»»Repetitive, transaction-based compliance tasks can be routinized, thus freeing up professional resources to perform
higher-level analysis and institute qualitative improvements.
»»Trusted systems are essential when performing and validating compliance activities that rely upon RegTech.
»»Distributed ledger technology (blockchain) employs a permissioned consensus mechanism to confirm transactions, thus
heightening trust.
»»Blockchain will continue to be leveraged to improve transparency, strengthen internal controls, and provide greater
assurance to stakeholders.
Human Factors of XR: Using Human Factors to Design XR Systems
RegTech and blockchain: Only as strong as your weakest link
1. a publication of the society of corporate compliance and ethics MAY 2018
Meet
Jamie Watts,
CCEP-I
Senior Compliance
Risk Advisor
World Food
Programme
Dakar, Senegal
see page 18
corporatecompliance.org
Compliance Ethics
PROFESSIONAL
®
This article, published in Compliance Ethics Professional, appears here with permission from the Society of Corporate Compliance Ethics. Call SCCE at +1 952 933 4977 or 888 277 4977 with reprint requests.
2. 44 corporatecompliance.org +1 952.933.4977 or 888.277.4977
ComplianceEthicsProfessional®
May2018
RegTech and blockchain: Only
as strong as your weakest link
»» Organizations seek RegTech solutions to reduce risk in a cost-effective, automated manner.
»» Repetitive, transaction-based compliance tasks can be routinized, thus freeing up professional resources to perform
higher-level analysis and institute qualitative improvements.
»» Trusted systems are essential when performing and validating compliance activities that rely upon RegTech.
»» Distributed ledger technology (blockchain) employs a permissioned consensus mechanism to confirm transactions, thus
heightening trust.
»» Blockchain will continue to be leveraged to improve transparency, strengthen internal controls, and provide greater
assurance to stakeholders.
T
he media is awash in articles,
interviews, and op-ed pieces attacking
or defending the emergence and
ascendency of cryptocurrency. Although
Bitcoin and other cryptocurrencies
rely upon distributed ledger
technology (DLT), cryptocurrency is
but one application of the innovative
technology also known as blockchain.
This is, therefore, not an article about
the merits of cryptocurrencies.
Reducing compliance costs with technology
Despite improved economic conditions in
many global regions, at many organizations,
compliance professionals are being asked to
“do more with less” amidst budget pressures
and shifts toward technological tools. As
Compliance departments are not “profit
centers” that contribute to the organization’s
net income, senior leadership seeks to
maximize the return on investments in
compliance professionals and regulatory
technology (RegTech) tools. Because
qualified compliance professionals are
valued more for their qualitative skills than
their ability to accomplish repetitive tasks,
the impetus to employ RegTech for routine
matters is strong.
For those of us in the compliance risk
management profession, the potential
applications of blockchain technology
are exciting and promise to revolutionize
the manner in which we deploy scarce
technology and key professional resources.
Stakeholders—including business leaders,
boards, shareholders, and customers—will
look to us to ensure that compliance is not
only maintained but strengthened by the
implementation of these innovative tools.
As experts have identified upgrading legacy
systems as the biggest technology challenge
of 2018,1
compliance leaders must partner
with their organization’s technology peers
to ingrain RegTech solutions into new
application development.
What is “blockchain”?
Although this article is not meant to be a
primer on DLT, it is helpful to briefly explain
its underpinnings. Much has already been
written by authoritative sources on the
technical aspects of DLT. On a blockchain,
transactions are recorded chronologically,
forming an immutable chain, which can be
substantially anonymous depending upon
Cris Mattoon (cqmattoon@aaamichigan.com) is Assistant Vice President, Compliance
Ethics, for The Auto Club Group in Dearborn, MI.
by Cris Mattoon, JD, CCEP, CAMS, MCM
Mattoon
3. +1 952.933.4977 or 888.277.4977 corporatecompliance.org 45
ComplianceEthicsProfessional®
May2018
how the technology is implemented. The
ledger is distributed across many participants
in the network; it doesn’t exist in one place.
Instead, copies exist and are simultaneously
updated with every fully participating node
in the ecosystem. A block could represent
transactions and data of many types: currency,
digital rights, intellectual property, identity, or
property titles, to name a few.2
At its most basic level, a transaction is
simply a change in the registered owner of
an asset.3
When a member of the network
conducts a transaction, he/she submits the
transaction to the
network. That new
transaction changes
the state of the ledger,
thus causing a conflict
with the state of other
members’ copies
of the ledger. The
network discovers
the new transaction.
Only when the
other members of
the network either
validate and update
their own records
(the consensus mechanism) or reject the new
transaction will the state of the ledger be
confirmed.
Routinizing repetitive compliance tasks
Human error is the weakness in any well-
defined process. All the best-written policies
and procedures, colorful job aids, and
ergonomically aligned workspaces cannot
prevent failures due to employee boredom
when engaged in tedious check-the-box
tasks. The decades-old myth that technology
will replace employees has continued to be
shattered by extremely low unemployment
rates in the compliance profession. When
human error and its inherent risks are
mitigated, customer satisfaction and
regulatory ratings rise. RegTech can
strengthen the compliance “chain.”
Much as H.J. Will’s introduction of Audit
Command Language (ACL) in the early 1970s
revolutionized leveraged computer technology
to reduce the need for clerical analyses of
large internal audit data sets, the compliance
profession is continually seeking new and
faster methods for validating compliance. Take
the example of intellectual property, where
producers, wholesalers, agents, attorneys,
and customers engage in an expensive
array of imperfect
relationships.
Imagine, instead,
if a distributed ledger
established between
a software company,
its distributors, and
the end users could
account for and
continually reach
consensus around
the true ownership
of software licenses
and the payment of
contractual licensing
fees. Extending that example a little further,
the entertainment industry could ensure
that every music recording, video recording,
script, sheet of music, etc. is accounted for and
balanced across the distributed ledger so that
royalties were collected and paid immediately
across the globe.
In a global economy subject to counterfeit
consumer goods and industrial parts,
manufacturers and suppliers will be able
to leverage blockchain’s potential ability to
verify goods moving through the supply
chain. Early adopters are already seeking to
build compliance and traceability into their
production processes, making blockchain an
excellent RegTech solution.
The decades-old myth
that technology will
replace employees
has continued to be
shattered by extremely
low unemployment
rates in the compliance
profession.
4. 46 corporatecompliance.org +1 952.933.4977 or 888.277.4977
ComplianceEthicsProfessional®
May2018
An ethics office that is inundated
with automated conflict-of-interest and
gift acceptance reporting could employ a
blockchain to validate response field data,
producing only a periodic exception report
that would require further professional
analysis and follow-up. Thus, the ethics
officer could instead invest time and attention
in strengthening relationships with key
organizational leaders, employees, and peers
to foster the culture of compliance, instead of
being mired in clerical fact-checking.
Heightening trust through consensus
Continuing the intellectual property example
described above, we know that music
recordings can be pirated and reproduced.
But if a unique digital signature is embedded
within the recording, and the digital signature
is required for each new block in the chain,
then the other members of the distributed
ledger would learn that the transfer has
occurred. In the transactions described above,
a block is created with the details of each new
transfer. Each transaction is a new contract.
When the parties agree to the contract by
adding their unique digital signatures, a
cryptographic hash is calculated that will
be used to link this new transaction to the
previous chronological record of transactions.
The other members of the network would
then have to validate the transaction to reach
consensus, putting the ledger back into
balance. In the event a fraudulent version
of the music recording has been offered
in a transaction, the members will be able
to identify the duplicate entry and reject
the transaction.
In addition to the financial aspect of
the transaction being voided, an audit trail
would then exist to support civil or criminal
action to enforce intellectual property laws.
The greater level of validation will act as a
deterrent to many potential wrongdoers,
whose unethical and illegal actions, in the
absence of a blockchain algorithm, would
most likely go undetected and legally
unvindicated. Trust will be enhanced,
because contracting parties would receive
greater assurance of the validity of goods
and receipt of payment. Yet, because
the transactions are being validated by
computers, less human resources would be
required to track, inspect, report, or defend
individual transactions.
Those same compliance professionals
could redirect their attention to qualitative
analysis, regulatory research, and change
management to strengthen the compliance
culture within the organization. Reputational,
operational, and litigation risks would all
decrease as a result, thus strengthening
both the brand and the shareholder value of
the organization.
Conclusion
Blockchain, though still in its relative infancy
as a RegTech compliance tool, promises to
provide opportunities to reduce costs directly
associated with deploying professionals to
administer routine compliance tasks. As with
any application of technology to compliance
processes, the objective is to reduce human
error, while redeploying those compliance
professionals to higher-value qualitative
activities that infuse assurance into business
operations. Compliance professionals can
embrace the distributed ledger technology,
develop effective use cases for employing
blockchain effectively, and support continued
investments in strengthening the culture
of compliance. ✵
1. S. English and S. Hammond: “Fintech, Regtech and the Role of
Compliance in 2017” Thomson Reuters, December 2017. Available at
http://tmsnrt.rs/2FmkKzm.
2. Zach Church: “Blockchain, explained” Newsroom, May 25, 2017.
Available at http://bit.ly/2tUaILY.
3. Rebecca Lewis, John W. McPartland, and Rajeev Ranjan:
“Blockchain and Financial Market Innovation” Economic Perspectives,
2017;41(7). Available at http://bit.ly/2FT5F8a.