公有链技术为银行带来的新风险和不确定性

Posted on Edited on

根据BIS的文章:https://www.bis.org/bcbs/publ/wp44.pdf

直接说结论:公有链会产生现有风险分类中的风险,主要是运营风险,其次是流动性风险和市场风险。银行有管理此类风险的经验,但公有链带来了一些新挑战,可能需要新的或额外的方法来管理风险。减轻这些风险的做法处于不同的发展阶段,一般没有经过压力测试。虽然针对这些风险的技术解决方案尚未成熟,但快速发展可能会产生新的解决方案(和风险),这些解决方案(和风险)可能值得进一步研究。

Discussion of potential mitigants

  • A. Business Continuity Planning Governance risk; technology/attack risk; political, policy, and legal uncertainty
  • B. Technology-based control over parties and transactions Legal/compliance risk (money laundering/financing of terrorism)
  • C. Permissioning a subset of node infrastructure Legal/compliance risk (money laundering/financing of terrorism); technology/attack risks, consumer protections risk
  • D. Technology to address privacy/confidentiality/consumer protection risks Privacy/confidentiality/consumer protection risks
  • E. Technology to address liquidity risk Liquidity risk

Business continuity planning

BCP could involve a registry that can be used to recover ownership after disruption, such as an off-chain database. For example, in the event of a hard fork or an attack on the blockchain that creates uncertainty as to the distributed ledger’s accuracy, the off-chain records could be used to identify the rightful owner of the assets or the branch of the fork that should be followed. BCP could also set out all relevant internal processes, including those to ensure that all transactions and participants are traceable, potential lost data can be recovered, and the records on the ownership of the assets can be retrieved within a reasonable timeframe. In addition, BCP could define an alternative blockchain where assets would be created or ported in case of disruption of the primary blockchain (“designation of a contingency chain”).

Technology-based control over parties and transactions

On certain permissionless blockchains, tokens that parties transact in are created or subject to constraints programmed by smart contracts. Those smart contracts determine the tokens’ operational attributes and limitations. Among other things, smart contracts can be used to control and limit access to and ownership of a token and even to reverse transactions that have already been processed. These features, in turn, could be used to mitigate some of the AML/CFT risk associated with permissionless blockchains. Implementation of permissions can take a number of forms:

  1. Denylisting: when a crypto-asset has deny-listing functionality, the issuer can use the smart contract to bar specified addresses on the blockchain from holding or accessing the asset. A banking organisation might use this functionality to prevent transactions to or from wallets associated with known terrorists, criminals, or states subject to Office of Foreign Assets Control (OFAC) sanctions. The ability to infinitely create new wallets may limit the effectiveness of this mitigant.
  2. Allowlisting: the inverse of denylisting. The token in question is programmed to be accessed only by approved addresses on the blockchain. Addresses that are not on the allowlist will not be able to receive or send the asset. The issuer can add or remove participants to the allowlist via the smart contract.
  3. Privacy-preserving identity verification: technologies such as zero-knowledge proofs may allow identity verification while preserving privacy at the transaction level. Such technologies are nascent in both development and application.
  4. A controller: smart contracts can also be used to empower a designated entity (the controller) to control and limit access to the cryptoasset; block and reverse transactions that are fraudulent; and amend the code that implements the cryptoasset functions to address any deficiencies that may emerge. The controller could be the entity that develops and maintains the business continuity plan (discussed above). The controller would not exercise control over the permissionless network itself, but over the specific tokens of a specific issuance. The controller could use its authority to help mitigate legal/compliance risks, in particular money laundering / financing of terrorism and OFAC sanctions risks, through the use of off-chain due diligence and blockchain-related permissioning technology.

    Permissioning node infrastructure

    Permissioning a subset of nodes might create known validators that are deemed safe for particular users such as banks to interact with. This may help address risks such as legal and compliance risks (including gas fee risks or ML/FT risks), technology/attack risks (including MEV risks), and consumer protection. This would likely come at the cost of slowing down transactions for the parties attempting to avoid paying gas fees to nodes operated by criminals or other sanctioned parties.

    Technology to address privacy, confidentiality and consumer protection risks

    Technology to address privacy, confidentiality, and consumer protection risks is being developed. Some potential solutions, such as zero-knowledge proofs, may take the form of permissioned chains “one level up” from the primary blockchain. In such a configuration, the primary chain is referred to as a layer 1 chain, while the chain one level up is referred to as a layer 2 chain. Alternatively, a separate blockchain that communicates with the permissionless primary blockchain, called a sidechain, may be employed. In addition to zero knowledge proofs, other methods such as fully homomorphic encryption might be used to protect consumer information.

    Technology to address liquidity risk

    Low transaction throughput of popular permissionless blockchains can be exacerbated in times of system stress, imposing liquidity risk on tokenised assets. Several variations on layer 1 consensus mechanisms are intended to speed up the clearance of transactions. In addition, many blockchain projects aim to speed up transaction processing on layer 2 chains and sidechains. However, while these solutions aim to off-load transaction volume from layer 1s, they still depend on the base permissionless blockchain for final settlement and therefore only partly compensate for the layer 1’s transaction processing speed. These technologies are all developing rapidly.