Hong Kong Monetary Authority Issues Guidance on Distributed Ledger Technology (DLT) Usage in Banks
Hong Kong Monetary Authority Provides Guidance on Banks’ Use of Distributed Ledger Technology
The Hong Kong Monetary Authority (HKMA) has recently provided guidance to banks on their use of distributed ledger technology (DLT), emphasizing the need for risk assessment and mitigation strategies. While the HKMA is open to allowing banks to utilize public blockchains, it cautions that they should not always be the first choice due to heightened risks.
One key consideration highlighted by the HKMA is the importance of selecting the ‘right’ DLT network. Permissionless networks, which are more accessible to malicious actors, may not be suitable for applications involving sensitive data. However, the HKMA does not rule out the use of open networks if appropriate risk management measures are in place, such as utilizing zero knowledge proofs or storing sensitive data off-chain.
Additionally, the HKMA acknowledges the potential risks associated with validators on public blockchains being pseudonymous and untrustworthy. Banks are advised to implement compensating risk management steps, such as allowing for transaction reversals or providing contingency planning for various scenarios like network attacks or outages.
While Hong Kong is taking a pragmatic approach to permissionless blockchains, the Basel Committee views all bank usage of public blockchains as high risk. This stance may impact the attractiveness of using public blockchains for banks, with industry bodies pushing back against the resulting balance sheet treatment.
In its guidance, the HKMA also emphasized the importance of tokenized deposits, particularly in the context of its wholesale CBDC project Ensemble. The HKMA encourages interoperability between different DLT systems and traditional infrastructures to enhance the benefits for customers and prevent fragmentation.
The HKMA outlined ten key DLT risk assessment areas for banks to consider, including governance, smart contracts, legal risks, cybersecurity, data protection, and contingency planning. By addressing these areas, banks can effectively navigate the risks associated with DLT and make informed decisions on their technology usage.
