Blockchain for Business, Or: Things to know before you try
Before I built a wall I’d ask to know
What I was walling in or walling out,
And to whom I was like to give offence….
Good fences make good neighbors
— Robert Frost, 1914
In this article, I explore possible uses of blockchain technology in non-financial businesses. Possible uses because the technology and supporting infrastructure are still young and still being developed. And, because the benefits associated with possible uses also bring risks, I’ll spend some ink exploring potential perils.
For many, our introduction to the term blockchain was associated with bitcoin, a digital creation claiming to be a new type of money. And, indeed, the initial development of blockchain provided the “rails” on which these new types of cybercurrencies flow. Blockchain’s origin in support of financial transactions—moving money—means that some of the discussion here will be drawn from that world, as will lessons to be learned, lessons that we can apply to non-financial business uses. Although initially following the money, eventually the press, technologists, and service providers began to distinguish between cryptocurrencies and the technology used to validate and exchange them. Accordingly, we increasingly distinguish between an asset that might carry monetary value, such as bitcoin, Ether, a cybercoin, or a cybertoken, and the technology used to carry and validate these so-called cybercurrencies.
Defining some terms
Blockchain is a digital ledger. Think about a paper ledger—it’s a list of transactions or, more simply, of actions. A ledger can record who sold an item, who bought that item, and the amount paid. Or, the ledger can record that party A paid a specified amount to party B. Or, the ledger can serve as a data base to record inventory, land ownership deeds, sales contracts, votes cast, or cross-border trade transactions.
The “block” in blockchain refers to a chunk of information, that is, one entry or transaction on the ledger. When these are linked one after the other, they create a “chain.” Using the analogy, think about running your finger down an old fashioned ledger book where each transaction falls on a successive line. Hence the name “blockchain.”
The digital nature of this list and the use of distributed ledger technology (DLT) provides features not available with the analogous paper ledger, and it’s these features that at least partially support the buzz of excitement in the technology world.
The digital structure of blockchain provides three key features:
First, each block—each ledger entry—is unique. Thus, even if the ledger includes five identical dining room tables or ten sales of $10,000 bonds, some information is included and encoded so that the hash of each entry is distinguishable from that of every other entry.
Second, the ledger is distributed, that is, identical copies are held by a large number of participating computers/entities. As each entry is added to the ledger, the information is shared and validated by many, many participants. The validations are consensus based, and if something is amiss, either the anomaly or the entire transaction is rejected. This widely- distributed replication means that if any individual participating computer, or even several, get corrupted or hacked, they still can’t undermine the core data.
Third, the blockchain data can be accessed widely, from just about anywhere on the globe (or beyond?) with computer access. This wide access will be key to some of the potential uses of the technology, which I will mention later. One of the frequently mentioned benefits of blockchain and the primary cyber-based currency, bitcoin, is that blockchain data can be publicly accessed and viewed.
In addition, the digital format carries the potential to lower costs. For many digital transactions, the cost of each individual item is driven by low marginal costs: that is, the cost of adding one more transaction (no matter how many went before) is frequently quite low. Low costs are supported by standardizing the data elements carried on each block of a blockchain transaction and by smoother flow of information associated with new, purpose-built networks, especially compared with a retrofitted “legacy” network. Given the recent pace of technology development, it sometimes appears that anything built yesterday is already, inherently “legacy” technology. It’s a worthy business challenge to implement evolving technologies to improve processes, and to have them in place long enough to support effective payback.
Potential advantages for non-financial businesses
Improved, efficient ledger activity could prove beneficial to many non-financial businesses. Information exchanges that are routine in many industries, if clearly defined and standardized, can be candidates for blockchain-based electronic ledgers. In medicine, for instance, doctors, pharmacies, hospitals, clinics, and insurance companies exchange standardized information (e.g., prescriptions and procedure coding), and these networks include a large number of industry participants. Manufacturers receive, send, and acknowledge orders and updates to and from customers and suppliers. Trading partners of many types undertake similar “conversations” that might be streamlined and automated. Digitization and continually improving network capabilities can make these shared ledgers particularly useful for the cross-border business deals that today frequently carry high communications and transaction costs.
Based on this potential, a number of industries and business entities are exploring potential uses of blockchain. The Depository Trust Company Corporation (DTCC), for instance, is experimenting with using blockchain technology to streamline its operations, which includes tracking of purchases and sales of financial assets. Note that recording the exchange of financial assets does not imply creating a new currency—this is not bitcoin. Rather, imagine
that the ledger alternatively carries automobile VIN data as easily as stock or bond registration information or repeatable contracts.
Maersk, the global shipping company, joined with IBM to create a blockchain-based mechanism to support logistics management. The press release claims that this service “empower[s] multiple trading partners to collaborate by establishing a single shared view of a transaction without compromising details, privacy or confidentiality. Shippers, shipping lines, freight forwarders, port and terminal operators, inland transportation and customs authorities can interact more efficiently through real-time access to shipping data.” This and other experiments continue.
Currently, the various initiatives to use blockchain to improve business operations are experimental, in alpha- or beta-testing, or in the design stage. The next section offers some things to consider for a business developing or evaluating the value of joining other businesses in developing or using blockchain-based services.
Prerequisites to make this work
Taking advantage of the potential efficiencies of blockchain requires that (at least) two conditions be in place: standardization and participation by others. These prerequisites are balanced by two steps to help offset risk factors: Know your participants/counterparties and watch the access points and service providers.
The automation and high-speed processing associated with blockchain-based records are optimized when the underlying records—such as entries or transactions—are standardized and that standard format includes sufficient information. To be widely useful, each entry needs to follow an agreed-to format of information relevant to the industry it supports. It seems reasonable that logistics management (as being developed by Maersk) requires one set of information, trade contracts a second set, and inventory management yet a different set of data elements. These need to be well-specified and adopted by all participants. Bitcoin and Ethereum, for instance, assert a doctrine of decentralization and openness but still maintain organized consortia and processes for establishing formats and procedures. Consensus-based operations and validation still require a consensus.
It may seem obvious to point out that standards work best when everyone adheres to them. Some industries support multiple “standards” that may compete, may or may not interoperate, and may or may not have a sufficient following. Broad adoption helps promote efficiency, interoperability, and broader use. (Economists refer to the network effect.) In support of broadly useful standards, the International Standards Organization (ISO) is sponsoring ISO/TC 307. This technical committee is charged with “Standardisation of blockchain technologies and distributed ledger technologies” and plans to release its work in stages over the next several years. In another effort, the Institute of Electrical and Electronics Engineers (IEEE) sponsors several working groups to develop industry-specific standards. IEEE initiatives currently focus on healthtech and the pharmaceutical industries.
“Standards” only need to reflect the needs of those entities that use them. Thus, a company adapting blockchain technology only for its internal use, for example, for communications among global offices and subsidiaries, does not need to conform to relevant public or industry standards. This company might, however, choose to participate and conform in expectation of broader industry adoption and potential future benefits.
Standardized formats and protocols, however, does not mean that everyone who stands on the doorstep should be let in. Bitcoin, to use the most widely used and most open-access example, presumably is used by many for legitimate business purposes. It is also widely used for illicit purposes. Although the information “block” might be public, the information elements do not necessarily reveal the real owner of the transaction. Thus, bitcoin is popular for illicit transactions such as drug sales and cyber-extortion. In May 2019, Baltimore, Maryland, was the target of a ransomware attack that froze city computers. The New York Times reported that “A copy of a digital ransom note, obtained by The Baltimore Sun, stated that the city could unlock the seized files for a price: three Bitcoins (nearly $24,000) per system or 13 Bitcoins (about $102,000) for them all.” The cyberhijackers demanded bitcoin because they are generally untraceable.
A private company or consortium of companies choosing to use an opensource standard for transactions should be very careful to establish who else participates in that network. Participation criteria should be thoughtfully specified. Note, for instance, that while credit card networks are widely accessible for financial transactions by millions of retailers, every bank that joins a credit card network (e.g., Mastercard and Visa) and every banks’ merchant customers who accept card payments are screened and monitored. And, while Bitcoin permits any entity wishing to serve as a node (data holder and transaction verifier) to follow its rules and participate, the Ripple cybercurrency network works only through selected nodes. (For fuller discussion of controlling access and risks associated with inattentive participants, see the section on “club goods” and the problem of the polder in Understanding Risk Management in Emerging Retail Payments.)
Similarly, prudent operations management requires that access points to the network be monitored. Because they are the most prevalent example, I will again draw on the experience of cybercurrencies to illustrate. To use a cyber currency, of which there appear to be a good number, a participant uses an entity called an “exchange” to buy, sell, or (optionally) to hold these so-called digital assets. In the U.S., these exchanges are not subject to regulation or supervision by public agencies that oversee banks or traditional financial or commodities exchanges. That is, they are not subject to prudential regulation by the Securities and Exchange Commission (SEC), the Commodities Futures Trading Commission (CFTC), the Comptroller of the Currency, the Federal Reserve, or any other federal entity. This is absolutely a case of “user beware.”
Two examples of risks associated with unregulated but key gatekeepers: 740,000 bitcoins (6% of the total then in existence) went missing in 2014 following a security breach at the influential Japanese bitcoin exchange Mt. Gox. The fallout and consequences are still in dispute. In February 2019, participants in the Canadian cryptocurrency exchange Quadriga CX lost everything—value, information, and passwords—when the 30-year-old CEO, Gerald W. Cotton, died. It turns out that he had sole access to the computer on which the exchange’s information, including customer data, was stored. I am hard-pressed to think of a single best practice that this didn’t violate, yet Quadriga had approximately 76,000 users, according to the court-appointed monitor.
The lessons? Rules matter. And, a business or consortium that knows its participants and better controls access to its processes reduces its risk substantially, while potentially increasing benefits to its participants.
Another note on economics
Finally, the marginal cost of a digital transaction is frequently very low, often measured in small fractions of cents. Marginal costs—the cost of adding one more transaction or item to the registry—are not, however, the full measure of costs. Like all computer-based systems, there are other costs that are fixed or preparatory. Fixed costs include buying and running computers, as well as maintaining the rule-making consortium and incremental management and overhead expenses. Preparatory costs include developing standards, writing code, and implementing the new system. As with any business decision, upfront and ongoing costs, potential benefits, opportunities, and other risks will need to be evaluated.
The bottom line
Blockchain and similar digital technologies are still emerging and, needless to say, present the potential for substantial benefits. From today’s vantage point, these technologies appear to show promise for smoothing flows of standardized information among participating entities. In particular, benefits may accrue within industries and clearly definable business niches, so cooperation and investment in industry-specific or transaction-specific consortiums could be worth considering.
The experiences of blockchain-based financial products (that is, bitcoin and other cybercurrencies) can be instructive, reminding participants to (1) establish clear, meaningful criteria for participation, whether or not the other entities are likely direct counterparties, and (2) to pay attention to all participants, including service providers and gatekeepers. As with any “early days” initiative, of course, risks and the potential for problems need to be considered. Still, shared initiatives, development of standards, and close attention to detail could certainly help improve business operations.
by Michele Braun
As Managing Executive of The Crossway Group, LLC, Michele Braun trains and advises for-profit and not-for-profit enterprises on risk management and payments initiatives, drawing on her experiences with the Federal Reserve System, in private industry, and with design thinking.
As an officer at the NY Fed, Michele oversaw systemically important payment systems and worked with banks and clearinghouses to reduce risk in domestic and global payments. She served as secretary for the Fed-sponsored, industry-chaired Payments Risk Committee and the Tri-party Repo Infrastructure Reform Task Force.
Previously, for the Federal Reserve’s Board of Governors, she managed retail payment policies, oversaw Reserve Bank ACH and check operations, and worked to remove regulatory barriers to electronic payments innovation, including Check21. She was a key on-the-spot manager for Y2K planning, 9/11 payment services recovery, and Dodd-Frank reforms.
Ms. Braun holds a M.S. in Public Management and Policy from Carnegie Mellon University’s Heinz College and a B.S. in Industrial and Labor Relations from Cornell University. She is a frequent contributor to business publications on risk management, payments, and innovation. Contact Ms. Braun at firstname.lastname@example.org.