Blockchains: Chains That Can Bind Your Financial Security
What if system is hacked to increase these threshold limits so that no managerial approval is required and it bypasses the system?
Photo Credit :
Having worked in a commercial bank, I know that banks have hierarchical and multi-layered decision making processes, where several people need to sign on exception reports daily. It is surprising that such a thing in PNB went unnoticed for years, and only one man was aware of the wrong doings.
Trails to the PNB scam
The scam was not a clever, ingenious handiwork of an evil genius. It was discovered not by some sleuth, but foolishly by the perpetrators themselves as a single point of failure, or a centralisation.
It has to be either because of complete system complicity with the knowledge of higher ups, or utter lack of risk controls and compliance, and failure of external checks like audits, rating agencies, and RBI, or all of the above. Both scenarios are simply appalling.
In today's age, where IT systems are extremely efficient, this is simply dereliction of duty and negligence by the management. The credit rating agencies would have a slew of ratios in their reports where these contingent liabilities show up. So, unless the managers lied about the existence of these, these agencies also seem to be culpable for oversight over a prolonged period.
This looks like an institutional failure to have a working credit-risk management system.
Ideal 'cure' for such scams
The obvious cure is decentralised decision making, which is at the heart of blockchain. Using a blockchain will not stop the frauds, but building a smart contract based risk system may prevent such scams. You can only take measures to prevent risks that you can anticipate, not those risks that you cannot yet imagine.
How a blockchain system can prevent such scams
Blockchain, in banking, governance and fraud prevention, is a robust and functional multi-participant security protocol. A risk mitigation system consists of building a multi-layered decision-making system, where multiple parties (independent of each other) sign off on every single exception, especially for amounts exceeding a certain threshold.
The advantage of blockchain over IT systems is that it can trace the sign-off times of managers and show exactly where the fraud began. It can also make the algorithms tamper-proof. Transparent systems like blockchain leaves no doubt about the perpetrators' identity, and act as a CCTV Camera and a burglar alarm combined, which will be a deterrent to most, if not all criminals.
How to build a risk-free system
Technology can be used to achieve 99% reliance; however the 1% requires impractical amounts of computing power and resources. Based on the probabilistic revolution theory, 100% certainty is neither required nor practically useful. We can minimise the attack surface by foreseeing risks and designing mitigants for them.
Rotational assignments and mandatory long leaves should be scheduled occasionally. Banks should come together and discuss emerging fraud trends so that the learning is institutionalised across all banks. A smart contract system would allow even RBI or Board of Governors or auditors to be notified for exceptions of certain kinds.
For designing the risk architecture, a bank could build a decision-making tree for each transaction, requiring approval for each threshold. Managers can be required to approve exceptions of higher amounts. Even if one manager disapproves, the exception would not get passed. Such a decision tree would be built on smart contracts with "if X, then Y" logic. The entire Decentralised Autonomous Organisation can be built on blockchain, so why not a risk management system in a bank?
Types of data breach that can be prevented
Blockchains cannot be applied to data breaches unless the data itself is stored in it.
On a public Blockchain with encrypted data, one could envisage a Crypto data highway. In such a case, we have the crypto-specific risks as delineated above and encryption related risks. In private blockchain, the data is as secure as the robustness of the risk system. I would opine that public blockchains, used with adequate privacy, encryption standards and smart contract-based risk management systems, would offer superior protection.
Risks involved in blockchains
The usual risks that apply to traditional systems are as much possible as dome crypto specific risks.
The traditional system risks would be - what if someone starts creating a new kind of liability, and does not enter it into any system? What does not get measured does not get monitored. What if a manager steals passwords and approves on other's behalf sequentially? What if system is hacked to increase these threshold limits so that no managerial approval is required and it bypasses the system?
Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.