Private, Permissioned Blockchain: The way forward for the banking and financial industry

Blockchain is a prolific topic these days. Every other startup is innovating in this space. Every major enterprise has a new Blockchain initiative starting with a feasibility study, POC, pilot and partnerships. As of early-2018, the Enterprise Ethereum alliance had over 335 members and counting. 

Because of its most well-known application being Bitcoin, this technology has received a lot of interest from the financial industry, including banking, insurance and investment firms. But is this a classic case of putting the cart before the horse? What is the future of Blockchain in the banking and financial industry? My blog aims to answer this question. Along those lines, I hope to be able to shed some light on the basic aspects of blockchains, their different variants and features. I also make a case for why the private, permissioned blockchain is a good fit for the needs of the banking and financial industry. 

Blockchain, specifically public blockchain is a globally distributed ledger system. In its most liberal architectural format, which is that of a public, permission-less network, it is free and open for anyone to join, read, write. All data is hosted on public servers. So, data-privacy and anonymity are significant challenges to be managed. 

Another critical aspect of a public Blockchain is its woeful story on scalability and performance. Imagine a simple transaction, say a question about a user’s closing balance for the day. This question would now have to wait for the request to get consensus from servers across the Pacific and Atlantic oceans, endure the round-trip time and be resolved with satisfactory fairness guarantees. Let’s close the books some other day, shall we? 

In many aspects, a public blockchain is the anti-thesis of everything the banking and financial industry stands for. This vertical thrives on private, mission-critical and sensitive data. Barring their promotional brochures, very few aspects of this industry can probably fit into the world of public blockchains. 

Private-permissioned blockchains on the other hand seem to be tailor-made for the financial industry. It’s redeeming feature is the ability to have a built-in access-control mechanism. In real-life, this implies that only authorized personnel can join, read or write to this network. Depending on how we tune the access control knobs and reliability guarantees, this can become a very powerful tool with trustworthiness and scalability to boot. 

DevOps Unbound Podcast

Private, permissioned blockchains. Now that sounds a lot like a fancy name for a distributed ledger technology. Did we just pour old database wine into a shiny new blockchain bottle? I think not. The value proposition of a privately maintained, fully-permissioned blockchain over traditional databases is simple: integrity through cryptographically signed history. 

When architected thoughtfully, Blockchains preserve the integrity of the data within a database. Quite simply, it prevents people from cooking the books. This is of extraordinary value in the financial industry. Whether a private, permissioned Blockchain with N chain-blocks can be considered immutable and tamper-proof or not, is dependent on its Byzantine Fault tolerance (BFT) thresholds and other factors. That is for another article, another time. Suffice to say that when implemented with decentralized RBAC, private permissioned blockchains can give average-case guarantees for the integrity, security and scalability of a financial institution. 

Now, let’s look at some practical use-cases for the banking and financial industry: 

  • Regulatory, audit and compliance use: Almost all financial institutions are governed by stringent regulations at the state, federal or sometimes at the global level. This can include maintaining an audit trail of all transactions or verifying the integrity of its accounting books. Adding view permissions for the auditors and write-permissions for the end-user provides a transparent accountability mechanism. 
  • Smart contracts for dynamic assessments: Smart contracts are essentially blockchains combined with event-driven programming. That is, smart contracts are a set of conditions programmed in a Blockchain. When these conditions are satisfied, transactions get triggered. Depending on a given user’s recent transactional history, blockchains can help financial institutions dynamically change the scenario of their personal lending, say their credit-worthiness assessment. The same can be extended for dynamic interest rate adjustments based on global events. 
  • Inter-bank transactions: Blockchain can act as a simple trust-authority to facilitate all interbank transactions acting as a foreign exchange marketplace or brokerage. By running a simple crypto-exchange and matching-algorithms that ensures fairness, wholesale brokering and currency trading can happen on the Blockchain network. 

Consider that the entire globe’s boom and bust cycles are determined by the health and operations of the financial industry. This has been evident historically, starting from the tulip-fever to the more recent mortgage bubble. Blockchain as a technology is well worth the attention it is getting in the current times. It could very well be an effective cure, if not a panacea for many of the ills that plague this vertical. If we take a wide-eyed, practical approach, carefully study the design and performance characteristics of each blockchain implementation, as well as the numerical metrics required to achieve satisfactory reliability and error-tolerance, Blockchains can turn out to be a game-changer in the banking and financial industry.

*** This is a Security Bloggers Network syndicated blog from RSAConference Blogs RSS Feed authored by Bhuvaneswari Ramkumar. Read the original post at:

Integrated Security Data PulseMeter

Step 1 of 7

What percentage of your organization’s security data is integrated into a SIEM or data repository you manage? (Select one)(Required)