monthly newsletter · and disaster recovery plans often go overlooked or neglected. lack of support...

Corporate Members

March / April 2019

Monthly Newsletter

Issue 9

RAMESH PILLAIChairman of The Board of Governors

Institute Enterprise Risk Practitioners

With a quarter of the year already gone, we continue to hold on to the belief that the global outlook would get better. True it’s not all doom and

gloom, but there are elements out there that should encourage us to be cautious. Increasing protectionism and posturing by two of the largest trading nations, with no deal in sight, draws mixed emotions with some countries benefitting from the turmoil in the short run but uncertain about the future in the long run.

In addition, if that were not enough, Brexit adds to further uncertainty with views polarising on either side of the Brexit divide. All of this has caused increased volatility in global markets with some speaking of inverted yield curves – a very unusual phenomenon which has sent risk managers scurrying to consult their reference books and risk experts. Fuelling yet further uncertainty is the geo-political uncertainties and risks, which observable on virtually every continent and sub-continent on our planet. Uncertainty and hazards appear to abound more now than ever.

With all of this happening simultaneously, Enterprise Risk Management has taken on greater importance as a management discipline and strategic management tool. The benefits of an ISO 31000 objective centric approach over taxonomy are now much better understood and have become more pronounced. Whilst there are many hazards, there are also many opportunities waiting to be identified, manipulated and harnessed by ERM aware organisation with the appropriate ERM structures in place and a Risk smart and risk intelligent Board.

Although we may indeed end up dubbing 2019 the year of Risks, I would like to think if it as the year Risk Managers prove their worth to organisations by utilising their unique technical skills and competencies to guide their organisations towards success.

Message from The Chairman, Board of Governors

MONTHLY NEWSLETTER MARCH / APRIL 2019 Institute of Enterprise Risk Practitioners

BUSINESS CONTINUITY MANAGEMENT - WHAT’S ALL THE FUSS ABOUT ? 1

IN CONVERSATION WITH THE CHAIRMAN 4

GETTING SENIOR MANAGEMENT BUY-INS BY UTILIZING ERM 7TO SUPPORT CORPORATE STRATEGY

BLOCKCHAIN’S OCCAM PROBLEM 9

GLOBAL CONFERENCE 2019 16

INTRODUCING THE REFRESHER-ACCELERATOR PROGRAM (RAP) 17

TRAINING CALENDAR 18

TABLE OF CONTENT


1

As a form of crisis management, business continuity management (BCM) has evolved since the 1970s in response to the technical and operational risks that threaten an organisation’s recovery from hazards and interruptions. All business ventures have hazards and disruptive factor with which to contend. All manner of disasters can and do happen which can lead to loss of confidence by clients and customers further compounded by the fact that competitors may take advantage of your misfortunes. Often production and even data systems would have been disrupted leading to huge losses for stakeholders, employees and even to the community.

BCM not only ensures the survival of your company, but also helps protect the reputation and value of your organisation. It specifies the requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system. The aim is to protect against, reduce the likelihood of occurrence, prepare for, respond to

and recover from disruptive operational incidents when they arise.

ISO 22301 defines BCM as “a holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause, and which provides a framework for building organisational resilience with the capacity for an effective (business continuity) response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities”.

Thus, BCM is an on-going management and governance process supported by senior management to ensure that the necessary steps are taken to identify the financial and other impacts arising out of operational disruptions. It identifies and mitigates relevant BCM risk, develops resilience, and maintains viable recovery strategies and plans, while ensuring continuity of products or services.


Business Continuity ManagementWhat’s all the fuss about?

2

Today good business continuity management is not about being forced into taking action to address external pressures. Rather it is about recognising the positive value of business continuity good practices being embedded throughout the organisation. For this to be successful, risk professionals have to ensure there is an enterprise-wide perspective with the full support and commitment of the management. All individuals must be aware of BCM risks.

This is because BCM identifies relevant hazards and the steps to be taken to treat such risks in a manner that makes the organisation resilient to events or conditions that cause operational disruptions. Further, it develops strategies to continue the operation of the organisation’s functions and keeps staff trained and ready to follow the detailed plans to implement the recovery strategies. However, for this to materialise the framework for the business continuity management system (BCMS) must be established.

BCMS is a management system that relates to policy, planning, improvement, performance assessment and any other processes relevant to the organisation. It broadly focuses on understanding the corporate requirements and incorporating these into the business continuity policy and objectives. BCMS focuses on designing, implementing, managing and maintaining an organisation’s overall capability to manage disruptive incidents before and during periods of operational disruptions.

Several incidents illustrate the importance of BCM and the effects of disruption on

businesses. The biggest would undoubtedly be 9/11 which brought down the Twin Towers in New York, USA in 2001. At the same time, the Pentagon, the seat of the US Defence Department was attacked and an aircraft was hijacked that eventually saw the loss of all lives on board. More than 3000 lives in all were lost.

It has been estimated that the attacks on the World Trade Centre and the other related incidents, cost in the region of USD3.5 trillion. Some companies lost key personnel, while others had their infrastructure destroyed as well. While perhaps nobody could have predicted an attack of this nature, despite the trauma and tragedy and loss of lives, business went on as usual. A number of companies housed in the Twin Towers had alternative sites – which were immediately activated. Disaster Recovery plans, emergency response protocols and crisis management strategies were also activated. Companies which had robust and properly tested BCM’s in place dealt with the disruption, amidst the tragedy, and resumed business within a short timeframe – minimising potential loss of business, customers, and value.

Even currently, business continuity and disaster recovery plans often go overlooked or neglected. Lack of support from management is a frequent problem because BCM planning can be expensive and provides no immediate ROI. It is often compared to buying insurance - investing in something you hope you will never need. However, it does not have to be that way.

Continue next page...


3

MITIGATION PREPAREDNESS

RESPONSERECOVERY

DISASTER

In Conversation with the Chairman

A recent rise in cyberattacks, the ever-present threat of extreme weather and the possibility of outages and failures (example British Airways IT failure of 2017) that left thousands of holidaymakers stranded at Heathrow and Gatwick airports that serve London is a case in point. Apart from financial loss to the airline, dependent partners like hotels, tour guides, car rentals and even important business meetings were all losers. While BA had a BCM plan of action, it did not really work as nearly 400,000 passengers were the innocent victims, as something went terribly wrong.

Ensuring BCM in times of disaster is essential, and the faster, the better. Any downtime is considered unacceptable, so the top priority is getting things up and running quickly. Airports are common targets of terrorist agents, but with

contingency plans and alert risk managers knowing exactly the plan of action, such terrorist threats can be mitigated to a certain extent.

What conclusions can be drawn from all these disasters and their after-effects? Being prepared for any eventuality is key to survival, renewal and new beginnings. The importance of BCM cannot be understated or down played. It is a subset of Enterprise Risk Management (ERM) and goes hand in hand with corporate governance. Organisations should strive to ensure the implementation of robust objective centric approaches by appropriately qualified Risk Professionals properly supported by BCM professionals who understand the relationship of BCM to ERM and Corporate Governance.


In Conversation with the Chairman

4


In a radio talk on BFM 89.9 the business station’s Resource Centre on Enterprise, Ramesh Pillai, the chairman of the Board of Governors of the Institute of Enterprise Risk Practitioners, went to great lengths to define what risk management is all about. He reminded his audience that risk comes in many forms – be it financial, personal, in your daily routine, your career and even matters relating to the wife.

“There are different elements to risk. ERM (Enterprise Risk Management) is how you manage these things holistically and the main difference between them is that when you are managing your risk individually, you are not bearing your ultimate holistic objective in mind - whatever it may be. For example, your objective may be to retire by the time you are 55. You are probably not thinking of that right now. Whereas when you do ERM, when you manage the different facets of risk, you will bear this

ultimate retirement objective in mind and you will manage all facets of your life and career in line with achieving your ultimate retirement objective.

“In business one wants to ensure that all goes well and that one is operating in a sustainable way and/or in line with your organisational objectives. In any business, if you do not have ERM, you do not have a structured approach to link your organisation to the required strategy of running your business in the direction that you want it to go. ERM is how you devise your strategy and run your business sustainably to achieve your organisational objectives. “


5

Moderator :What is the ERM terrain like in Malaysia?

“I’ll give you the good news and the bad news. The bad news first. The bad news is that it is like a war zone out there. It is not really very good in terms of how many companies are implementing it. While there are a number of companies implementing it, but there are also a number of consultants and people out there who have never actually worked in an ERM function, but who tell you how to set up an ERM function and what you get in the end is dysfunctional ERM policies and processes which are very operational in nature, which go against a lot of best practice components, and doesn’t really achieve what an ERM was set up to achieve. That discourages others from doing it because they no longer view ERM as an investment. It becomes a cost. There is form but no substance”

Ramesh went on to explain: “All segments or departments of the company must ensure that they fit into the corporate objectives and mission. Thus, transportation, security, IT, finance and production should all be working towards the stated goals. If you are part of a group, then all the subsidiaries must run their businesses with the intention of helping the holding company achieve whatever their stated vision/mission/objective/goal is.”

He added” The old adage, if it’s not broke, you don’t need to fix it is backward looking. You are looking at your performance in the past. ERM is forward looking and anticipating roadblocks in the future

“So if you are living in the past and saying I’ve always done this in the past, therefore I will always do well in the future, you are just asking to be taken down and that is where the SMEs are at this point and it’s no different from SMEs everywhere else. That’s the bad news.

“The good news is that at the IERP®, the Institute of Risk Practitioners, we exchange views with international associations like us elsewhere in the world and according to them, Malaysia is ranked number one in terms of ERM practice and implementation in Southeast Asia. Indonesia and Thailand are ranked number two and Singapore is ranked number three.

Moderator : You mentioned that SMEs have a tendency to look back towards past successes and the guy who started the business is now ready to hand over the company to someone else, either a family member or perhaps even an outsider. This person may not have the know-how or even the same kind of passion.

Ramesh: “Absolutely right, which is actually why ERM was designed in the early days to make sure that the people who run your business are accountable for the risks that they are taking on your behalf. There is a structure to make sure that they identify the risk properly, report the risk properly and manage the risk properly, because at the end of the day, we are in business to take risk. ERM is not about avoiding risk. ERM is about managing the risk that you are taking with your eyes open. It’s about selecting the risk that you want to take because of the misnomer that people have about ERM is that it is about hazards and threats. The truth is that ERM is also about opportunities as well which you want to be able to identify, manipulate and grab when they come along. You want to deal with the hazards before they become issues. There is a famous saying that goes ‘there are no opportunities that are ever lost - it’s only lost to you if you don’t have the courage to act at the right time - because someone else would have grabbed it if you don’t grab it first.’


6


Moderator :How do you anticipate the unexpected?

“You need a process to do this. At the IERP® we build processes into organisations to help them do this, because human beings don’t think that way. We start with the vision and mission. We cascade the vision/mission down to the various divisions and departments and subsidiaries and then we develop the objectives with them. The trick is not in actually identifying the impediments to achieving the objectives. It’s about knowing which ones are sensible and which ones aren’t. At the end of the day, the only person who knows that is the person identifying the risk. Which is why you cannot outsource the identification of risk to someone else because the person who is in business, what we call in the line, is the person who is best placed to identify the risk.”

Moderator : Can you summarise the key points that you have brought up?

Ramesh: “The key takeaways from this discussion is that if you want to develop your business properly and to take it to the next level, whether you are an SMI or SME or a corporate business, one of the ways to do this is to ensure that you have the mechanisms in place to anticipate potential roadblocks - because these roadblocks could derail your deliverability on your corporate strategy which doesn’t have to be a profit strategy. For instance if you are WWF (World Wildlife Foundation) you may not have pure profit motivation, you may have other environmental types of motivations, but they still have risks. So long as you have objectives, you will have risks. If you go back to ISO 31000 on risk management, all the relevant risk

management definitions are there together with the various principles, frameworks and processes. Organisations need to develop those first. However, a number of our members have pointed out the preponderance of consultants and vendors who push and prioritise the sale of their systems over the establishment of basic ERM principles, policies and procedures – to the detriment of any organisation who falls for this ploy. Remember the dog should wag the tail, not the other way around. You can manage your basic risk management function just on Excel and Word when you first start to get your processes in place; get the buy-in and get your education programs in place, because at the end of the day the most critical success factor for ERM is culture and environment. If you have the right culture and the right environment, you know anything can work and that’s the same with ERM. If people are risk aware, if they understand that the reason they are doing this is so that the overall organisational objectives, vision and mission can be achieved and that as the company’s performance improves so too will their salaries, bonuses, career and promotion prospects improve - this will automatically trigger employee and senior management buy in which goes a long way towards ensuring the success of any ERM program.”

7


Tea Talk Getting Senior Management Buy-Ins by

Utilizing ERM to Support Corporate StrategyAfter a long Chinese New Year break in February, we were back for our second tea talk of the year by Mr. Dunstan Maurice, Group Chief Risk Officer of GHL Systems Berhad, who spoke on getting senior management buy-in by utilizing ERM to support corporate strategy.

Just like any other risk practitioners, Dunstan faced challenges in getting senior management’s buy-in in the early days of ERM implementation in his organisation. His strategy was identifying individuals who he believed would support his cause, and, in this case, it included his Chairman, the Group CEO as well as , the Head of Internal Audit and Compliance. Once he identified these individuals, he had a number of informal discussions with each one of them, understanding their point of view as well as getting their informal endorsement of his approach to ERM. By doing so, he was able to have additional channels of influence to the Board.

His next step was to tackle the senior management team in the organisation by educating them about the importance of ERM and how it could help the organisation comply with regulatory requirements as well as act as a “look out” for the company’s rapid expansion plan. Dunstan started by educating his senior management about operational risk via the RCSA and other operational risk management activities

which were easy for most people to comprehend. That led to quick Board buy in about the importance of risk management. He then introduced the concept of utilizing ERM as a strategic management tool. He did this by by getting the IERP® to facilitate a strategic enterprise risk management session exercise which demonstrated how ERM could be used as a strategic management tool to help the organisation achieve its corporate vision, mission, strategy and objectives – all within only 4 days. This exercise led to the development of the first version of his organization’s risk registers which was practical and dynamic.

8


1

2

3

4

5

6

7

8

During the Q & A session, one of the risk practitioners shared the importance of culture and building rapport with the lines. The practitioner added that it was important for risk managers to be able to communicate positively with the lines, for example red box in the risk profile doesn’t mean bad and green box in the risk profile doesn’t mean good as they are only generic indicators. It is the action taken in response to the red and/or green box which is important, although in most cases risk managers, boards and the lines only concentrate on, and stop at, the colour of the boxes.

Some other tried and tested feedback to get buy-in mentioned by risk practitioners who attended the session included:

The carrot and stick approach is often employed although it doesn’t always work.

Linking the share prices with ERM activities.

Showing surveys done on the correlation between risk maturity and revenue can, and it e encourages the lines to work harder and place greater importance on their risk registers.

Using peer pressure at the board meeting by presenting each departments’ risk registers at the board meetings where, as poor quality/deficient risk registers would be shown up.

New partner/investor in the organisation to help push RMD agenda as new partner/investor wants to ensure that their interest is protected.

Better understanding of business units/departments detail processes will help ensure RMD input more relevant.

Keeping up-to-date with business units development and initiatives by engaging with Head of Departments.

One participant also mentioned using the opportunity whenever there is a potential new partner or/ investor in the organisation to help push the Risk Management Department’s agenda as way for the new partyas new partner/investor wants to ensure that their interests are betteris protected. The participants concluded the tea talk that the best way to obtain buy in was firstly to have a properly qualified CRO in place. Secondly, to implement an effective education program. This would then need to be followed up on by, thirdly, an effective and focused ERM program such as the IERP®’s tried and tested 4 day objective centric ERM implementation program. A fun filled fellowship and networking session followed the tea talk where acquaintances were renewed and new friendships forged.

Blockchain’s Occam Problemby Matt Higginson, Marie-Claude Nadeau, and Kausik Rajgopal - McKinsey & Company

Blockchain has yet to become the game-changer some expected. A key to finding the value is to apply the technology only when it is the simplest solution available.

9


Blockchain over recent years has beenextolled as a revolution in business technology. In the nine years since its launch, companies, regulators, and financial technologists have spent countless hours exploring its potential. The resulting innovations have started to reshape business processes, particularly in accounting and transactions.

Amid intense experimentation, industries from financial services to healthcare and the arts have identified more than 100 blockchain use cases. These range from new land registries, to KYC applications and smart contracts that enable actions from product processing to share trading. The most impressive results have seen blockchains used to store information, cut out intermediaries, and enable greater coordination between companies, for example in relation to data standards.

One sign of blockchain’s perceived potential is the large investments being made. Venture-capital funding for blockchain startups reached $1 billion in 2017. IBM has invested more than $200 million in a blockchain-powered data-sharing solution for the Internet of Things, and Google has reportedly been working with blockchains since 2016. The financial industry spends around $1.7 billion annually on experimentation.

There is a clear sense that blockchain is a potential game-changer. However, there are also emerging doubts. A particular concern, given the amount of money and time spent, is that little of substance has been achieved. Of the many use cases, a large number are still at the idea stage, while others are in development but with no output. The bottom line is that despite billions of dollars of investment, and nearly as many headlines, evidence for a practical scalable use for blockchain is thin on the ground.

Infant Technology

From an economic theory perspective, the stuttering blockchain development path is not entirely surprising. It is an infant technology that is relatively unstable, expensive, and complex. It is also unregulated and selectively distrusted. Classic lifecycle theory suggests the evolution of any industry or product can be divided into four stages: pioneering, growth, maturity, and decline (exhibit). Stage 1 is when the industry is getting started, or a particular product is brought to market. This is ahead of proven demand and often before the technology has been fully tested. Sales tend to be low and return on investment is negative. Stage 2 is when demand begins to accelerate, the market expands and the industry or product “takes off.”

10


Across its many applications, blockchain arguably remains stuck at stage 1 in the lifecycle (with a few exceptions). The vast majority of proofs of concept (POCs) are in pioneering mode (or being wound up) and many projects have failed to get to Series C funding rounds.

One reason for the lack of progress is the emergence of competing technologies. In payments, for example, it makes sense that a shared ledger could replace the current highly intermediated system. However,

blockchains are not the only game in town. Numerous fintechs are disrupting the value chain. Of nearly $12 billion invested in US fintechs last year, 60 percent was focused on payments and lending. SWIFT’s global payments innovation initiative (GPI), meanwhile, is addressing initial pain points through higher transaction speeds and increased transparency, building on bank collaboration.


11


Blockchain players in the payments segment, such as Ripple, are increasingly partnering with nonbank payments providers, the businesses of which may be a better fit for blockchain technology. These companies may also be willing to move forward more rapidly with integration.

In addition, the payments industry faces a classic innovator’s dilemma: incumbents understand that investing in disruption, and the likely resulting rise in customer expectations for faster, easier, and cheaper services, may lead to cannibalization of their own revenues.

Given the range of alternative payments solutions and the disincentives to investment by incumbents, the question is not whether blockchain technology can provide an alternative, but whether it needs to? Occam’s razor is the problem-solving principle that the simplest solution tends to be the best. On that basis blockchain’s payments use cases may be the wrong answer.

Industry CautionSome sense of this dilemma is starting to feed through to industry. Early blockchain development was led by financial services, which from 2012 to 2015 assigned big resources where it was felt processes could be streamlined. Banks and others saw activities such as trade finance, derivatives netting and processing, and compliance (alongside payments) as prime candidates. Numerous companies set up innovation labs, hired blockchain gurus, and invested in start-ups and joint ventures. A leading

industry consortium attracted more than 200 financial institutions to its ecosystem, conceived to deliver the next generation of blockchain technology in finance.

As financial services led, others followed. Insurers saw the chance for contract and guarantee efficiencies and the potential to share intelligence on underwriting and fraud. The public sector looked at how it could update its sprawling networks, creating more transparent and accessible public records. Automakers envisaged smart contracts sitting on top of the blockchain to automate leasing and hire agreements. Others spotted a chance to modernize accounting, contracting, and fractional ownership and to create efficiencies in data management and supply chains.

By the end of 2016, blockchain’s future looked bright. Investment was soaring and some of the structural challenges to the industry appeared to be fading. Technical glitches were being resolved and new, more private versions of the ledger were launched to cater to business demands. Regulators appeared to be more sanguine than previously, focusing on communication, adaptation, and debate rather than impediment.

From an industry lifecycle perspective, however, a more complex dynamic was emerging. Just as the financial services industry’s blockchain investments were reaching the end of Stage 1—theoretically the moment when they should be gearing up for growth—they appeared to falter.

12


Emerging DoubtsMcKinsey’s work with financial services leaders over the past two years suggests those at the blockchain “coalface” have begun to have doubts. In fact, as other industries have geared up, the mood music at some levels in financial services has been increasingly of caution (even as senior executives have made confident pronouncements to the contrary). The fact was that billions of dollars had been sunk but hardly any use cases made technological, commercial, and strategic sense or could be delivered at scale.

By late 2017, many people working at financial companies felt blockchain technology was either too immature, not ready for enterprise level application, or was unnecessary. Many POCs added little benefit, for example beyond cloud solutions, and in some cases led to more questions than answers. There were also doubts about commercial viability, with little sign of material cost savings or incremental revenues.

Another concern was the requirement for a dedicated network. The logic of blockchain is that information is shared, which requires cooperation between companies and heavy lifting to standardize data and systems. The coopetition paradox applied; few companies had the appetite to lead development of a utility that would benefit the entire industry. In addition, many banks have been distracted by broader IT transformations, leaving little headspace to champion a blockchain revolution.

The key question now is whether those doubts are still justified. Or whether it is just that progress in blockchain development has been slower than expected.

Over recent months some financial institutions have begun to recalibrate their blockchain strategies. They have put POCs under more intense scrutiny and adopted a more targeted approach to development funding. Many have narrowed their focus from tens of use cases to one or two and have doubled down on oversight of governance and compliance, data standards, and network adoption. Some consortia have shrunk their proof of concept rosters from tens in 2016 to just a handful today.

The emergence of cryptocurrencies, and in particular Bitcoin, as potential mainstream financial instruments prompted financial services to move first on blockchain experimentation, placing them 18 to 24 months ahead of other industries on the industry lifecycle. Given that gap, it is not surprising that the earlier concerns in banking are now emerging elsewhere, with initial enthusiasm being eroded by a growing sense of underachievement.



The reality is that rather than following the classic upward curve of the industry lifecycle, blockchain appears to be stalled in the bottom left-hand corner of the X-Y graph. For many, stage 2 isn’t happening. As we enter 2019, blockchain’s practical value is mainly located in three specific areas:

NICHE APPLICATIONSThere are specific use cases for which blockchain is particularly well-suited. They include elements of data integration for tracking asset ownership and asset status. Examples are found in insurance, supply chains, and capital markets, in which distributed ledgers can tackle pain points including inefficiency, process opacity, and fraud.

MODERNIZATION VALUEBlockchain appeals to industries that are strategically oriented toward modernization. These see blockchain as a tool to support their ambitions to pursue digitization, process simplification, and collaboration. In particular, global shipping contracts, trade finance, and payments applications have received renewed attention under the blockchain banner. However, in many cases blockchain technology is a small part of the solution and may not involve a true distributed ledger. In certain instances, renewed energy, investment, and industry collaboration is resolving challenges agnostic of the technology involved.

REPUTATIONAL VALUEA growing number of companies are pursuing blockchain pilots for reputational value; demonstrating to shareholders and competitors their ability to innovate, but with little or no intention of creating a

commercial-scale application. Arguably blockchains focused on customer loyalty, IoT networking and voting fall into this category. In this context, claims of being “blockchain enabled” sound hollow.

A Future for Blockchain?Given the lack of convincing at-scale use cases and the industry’s seemingly becalmed position in the industry lifecycle, there are reasonable questions to ask about blockchain’s future. Is it really going to revolutionize transaction processing and lead to material cost reductions and efficiency gains? Are there benefits to be accrued that justify the changes required in market infrastructure and data governance? Or is a secure distributed ledger primarily just one option when contemplating possible replacements for legacy infrastructure?

Certainly, there is a growing sense that blockchain is a poorly understood (and somewhat clunky) solution in search of a problem. The perspective is exacerbated by short-term expense pressures, cultural resistance in some quarters (blockchains may threaten jobs), and concern over disruption to healthy revenue streams. There are challenges in respect of governance—making decisions in a decentralized environment is never easy, especially when accountability is equally decentralized. And there are technical impediments, for example in respect to blockchains’ data storage capacity.

Continue next page...13


14

It’s estimated there will be over 20 billion connected devices by 2020, all of which will require management, storage, and retrieval of data. However, today’s blockchains are ineffective data receptacles, because every node on a typical network must process every transaction and maintain a copy of the entire state. The result is that the number of transactions cannot exceed the limit of any single node. And blockchains get less responsive as more nodes are added, due to latency issues.

Finally, there are security concerns. In smaller networks where validation relies on a majority vote there is manifest potential for fraud (the so-called “51 percent problem”). Another potential security challenge arises from advances in quantum computing. Google said in 2016 its quantum prototype was 10 million times faster than any computer in its lab. That raises the possibility that quantum computers will be able to hack codes used to authorize cryptocurrency transactions; a particularly troubling threat for a network that claims to be fraud resistant.

Still, all is not lost. It’s likely that many of the validation protocols used today will be upgraded or replaced in the next two to three years, and innovators are already finding solutions. Cardano, for example, is a so-called third-generation technology and the industry’s first platform to leverage peer-reviewed open source code. The protocol is designed to be quantum-computing resistant. Private blockchains, meanwhile, are being built to give network members control over who can read the ledger and how nodes are connected.

In addition, there have been some promising advances in use cases, particularly away from the financial industry. Recent experiments in supply chains, identity management, and sharing of public records have been positive. We have seen grocery stores target customers with blockchain-enabled products and services, and shipping executives launch a new real-time registry of containers underpinned by blockchain.

An emerging perspective is that the application of blockchain can be most valuable when it democratizes data access, enables collaboration, and solves specific pain points. Certainly, it brings benefits where it shifts ownership from corporations to consumers, sharing “proof” of supply-chain provenance more vertically, and enabling transparency and automation. Our suspicion is that it will be these species of uses cases, rather than those in financial services, that will eventually demonstrate the most value.

Moving Through The Cycle

3 KEY PRINCIPLESThere is no guarantee that any blockchain application will make a sustained move to the second stage in the industry lifecycle. To do so will require a strong rationale, significant capital, and increased standardization. Fintech leaders will need to take a more nuanced view of their target industries and hire the right talent. However, where there is potential to address pain points at scale, the opportunity remains in place.

To get there we see three key principles as minimum conditions for progress:


1 Organizations must start with a problem. Unless there is a valid problem or pain point, blockchain likely won’t be a practical solution. Also, Occam’s razor applies—it must be the simplest solution available. Firms must honestly evaluate their risk-reward appetite, level of education, and potential gain. They should also assess the potential impact of any project and supporting business case.

2 There must be a clear business case and target ROI: Organizations must identify a rationale for investment that reflects their market position and which is supported at board level and by employees, without fear of cannibalization. Companies should pragmatically consider their power to shape ecosystems, establish standards, and address regulatory hurdles, all of which will inform their strategic approach. Blockchain’s value comes from its network effects, so a majority of stakeholders must be aligned. There must be a governance agreement covering participation, ownership, maintenance, compliance, and data standards. Finance arrangements must be agreed in advance so that sufficient funding through to commercial launch is guaranteed.

3 Companies must agree to a mandate and commit to a path to adoption. Once a use case is selected, companies must assess their ability to deliver. Sufficient economic and technological support is essential. If they pass those hurdles, the next stage is to launch a design process and gather

elements including the core blockchain platform and hardware. They must then set performance targets (transaction volume and velocity). In parallel, companies should put in place the necessary organizational frameworks, including working groups and communications protocols, so that development, configuration, integration, production, and marketing (to drive adoption at scale) are sufficiently supported.

Conceptually, blockchain has the potential to revolutionize business processes in industries from banking and insurance to shipping and healthcare. Still, the technology has not yet seen a significant application at scale, and it faces structural challenges, including resolving the innovator’s dilemma. Some industries are already downgrading their expectations (vendors have a role to play there), and we expect further “doses of realism” as experimentation continues.

Companies set on taking blockchain forward must adapt their strategic playbooks, honestly review the advantages over more conventional solutions, and embrace a more hard-headed commercial approach. They should be quick to abandon applications where there is no incremental value. In many industries, the necessary collaboration may best be undertaken with reference to the ecosystems starting to reshape digital commerce. If they can do all that, and be patient, blockchain may still emerge as Occam’s right answer.

15

17


18


GET IN TOUCH

www.insterp.com

[email protected]

Learn more about our new Refresher-Accelerator Program

View IERP Training Calendar

For more information about our events and programs, e-mail [email protected] or visit our website.

+603-23811900

monthly newsletter · and disaster recovery plans often go overlooked or neglected. lack of support...

Documents