It has been saluted as a major development in the battle against fraud in financial services.
Last week, HSBC Holdings made the proud announcement that it had performed the world’s first financial transaction using blockchain. HSBC and the Dutch bank ING conducted it on behalf of the food and agricultural group, Cargill.
There can be little doubt that blockchain can – and will – reduce the risk of fraud in letters of credit and in other major transactions. It makes transactions simpler and quicker and is probably deserving of the praise being heaped on it. It places an emphasis on both transparency and security – issues which will always go some way to preventing, or at the very least identifying, financial crime.
The blockchain technology effectively acts as a vast global database which is spread out across millions of computers all over the world. It stores transactions that represent value such as money, information and assets.
With everyone in what amounts to a chain of computers having to approve an exchange before it is verified and recorded, there is a clear digital record of transactions. Such a facility enhances openness. It is public and transparent, so can act as a digital time stamp. Once a transaction is recorded, it cannot be deleted or removed. This is where the reliability of blockchain comes in. Due to cryptography, records cannot be erased or tampered with. Because the blockchain is decentralised, it makes it harder to hack.
For example, if you had a bank vault that had a substantial amount of money and information within it, once it is broken into, the vault is compromised. With blockchain technology, you would have to effectively break into those millions of computers - and have to break into them all at once – which is why it is so difficult to hack.
But while blockchain may be offering a future of greater speed, efficiency, transparency and – perhaps most crucially – security, it must not be viewed as something that gives financial services invincibility against fraud.
Now, as ever, companies and individuals need to be examining every aspect of their working practices to see how to prevent fraud. Blockchain may prevent or deter some of those looking to commit fraud. It will surely be of huge value to those in financial services. But it is not capable of eradicating all risk of fraud.
Research conducted for PWC earlier this year indicated that half of all UK companies may have been affected by fraud or other economic crime in the past two years. What was equally striking was that only half of the firms questioned had carried out a fraud risk assessment in those two years. When this is considered, the argument that blockchain will be a cure-all for fraud seems unrealistic.
Blockchain may be an asset in tackling fraud. But all businesses must put the emphasis on proper preventative measures if they are serious about removing the risk of fraud.
This involves a thorough, ongoing assessment of the potential for fraud being committed by staff, third parties, intermediaries, customers and trading partners – in short, anyone with a connection to the business or knowledge of its workings.
Senior staff need to identify all potential for problems and then devise, introduce and maintain procedures that allow wrongdoing to be identified and prevented.
This means looking at all aspects of its activities: those working for or with it, record keeping, payment systems, management and monitoring structures. This should involve looking at a lot of the features of a company that blockchain has little or no relevance to: because each of these may contain weaknesses that could be exploited by those looking to perpetrate fraud.
Blockchain may ensure a payment is safer. But it has limitations when it comes to fraud prevention. It cannot determine the motivation behind a payment, how deserving a recipient is of such a payment or whether any payment should be being made.
An example of this is the case of Silk Road (USA v Ross William Ulbricht ) where Mr Ulbricht was convicted of money laundering, computer hacking and conspiracy to traffic narcotics using Bitcoin and Tor in an effort to evade law enforcement.
He developed a dark net market place known as the Silk Road. This was effectively a criminal enterprise which allowed the sale and purchase of illicit goods, such as false passports, guns and drugs. This operation generated more than 214 million dollars in sales.
The blockchain method became useful in the Silk Road case when uncovering corruption. It would have been extremely difficult to trace the corruption had it not been for the blockchain technology. As explained above, the blockchain cryptography means that records cannot be traced or tampered with. This led to an asset tracing exercise and the movement of funds could be followed after they had gone into the personal accounts and shell companies of Shaun Bridges and then on to Carl Force, a US DEA agent.
As a result of this, Shaun Bridges pleaded guilty to stealing over 800,000 US dollars’ worth of Bitcoin and Carl Force admitted extortion, money laundering and obstruction of justice.
The case was a clear example of how the blockchain method can be used as a tool to prevent fraud and corruption. But it did not prevent the initial wrongdoing.
Business, therefore, has to take it upon itself to prevent fraud. Some in business will argue that taking responsibility for fraud prevention is too big a commitment for them to undertake. In that case, they need to seek external help to identify the areas vulnerable to fraud and then “design out’’ the risk with preventative measures.
Such tightening up of day-to-day working practices will go some way to reducing the scope for wrongdoing. But again, this alone will not be enough.
An appropriate whistle blowing procedure will complement such measures. Encouraging staff to report their suspicions of wrongdoing - in the knowledge that their concerns will be treated seriously - will not only lead to fraud being identified, it can also help promote an anti-fraud workplace culture.
This approach creates an awareness of the possibility of fraud, makes it more likely to be detected and serves as a deterrent to those who may be thinking of committing it. Any reports of fraud need to be investigated thoroughly, impartially and discreetly to allow a company to determine what, if any, action needs to be taken.
An internal investigation is only likely if information has come to light that indicates possible fraud. And that information in itself is only likely to emerge if the company has the procedures in place for fraud to be prevented, identified and reported.
Fraud evolves in response to changing business circumstances. Blockchain may go some way to preventing fraud. It may have a useful deterrent effect in some business sectors and in some parts of individual businesses. It may be the best development in financial services security for a long time. But it will never deter or prevent all fraud.
That is why blockchain should be welcomed. And why it should be viewed as only part of a company’s ongoing commitment to fraud prevention.
*This article originally appeared in Thomson Reuters