Permissionless blockchain networks, such as the Ethereum blockchain, pose several risks that banks have yet to fully address, according to a new paper published on the Bank for International Settlements (BIS) website.

The Basel Committee on Banking Supervision (BCBS), a committee of banking supervisors established by the G10 central bank governors, issued a working paper on Aug. 28 devoted to the risks of permissionless blockchains and potential ways to mitigate such challenges.

The paper, titled “Novel risks, mitigants and uncertainties with permissionless distributed ledger technologies,” contains 25 pages and attempts to explore issues like governance, technology, compliance and other risks potentially stemming from the new technology.

Published on the BIS website, the paper notes that its views “do not necessarily represent” the official stance of the Basel Committee, but rather those of their authors.

What is a permissionless blockchain network?

Permissionless blockchains , also known as public blockchains, are networks that do not restrict users from participating in the consensus process used to validate transactions and data.

Public blockchains — with examples including Bitcoin and Ethereum — differ from permissioned blockchains or private blockchains, such as Ripple’s XRP Ledger.

According to the paper, banks that transact on permissionless blockchains or similar distributed ledger technologies (DLT) face many risks related to operations and security, governance, legal and compliance. Such risks include concerns about money laundering and terrorism financing as well as settlement finality. The paper notes:

“Certain risks stem from the blockchains’ reliance on unknown third parties, which makes it difficult for banks to conduct due diligence and oversight. [...] Current practices for mitigating these risks remain in various stages of development and have not been tested under stress.”

The working paper mentioned that at least 10 members are involved in the permissionless DLT workstream, including those in jurisdictions such as Canada, Europe, France, Italy, Japan, Singapore, Spain, Switzerland and the United States.

Banks face new risks from permissionless blockchains, BIS warns image 0

List of members of the permissionless DLT workstream. Source: BIS

Potential mitigants of challenges stemming from public blockchains

To address the challenges associated with public blockchain deployments in banking, the working paper highlighted several potential mitigations, including business continuity planning, technology-driven transaction controls and other measures.

Banks face new risks from permissionless blockchains, BIS warns image 1

The list of potential mitigants of challenges posed by public blockchain deployments by banks. Source: BIS

According to the paper, business continuity planning could involve an offchain registry that can be used to recover ownership after issues like disruption:

“For example, in the event of a hard fork or an attack on the blockchain that creates uncertainty as to the distributed ledger’s accuracy, the off-chain records could be used to identify the rightful owner of the assets or the branch of the fork that should be followed.”

Among other mitigants, the paper also proposes to appoint a designated entity, or the controller, to “control and limit access” to the crypto asset or “block and reverse transactions that are fraudulent.” The paper adds:

“The controller would not exercise control over the permissionless network itself, but over the specific tokens of a specific issuance. The controller could use its authority to help mitigate legal or compliance risks [...]”

Additionally, the document suggests creating tools for privacy-preserving identity verification using technologies such as zero-knowledge proofs (ZKP ).

Related: Gavin Wood’s biggest hope: Free crypto transactions and Web3 tech worldwide

According to the authors, ZKPs may allow “identity verification while preserving privacy at the transaction level.” However, the paper adds that such technologies are nascent in both development and application.

The working paper concludes that technology-based solutions to the highlighted risks “are not yet mature,” but rapid developments may generate new solutions that may benefit from further examination.

Magazine: ‘Everything feels like it’s going to shit’: Peter McCormack reveals new podcast