The financial services industry and its regulators recognize the transformational potential of blockchain technology to reshape legacy operations and business models. Over the past decade, institutions and central banks globally have engaged in experiments demonstrating blockchain's substantial benefits.
Our publication, “A Proposed Risk Mitigation Framework For Non-Financial Risks Of Blockchain Infrastructures,” produced in collaboration with Global Blockchain Business Council, focuses on public permissionless and permissioned blockchain infrastructures — collectively termed as "public blockchains."
The risks tied to these technologies are inadequately addressed by current risk management frameworks. Public blockchains must be considered within the broader trend of financial institutions increasingly outsourcing their technology infrastructure, similar to the evolution of internet and cloud-based services.
Blockchain in finance — five principles to drive adoption and manage risk
A critical obstacle to the widespread adoption of blockchain infrastructure is the lack of recognized risk management frameworks and regulatory acceptance. The Risk Management Framework (RMF) aims to establish a reference that empowers regulated and prudentially supervised financial institutions to safely and reliably deploy public blockchain infrastructures in their businesses to unlock innovations and efficiencies.
To effectively enhance the integration of public blockchains within the financial sector, it is essential to provide a concise and adaptable standard that seamlessly fits into existing risk management frameworks, accommodating financial institutions at any stage of blockchain adoption. Additionally, facilitating regulatory endorsement is crucial; this can be achieved through active dialogue with policymakers and regulators to support the development of harmonized policies.
It is also important to remove institutional obstacles by addressing operational uncertainties and regulatory ambiguities, which will enable confident and risk-aware interactions with novel ecosystems. We've identified five key takeaways from our work in developing the framework:
Blockchain introduces specific novel risks requiring targeted risk frameworks
Blockchain technology provides key advantages — including a decentralized network with built-in redundancies, immutable records and continuous 24/7 operations — that enhance transparency, efficiency and resilience. However, these features also introduce novel risks that fall outside conventional risk management frameworks. A clear categorization helps address this challenge: (1) risks requiring entirely new mitigation strategies, (2) risks needing adaptation of existing standards and (3) risks manageable through standard practices.
Public blockchain governance differs from traditional operating models
Unlike traditional digital infrastructure services that are centrally governed and where risks are contractually distributed, public blockchains leverage various decentralized governance models and rely significantly on open-source quality assurance mechanisms. Public blockchain ecosystems should endeavor to clearly define such governance structures, including their risks and challenges. Simultaneously, financial institutions must adapt their own internal governance and decision-making.
Public blockchain adoption demands new resiliency strategies
Financial institutions should consider adopting public blockchains alongside complementary support services — such as third-party node operators and failover systems to traditional providers — to bolster resilience. In addition, institutions must shift from passive consumption of software services to active participation in public blockchain ecosystems. They can further enhance robustness and resilience by directly or indirectly engaging in operations, such as running nodes, and contributing to underlying codebases through participation in open-source development.
Security tokens offer strong benefits but require adapted approaches
Security tokens provide clear benefits, including greater transparency, fractional ownership, potentially improved liquidity, operational efficiencies, and automated compliance. Nevertheless, they present unique challenges such as interoperability, settlement finality, and specialized custody requirements. Effective management of the associated risks demands coordinated efforts from both regulators and market participants.
A structured approach to risk analysis is key to blockchain adoption
Institutional blockchain adoption should be accompanied by empirical validation processes, adversarial network, and load tests to ensure operational resilience and continuous improvement. Ongoing public-private collaboration, leveraging community-driven and open-source mechanisms, is essential. Financial institutions should actively participate and provide resources for such work. Continuous improvements to existing open-source risk frameworks and standards should be pursued to ensure relevance and responsiveness.
Building a future-ready blockchain risk framework
This initiative is a foundational step in a multiyear journey to support the institutional adoption of public blockchain infrastructures. Central to this effort is continuous public-private sector collaboration, integrating market feedback to ensure the RMF remains relevant and aligned with evolving regulatory requirements, technological advancements, and institutional expectations. The RMF will be developed in phases, progressively expanding its focus across asset classes and use cases.
