Rapid growth of blockchain technology and platforms has made it challenging for companies to understand how to best apply, employ and harness the value of blockchain, while managing associated risks.
The KPMG Blockchain Technology Risk Assessment was created to enable companies to assess blockchain platforms and capabilities for technology and security risks throughout the product life cycle, from platform selection to proof-of-concept, and into full production. By identifying and addressing key risks, our solution can help ensure you are well positioned to leverage the efficiencies and achieve the most value from blockchain.
Read about two case studies below – Rabobank and an Asian Stock Exchange.
In blockchain, one size does not fit all
While they might have the same general functions, different blockchain platforms have different security and technology risks, and organizations need to evaluate the various solutions across their life cycle to make sure it fits their particular needs and risk appetite.
Public blockchain: access is wide-open; anyone can become a node and participate in the blockchain.
Private blockchain: access is limited to specific users through a permissions-based private network. Anyone outside of the private blockchain cannot see or participate in blockchain transactions.
Get it right the first time
Although every blockchain implementation is unique, they will typically incorporate the following three characteristics, or some combination thereof: 1) Immutable digital ledger; 2) Consensus mechanism and 3) Identity and Ownership. While these characteristics offer exciting opportunities, the challenge is that they bring with them their own specific risks.
KPMG's blockchain assessment solution is designed to help organizations understand and assess the full scope of security and technology risks associated with blockchain initiatives or applications. The solution also allows organizations to evaluate the level of maturity of controls related to in-use blockchain solutions.
10 Key Risk Assessment Areas
We have identified 10 key risk categories associated with blockchain implementations. A number of these risk dimensions are inter-dependent, driving the collective maturity of a blockchain implementation. These dimensions also take on different variations throughout the life cycle of a blockchain.
- Consensus mechanism and network management
- Cryptography, key management and tokenization
- Chain permissions management and privacy
- Use case relevance and applicability
- Data management and segregation
- Chain defense
- Interoperabiity and integration
- Scalability and performance
- Business continuity and disaster recovery
- Governance, risk and compliance
Find out more about each risk factor in our full publication.
Five-level approach to assessing the risks
Our professionals use a five-level maturity scale to assess the robustness of controls over specific activities. Each of the blockchain risk areas is scored on the maturity scale. This allows us to help companies determine where controls are the strongest and where weaknesses or gaps exist that should be recognized or addressed.
KPMG blockchain technology risk assessment framework
Based on the results of the blockchain risk assessment, we provide recommendations to help organizations respond to weaknesses and develop actual controls based on the unique needs of the blockchain project or solution.
Creating sustainable value through blockchain
There is no doubt that blockchain makes for an exciting value proposition. Yet, organizations should not jump blindly into blockchain implementations, or move from use cases to productions without having a holistic picture of the risks.
To achieve the most value from blockchain, both now and in the future, organizations must take responsibility for its safety and security. By conducting a blockchain risk assessment and addressing key risks, you can make sure you are well positioned to leverage the efficiencies and cost-effectiveness provided by blockchain without opening yourself to unexpected risks.
Learn more about our KPMG Technology Risk Assessment Solution and case studies in the publication or contact your local KPMG advisors on how we can support you through your blockchain endeavors.
Case Study – Rabobank
Rabobank is a multinational cooperative bank and the second largest financial service provider in the Netherlands, serving over 10 million customers worldwide. It is the leading financial service provider worldwide in the agri-food (wholesale, rural and retail) business, and is especially active in banking, lending, bank assurance and factoring within this sector.
Like many banks, Rabobank had been looking at blockchain and was taking steps to explore the possibilities associated with it. KPMG’s professionals worked with Rabobank to test the blockchain technology risk assessment against one of its high impact blockchain projects.
Rabobank commented that the assessment provided concrete pointers as to which areas to focus on and how to improve their maturity. The framework clearly helped to generate an oversight of all IT maturity risks and the corresponding mitigations, thereby helping to focus on improving the areas that need it the most.
*Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities)
John Ellul Sullivan
Partner, Tax Services
KPMG in Malta