Darko Popovic, Chadwick Cheung and Zhixin Lim of the Risk Management in a Digital World Working Party run through some of the most commonly asked questions about blockchain
The Risk Management in a Digital World Working Party presented a sessional event paper towards the end of 2018 which showed that blockchain was the digital topic that actuaries felt least comfortable explaining to their colleagues.
With this in mind, the working party has produced a practical guide on blockchain for actuaries, risk professionals, and insurance companies and their boards. It includes an educational element in order to ensure all actuaries have a basic understanding of the technology’s practical aspects.
The paper (available at bit.ly/3dqiS53) provides examples of real-world applications and use cases in insurance, illustrating the capability of the technology while also considering the current risks and challenges of adopting it.
The Actuary held a Q&A session with some of the working party members to learn more.
What is blockchain?
Blockchain is a database that is shared by multiple participants. Data is verified by multiple entities instead of a single organisation, removing a central point of failure. The data is propagated and stored by each participant so that multiple parties have the same record. It is not to be confused with crypto-assets such as cryptocurrencies, which are applications of blockchain technology.
Why does blockchain matter?
Blockchain is an infrastructure technology that will enable instantaneous peer-to-peer exchange of value, much like the internet has enabled instantaneous peer-to-peer exchange of information. Once mature and adopted en masse, blockchain could disrupt the insurance industry’s business and operating models.
How could blockchain be disruptive to business and operating models?
Blockchain could result in reduced operational frictions and costs in the insurance value chain. However, the real gamechanger for the insurance industry is the pooling and transferring of risks between end users, without intermediaries. This blockchain use case is best explained using the concept of decentralised finance (DeFi) and insurance. DeFi services, in broad terms, are peer-to-peer financial services built on permission-less blockchains.
Policyholders currently pay a premium to an insurer, which is trusted to prudently manage the reserves and pay out claims. In a peer-to-peer business model, individuals pool resources and enter into a direct agreement with each other to insure against an event, without the need for a trusted centralised authority. The concept of an insurance mutual is not new – blockchain just enables a more transparent and cost-efficient implementation.
There are two aspects to ‘permission-less’:
- Permission-less innovation – where anyone can build and distribute an insurance product on the blockchain
- Permission-less access – where anyone with an internet-enabled device can access these insurance products.
The end result is a wider variety of insurance products that are more transparent, affordable and accessible.
What are the challenges preventing mainstream adoption of DeFi?
The first hurdle is that of potential security issues. As the DeFi use case is relatively new, it has not been sufficiently tested under real-world adversarial conditions. The main tenet of DeFi is that there is no need for a centralised authority; trust in insurance companies and regulators is replaced with trust in software and code. Vulnerabilities in blockchain software can be exploited just like other computer programs.
The second hurdle is that the infrastructure required to support a DeFi ecosystem is not yet fully built. There are no trustworthy oracles (third-party data providers) or digital identity platforms. As a result, the DeFi products available now are relatively simple and generally do not need to comply with know-your-customer rules. Digital infrastructure is a public good that the government has a role in providing.
The third hurdle is poor user experience. While much has been done to make interactions with DeFi applications as user friendly as possible, these apps are still strictly for those who are technically savvy and comfortable with being fully responsible for access to their funds.
More broadly, what are the challenges preventing mainstream adoption of blockchain?
Blockchain is potentially disruptive but it may not make commercial sense to be a first mover in adoption, as standards and platforms are still emerging. The hype is ahead of development; it will take time for the technology to mature and be tested under real-world adversarial conditions.
Additionally, legislation and regulation have generally not caught up with developments in the blockchain space. It is unclear whether smart contracts (ie self-executing code deployed on the blockchain) would be recognised as formal legal contracts. Similarly, it is not obvious which legislation or regulation crypto-assets fall under.
Finally, a new way of doing business is needed to take full advantage of blockchain. New technology often means changing mindsets and existing processes. Creating an organisational culture that encourages innovation and continuous improvement is no small task. Within the insurance industry, companies need to be prepared to cooperate and compete on the same blockchain network so that everyone benefits – ie game theory is at play.
Why do we need a decentralised system? Are there any clear benefits?
A decentralised system is an ideal solution when no central authority is trusted with the maintenance of shared data. One benefit is improved data quality and transparency, because each party has access to the full set of data and the data is verified by multiple parties. Another benefit is improved data security, because data is stored in multiple and identical copies. A real-life example is green bonds (or any green investment, for that matter). A decentralised system helps to improve transparency by using multiple parties or oracles to verify the use of funds.
Why are there very few insurance use cases in real life? Is it because they are not generally convincing?
Insufficient understanding of the technology is one of the first obstacles. Better education and research is needed before more credible use cases emerge. Furthermore, use cases become convincing only when real benefits are realised, such as reduced costs, increased revenue and new business models. New technologies go through a journey in which costs are initially prohibitively high but reduce as they mature. Increased revenue will only come to pass when the solution is scaled. New business models are driven by demand and companies’ ability to meet this demand. Blockchain is still at an early stage where none of this has been achieved yet. However, the technology is moving in the right direction and making progress. Blockchain is at the same development stage as the internet was in the early 1990s.
Is blockchain incompatible with ESG objectives because of its high energy consumption?
Blockchain does not inherently consume huge amounts of energy. How expensive it is to maintain consensus is a design choice. While proof-of-work is expensive to run (by design choice), there are other consensus algorithms that do not require as much energy, such as proof-of-stake. Energy consumption (and indeed efficiency) also depends on the trade-offs between decentralisation, security and scalability – the ‘blockchain trilemma’.
Financial institutions tend to prefer private blockchains to public blockchains for privacy reasons, yet private blockchains don’t appear to be any different to a shared, centralised database maintained by a select few. Is blockchain just another fad?
Private blockchains do not fulfil the full promise of distributed ledger technology. Currently, companies prefer private blockchains for confidentiality and technological reasons. However, it is worth noting that: 1) even private blockchains offer additional benefits to traditional databases (for example higher security, tamper-resistance, use of smart contracts); 2) progress is being made on the ability to do private transactions on public blockchains (eg zero-knowledge proof), which has become technologically possible and at a much reduced cost compared to a year ago. Private blockchain is a sensible stepping stone towards public blockchain, before the technology gets more advanced and companies become more comfortable with transacting on public blockchains.
What role do you see governments and regulators playing in blockchain?
It would be helpful if they could set standards around scalability, data protection, interoperability, cryptography and auditability. We are seeing progress here. China passed a law this year to regulate cryptography standards for public and private use, and the European Commission is working towards an EU regulatory framework for crypto-assets. It will be interesting to see what impact this will have on DeFi use cases.
Is blockchain as secure as people claim?
There have been high-profile hackings in the past, leading to financial losses. It is important to understand what has been hacked. The hackings in the past were not exactly of blockchain, but of other infrastructure components in the ecosystem, such as smart contracts, wallets and exchanges. For example, the DAO attack on Ethereum was to do with bugs in the DAO (smart contracts), while the Ethereum blockchain network was working fine. Wallets were generally hacked when owners leaked their private keys – the equivalent of giving away their password.
What are quantum computing’s implications for blockchain?
The impact of quantum computing on different parts of blockchain varies. Digital signatures that are based on elliptic curve cryptography, such as the Elliptic Curve Digital Signature Algorithm, are vulnerable to quantum computing. The hash function SHA-256 is considered to be quantum-resistant. The threat of quantum computing to blockchain is understood by developers, and work has begun to address vulnerabilities and build more secure and resilient blockchains.
How can I find out more?
The Risk Management in a Digital World Working Party has produced a practical guide to the insurance industry entitled Understanding Blockchain for Insurance Use Cases. It starts with an education piece, followed by real-world insurance use cases to illustrate applications, and discussion on the risks and challenges of adoption. Feel free to contact the authors for further questions.
Darko Popovic is a director at FTI Consulting and the current chair of the Risk Management in a Digital World Working Party
Chadwick Cheung is an actuarial consultant at EY and a member of the Risk and Management in a Digital World Working Party
Zhixin Lim is a senior investment risk manager at HSBC Global Asset Management and a member of the Risk Management in a Digital World Working Party