Consulting giant Deloitte has published a new report that outlines principles for blockchain in financial services.

Prepared during the summer months of 2017 by the Deloitte EMEA Blockchain Lab in Dublin, in association with Deloitte Hong Kong and US, the report explores six control principles essential for blockchain adoption on a global scale. These include:

• Best practice – Standards for Blockchain Development
• Interoperability and System Integration Controls
• Audit Rules
• Cybersecurity Controls
• Enhancement of Traditional ICT Controls
• Business Continuity Planning

Blockchain technology has “attracted significant attention from the financial services industry in EMEA and around the globe, with many organisations exploring different structures and governance models as they move from exploration to implementation,” Lory Kehoe, EMEA Blockchain Lab lead at Deloitte, said (as quoted by Silicon Republic). “Failure to consider these principles, or to consider them in isolation, may become riskier as alignment between business and IT is critical for successful implementation of this new and powerful technology.”

The first principle “Best-practice standard for blockchain development” considers three macro factors – governance, legal and regulation, standards – for fostering widespread adoption of private DLTs within the financial community.

The second principle highlights the ability of a DLT system, when introduced, to integrate and interoperate with existing systems. For this, the report points out four key areas – security considerations, integration with legacy systems, data integration, and security mechanisms.

Regarding audit rules, the consulting firm said that blockchain technology “will not automate audits entirely and will not make the role of the auditor obsolete, but rather it will change some of the processes.” It also said that auditors will still need to consider evidence and information beyond the blockchain.

Furthermore, Deloitte said that DLT is intrinsically linked with cybersecurity considerations. Security considerations in relation to the cryptographic and immutable nature of blockchain technology include key management, risk of an attacker overpowering a private blockchain, centralisation of authority within the network, and privacy and the right to be forgotten.

Deloitte further said that the decentralised nature of DLT calls for a differing approach to the management of Information and Communication Technology (ICT) controls. This includes focus on security management, system development and change management, and information processing.

Lastly, Business Continuity Planning (BCP), a subset of risk management, when considered in relation to DLT, would cover the potential loss of data and processing capability due to loss of servers or connectivity, and risks such as cybercrime.

“A typical DLT implementation of BCP might encompass a wide range of complex technical areas, from key storage and key regeneration in the event of catastrophic data loss to creating new keys when a cyber-crime incident compromises data security,” the authors wrote.