The DTCC has published a whitepaper on security for distributed ledger technology (DLT) networks. The organization is responsible for clearing and settling the majority of U.S. securities transactions, $1.854 quadrillion in 2018. It also functions as a central securities depository.
Traditional IT security frameworks have “possible” shortcomings when it comes to DLT, says the DTCC. And it explores special and additional factors that need to be taken into account for DLT.
“With adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets,” said Stephen Scharf, Chief Security Officer at DTCC.
“DLT offers great potential, but as with any new technology, it also comes with certain risks. Traditional security measures may not be adequate, so it is critically important that this topic is top of mind for any DLT implementation.”
Rather than a variety of organizations making different recommendations, it hopes to form a consortium to establish a common standard.
“As is common in IT security communities, frameworks must be widely available, generally agreed upon, and commonly adopted. As best practices mature, they can be adopted into a formal framework and used for financial industry participants and regulators alike,” added Scharf.
We recently wrote about a related issue with the Corda Network. DLTs using Corda technology can optionally participate in the Corda Network so that separate consortia can interoperate. For example, an insurance network might provide insurance for a supply chain network.
However, we found that most enterprises want to enforce perimeter-style security. This makes it harder to participate in an interoperable network. And some referred to the perimeter approach as “outdated”.
The security whitepaper isn’t the DTCC’s first on blockchain or DLT. It also explored the pros and cons of instant settlement or delivery versus payment (DvP). Some see DvP as reducing the need for central counterparties and hence potential cost savings. But the DTCC pointed out that current netting systems are efficient, and instant settlement could require far higher cash or liquidity levels during the day.
Additionally, it published a whitepaper on DLT governance in conjunction with Accenture.
The DTCC has been working on a DLT version of its Trade Information Warehouse (TIW), which processes almost $10 trillion in bilateral derivatives.