DIsTrIbuTED LEDgEr TEChnoLogY (DLT) CharaCTErIsTICs 5 previous reports of the cryptotechnologies working group2 have identified four key aspects shared by various cryptotechnology solutions: with the use of cryptotechnologies. permissioned ledgers allow more control over who has access to the ledger and which role is assigned to each par- ticipant. Today, central authorities such as national 4 A shared, uniform ledger that is replicated among central banks or other market infrastructure providers all participants over a network of interconnected play the role of maintaining and verifying ledgers, but computers; 4 Security and accuracy of the ledger is ensured through cryptographic methods; 4 Control of the ledger is decentralised among net- work participants (no single central authority); 4 Once verified, transactions on the ledger are fixed and indisputable. with dlT, this role can be divided over multiple enti- ties in the network. however, having unauthorised entities involved in verifying new transactions would be too risky for financial institutions and their custom- ers. Thus, while control can be decentralised, it will still have to be exercised by authorised parties. When using cryptotechnologies, all entities involved in verifying new ledgers must therefore be authorised. Cryptotechnologies were initially designed to ensure finality and transparency of transactions across a distributed network. These core features were not developed with legacy bank processes and financial regulations in mind. With an increasing number of financial institutions actively exploring the use of cryptotechnologies, there have been several im- Authorisation to view information on the dlT ledger will also be controlled. Initiatives such as Multichain3, Ripple Connect4, and hyperledger Fabric5 all offer permissioned access to view ledgers, ensuring that all nodes can be identified and are authorised to access information on the ledger. These entities can portant developments in dlT solutions designed to then be given permission to access information on help the technology adapt to the business, legal, and regulatory realities of financial organisations. Finan- cial institutions using cryptotechnologies today must a need-to-know basis. permissioned access to the ledger will be vital for creating the trust needed for institutions to exchange information between organi- make determinations on a few additional key aspects sations and across borders. These layers of access that can affect data security. ensure that all participants in a ledger meet certain standards for verifying information and/or accessing information, helping maintain data security in the net- work. Permissioned ledgers and limiting access Early implementations of cryptotechnologies, such as Bitcoin, were unpermissioned (and continue to be Privacy of information so), meaning that any party can join the network and verify transactions. In the traditional, highly regulated payment infrastructure business, on the other hand, access to messaging and payment networks is While cryptotechnology solutions employ various methods to ensure confidentiality for participants on the ledger as data is shared across the network always permissioned. This is not expected to change (e.g. by using pseudonyms for each party sending 2 “Applying cryptotechnologies to trade finance,” May 2016. https://www.abe-eba.eu/downloads/knowledge-and-research/EBA_ May2016_eAPWG_Applying_cryptotechnologies_to_Trade_Finance.pdf “Cryptotechnologies in international payments,” March 2017. https://www.abe-eba.eu/downloads/thought-leadership/EBA-Cryptotechnologies-in-international-payments-March-2017.pdf 3 https://www.multichain.com 4 https://ripple.com 5 https://www.hyperledger.org/projects/fabric EURO BANKING ASSOCIATION | SECURITy ANd IdENTITy ChAllENGES IN CRypTOTEChNOlOGIES