The DTCC has published a new white paper, Security of DLT Networks, which recommends the creation of a comprehensive, DLT-specific Security Framework and, potentially, an Industry Consortium that would spearhead research into standards and guidelines for the sector.
The Depository Trust & Clearing Corporation (DTCC), a global financial market infrastructure giant, says traditional IT security frameworks must be updated to tackle the blockchain.
An official press release on Feb. 12 took note of the expected rise in adoption of distributed ledger technology like blockchains in financial services globally.
New benefits, new risks
In its white paper, DTCC notes that at present, DLT in financial services is characterized by fragmented standards and guidance with respect to technology-specific security risks.
The industry giant recognizes that DLT implementation is poised to offer multiple actors a wide gamut of value propositions, notably “strengthened identity measures, improvements in information preservation and data integrity, processing efficiencies, increased operational capacity, and compliance effectiveness.”
Yet with these benefits come new risks, with better standards needed to ensure DLT interoperability, consensus around terminology, effective governance an robust digital identity management.
All financial industry stakeholders thus have an interest in contributing to the creation of a DLT security framework, the paper argues.
At the level of individual firms, DTCC notes, best practices should be established spanning risk management and oversight, cybersecurity, third-party management, and incident response.
Moreover, technology-specific considerations should be taken into account for the creation, maintenance, storage and disposal of sensitive data. These considerations would aim to bridge the security gap between DLT and legacy IT environments, and establish standard authentication methods with attention to the use of cryptographic hash functions.
In a statement, Stephen Scharf, chief security officer at DTCC, stressed the need for a coordinated strategy to develop industry-wide consensus:
“As is common in IT security communities, frameworks must be widely available, generally agreed upon, and commonly adopted. As best practices mature, they can be adopted into a formal framework and used for financial industry participants and regulators alike.”
Tackling DLT head on
As reported, this is not DTCC’s first foray into tackling the global policy standards it judges to be necessary for smooth DLT implementation in financial services. In March of last year, it published a white paper outlining guiding principles for the post-trade processing of tokenized securities.
Back in 2018, a DTCC-led study found that DLT is scalable enough to support daily trade volumes of the United States equity market. DTCC, moreover, itself has plans to replatform its Trade Information Warehouse with DLT.
DTCC Pushes Back Blockchain Project to Avoid Brexit Complications
The Depository Trust & Clearing Corporation (DTCC) has pushed back the release of its blockchain-based post-trade system for derivatives by several months, in part because of complications created by Brexit.
The official line from the U.S. central securities depository (CSD) is that the delay, which has not been previously reported, is to allow for additional testing of the revamped trade information warehouse (TIW).
A spokesperson for the DTCC told CoinDesk:
“The project is progressing well. DLT and cloud development have been completed and we continue to conduct in-depth industry-wide testing with our clients, vendors and technology providers. However, to ensure that this technology is implemented in a measured, prudent and most secure manner, we have allocated additional months for testing, to ensure that firms are 100 percent ready.”
But a person familiar with the technology testing process said the upset about to be caused by the U.K.’s departure from the European Union was also a factor behind the postponement.
The previously scheduled release of the new TIW system coincided with the week of Brexit, which is slated for Oct. 31.
“When Brexit happens, everybody has to open up a whole set of new accounts outside of the U.K. They basically have to kind of split their records; there have to be their E.U. records and their U.K. records”, said the source.
Assuming Brexit does happen, the source added, firms have an additional set of operational work to do and DTCC wanted to separate that from going live with TIW.
There are also other timing issues to do with market implementation, including new regulations from the Commodity Futures Trading Commission (CFTC), the source said.
DTCC did not provide an exact date for the re-scheduled release.
The transformation of the TIW from mainframe to cloud, using a distributed ledger designed by technology provider Axoni, is uniquely challenging because when it’s turned on, the legacy system will be switched off.
The TIW handles settlement and processing of $11 trillion of credit derivatives worldwide, making the upgrade, announced in January 2017, one of the most significant enterprise blockchain projects.