The Basel Committee on Banking Supervision (BCBS) has addressed its concerns about permissionless blockchains that are accessible to the general public. In an official blog post, the body that sets international standards for global banking said its concern is not that these blockchains are public, but rather that these networks are permissionless. The authors who contributed to this blog published by the BCBS addressed the concerns and proposed practical solutions to mitigate the risks associated with the use of permissionless blockchains by financial institutions.
Understanding Permissionless Blockchains
Permissionless blockchains are also known as trustless blockchains or public blockchains, which are open networks that anyone can access. These networks have fewer restrictions that are designed to steer users toward ethical financial practices. As explained by the Federal Reserve Board, “a permissionless blockchain network is a system of physically distributed computers that run a copy of a shared ledger and use the same software rules that allow all participants in the network to read, transmit, and verify transactions.”
Permissionless blockchains allow anyone with access to the network to join the network and process financial transactions, review blockchain code, operate a node, and even participate in network governance. Bitcoin, Ethereum, and BNB Smart Chains have been listed among permissionless blockchains by Binance Academy.
BCBS document raises concerns about permissionless blockchains
The article describes permissionless blockchains as networks that do not restrict who can participate in the consensus process used to validate transactions and data. They are decentralized across unknown parties. The distributed governance model of permissionless blockchains is a major concern for banking systems, according to the BCBS article.
“This distributed governance can create challenges in resolving bugs or security flaws and increase the risk of loss associated with assets that exist on these blockchains,” the paper reads. “Depending on the degree to which governance is decentralized, banks may have difficulty conducting effective due diligence and oversight of third parties.”
Other concerns with permissionless blockchains cited by BCBS include the risk of technological attacks, legal and compliance risks, their use for money laundering and financial terrorism, and foreseeable failures in settlement processing.
Proposed risk mitigation solutions
Business Continuity Planning (BCP) has been identified as a key mitigation measure for permissionless blockchains. BCP helps establish policies and protocols to prevent and recover from system failures, such as cyberattacks or data loss.
The BCBS suggests that technology-based controls could be implemented to manage issues related to these blockchains, particularly to oversee transactions and mitigate risks related to privacy, confidentiality, and consumer protection.
“Permissionless blockchains create risks that fit into existing risk taxonomies—primarily operational risk, and to a lesser extent liquidity risk and market risk. Banks have experience managing these types of risks, but permissionless blockchains create some new challenges that may require new or additional risk management approaches,” the paper reads.
The financial institution admitted that risk mitigation practices for permissionless blockchains are still in the development phase. These practices will need to be tested to ensure they work as expected under stress.
“While the technological solutions to address these threats are not yet mature, rapid developments may bring new solutions (and threats) that would be worth investigating in more detail,” the document added.