Fraud and Emerging Tech: Blockchain

By Lucy Wang, CFE, Senior Technical Manager of Anti-Fraud

One of the biggest disruptors in digital innovation, blockchain is redefining the future of financial reporting, audit, and risk management. This post, part of an emerging technology series from the Anti-Fraud Collaboration, examines the implications of blockchain when it comes to fighting financial reporting fraud.

What is blockchain?

A distributed ledger technology, blockchain is a shared ledger of transactions that allows digital assets to be transferred across a decentralized network in real time and in a manner that cannot be changed, often referred to as an immutable manner. Organizations can choose to create a blockchain for which its access is public–open to everyone, permissioned–limited to user-specific encryption keys, or private–limited to an authorized group.

A blockchain solution can be employed across a wide range of industries and business functions, particularly in finance, operations, supply chain management, and so on. Common use cases for implementing blockchain include:

• Record Keeping – Allows records to be kept in the ledger that is only accessible by authorized users who have a user-specific encryption key.
• Smart Contracts – Allows programmable code to trigger an automated transfer of value and information under certain conditions.
• Transfer of Value – Allows the transfer of value between two parties, thereby removing the need for a third-party intermediary.

Implementing blockchain can yield the potential for cost savings, increase in touchless transactions, decrease in transaction cycle time, and real-time transparency and traceability. Nearly every transaction platform can be improved or replaced by a blockchain-based platform.

How can blockchain be used to fight fraud?

One of the many value propositions for implementing blockchain is the decrease in fraud risk. The technology is anti-fraud by design—the most common theme in its application is the trust amongst all parties involved in a business transaction. Below are certain characteristics unique to blockchain that can mitigate fraud risk:

• Integrity – Blockchain’s structure creates a verifiable record of every transaction that has been made, and those transactions can only be created and/or altered with consent.
• Traceability – Blockchain’s finality and immutability leave a permanent, time-stamped audit trail for every stage of a business transaction and process.
• Transparency – Blockchain’s decentralized network contributes to a transparent platform in which fraudulent information and transactions can be easily identified and flagged.
• Security – Blockchain’s non-repudiation and disintermediation of data storage prevent any single participant from misappropriating company assets, one of the most common and costly forms of financial fraud.

What are risks or other key considerations related to a public blockchain?

Despite its many advantages, blockchain is a complex, evolving technology that can present risks and challenges during implementation.

The essence of a blockchain solution is that records are encrypted and distributed amongst authorized parties, and those records can only be altered with consent. However, opportunities for malicious activity can arise within the various blockchain consensus models:

• Collusion – When there is a public blockchain, there is a possibility of collusion amongst the participants within the network.
• Consensus – When there is distrust amongst the entities that lead to a multitude of consensus mechanisms, slow decision making can contribute to poor performance of processing power.
• Divergence – When entities within the network disagree on the governance of the blockchain, more than one copy can be created, which can decrease transparency and consistency of transactions.
• Dominance – When one entity in the network controls more than 51% of the processing power, that entity has the technical ability to engage in misconduct.

Blockchain aims to increase trust and efficiencies across business operations. Still, complex access rights management procedures and a lack of robust risk management frameworks can lead to vulnerabilities.

Organizations should consider blockchain’s susceptibility to existing and emerging risks when it adopts or scales the technology.

Where can I learn more about blockchain?

Learn more about blockchain through the following resources:

• AICPA: Practice Aid: Accounting for and Auditing of Digital Assets
• CAQ: Emerging Technologies, Risk, and the Auditor’s Focus: A Resource for Auditors, Audit Committees, and Management
• Deloitte: 2019 Global Blockchain Survey
• Deloitte: Blockchain to Blockchains: Broad Adoption and Integration Enter the Realm of the Possible
• EY: Finding the Key to Trust Blockchain
• EY: How to Prepare for the Digital Transformation of Reporting
• FEI: Financial Professionals’ Responsibilities are Changing: Get Ready for the Impact of Blockchain
• FEI: What CFOs Need to Know About Blockchain–and Trust
• The IIA: Blockchain: Risks and Opportunities
• The IIA: Blockchain is Coming: What CAEs Need to Know About the Impact
• KPMG: Blockchain and the Future of Finance: A Potential New World for CFOs–and How to Prepare
• KPMG: Securing the Chain
• NACD: Blockchain: What Boards Need to Know
• NACD: Boardroom Guide to Blockchain
• PwC: Blockchain is Here: What’s Your Next Move?
• PwC: The Essential Eight Technologies–Board Byte: Blockchain