupting the existing due diligence; an upgrade over storage on a centralised server, which is more susceptible to hacking. Trust in the quality of the initial information can be maintained by limiting admittance to the network to reputable institutions — the blockchain technology ensures that the any updates made to a client’s information after this are immutable and incorruptible. Hence, the system can provide complete confidence to members that the compiled information is reliable and remains uncorrupted.
DLT can also be leveraged to make the system dynamic to new information. A decentralised ledger means that if one party adds information on a client, all other members of the network are notified and their ledgers updated. Hence, all institutions can be sure that they have access to the latest information of their current and potential clients, mitigating operational risk by reducing the likelihood of servicing a client on a sanctions list or who exceeds internal risk parameters.
A growing source of reputational and regulatory risk for financial services firms is the issue of data leaks with several large institutions falling victim to this. The Equifax data breach in 2017 cost the firm at least $575 million to settle charges, whilst Morgan Stanley paid $120 million over failed encryption that identified current and former clients2. This is largely the result of financial institutions storing large amounts of confidential data on centralised servers, creating a single point of vulnerability. Hence, a hacker need only gain access to one server in order to have an effect on the entire bank’s system.
By contrast, a decentralised ledger updates based on the network participants validating new additions. Hence, a hacker who has access to only one node in the network would have no ability to alter the ledger. A majority of the network’s computing power would have to be controlled in order to make unwanted changes, making the kinds of attacks described above almost impossible.
This is extremely pertinent for cybersecurity because numerous hacks, including the Equifax breach described above, occurred through a few lines of code being added to the main server, creating a backdoor and facilitating the theft. Since a DLT network updates to new information almost instantaneously, participants have greater oversight ability serving as a vital preventive tool in cases of internal fraud or risk management failings.
[1] Financial Times (04-Jul 2022), “Credit Suisse Struggles with Backlog of New Wealthy Client Accounts in Asia”.
[2] Federal Trade Commission (22-Jul 2019), “Equifax to Pay $775 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach.
Explore the latest Digital Change market insights from Brickendon and ensure that your organisation is ready.