DTCC demands block chain security framework for financial industry

The Depository Trust & Clearing Corporation (DTCC) is a global giant in the field of financial market infrastructure. The company says traditional IT security measures need to be updated to deal with the block chain.

In an official press release on February 12, the expected increase in acceptance of distributed ledger technology, such as block chains, in the financial services sector worldwide was noted.

The DTCC has published a new white paper entitled Security of DLT networks. The paper recommends that a comprehensive DLT security framework be established and possibly an industry consortium be formed. This would encourage research into standards and guidelines for the sector.


New benefits and new risks

In the white paper, the DTCC explains that DLT is currently subject to fragmented standards and guidelines in the financial services sector with regard to technological security risks.

The industry giant noted that a DLT implementation could offer a wide range of value propositions to multiple stakeholders. These include, in particular, “stronger identity measures, improvements in information protection and data integrity, more efficient processing, increased operational capacity and more effective compliance.

However, these benefits are accompanied by new risks. Better standards to ensure DLT interoperability, consensus on terminology, effective administration, and robust digital identity management are needed.

All players in the financial industry therefore have an interest in contributing to the development of a DLT security framework, the white paper states.

Individual companies, the DTCC says, should implement best practices. These include risk management and supervision, cyber security, third-party management and incident response.

Technological considerations should also be taken into account when creating, maintaining, storing and disposing of sensitive data. These considerations should bridge the security gap between DLT and legacy IT systems and establish standardised authentication methods. The use of cryptographic hash functions should be considered.

In a statement, Stephen Scharf, DTCC’s head of security, emphasized the need for a coordinated strategy to develop an industry-wide consensus:

“As is customary in IT security communities, frameworks must be available as widely as possible, generally agreed upon and jointly implemented. As best practices become established, they can be adopted into a formal framework and used by both the financial industry and regulators”.


Direct approach to DLT

As previously reported, this is not the first time that the DTCC has addressed global policy standards. It considers these to be necessary for a smooth DLT implementation in the financial services sector. In March last year, it published a Whiptepaper in which it sets out guidelines for post-trade processing of tokenized securities.

In 2018, a study conducted by the DTCC found that DLT was scalable enough to handle the daily trading volumes of the US equity market. The DTCC also plans to redesign its Trade Information Warehouse platform with DLT.