If the boon of a new technology is growth and innovation, its bane is the regulatory and security risks. It is also true for Blockchain, the underlying technology behind bitcoin, as Rohas Nagpal, Cyber Crime Investigator and Blockchain Researcher and the President of Asian School of Cyber Laws, unravels a few hard facts of the technology
Have there been any dramatic changes in the existing Indian law since the introduction of bitcoin?
A virtual currency is a digital representation of value that can be digitally traded. It does not have legal tender status in any country. In India, currency notes are basically "promissory notes payable to the bearer on demand" and are issued under the Reserve Bank of India Act. That is why it is said that in India, a virtual currency is neither "legal" nor "illegal" and there has been no amendment to the relevant law in the last few years.
Do organizations in India have a holistic view of the technology and legal implications?
No, they definitely do not have a holistic view or understanding of this technology or its legal implications. It is very new in India and is just beginning.
How are organizations using blockchains able to create an impact on the financial sector? Can you explain with an example?
Financial and capital markets use Anti Money Laundering & Know Your Customer (AML & KYC) systems to identify “bad” customers and minimize money laundering, tax evasion and terrorism financing.
While banks are under pressure to cut costs, efforts to prevent money laundering and the financing of terrorism are costing the financial sector billions of dollars. Banks are also exposed to huge penalties for failure to follow KYC & AML guidelines. Costs aside, KYC & AML can delay transactions and lead to duplication of effort between banks.
It is estimated that the global volume of money laundering is more than a trillion dollars per year and less than 1% of this is detected. This poses a huge threat to the stability and security of the global financial system.
Banks and financial institutions are under increasing pressure to prevent and detect suspicious transactions. The annual compliance spend on AML is estimated to be in excess of USD 10 billion. AML procedures have also increased the turn-around time for on-boarding customer.
Banks and financial institutions are required by regulators to perform thorough customer due diligence and KYC on-boarding procedures for each individual and organization. In most cases, this vetting is already performed by another bank where the customer has an account. This lack of AML and KYC data sharing leads to duplication of efforts, significant costs and time delays.
The transaction monitoring software used by banks requires significant time to be spent to manually review red flagged transactions to determine if money laundering has actually occurred. The false positive rate is very high, because the data being reviewed is incomplete information or erroneous.
Creating a shared KYC-AML blockchain allows distribution of encrypted updates to client information in real-time and has several advantages including:
1. Reduction of time in customer on-boarding
2. Reduced duplication of effort
3. Automation of processes
4. Reduced compliance errors
5. Historical record of all compliance activities undertaken for each customer
6. Historical record of all documents pertaining to each customer
7. Provably immutable records that can be used as evidence to prove regulatory compliance
8. Maintenance of audit trail of records
What are the three different types of blockchain? What are some of legal, regulatory implications, and risks that organizations must be aware of, before/after investing in them?
Blockchains can be of three types - public, private and consortium. Before implementing, organizations must establish a comprehensive cyber security framework, such as the Primechain Blockchain Security Standard (PBSS-1), which applies to the following 8 components of a blockchain:
1. Blockchain fabric e.g. hyperledger or multichain
2. Blockchain instance e.g. a running implementation of hyperledger. This includes the block data and block headers.
3. Blockchain nodes - the servers on which a blockchain instance is installed
4. Blockchain connectors - computers used to connect to the blockchain nodes (through ssh) e.g. a Macintosh laptop
5. External interface - e.g. a php based blockchain explorer or a java based wallet application
6. External database - the database that sits between the blockchain instance and the external interface
7. Blockchain development ecosystem - the technological ecosystem of the entities where the design, development, upgrade and maintenance of the blockchain takes place
8. Blockchain user ecosystem - the technological ecosystem of the end-users of the blockchain
How will organizations prepare this cyber security framework? Who are the stakeholders who will be involved from an organization for the design of this framework?
The stakeholders would be the technology team, the legal team as well as the business team. To find out more about the framework, read the Blockchain Security Controls titled, PT-BSC, a work-in-progress document designed by me that prescribes security controls for blockchain implementations.