Topics: Risk Management,Technology,The Digital Director
Topics: Risk Management,Technology,The Digital Director
July 13, 2018
July 13, 2018
Blockchain—a distributed ledger technology—has sparked intense interest across various industries, as it’s predicted to influence businesses that rely on contracts, transactions, and/or records. In fact, International Data Corp. expects corporate investments in this technology to reach as much as $2.1 billion this year—up from $945 million in 2017.
At the NACD Risk Oversight Advisory Council’s meeting on April 25, 2018, risk and audit committee chairs from Fortune 500 companies discussed the boardroom implications of this emerging technology with Tomicah Tillemann, chair, Global Blockchain Business Council, and Christopher Curran, chief technologist, PwC New Ventures. Cohosted by NACD, PwC, and Sidley Austin, the meeting was conducted using a modified version of the Chatham House Rule, under which participants’ quotes (italicized below) are not attributed to those individuals or their organizations, with the exception of cohosts. A list of attendees’ names is available here.
Blockchain has two important attributes: it’s distributable and it’s permanent. It is a record that is maintained on thousands of computers that are constantly connecting with one another to maintain accuracy and ensure that only authorized parties can make changes. Each block of data in the blockchain is linked to the chain mathematically, so that once created, it can be updated, but never erased. If information in the chain is altered, it will necessarily alter everything else in that chain. Proponents of the technology argue that these characteristics allow for a high degree of security, accountability, and data integrity. For more about blockchain, see The Essential Eight Technologies Board Byte: Blockchain.
Blockchain Applications: Limited, but Growing
PwC’s 2017 Digital IQ Survey, which polls business and IT executives from more than 50 countries, found that 11 percent expected to make significant investments in blockchain in the next three years. These findings suggest that executives are eager to explore ways to leverage this technology to create efficiencies across their businesses.
Although widespread adoption remains limited, that is likely to change in the coming years. In fact, Curran and Tillemann offered several use cases to demonstrate blockchain’s potential for disruption:
Blockchain Risks and Opportunities: Three Questions Directors Can Ask Management
While not all board members may be familiar with every aspect of blockchain—or other emerging technologies—technical expertise is not a prerequisite for effective oversight. At the Advisory Council meeting, participants identified three questions directors can ask management to better understand blockchain’s potential impact on the company’s business environment, as well as the assumptions underlying management’s approach to adopting the technology:
How will leveraging a distributed ledger affect our company’s business model? How will it affect our partners’ and vendors’ business models?
One participant observed, “In discussions about any emerging technology, directors should ask management to explain how they are assessing that technology’s ease of adoption and potential disruptive power within our industry.” With respect to blockchain, meeting participants acknowledged that the benefits will vary depending upon a company’s industry, life cycle stage, and other circumstances. Directors should assess management’s proposals with an eye toward the organization’s broader strategy and business model. As Tillemann explained, “If [your company currently relies on] friction rather than efficiency [to be profitable], then your board is being delinquent in its duties by not [exploring how your business may dynamically change as a result of blockchain technology].” On the other hand, if your business model relies on transparency or accountability, the organization is better positioned to integrate blockchain into its existing business strategy.
To illustrate his point, Tillemann brought up the title insurance industry in the United States. These companies largely function as intermediaries, by recording, transferring, and tracking property title ownership. The complexity and lack of transparency in this process have produced inefficiencies in title search requests, certification of titles, and issuance policies, making this sector a potential target for disruption. However, this also presents title insurance companies with an opportunity to remove friction in these transactions through the application of blockchain.
How prepared is our company to take advantage of blockchain?
On a tactical level, companies need to determine their system and data readiness before attempting to integrate blockchain technology into their business. Blockchain itself may in fact be the easy part; “The hard part is having the redundancies in the systems and controls in place to make sure [your company] can maximize the effects of the technology,” remarked Tillemann. A meeting attendee agreed and added, “All organizations have legacy systems and some data is higher quality than others. These conversations [should extend] beyond blockchain and address these underlying issues.”
As previously noted, information stored on a blockchain-based application is enduring: it cannot be changed without a clear record of the change, and while it can be updated, it can never be permanently removed. Given this immutability, assessing your data’s quality is an essential first step. Without clean and reliable data, blockchain is unlikely to bring much additional value to your enterprise.
A director inquired about controls, noting, “Historically, there have been two major controls [on databases and related information]: access, and segregation of duties…[How] can those be put into context with blockchain?” By virtue of its core characteristics (e.g., permanence, immutability, and transparency), in many ways, focusing on audit and controls in the context of blockchain is redundant; because of the way information is linked and identified in blockchain, transparent functions and systems are built into the technology itself. However, concerns about risk mitigation and identification processes do point to an important challenge—bridging the gap between those experimenting with this technology and those in traditional enterprise risk and controls management.
Is our company considering both public and private applications of this technology?
As a record-keeping system, blockchain applications can be built on public or private blockchain platforms. Public blockchain networks are not managed by any one organization, which makes it possible for anyone to embed information in these networks. On the other hand, private blockchain systems are managed, and can be designed to specifications set, by an organization or individual. There are parallels to the Internet. As Tillemann commented, “In the early days of the Internet, a lot of intranets emerged [within individual companies]. Eventually, [organizations moved from prioritizing internal communications] to a global approach.” Something similar is likely to happen with blockchain, wherein private blockchain systems are optimized for specific needs, which then evolve into broader uses.
Blockchain Is Not a Panacea
Blockchain will not be the “silver bullet” solution to businesses’ data or other pain points. A meeting participant suggests that companies “ask questions not about blockchain alone, but [also about what their broader] emerging technology radar looks like, and how difficult it may be to adopt [one or more of these technologies.]” Directors will need to work with their executive teams to think holistically about when, how, where, and why blockchain investments at their companies should be made.