Yesterday, the guidance from the Hong Kong Monetary Authority (HKMA) focused on advising banks regarding the utilization of distributed ledger technology (DLT). While outlining various risk assessment topics, the HKMA emphasized the necessity for individual consideration tailored to each solution. Although the regulator in Hong Kong is open to the idea of banks leveraging public blockchains, it suggests that alternative options should be explored before resorting to them as the primary choice due to potential risks involved. Regardless of the chosen approach, banks are required to implement measures to mitigate heightened risks effectively.
For instance, the HKMA highlights the importance of selecting the appropriate DLT network, indicating that permissionless networks may not be the most suitable for applications involving sensitive data transfers. This caution is attributed to the perceived vulnerability of such networks to malicious activities. However, the HKMA does not categorically dismiss the use of open networks, provided that adequate measures are in place to address associated risks. Strategies like employing zero-knowledge proofs to safeguard sensitive data access or storing critical information off-chain could be viable solutions.
Moreover, the HKMA acknowledges concerns regarding the credibility of validators on public blockchains, some of whom may operate under pseudonyms and lack sufficient trustworthiness. Despite this, the HKMA does not outright prohibit their involvement but mandates that banks implement additional risk management protocols. For instance, banks could consider contractual provisions enabling transaction reversals as a risk mitigation strategy. Furthermore, contingency plans must be established to address potential scenarios such as forks, 51% attacks, network disruptions, or prolonged outages.
While Hong Kong adopts a practical stance towards permissionless blockchains, the Basel Committee views all bank engagements with public blockchains as high-risk activities. Consequently, the resulting treatment of these activities on balance sheets may deter banks from active participation, prompting resistance from industry stakeholders.
Tokenized Deposits
Within its directives, the HKMA placed a notable emphasis on tokenized deposits, particularly in the context of its recent launch of the wholesale central bank digital currency (CBDC) Project Ensemble, which aims to facilitate tokenized deposits.
Regarding interoperability and compatibility, the HKMA highlighted instances where tokenized deposit initiatives were confined within individual bank networks. The HKMA advocates for enhanced customer benefits through the seamless movement of tokenized deposits across different banks. Therefore, promoting interoperability between diverse DLT systems and traditional infrastructures is essential to prevent fragmentation.
Hong Kong’s Ten DLT Risk Assessment Areas:
- Governance – encompassing tech risk management, business continuity planning, outsourcing, and expertise in staffing
- Optimal selection of DLT network
- Ensuring smart contracts are suitable for the intended purpose
- Understanding and mitigating legal risks
- Managing risks associated with third-party engagements
- Promoting interoperability and compatibility
- Enhancing cybersecurity measures
- Safeguarding private keys effectively
- Ensuring data security and privacy protection
- Establishing robust contingency plans and conducting thorough testing