NACD Advisory Council Talks Blockchain in the Boardroom

Blockchain—a distributed ledger technology—has sparked intense interest across various industries, as it’s predicted to influence businesses that rely on contracts, transactions, and/or records. In fact, International Data Corp. expects corporate investments in this technology to reach as much as $2.1 billion this year—up from $945 million in 2017.

At the NACD Risk Oversight Advisory Council’s meeting on April 25, 2018, risk and audit committee chairs from Fortune 500 companies discussed the boardroom implications of this emerging technology with Tomicah Tillemann, chair, Global Blockchain Business Council, and Christopher Curran, chief technologist, PwC New Ventures. Cohosted by NACD, PwC, and Sidley Austin, the meeting was conducted using a modified version of the Chatham House Rule, under which participants’ quotes (italicized below) are not attributed to those individuals or their organizations, with the exception of cohosts. A list of attendees’ names is available here.

Blockchain 101

Blockchain has two important attributes: it’s distributable and it’s permanent. It is a record that is maintained on thousands of computers that are constantly connecting with one another to maintain accuracy and ensure that only authorized parties can make changes. Each block of data in the blockchain is linked to the chain mathematically, so that once created, it can be updated, but never erased. If information in the chain is altered, it will necessarily alter everything else in that chain. Proponents of the technology argue that these characteristics allow for a high degree of security, accountability, and data integrity. For more about blockchain, see The Essential Eight Technologies Board Byte: Blockchain.

Blockchain Applications: Limited, but Growing

PwC’s 2017 Digital IQ Survey, which polls business and IT executives from more than 50 countries, found that 11 percent expected to make significant investments in blockchain in the next three years. These findings suggest that executives are eager to explore ways to leverage this technology to create efficiencies across their businesses.

Although widespread adoption remains limited, that is likely to change in the coming years. In fact, Curran and Tillemann offered several use cases to demonstrate blockchain’s potential for disruption:

• Land Rights. In Eastern Europe, the Republic of Georgia is deploying this technology by moving its land registry system to a blockchain-based system. By doing so, the government hopes to create a trustworthy system that cannot be exploited by corrupt citizens or government administrators.
• Supply Chain. The US Department of State is working with several companies, including Coca-Cola, in a trial to use blockchain in the companies’ supply chains in an effort to combat slave labor. The pilot program is using blockchain to digitally notarize employment contracts at the time of origination, so the company can be confident that these are being honored.
• Health Care. A growing number of hospitals are using independent contractors as personnel. The influx of these independent employees has resulted in sourcing and recruitment challenges for hospitals. A blockchain-based credentialing system enables medical providers to more easily confirm the credentials of such contractors.
• Manufacturing. Complex and heavy equipment like ships and airplanes are often challenging to maintain, given how many companies are involved in the maintenance or repair process. Blockchain can be used to track changes made to different parts of the system, to ensure faster and more reliable upkeep.

Blockchain Risks and Opportunities: Three Questions Directors Can Ask Management

While not all board members may be familiar with every aspect of blockchain—or other emerging technologies—technical expertise is not a prerequisite for effective oversight. At the Advisory Council meeting, participants identified three questions directors can ask management to better understand blockchain’s potential impact on the company’s business environment, as well as the assumptions underlying management’s approach to adopting the technology:

• How will leveraging a distributed ledger affect our company’s business model? How will it affect our partners’ and vendors’ business models?
• How prepared is our company to take advantage of blockchain?
• Is our company considering both public and private applications of this technology?

How will leveraging a distributed ledger affect our company’s business model? How will it affect our partners’ and vendors’ business models?

One participant observed, “In discussions about any emerging technology, directors should ask management to explain how they are assessing that technology’s ease of adoption and potential disruptive power within our industry.” With respect to blockchain, meeting participants acknowledged that the benefits will vary depending upon a company’s industry, life cycle stage, and other circumstances. Directors should assess management’s proposals with an eye toward the organization’s broader strategy and business model. As Tillemann explained, “If [your company currently relies on] friction rather than efficiency [to be profitable], then your board is being delinquent in its duties by not [exploring how your business may dynamically change as a result of blockchain technology].” On the other hand, if your business model relies on transparency or accountability, the organization is better positioned to integrate blockchain into its existing business strategy.

To illustrate his point, Tillemann brought up the title insurance industry in the United States. These companies largely function as intermediaries, by recording, transferring, and tracking property title ownership. The complexity and lack of transparency in this process have produced inefficiencies in title search requests, certification of titles, and issuance policies, making this sector a potential target for disruption. However, this also presents title insurance companies with an opportunity to remove friction in these transactions through the application of blockchain.

How prepared is our company to take advantage of blockchain?

On a tactical level, companies need to determine their system and data readiness before attempting to integrate blockchain technology into their business. Blockchain itself may in fact be the easy part; “The hard part is having the redundancies in the systems and controls in place to make sure [your company] can maximize the effects of the technology,” remarked Tillemann. A meeting attendee agreed and added, “All organizations have legacy systems and some data is higher quality than others. These conversations [should extend] beyond blockchain and address these underlying issues.”

As previously noted, information stored on a blockchain-based application is enduring: it cannot be changed without a clear record of the change, and while it can be updated, it can never be permanently removed. Given this immutability, assessing your data’s quality is an essential first step. Without clean and reliable data, blockchain is unlikely to bring much additional value to your enterprise.

A director inquired about controls, noting, “Historically, there have been two major controls [on databases and related information]: access, and segregation of duties…[How] can those be put into context with blockchain?” By virtue of its core characteristics (e.g., permanence, immutability, and transparency), in many ways, focusing on audit and controls in the context of blockchain is redundant; because of the way information is linked and identified in blockchain, transparent functions and systems are built into the technology itself. However, concerns about risk mitigation and identification processes do point to an important challenge—bridging the gap between those experimenting with this technology and those in traditional enterprise risk and controls management.

Is our company considering both public and private applications of this technology?

As a record-keeping system, blockchain applications can be built on public or private blockchain platforms. Public blockchain networks are not managed by any one organization, which makes it possible for anyone to embed information in these networks. On the other hand, private blockchain systems are managed, and can be designed to specifications set, by an organization or individual. There are parallels to the Internet. As Tillemann commented, “In the early days of the Internet, a lot of intranets emerged [within individual companies]. Eventually, [organizations moved from prioritizing internal communications] to a global approach.” Something similar is likely to happen with blockchain, wherein private blockchain systems are optimized for specific needs, which then evolve into broader uses.

Blockchain Is Not a Panacea

Blockchain will not be the “silver bullet” solution to businesses’ data or other pain points. A meeting participant suggests that companies “ask questions not about blockchain alone, but [also about what their broader] emerging technology radar looks like, and how difficult it may be to adopt [one or more of these technologies.]” Directors will need to work with their executive teams to think holistically about when, how, where, and why blockchain investments at their companies should be made.