Blockchain technology is often touted as a potential revolution in the way the world does business. By providing a secure, distributed ledger, it has the potential to provide unparalleled transparency and trust between parties. The technology is still in its early stages of development and adoption, but with a few large-scale applications being deployed today, the revolution is slowly becoming reality. As this happens, standardization and audits will play a crucial role in in mitigating the risk that organizations potentially face when implementing this emerging technology.
Applications of Blockchain
Currently, there are several use cases in which blockchain solves real-world problems, such as tracking supply chains, managing financial transactions and verifying identity, for example:
- The European Investment Bank (EIB) processed the issue of its first euro-denominated digital bond via a private blockchain. The €100 million bond with a maturity of 2 years was issued, booked and settled using private blockchain technology on a Goldman Sachs tokenization platform.1
- The shipping giant Maersk developed and implemented a digital platform for the global shipping industry called TradeLens. It was designed to increase the efficiency and transparency of global trade. It went live in August 2019 and was used by more than 80 leading shipping organizations, ports and customs authorities around the world (though it is no longer offered today). The platform used blockchain technology to securely store and share data, giving all stakeholders real-time visibility of cargo shipments.2
- Ripple is using technology to facilitate faster and less expensive international payments by providing a real-time gross settlement system and a currency exchange for financial institutions.3
- Walmart is using blockchain to track the supply chain of its products. It is also using Civic, an identity management platform that allows users to store, protect and share their personal data in a secure way.4
- In the luxury industry, the French luxury goods conglomerate LVMH created the AURA blockchain consortium. It is a platform used to verify the authenticity of luxury goods and track them through their journey from production to sale. It also allows customers to access detailed information about the product, such as its origin and materials used. It is used in the fashion and luxury industries, specifically by the LVMH group and its partner brands.5
In addition, many organizations are exploring ways to use blockchain to securely store and transfer data and to create more secure and efficient systems. A few well-known organizations such as Microsoft and IBM have started offering Blockchain-as-a-Service (BaaS) platforms to facilitate its use.6 These cross-industry examples show there are platforms, use cases and trust in the technology.
Challenges
But still, with this potential comes a unique set of challenges that remain unsolved, including regulation and migration (of legacy infrastructures), technological standardization, and reliability and trust.
Regulation and Migration
First and foremost, there is regulatory uncertainty in most jurisdictions, and the legal status of blockchain technology is still unclear, which could lead to constraints for enterprises wishing to deploy it. Even when these issues have been tackled and the real cost of compliance is known, the cost of planning, designing and implementing processes on blockchain-based infrastructure is still an inhibiting factor. Moving away from legacy systems is a heavy task that requires significant rework and resources.
Standardization
From a technical point of view, the main reason for slow adoption is the lack of technological standardization. This means there is not just one method of implementing blockchain systems; therefore, to guarantee interoperability with other ecosystems, organizations must take extra care when launching a blockchain offering.
Standardization is crucial to the development and implementation of blockchain technology. To realize the full potential of blockchain, it is beneficial for people participating in several blockchains to be linked through a single protocol. This reduces friction for users because they can access different decentralized applications without changing networks. It not only guarantees common guidelines, requirements and definitions, but could also enable compliance with relevant regulations and laws. To this end, organizations must work together to develop standards that comply with current regulations. There is an abundance of standardization efforts in various industries that aid participants in following best practices and learning from past mistakes.7
To realize the full potential of blockchain, it is beneficial for people participating in several blockchains to be linked through a single protocol.
Within the different digital assets ecosystems, standardization exists as well. For example, for developers of the blockchain Ethereum, there are basic guidelines called Ethereum Request for Comments (ERC). These are open-source documents describing rules that Ethereum-based tokens must comply with, including enabling essential functions such as token creation, spending or transaction processing. The Digital Currency Global Initiative (DGCI) has set out to establish a common classification framework for all digital currency. It classifies and differentiates currencies using attributes such as supply, value, ownership, agreement and recording.8
Reliability and Trust
Another important topic in the blockchain industry is the reliability of the platforms. There is rarely a day without any captured platforms or stolen tokens. To increase the reliability of a blockchain platform, audit is essential. In the blockchain industry, audits are particularly important as the technology concerns the security and integrity of transactional data.
The first step in any audit process is to perform an overall risk assessment of the technology. This involves a detailed review of the technology, processes, and operations involved. An important aspect of audits in the blockchain industry are key ceremonies, where the security of private keys is checked. Other aspects to be reviewed are the management of assets, compliance processes and backup measures. One of the most critical aspects is a review of the security measures in place, such as encryption, authentication and access control. However, auditing blockchain systems is a challenge for many auditors because there is a lack of understanding of the technology. It can be hard to find an accredited audit organization with dedicated divisions that have the skill and availability to review relevant controls.
Outlook
Standardization efforts, which are central to interoperability and cross-protocol information exchange, are still relatively immature with regard to blockchain and show limited coordination and acceptance. Furthermore, blockchain interoperability needs to go beyond the infrastructure level and include platform aspects such as consensus mechanisms and authentication in addition to business aspects such as business models and legal frameworks. By performing a comprehensive review of the technology, processes and operations involved in blockchain, auditors can provide assurance that blockchain technology meets the necessary standards and can provide valuable insights and recommendations.
Conclusion
In the next 5 years, blockchain technology is expected to become increasingly adopted by organizations in various industries,9 including finance, healthcare, supply chain and the Internet of Things (IoT). Organizations can use blockchain to keep records of digital transactions, create digital currencies and automate processes. In addition, blockchain may be used to facilitate secure data sharing, provide enhanced data security and enable digital identity management.
The main advantages of blockchain in the short-term will lead to the facilitation of cryptocurrencies and payment use cases, which continue to be attractive for clients in the financial services industry. This is the industry where standardization is most prolific and will propel the use of this technology.
Because of this growth and popularity, standardization and audit are essential components in the development and deployment of blockchain technology. By implementing rigorous security protocols; developing standards for scalability, traceability and compliance; and regularly auditing their networks, organizations can ensure that their blockchain initiatives are secure, reliable and compliant with regulations. This is particularly important for banks and other regulated industries, as they must ensure that their blockchain offerings are secure and compliant with regulatory standards.
Endnotes
1 Seymour, S.; “EIB Issues Its First Ever Digital Bond on a Public Blockchain,” European Investment Bank, 28 April 2021
2 Kapnissis, G.; G. Vaggelas; H. Leligou; A. Panos; M. Doumi; “Blockchain Adoption From the Shipping Industry: An Empirical Study,” Maritime Transport Research, vol. 3, March 2022
3 Renduchintala, T.; H. Alfauri; Z. Yang; R. Di Pietro; R. Jain; “Survey of Blockchain Applications in the FinTech Sector,” Journal of Open Innovation, vol. 8, iss. 4, 30 October 2022
4 Sharma, M.; P. Kumar; “Adoption of Blockchain Technology: A Case Study of Walmart,” Blockchain Technology and Applications for Digital Marketing, January 2021
5 LVMH, “LVMH Partners With Other Major Luxury Companies on Aura, the First Global Luxury Blockchain,” 20 April 2021
6 Song J.; P. Zhang; M. Alkubati; Y. Bao; G. Yu; “Research Advances on Blockchain-as-a-Service: Architectures, Applications and Challenges,” Digital Communications and Networks, vol. 8, iss. 4, August 2022
7 Global Blockchain Business Council, “Technical Standards”
8 International Telecommunication Union, “Towards a Common Understanding of Digital Currency,” 18 February 2022
9 Levis, D.; F. Fontana; “A Look Into the Future of Blockchain Technology,” PLoS One, vol. 16, iss. 11, 17 November 2021
Maria Sommerhalder
Is a managing consultant and auditor in the tech-driven audit department at the Eraneos Group. She advises organizations and government institutions on all aspects related to digital assets. As an experienced IT auditor with a focus on key generation ceremonies and private key custody, she is the ideal point of contact for implementing a blockchain system. Her Big Four background allows her to identify risk and mitigation strategies and have a comprehensive overview of the formal topics needed to be covered to ensure an audit-friendly setup. She was the top key ceremony auditor in Switzerland, having spearheaded projects to enable a large variety of clients to tap into undiscovered markets involving digital assets and blockchain.