- Published: Tuesday, April 19, 2022 08:24
Are risk and compliance among the organizational areas that will benefit from the advent of blockchain? Kevin Spiers looks at blockchain opportunities in third-party risk management and asks if reality lives up to the hype?
The benefits of using technology to manage third-party risk are not lost on compliance professionals. When you consider the growing size, complexity, and geographic diversity of enterprise third-party ecosystems, it’s easy to see why. 60 percent of companies now work with more than 1,000 third parties, and managing the risk of doing business with them is both costly and cumbersome.
Big data, AI, robotic process automation, and machine learning are just a few of the technologies compliance teams are using to meet the challenge. But there’s another much-celebrated new kid on the block that’s causing a stir: blockchain.
Described by Bill Gates as a “technological feat”, the blockchain has its origins in cryptocurrency, but its application goes far beyond that. “Blockchain will transform most industries,” says Gartner.
Blockchain: what is it and where does it come from?
A blockchain is a digital ledger of transactions that is duplicated and distributed throughout the network of computer systems on the blockchain. Each block in the chain contains a series of transactions, and each time a new transaction is made, a record of that transaction is added to each participant’s ledger. This makes it difficult or impossible to modify, hack or cheat the system, which is one of the aspects that make it so attractive.
Blockchain was initially implemented as a public ledger for transactions made using Bitcoin, the decentralized digital currency. However, since its beginnings as a cryptocurrency, blockchain has made a name for itself in many other industries and in many different ways.
So what’s stopping the risk and compliance sector from benefiting as well?
Third-Party Risk Management: The Blockchain Advantage
There is good reason to believe that blockchain could help solve some of the biggest challenges posed by third-party risk management. Key benefits include data transparency and immutability, real-time access to data, as well as improved security and enhanced automation of repetitive tasks, ultimately leading to greater efficiency.
With blockchain, compliance teams would have easy access to up-to-date background information about third parties. Imagine how much time this would save on research, making it faster and easier to shortlist the right provider in the first place.
Exhaustive, time-consuming risk assessment questionnaires would also be a thing of the past. These documents can be hundreds of pages long and taxing resources, tedious for third parties to complete, and organizations to manage and review. Instead of performing one-off assessments, blockchain would allow companies to track real-time compliance benchmarks in a decentralized ledger. In fact, all the information needed to screen a person or company could be stored on the blockchain – created once and used many times.
Data integrity is another big plus. The fact that the data on the blockchain cannot be altered or tampered with, either by external parties or by the provider itself, means it can be trusted by compliance professionals. The data or digital ledger could also serve as a secure, time-stamped, immutable audit trail to demonstrate compliance activities, all stored in a single location.
Also worth noting is the blockchain’s ability to execute smart contracts, which promises greater transparency and efficiency for third-party relationships. While traditional contracts rely on people and are prone to error and interpretation, smart contracts rely on data and data alone. The terms and penalties agreed upon at the outset are clear and accessible to all parties, and the contract is automatically enforced without the need for an intermediary. And since versions of the contract are distributed across the network, there’s no risk of losing it.
For smaller providers looking to do business with large companies, blockchain could be a game changer. These firms typically spend thousands of dollars to meet the rigorous compliance requirements of the large corporations they work with. Sometimes the cost and hassle results in them being forced to walk away from contracts. The good news is that blockchain could help level the playing field, allowing smaller players to compete with the big ones. Extensive questionnaires that third parties are required to fill out each year for every company they work with would be a thing of the past and replaced by a robust digital ledger. Every time there is a change or update, e.g. For example, a new security certification or new HR policy is updated on the ledger for everyone on the blockchain to see.
Blockchain and third-party risk: the barriers
Blockchain clearly has a lot to offer, but using an emerging technology will not be without its problems.
Gartner sees long-term potential in the technology, but highlights in its seven blockchain adoption mistakes to avoid that most blockchain offerings today are too immature for large-scale production.
While data security is said to be one of the main benefits of blockchain, the technology is not risk-free. One of the most well-known security issues are so-called 51 percent attacks, which occur when one or more malicious entities gain majority control over the nodes of a blockchain. The company then has the power to both prevent valid transactions and reverse transactions that have already taken place on the blockchain.
Speed and scalability are also mentioned as problems. Basically, the more people join the network, the slower it gets. And there’s also the skills aspect to think about. Robertson says it wouldn’t be necessary for every member of the compliance team to have an in-depth understanding of blockchain technology, but project managers and in-house developers would need to have expertise in the blockchain their company chooses, as well as the chains they use and their third parties .
For large companies, probably the biggest challenge is getting support from the company.
For smaller organizations, prioritization is the biggest barrier to adoption. If the average startup spends $83,000 on compliance costs in the first year, how can they prioritize blockchain over other compliance costs?
It may not be the panacea many would have us believe, or certainly not yet, but blockchain’s potential benefits for third-party risk management are compelling. What could be more valuable than a single source of truth about your suppliers and other third parties, accessible both up-to-date and in real-time, not to mention an indelible record of all your third-party compliance activities, all stored in one place?
It is unlikely that we will see large-scale adoption of blockchain immediately. According to Gartner and other experts, blockchain will become mainstream in the compliance industry in about five years. Until then, we can expect the various issues and vulnerabilities to be ironed out and addressed, and as more companies experiment with the technology, our understanding of its true potential becomes more likely.
When it comes to blockchain, the possibilities are undeniable.
Kevin Spiers, Head of Professional Services, ethiXbase.