Information Technology

Blockchain: the compliance professional’s secret weapon

By Stephen Holmes, Vice President, FinTech Lab, Virtusa
Information Technology
Published: 10 November 2017

There’s no shortage of discussion about the increasing scope and complexity of regulation. Often, the best way to deal with risk is to impose regulations on an industry to help avoid repeating past mistakes; a process that also gives our politicians the chance to demonstrate that they’re taking steps to avoid future disasters.

Yet, the real issue currently facing businesses is the ever-increasing burden of regulations responsible for driving up costs. Last year, a report estimated that regulation in the UK costs £1.2bn a year to run – in just the financial services industry alone. This marks a six-fold increase since the year 2000, with the report also finding that 88% of large organisations claim they now spend more time and money on compliance than ever before. While well-meaning, regulation can clearly become a substantial burden for many organisations.

A global challenge
While these regulations were previously limited by the counterweight of international competition, and the need to be price competitive at a country level, the reality today is that we live in a global economy. As such, pervasive standards are set in industries regardless of where a company operates. Failing to comply with these regulations alienates a company from the global economy – giving a strong economic rationale to participate in these standards and meet regulatory demands.

Several questions arise from this. How can we reduce the burden and cost of compliance? Can we still be transparent in the face of an increasingly global regulatory environment? If you produce pharmaceutical drugs, for example, you need to comply with regulations from the European Medical Agency, and pass regular audits to access the EU marketplace. If you trade in currency, even if it’s with only one particular bank, then you need to comply globally with the relevant financial regulations. Complicating matters further, if you plan to sell anything to an EU citizen then you must comply with the upcoming General Data Protection Regulation (GDPR) standards – even if you don’t have operations in the EU.

Links in the chain
To comply with these regulations, you need to prove you have done the right thing in implementing them, while providing a clear audit trail. These auditors are increasingly transnational; you need to provide information to them in a standardised format on a regular basis. This drives the need to put in place processes to repeat this operation easily, and to take a serious look at how these processes can be automated as much as possible.

Blockchain is fast emerging as the ideal solution. It can provide a means of cost-effectively producing and sharing this information with regulators while reducing the burden of “report exhaustion” that many organisations find themselves facing. The two key properties blockchain can address include – provenance of assets, and chain of custody for operations on assets.

The provenance of an asset is a critical activity in most industries. While an asset can be represented in digital form, that form needs to be unique, and have the properties of whomever created it, along with information on where and when it was created. Checks also need to be conducted to ensure the asset is genuine. Call it a ‘Know Your Asset’ process. Without this, it is possible to place ‘counterfeit’ assets on a blockchain.

Chain of custody is another vital reporting element. Recording which activities have been done by which parties, and when they have been carried out, is a key requirement. Some industries, notably financial services, are further advanced than others because of existing regulatory requirements. However, the direction of travel is to implement this across all industries to provide a distributed tamper proof ledger of activities performed on digital assets.

The new regulatory frontier
These reporting elements all rely upon identity and access management standards, which are always evolving, and are currently being worked upon by many governments across the world. While universal standards are yet to evolve, in a permissioned private blockchain, they can be set and achieved. The blockchain, with its global reach, immutability, and enforcement of key protocols, enables an auditable, real-time record designed to be inspected by a regulator, regardless of the regulator’s location. The cost advantage for businesses is that reports then become the domain of the regulators. The metadata provided about the assets and processes are baked into ‘business as usual’, and enable increasing automation as part of any business process.

After all of this, you’d be forgiven for wondering what the missing piece to this approach is. Time will show that the answer is acceptance of blockchain by regulators as a legitimate, automated reporting platform; alongside the adoption of global standards. Considering the entire process of reporting to regulators is due for a major overhaul, blockchain can prove essential in providing a mutually beneficial solution for all parties.

For more information visit