The chasing of securities-related security risks around DLT must get structured, says US post-trade dominant DTCC. On the payments side, a similar message is posted by the central banks of Europe and Japan.
As a provider of custody for assets worth $50,000 billion, DTCC may be wise to give DLT risks a thought. In a new white paper the company suggests putting up, in its own words, “a comprehensive industry-wide DLT Security Framework to review existing security guidelines, gaps in the approach to DLT security, and the need for increased standards”. An industry consortium could lead the job, it proposes. Finextra is among the media that have picked up the news.
Coincidentially, a report from Project Stella – a joint research project by the European Central Bank (ECB) and Bank of Japan (BoJ) – is published simultaneously. This points out a fundamental security dilemma about DLT solutions as they regard payments: the fact that a confidential distributed ledger payments network “cannot be effectively audited without increasing the network’s operational risk”, notes news site FX Markets.
Best practice next
The security framework proposed by DTCC would serve to help firms apply best practices as they evaluate their risks of various sorts. It could guide the handling of DLT keys throughout their lifecycles, advise on policies for account access and authentication, and “bridge the security gap between DLT and traditional IT environments”.
“With adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets,” says Stephen Scharf, chief security officer at DTCC, in the press release.
“As best practices mature, they can be adopted into a formal framework and used for financial industry participants and regulators alike.”
DTCC is the United States’ central securities depository (CSD), as well as a provider of various securities-related services. It is industry owned.
The full version of DTCC’s paper, Security of DLT Networks, can be downloaded here.