In May, Todd M. Harper, Chairman of the National Credit Union Administration (NCUA), addressed the boards of federally-insured credit unions to help institutions safely and effectively use an emerging and fast-growing set of financial technologies: DLT, or distributed ledger technologies. DLT is simply a decentralized database, typically described as being spread across different nodes. Blockchain (the term many of us are more familiar with) is one method of implementing a DLT, and introduces cryptographic signing as well as consensus validation. If you think back to eighth grade geometry, most of us attempted to learn that all squares are rectangles but not all rectangles are squares. The same applies to DLT and Blockchain, all blockchain is DLT but not all DLT is blockchain.
As real-world examples of cryptocurrency misused in fraudulent or illegal activity, the NCUA straddled a difficult position. Harper emphasizes NCUA’s support for “innovations that are safe and sound” and compares the state of DLT to the early days of the internet, freely admitting that new technologies may “transform how credit unions perform traditional financial operations and services.”
Harper highlights credit unions as a willing and able partners for innovation, stating that the NCUA “signals to the broader financial and technology communities that credit unions are a market to consider when designing products, considering partnerships, or making investments.”
A Few Key Tips
Harper emphasizes the importance of third-party risk management, as credit unions are responsible for ensuring their operations are sound whether they deliver services themselves or through third-party vendors. When considering the oversight of these products credit unions should not only inform their directors about distributed ledger technologies being used, but also about how uses align with strategic planning objectives and “approved risk tolerances.”
When it comes to evaluating the risk of a DLT, Harper laid out a long list of questions credit unions might ask themselves. Here are our highlights:
Does the DLT exist within a private or public network?
How are permissions and identity management credentials handled?
Who governs the DLT network— and how?
Have all potential legal and compliance risks been assessed? (These include everything from how confidentiality is maintained to what consumer and fraud protections are in place.)
Has the credit union considered how they will remain Bank Secrecy Act (BSA) compliant when deploying the DLT?
Are each of the nodes on the DLT network BSA compliant?
Is there a process in place to monitor emerging risks and any changes in the distributed ledger technology?
Has the credit union reviewed and considered NCUA’s existing guidance on evaluating third-party relationships and due diligence? The organization’s December 2007 letter on this topic is available here.
What the Future Holds
The NCUA points to the National Institute of Standards and Technology (NIST) as an important resource for credit unions to better educate themselves about DLT. NIST has a paper on blockchain, available here. NIST has a project page dedicated to distributed ledger technology that you can find here.
The NCUA like many regulatory authorities remain cautious about new technology but recognize its importance for competitiveness in the rapidly evolving financial services industry. Distributed ledger technologies could have a large role in the future of credit unions and the larger financial-services sector. As a result, gaining a better understanding of how these technologies could work at your institution carries value. Harper states: “Credit unions can responsibly explore the use of DLT for business uses to enhance their operations and ongoing competitiveness”, and the first step is understanding the technology.