Settlement in the traditional finance (TradFi) space historically has relied on centralized intermediaries and legal agreements. This limits the speed at which transactions can be completed and the finality of transactions.
As the Web3 space matures, TradFi institutions are increasingly adopting Layer-1 blockchains to implement a more modern approach to settlement. While this has significant promise for TradFi institutions, it also must be designed and adopted carefully to address security concerns and align with regulatory requirements.
How Settlement is Evolving
Efficient settlement is a critical component of the modern financial industry. With individuals and organizations banking with different institutions, banks need the ability to settle balance transfers between these institutions.
Historically, settlement has been dependent on centralized intermediaries, such as Real-Time Gross Settlement (RTGS) systems and clearinghouses. With RTGS, the central bank of a particular country or jurisdiction can finalize gross balance transfers immediately. Net settlements are often performed in batches, offering completed transfers within one business day.
While these processes have worked for decades, they have their limitations. One of the most significant is the fact that many of these processes only operate during business hours, and settlements may take one or more business days to complete. Additionally, the complexity of these processes can introduce significant fees to complete even the smallest transfers.
Layer-1 blockchains offer the potential to modernize these systems. Some key features that they provide include:
Rapid Finality: Blockchain transactions are typically trusted after six blocks are built on top of the one containing a particular, high-value transaction. Bitcoin, which has one of the slowest times to finality of major Layer-1 blockchains, has transactions trusted within about an hour, much slower than the full business day of TradFi settlement.
Decentralization: Layer-1 blockchains are designed to be decentralized systems. This eliminates the intermediaries associated with TradFi settlement, potentially improving efficiency and decreasing cost.
Lower Fees: Performing a wire transfer commonly costs users at least $25, with costs increasing for larger transactions. Blockchain transaction fees are typically much lower and don’t scale with the value of the transaction.
Continuous Operation: TradFi settlement systems are commonly restricted to normal business hours. Blockchains operate 24/7, eliminating potential transaction delays associated with transfers performed after hours or on holidays.
Many TradFi institutions are piloting programs designed to use stablecoins for rapid settlement on-chain. Stablecoins’ predictable value eliminates the concerns associated with crypto volatility, and they can take full advantage of the various benefits of blockchain technology.
Considering the Challenges of Layer-1 Settlement Systems
Using Layer-1 blockchains to support settlement offers significant advantages to TradFi institutions, including faster, cheaper, and more transparent transfer processes. However, these systems also come with various risks that must be addressed and managed as part of system design, development, and maintenance.
Stablecoin Security Risks
While TradFi institutions can use various on-chain assets for settlement, stablecoins are the most common choice due to their peg to fiat assets and greater regulatory clarity. Some top risks associated with stablecoins include:
Smart Contract Vulnerabilities: Stablecoins are implemented using smart contracts, potentially with complex functionality to support regulatory compliance. Programming or logical errors in this code could expose the contract to attack.
Compromised Keys: Private keys may have control over privileged functionality in stablecoin smart contracts, such as update mechanisms. These keys must be secured in accordance with security best practices (multi-sig wallets, cold storage, etc.) and have their access limited by least privilege access controls.
Insufficient Collateral: Stablecoins maintain their peg by holding adequate collateral to enable redemption of stablecoins for fiat assets. If stablecoins are insufficiently collateralized, they are an unsafe store of value and mechanism for settlement.
Malicious Updates: Modern smart contracts are designed to be upgradeable using proxies. An attacker or malicious insider may be able to perform updates that introduce dangerous functionality or allow them to drain value from the stablecoin.
Infrastructure Risks
Layer-1 blockchain settlement systems operate in complex environments, linking to both on-chain and off-chain systems. This infrastructure introduces various potential risks and vulnerabilities to these systems, including:
Compromised Keys: Beyond stablecoin smart contracts, private keys play a vital role in various elements of Web3 ecosystems, including securing blockchain wallets and other smart contracts. If compromised, these keys can allow theft of assets or abuse of the privileges assigned to a particular blockchain account.
Smart Contract Vulnerabilities: In addition to stablecoin smart contracts, on-chain settlement systems may rely on other DeFi projects and their associated smart contracts. For example, vulnerabilities in cryptocurrency exchanges could be exploited by an attacker to steal assets or take other malicious actions.
Cross-Chain Bridges: Layer-1 settlement systems may offer multi-chain support to take advantage of various benefits or support financial institutions that have deployed on different chains. The resulting reliance on cross-chain bridges to transfer assets can introduce potential risks, especially since these bridges have been the targets of some of the most expensive DeFi hacks to date.
Interfaces and APIs: A settlement system built on the blockchain will need to provide frontend systems for users and integrate with a financial institution’s existing settlement infrastructure. These interfaces and APIs can create security risks and vulnerabilities if they are implemented insecurely or have mismatches between the capabilities, expectations, and security models of the two connected systems.
Network-Level Risks
On-chain settlement systems are dependent on the blockchain operating as intended, from both a security and functionality perspective. Some of the network-level risks associated with on-chain systems include:
Centralized Governance: Blockchains are vulnerable to 51% attacks, where a single party controls the majority of the mining or staking power and can rewrite history. If this happens, then previously finalized transactions may be reversed on-chain.
Validator Manipulation: The validators who create blocks on a Layer-1 blockchain have the ability to select and organize transactions within their blocks at will. This creates the risk of censorship or validators defining transaction orders to their own benefit, e.g., Maximal Extractable Value (MEV).
Denial of Service (DoS) Attacks: Settlement systems should be robust against cyberattacks and other potential disruptions. A DoS attack against the blockchain may slow transaction processing to a crawl or undermine the security model of the blockchain.
Regulatory Compliance
Moving settlement on-chain introduces compliance challenges as TradFi institutions surrender a level of control over their infrastructure to move settlement operations on-chain. Some key challenges associated with this include:
KYC/AML: TradFi institutions are largely required by law to implement Know Your Customer and Anti-Money Laundering (KYC/AML) controls. Blockchain’s pseudoanonymity complicates this as it can be difficult to definitively prove ownership of a blockchain address.
Operational Resiliency: TradFi institutions are required to ensure a level of operational resiliency for core operations. With blockchain, the organization is reliant on the resiliency of the blockchain and associated smart contracts.
Legal Finality: Settlement must achieve legal finality, where transactions cannot be reversed after the fact. Blockchain settlement is often probabilistic, which introduces the risk of reversed transactions.
Liability: Regulators require someone to take responsibility for errors, hacks, and similar events. Decentralized systems and those with elements outside of an institution’s control make determining liability more complex.
Governance: In the event of a major incident, a financial institution may need to be able to roll back transactions. Governance rules must be defined, specifying who can take what actions and under what legal authority.
Securing On-Chain Settlement Systems
Settlement systems built on Layer-1 blockchains have their risks and benefits. However, the associated threats can be controlled by a combination of risk management and technical controls. Key policies and processes include:
Threat Modeling: Threat modeling proactively searches for potential threats to system security and regulatory compliance. Performing threat modeling throughout the system lifecycle — beginning with the requirements and design stage — helps to ensure that secure processes and controls are baked into the system from the start.
Security Audits: Comprehensive security audits are essential to identify vulnerabilities and business logic errors within smart contracts and other elements of an institution’s infrastructure. All code should be audited before deployment.
Resilience Testing: Laws such as the Digital Operational Resilience Act (DORA) mandate that financial institutions maintain a certain level of operational resiliency. TradFi institutions should perform resiliency testing of all elements of their IT environments, including on-chain components.
Monitoring: On-chain attacks are irreversible, making rapid response and remediation essential to minimize damage. Real-time monitoring of on-chain operations is essential for compliance and cybersecurity threat management.
In addition to processes and policies, TradFi institutions should also implement the following technical controls for on-chain settlement systems:
Key Management: Private keys should be protected using multi-sig or MPC wallets to limit the impact of a compromised key and use cold storage when possible to decrease the risk of compromise.
Access Management: Access to privileged functionality within smart contracts should be defined based on the principles of least privilege and separation of duties. These rules should be enforced with in-contract access controls.
Smart Contract Allowlists: Settlement systems and smart contracts should have allowlists specifying the smart contracts that they can interact with. This limits supply chain risks associated with untrusted or compromised smart contracts.
KYC’d Addresses: TradFi institutions can perform KYC for selected blockchain addresses to establish ownership. Limiting interaction to these addresses can help to meet regulatory requirements.
On-Chain Governance: Governance of settlement systems should be defined and managed on-chain. This enhances transparency and ensures that governance policies are properly enforced.
Managing the security and compliance risks of on-chain settlement requires a comprehensive understanding of TradFi and associated regulations, as well as the Web3 space. Halborn’s advisory services help organizations to develop systems and processes that comply with their security requirements and legal responsibilities. Get in touch to find out more.