適應(yīng)金融區(qū)塊鏈的風(fēng)險(xiǎn)管理_第1頁(yè)
適應(yīng)金融區(qū)塊鏈的風(fēng)險(xiǎn)管理_第2頁(yè)
適應(yīng)金融區(qū)塊鏈的風(fēng)險(xiǎn)管理_第3頁(yè)
適應(yīng)金融區(qū)塊鏈的風(fēng)險(xiǎn)管理_第4頁(yè)
適應(yīng)金融區(qū)塊鏈的風(fēng)險(xiǎn)管理_第5頁(yè)
已閱讀5頁(yè),還剩110頁(yè)未讀 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

?GBBCGlobalBlockchainBusinessCouncil?OliverWyman

CoreIndustry-LeadingWorkingGroupContributors

AvaLabs

CardanoFoundation

Clearstream

EuroclearGroup

GlobalBlockchainBusinessCouncil(GBBC)

HederaFoundation

Ripple

OliverWyman

TheDepositoryTrust&ClearingCorporation(DTCC)

Observers

TheWorldBank

WewouldliketoextendoursinceregratitudetothefinancialinstitutionsthatarenotnamedyetparticipatedinRMF-Phase1.Yourcontributionsaregreatlyappreciated.

Contact

Commentsfromfinancialindustrystakeholdersandregulatorsareactivelyencouragedtoinformandrefinefuturephasesofthisinitiative.Pleasecontactrmf@tosharefeedbackandaskquestions.

FrequentlyAskedQuestions(FAQs)

Clickheretoaccess.

?GBBCGlobalBlockchainBusinessCouncil?OliverWyman

Contents

ExecutiveSummary 5

Fivekeytakeaways 6

1.Contextandscope 7

1.1.Overview 7

1.2.Objective 8

2.Referencemethodologyformanagingnon-financialrisks 9

3.Adaptingnon-financialriskmanagementframeworkstoincorporatepublicblockchain

risks 10

3.1.Riskframework 10

3.2.Approach 11

3.3.Riskmitigationcapabilities 13

4.Novelrisks 14

4.1.Technologyrisk 14

4.1.1.Publicblockchainrisksandmitigationstrategies 14

4.2.Informationsecurityrisk 18

4.2.1.Publicblockchainrisksandmitigationstrategies 18

4.3.Financialcrimerisk 22

4.3.1.Publicblockchainrisksandmitigationstrategies 22

4.4.Businesscontinuityrisk 24

4.4.1.Publicblockchainrisksandmitigationstrategies 25

4.5.Thirdpartyrisk 26

4.5.1.Publicblockchainrisksandmitigationstrategies 26

5.Adaptedrisks 28

5.1.Legalrisks 28

5.1.1.Publicblockchainrisksandmitigationstrategies 28

5.2.Transactionandprocessexecution 29

5.2.1.Publicblockchainrisksandmitigationstrategies 29

5.3.Datamanagement 30

5.3.1.Publicblockchainrisksandmitigationstrategies 30

6.Standardrisks 31

7.Privatepermissionedblockchains 33

8.SecurityTokens 34

8.1.Valuechains 35

8.2.Stakeholdersacrossthevaluechainandriskmitigationstrategies 37

8.3.Keyrisksandmitigationstrategies 41

?GBBCGlobalBlockchainBusinessCouncil?OliverWyman

9.Pathforward 43

Appendix 44

Riskandmitigationmatrices 44

Technologyrisksandmitigationsapproaches 44

Informationsecurityrisksandmitigationsapproaches 50

Financialcrimerisksandmitigationapproaches 56

Businesscontinuityrisksandmitigationsapproaches 60

Thirdpartyrisksandmitigationsapproaches 62

Legalrisksandmitigationapproaches 63

Transactionsandprocessexecutionrisksandmitigationsapproaches 64

Datamanagementrisksandmitigationsapproaches 64

Glossary 65

ExecutiveSummary

?GBBCGlobalBlockchainBusinessCouncil?OliverWyman5

ExecutiveSummary

Thefinancialindustryandregulatorsrecognizethetransformationalpotentialofblockchaintechnologytoreshapelegacyoperationsandbusinessmodels

withinthefinancialservicessector.Indeed,overthepastdecade,leading

institutionsandcentralbanksacrosstheworldhaveworkedonabroadset

ofexperimentsandinitiativeswhichhavedemonstratedtheprofoundbenefitsblockchaintechnologycanbringtothefinancialsystem.Thefollowingwork

focusesonpublicpermissionlessandpublicpermissionedblockchaininfrastructures(“publicblockchains”)astheirassociatedrisksarenotadequatelyaddressedbyexistingriskmanagementframeworks.

Publicblockchainsneedtobeseenwithinthecontextofever-increasinglevelsoftechnology-infrastructure

externalizationbyfinancialinstitutions—acontinuationofatrendthathasalreadygivenrisetothe

communicationinfrastructureoftheinternetandcloud-basedservices.Atthesametime,open-sourcesoftwaredevelopmentmodelshavegainedacceptanceandhaveproventobenotonlyresilient,

butinsomecasessuperiortotraditionalclosedsoftwaredevelopmentmodels.

Publicblockchainsrepresentanaturalextensionofthesebroadermacrotrends.Acriticalgapimpedingthe

wideradoptionofblockchaininfrastructureistheabsenceofrecognizedriskmanagementframeworksand

correspondingregulatoryacceptance,particularlybyfinancialinstitutions.AclearRiskMitigationFramework(RMF)addressingpublicblockchainscanbeestablishedbyexpandingandadaptingexistingriskmanagementframeworksdesignedforexternalizedinfrastructure,suchascloud,andopen-sourcesoftwaredevelopment.Significantadvancementsintheresilienceandsecurityofpublicblockchainssuggesttheseinfrastructurescannowofferreliablesolutionssuitableforinstitutionaluse.

Yet,despiteblockchain’smaturity,broadinstitutionaladoptionofpublicblockchainsstillfaceschallenges.UnlikemoderntraditionaltechnologieswhereServiceLevelAgreements(SLAs)canclarifyoperationalresponsibilities

andliability,publicblockchainstypicallyimplementintrinsicallymorecomplexoperatingandgovernancemodels.Conversely,thedecentralizedstructureofpublicblockchainsmitigatescertaintraditionaldigitalinfrastructure

risks,suchassinglepointsoffailureorsingle-operatordependence.

Financialinstitutionsseekingtousepublicblockchainsmustadapttheirriskframeworkstoidentify,assess,

andmitigatethesenewrisks.Additionally,publicblockchaincommunitiesshouldsupporttheseeffortstoenableadoptionatscale.Recognizingthesechallenges,theRMFproposalpresentsastructured,actionableapproach

tointegratethenon-financialrisksofpublicblockchainsintoestablishedriskmanagementstandardsandtools,suchastheOperationalRiskReferenceTaxonomyintroducedbytheOperationalRiskdataeXchangeAssociation(ORX).TheRMFaimstoadvancepublicblockchaininfrastructurebyprovidingaconciseandadaptablestandardforintegrationintoexistingframeworks,facilitateregulatoryendorsementtoadvanceharmonizedpolicy

development,andremoveinstitutionalobstaclestoadoption.

Finally,thelastsectionofthisRMFexaminesthespecificriskmanagementchallengesofsecuritytokens,oneofthemostprominentusecasesforpublicblockchains.Securitytokens,whethernativelyissuedorstructuredastokenwrappers,havesignificantpotentialtostreamlinecomplexmulti-infrastructureprocessesanddeliveroperationalefficienciesthroughinstantaneoussettlementandfractionalownership.Despitethispotential,

securitytokensonpublicblockchainsfacenotableadoptionhurdlesduetothelackofaunifiedrisksyntax.

TheRMFacknowledgesthecomplexityofthismultidisciplinarychallengeandrecognizesthatfurtheriteration

andimprovementarerequired.Therefore,theRMFisbeingpublishedasadraftbasedonthepracticalexperienceandinputfromparticipatinginstitutions.Commentsfromfinancialindustrystakeholdersandregulatorsare

activelyencouragedtoinformandrefinefuturephasesofthisinitiative.

Fivekeytakeaways

?GBBCGlobalBlockchainBusinessCouncil?OliverWyman6

Fivekeytakeaways

Blockchainintroducesspecificnovelrisksrequiringtargetedriskframeworks

Blockchaintechnologyofferssignificantadvantages—suchasdecentralizednetworkwithbuilt-

inredundancies,immutablerecords,andcontinuous(24/7)operations—thatenhancetransparency,

operationalefficiency,andresilience.However,thesesamefeaturesintroducenovelrisksthatdonotfitneatlyintotraditionalriskmanagementframeworks.Aclearlydefinedcategorizationintothreecategorieswhere1)novelriskmitigationstrategiesneedtobedefined,2)risksrequiringadaptationtoexistingstandards,and3)

wherestandardriskmitigationstrategiesaresufficientisimportanttoenablefinancialinstitutionsand

regulatorstoprioritizetheirriskmanagementefforts,whilemaximizingthebenefitsthatblockchainsbringtothefinancialsystem.

Publicblockchaingovernancediffersfundamentallyfromtraditionaloperatingmodels

Unliketraditionaldigitalinfrastructureservicesthatarecentrallygovernedandwhererisksarecontractuallydistributed,publicblockchainsleveragevariousdecentralizedgovernancemodelsandrelysignificantlyon

open-sourcequalityassurancemechanisms.Publicblockchainecosystemsshouldendeavortoclearlydefinesuchgovernancestructures,includingtheirrisksandchallenges.Simultaneously,financialinstitutionsmustadapttheirowninternalgovernanceanddecision-makingprocessestotheirpublicblockchainsofchoice,

ensuringgovernancevisibilityandadequatereactioncapability.

Publicblockchainadoptiondemandsnewresiliencystrategies

Financialinstitutionsshouldconsiderpublicblockchainadoptioninconjunctionwithcomplementarysupportservices(e.g.,third-partynodeoperators,failoversystemstotraditionalserviceproviders,etc.)toachieve

resilience.Furthermore,financialinstitutionsmustmovefrombeingpassiveusersofsoftwareservicestoactivelyparticipatinginpublicblockchainecosystems.Institutionscanfurtherstrengthenpublicblockchainrobustnessandresiliencebydirectlyorindirectlyparticipatingintheiroperations(e.g.,runningnodes)andcontributingtounderlyingcodebases(e.g.,participatinginopen-sourcedevelopment).

Securitytokenspresentcompellingbenefitsbutrequirenewriskmanagementapproachesandanadaptedmarketstructure

Securitytokensprovideclearbenefits,includingenhancedtransparency,fractionalownership,potentiallyimprovedliquidity,operationalefficiencies,andautomatedcompliance.Nevertheless,theypresentuniquechallengessuchasinteroperability,settlementfinality,andspecializedcustodyrequirements.Effective

managementoftheassociatedrisksdemandscoordinatedeffortsfrombothregulatorsandmarket

participants.Regulatorsneedtoestablishclearregulatorystandardsforamarketstructurethatrequiresfewerintermediaries.Marketparticipantsneedtodevelopandimplementrobustblockchain-specificriskmanagementframeworks.

Astructuredapproachtoriskanalysisofblockchains

Institutionalblockchainadoptionshouldbeaccompaniedbyempiricalvalidationprocesses,adversarial

network,andloadteststoensureoperationalresilienceandcontinuousimprovement.Ongoingpublic-privatecollaboration,leveragingcommunity-drivenandopen-sourcemechanisms,isessential.Financialinstitutions

shouldactivelyparticipateinandprovideresourcesforsuchwork.Continuousimprovementstoexistingopen-sourceriskframeworksandstandardsshouldbepursuedtoensurerelevanceandresponsiveness.

Contextandscope

?GBBCGlobalBlockchainBusinessCouncil?OliverWyman7

1.Contextandscope

1.1.Overview

TheRMFisanindustry-ledeffort,facilitatedbyGlobalBlockchainBusinessCouncil(GBBC)andOliverWyman,

togivefinancialinstitutionsguidelinestoanalyzeandcontrolforthenon-financialrisksthatarisewhenthey

usepublicblockchaininfrastructure.Across-sectorworkinggroup—comprisingfinancial-marketinfrastructures,globalsystemicallyimportantbanks,multilateraldevelopmentbanks,andleadingLayer-1protocolteams—hascollaboratedtoprovideacommonreferencethatisrootedintheirpracticalexperienceofmanagingrisksor

blockchainimplementationsandprovideanoverviewofhowthenewtechnologycanbeincorporatedintoestablishedriskmanagementframeworks.

Whileblockchain,akintotheinternet,isinherentlyuse-caseagnosticandsupportsnumerousnon-financial

applications,thecross-sectorworkinggroupidentifiesitstransformativepotentialtodriveanewwaveof

financialinnovationwithapotentialtofundamentallyreshapefinancialservices.TheBankforInternational

Settlements(BIS)believestokenizationwillenhancethecapabilitiesofthemonetaryandfinancialsystemby

enablingnewwaystoserveendusersandbyremovingthetraditionalseparationofmessaging,reconciliation,

andsettlement

1.

Similarly,theExecutiveOrderissuedbythePresidentoftheUnitedStates‘EnsuringResponsibleDevelopmentofDigitalAssets’recognizesthatadvancesintechnologyandtherapidgrowthofdigitalasset

marketsareshapingthefutureoffinance

2

.

Publicblockchainsextendthesepotentialbenefitsbeyondtraditionalfinancialservices,offeringnew

infrastructurerailsforexchanginginformationandvalueoverashareddatabaselayer.Thisexpansionrequires

theadaptationandevolutionofexistingriskmanagementpractices.Justascloudservicesandtheinternethave

becomefoundationalforfinancialinstitutions,blockchaintechnologyrepresentsthenextstepintheevolution

oftheinfrastructure.Financialinstitutionsmustthereforeengagewiththesetechnologies,contributetotheir

developmentandgovernance,andadoptnewresponsibilitiesessentialtomanagingsharedpublicinfrastructures.

Financialinstitutionshaveanopportunitytoleverageblockchaintechnologytoofferintegratedfinancial

services,improvefinancialinclusion,modernizelegacysystems,andreducerisksassociatedwith

interconnectedinfrastructuresandprocesses.Blockchain’spotentialhasgainedwidespreadrecognition,

withregulatedinstitutionsaccumulatingconsiderableexperiencedesigningandoperatingpublicandprivateblockchainsystems.However,tomovefromproof-of-conceptstagestoscaledproduction-leveldeployments,clearerregulatoryguidanceandindustrystandardizationisnecessary.Financialinstitutionsmustalso

systematicallyintegratetheseemergentinfrastructuresintoestablishedriskmanagementpractices.

ThisfirstversionoftheRMFaddressestwoarchetypesofpublicblockchains:publicpermissionlessandpublic

permissioned.Thesetwotypespresentdistinctcharacteristicsandriskprofiles,necessitatingtailored

approachestoidentify,assess,andmitigateriskseffectively.TheRMFdeliberatelydeprioritizesprivate

permissionedblockchainsfromitsscope,astheirgovernancetypicallyresemblesconventionaloutsourcedIT,

whichisadequatelycoveredbyexistingcloud,outsourcing,andthird-partyriskmanagementstandards.TheRMFfocusesprimarilyonpublicblockchains,characterizedbysharedandopeninfrastructuremaintainedbyaglobalcommunityratherthanbilaterallycontractedvendors.

TheRMFleveragesestablishedgloballyrecognizedfinancialindustrystandards,frameworks,andtaxonomies

3

toensureseamlessandappropriatemitigationsforpublicblockchainuseintoexistingnon-financialrisk

managementframeworks.

1BIS,Thenext-generationmonetaryandfinancialsystem

2TheWhiteHouse,StrengtheningAmericanLeadershipinDigitalFinancialTechnology

3Frameworks,standards,andtaxonomiesleveragedinclude:CommitteeofSponsoringOrganisations(COSO)oftheTreadwayCommission,NISTCybersecurityFramework,CloudControlsMatrix,DigitalAssetSecuritiesControlPrinciples,DigitalOperationalResilienceAct,,MarketsinCrypto-AssetsRegulation,BaselBCBS44,IdentityandAccessManagement,PrinciplesforFinancialMarketInfrastructure

?GBBCGlobalBlockchainBusinessCouncil?OliverWyman8

1.2.Objective

TheRMFtargetsthreekeyobjectivestoadvancingpublicblockchaininfrastructureadoption:

?Provideaconcise,adaptable,baselinestandardbydesigningseamlessintegrationintoexistingriskmanagementframeworks.TheRMFshouldaccommodatefinancialinstitutionsatanystageofpublicblockchainadoption.

?Facilitateregulatoryfeedbackthroughactivedialoguewithpolicymakersandregulatorstosupportharmonizedpolicydevelopmentandrulemaking.

?Removeinstitutionalobstaclesbyaddressingoperationaluncertaintiesandregulatoryambiguitieswithmitigantsandcontrols,enablingconfidentandrisk-awareinteractionswithpublicblockchains.

TheRMFwillbedevelopedinphases,progressivelyexpandingitsrisk-basedmitigationfocusacrossassetclassesandusecases.

Exhibit1:Riskmitigationframeworkphases

Referencemethodologyformanagingnon-financialrisks

?GBBCGlobalBlockchainBusinessCouncil?OliverWyman9

2.Referencemethodologyformanaging

non-financialrisks

TheORXReferenceTaxonomy,developedbytheOperationalRiskdataeXchange

Association,wasfirstintroducedintheearly2000sandhasevolvedoverthepasttwodecadesintoagloballyrecognizedframeworkforclassifyingnon-financialrisks.It

providesastructured,hierarchicalmodelthatorganizesrisktypesintoconsistent

categories.Sinceitslaunch,thetaxonomyhasbeenrefinedtoincorporaterisksfromnewandemergingtechnologies,suchascloudcomputingandtheinternet.Severalregulators,liketheEuropeanBankingAuthority(EBA),explicitlyreferenceoralign

theirguidancebroadlywithORXtaxonomyprinciples.

WhiletheORXframework’staxonomyremainsbroadlyapplicabletoblockchaintechnologies,certain

blockchain-specificcharacteristicsalterthenatureandimpactofunderlyingrisks.Consequently,tailored

mitigationstrategiesarenecessarytoeffectivelymanagetheseriskswithininstitutionalriskappetite.

Therefore,thisRMFusestheORXtaxonomyasitsfoundationalstructure,adaptingittoaddressblockchain-specificriskscenariosandmitigationstrategies.

TheORXtaxonomyisbasedonanevent-drivenstructurethatdrawsfromthebow-tiemethod.Thismethodmapsriskscenariosacrossthreecoredimensions:causes(theunderlyingdriversorconditionsthatmakeriskevents

possible),events(theactualincidents),andimpacts(theresultingconsequences

)4

.Italsoemphasizesthe

importanceoflinkingthesedimensionstomitigationstrategiespresentedthroughpreventive,detective,andcorrectiveactions.Thisstructuresupportsadynamicapproachtonon-financialriskmanagementandiswidelyusedbyfinancialinstitutions.

Exhibit2:Bow-tiemethodology

4OliverWyman,ORXReferenceTaxonomyforoperationalandnon-financialrisk-Causes&Impacts(SummaryReport-November2020)

Adaptingnon-financialriskmanagementframeworkstoincorporatepublicblockchainrisks

?GBBCGlobalBlockchainBusinessCouncil?OliverWyman10

3.Adaptingnon-financialrisk

managementframeworksto

incorporatepublicblockchainrisks

3.1.Riskframework

TheRMFfocusesonthesuccessfulincorporationofnon-financialrisksandmitigationsintostandardrisk

taxonomyandstrategies.FinancialinstitutionstypicallyhaveexistingEnterpriseRiskManagement(ERM)andNon-FinancialRisk(NFR)frameworks.Itiscrucialthatblockchain-relatedrisksaremanagedinanintegratedratherthanisolatedmanner;thus,thisRMFisintentionallydesignedtoalignseamlesslywithstandardERMandNFR

structuresusedbyfinancialinstitutions,facilitatingstraightforwardadoptionandintegration.

Exhibit3:Standardriskmanagementframeworkstructure

Adaptingnon-financialriskmanagementframeworkstoincorporatepublicblockchainrisks

?GBBCGlobalBlockchainBusinessCouncil?OliverWyman11

WhilenotfallingdirectlyundertherubricofthisRMF,forthepurposeofcompletenesswehaveoutlinedhowafinancialinstitutioncouldincorporatepublicblockchain-relatedriskmanagementpractices:

1.Strategyandappetite:Financialinstitutionsmustclearlyarticulatehowtheusageofpublicblockchainsalignwiththeiroverallriskstrategy.Aspublicblockchainsbecomesintegratedintocorebusinessprocesses,the

riskappetitemustexplicitlyreflectthisshift,ensuringclearthresholds,tolerances,andescalationcriteriaforblockchain-relatedrisks.Riskappetiteshouldbenetwork-specificandevidence-basedwithresultsfrom

technicalandgovernanceduediligence(e.g.,codequality,sustainability,validatorconcentration,upgradehistory,bug-bountyscope,oracledependencies).

2.Governance,policies,andinterfaces:Financialinstitutiongovernancestructuresmustexplicitlyrecognizeandincorporatepublicblockchain-relatedactivities,especiallyiftheybecomestrategicallysignificant.Publicblockchainsoperate24/7andareoftenhighlyautomated.Therefore,theyrequiremechanismsthataremoreinlinewithtrading-relatedgovernanceprocesses.Policiesandproceduresshouldbereviewedandupdatedtoclearlydefinepublicblockchain-specificroles,responsibilities,andescalationpaths,ensuringeffective

oversightandintegrationwithexistinggovernanceprocesses.

3.Organizationalskillsandculture:Publicblockchainasamoderntechnologynecessitatesspecialized

expertise.Institutionsshouldproactivelyembedknowledgeintotheirriskfunctionsthroughdedicated

trainingandtargetedaugmentationoftheskillset.Thetransparentnatureofpublicblockchaindatamayalsorequireadaptationoftheinternalcodeofconducttoensureteamsunderstandandeffectivelyaddressthe

uniquechallenges.Softwarerisk-controlmechanismsneedtobesystematicallyembeddedinbusinessprocessesthatusesmartcontracts,requiringthattherespectiveteam’sskillsareadequate.

4.Riskprocessesandtools:Representstheprimaryareaoffocusandadaptation.Centraltoeffectivenon-

financialriskmanagementisthedevelopmentofastructuredrisktaxonomythatexplicitlyincorporatespublicblockchain-relatedrisks.Thistaxonomyshouldbebuiltuponandintegratewithstandardindustry

frameworks,ensuringconsistencyandcomprehensiveoversight.Thisincludesidentifyinguniquepublicblockchainrisks,assessingtheirspecificnature,andimplementingrobustblockchain-specificmitigationstrategies.

5.Risksystems,data,andreporting:Mustaccommodateblockchain'scontinuous(24/7)operating

environment.Systemsshouldseamlesslyintegrateblockchaindatastreams,ensuringreal-timeriskdetection,monitoring,andtimelyreporting.Enhancinginfrastructuretomanagecontinuousdataflowsandproviding

effective,real-timemanagementinformationreportingwillbeessentialtomaintainingoperationalresilienceandrobustriskoversight.

3.2.Approach

Asoutlinedabove,publicblockchainsdifferinseveralsignificantwaysfromtraditionaldigitalinfrastructures,

particularlywithinthefinancialmarketdomain.Manyofthesedifferencesstemfromthedistributed,multi-

partyoperationalandgovernancemodelsthatpublicblockchainsadopt.Whileselectnon-financialriskscan

beaddressedthroughconventionalgovernanceandcontrols,asubsetofthreatscallsforbroaderstructural

changesininstitutions’riskmitigationstrategiesandappropriategovernancemechanismsthatreflectthesharedresponsibilityamongnetworkparticipants.Thesechallengesareintrinsictohowblockchainsystemsoperate—

forinstance,vulnerabilitiesinconsensusmechanismsorgovernanceshortfallsindecentralizednetworks—whichnosingleinstitutioncanmitigateonitsown.

TheRMFanalyzesknownpublicblockchainrisksandcomparesthemwithexistingORXrisktypesandestablishedriskmanagementpositions,identifyingthreedistinctcategories:novelrisksrequiringentirelynewmitigation

strategies,risksrequiringadaptationsofexistingstandards,andstandardrisksmanageableusingestablishedframeworks.TheRMFacknowledgesthecomplexityandmultidisciplinarynatureofthischallenge,requiring

furtheriterationandimprovement.Consequently,weinviteindustryparticipantsandregulatorystakeholderstoprovidefeedbackandinputforthefuturedevelopmentanddetailingoftheframework.

Adaptingnon-financialriskmanagementframeworkstoincorporatepublicblockchainrisks

?GBBCGlobalBlockchainBusinessCouncil?OliverWyman12

Table1:Risksassessed

Risktype

RelevantORXRisk

Specificrisksassessed

Novel

risks

Technologyrisk

Hardwarerisk?Third-partydependencies

?Limitednodediversity

Softwarerisk?Datacorruptionduetosoftwareorconfigurationerrors

?Codevulnerabilities

Networkrisk?Protocolgovernancerisk

?Weaknessinconsensusdesign

?Scalabilityconstraints

?Protocolupgradeandhardforkrisk

?Finalitylagandtransactionrollbackrisk

Information

securityrisk

Riskofdataloss?Compromiseddataintegrity

?Privatekeylossandinadequatekeymanagementpractices

Cyberriskevents?Cryptographicvulnerabilities

?Smartcontracterrorsandexploits

?Consensusattacks

?Denialofservice(DoS)

Riskofdataprivacy

breach/confidentialitymismanagement

?De-anonymizationthroughpublictransactiondataanalysis

?On-chainexposureofsensitiveorconfidentialdata

Riskofimproperdataaccess

?Privilegemisconfiguration

?Misuseofdatatransparencyandroles

Financialcrimerisk

Riskofmoney

launderingand

terrorismfinancing

?Illicitfundintegration

?Terroristfinancing

?Obfuscationoftransactionoriginthroughcomplexmulti-stepactivity

Riskofsanctionsviolation

?Insufficientscreeningofon-chaintransactionsandcounterparties

?Sanctionsevasionrisk

Briberyandcorruption

KYC/KYT/Transactionmonitoringcontrolfailure

Businesscontinuityrisk

Inadequatebusinesscontinuityplanning/eventmanagement

Dependencyonexternalgovernancefornetworkrecovery

Thirdpartyrisk

Relianceonpublicblockchains

Inabilitytoeffectivelymanage

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

最新文檔

評(píng)論

0/150

提交評(píng)論