How Blockchain Can Boost Security for DepositoriesIndian Depositories Mandated to Use Blockchain Monitoring System
The Securities and Exchange Board of India has instructed depositories in the country to use distributed ledger technology to record and monitor the creation of securities as well as contracts of nonconvertible securities. The DLT-based monitoring system is expected to be implemented by April 1, 2022.
A depository is an institution that holds securities, such as stocks and bonds, and helps investors trade in them.
DLT, which includes blockchain technology, offers a more resilient system than traditional centralized databases, along with better protection against cyberattacks, according to the regulatory authority governing India’s capital markets.
The distributed nature of the technology allows it to curb attacks originating from a single source, according to the SEBI statement. This means that cybercriminals will not be able to isolate and target a particular point in the ledger system to carry out a cyberattack.
Additionally, SEBI says it is developing a DLT-based hosting platform for depositories, dubbed Security and Covenant Monitoring System, to strengthen the process of security and asset monitoring. The system will allow debenture trustees, issuers and credit rating agencies to regularly update the data in the system, which can also be accessed by other financial entities such as stock exchanges, according to SEBI.
The market watchdog states that the information stored in the system will be cryptographically signed, time stamped and sequentially added to the ledger. This process, according to SEBI, will provide a verifiable audit trail of transactions.
The new blockchain-based system will allow all stakeholders to access in the distributed ledger portions of information relevant to them. The transaction history on the distributed ledger, SEBI says, will be fully encrypted and shared with stakeholders on a need-to-know basis.
A Welcome Move
SEBI’s announcement is a welcome move for the country’s exchanges and investment firms, as blockchain addresses the core pillars of cybersecurity: confidentiality, integrity and availability, says Narayan Neelakantan, former CISO and head of IT risk and compliance at the National Stock Exchange of India.
“Identity is the new perimeter. One of the core deliverables of DLT is robust, tamper-proof identity and access management. This has been proven over the past 12 years,” Neelakantan, who is the CEO of Block Armour, tells Information Security Media Group.
Having the right skills is key to implementing blockchain successfully, he says.
"Choosing the right platform from multiple options such as Ethereum, Hyperledger, Quorum or Neo may be challenging for CISOs adopting blockchain for the first time. So, if they’re looking to implement something like Ethereum or Hyperledger, they’ll first need to have the right skills on board and make provisions for research and experimentation,” he says.
In a study on the impact of blockchain on investment banking, Morgan Stanley explains how DLT incorporates a system of security checks to ensure that the integrity of the chain has the potential to cut out financial middlemen.
The report states: “Blockchain is disruptive in the investment banking space as it eliminates the need for intermediaries to establish trust and authenticate identity between two untrusted parties that want to transact.”
Vivek Zakarde, head of business intelligence, dataware and analytics at Reliance General Insurance Co., also identifies validation as one of blockchain’s strongest suits, and therefore, the perfect solution for the insurance space.
“Due to its decentralized nature, blockchain grants unparalleled immutability and transparency; it minimizes counterfeiting and double-booking, and making alterations in the contract is virtually impossible,” he says.
Blockchain helped Zakarde's firm detect patterns of fraudulent behavior and verify the identity of claimants and policyholders, he adds.