As blockchain infrastructure sees broader adoption, a significant gap persists in recognized risk management frameworks and regulatory acceptance — especially among financial institutions.
To address this gap, the Global Blockchain Business Council (GBBC) and Oliver Wyman have developed the Proposed Risk Mitigation Framework for Non-Financial Risks of Blockchain Infrastructures (RMF): a coordinated effort with a phased approach to guide regulated financial institutions in mitigating the risks associated with public blockchain adoption.
An industry-driven initiative, the RMF provides financial institutions with tools to assess and manage non-financial risks associated with public blockchain use. A cross-sector working group—including financial-market infrastructures, global systemically important banks, multilateral development banks and leading Layer-1 protocol teams—has contributed practical insights on how to integrate public blockchain infrastructures with established risk frameworks.
Related: Responsible Innovation - Navigating Regulation & Blockchain Together
The RMF lays the foundation for a global, risk-based assessment and mitigation strategy to enable secure blockchain adoption. Phase 1 focuses on public Layer 1 blockchains and tokenized securities, with Phases 2 and 3 slated to expand into digital payments (e.g., stablecoins) and native crypto-assets.
“DTCC is proud to have contributed to the Risk Mitigation Framework as a cornerstone for responsible blockchain adoption,” shared Nadine Chakar, DTCC Managing Director, Global Head of DTCC Digital Assets. “The integration of the taxonomy of risk and controls for digital asset securities marks a powerful start and we thank GBBC and Oliver Wyman for their leadership as we drive meaningful transformation across the financial ecosystem.”
Five RMF Takeaways
-
Blockchain introduces specific novel risks requiring targeted risk frameworks.
Blockchain’s decentralized design, immutable records and 24/7 operations enhance transparency and efficiency, but also introduce risks that traditional frameworks don’t fully address. To manage these risks effectively, a standardized approach that enables financial institutions and regulators to prioritize risk management efforts is needed, including new mitigation strategies along with adapting existing standards.
-
Public blockchain governance differs fundamentally from traditional operating models.
Unlike centrally governed digital infrastructure, public blockchains rely on decentralized governance and open-source quality assurance. These ecosystems must clearly define their governance structures, risks and challenges. At the same time, financial institutions must adapt their internal governance and decision-making to align with their chosen public blockchains, ensuring transparency and responsiveness.
-
Public blockchain adoption demands new resiliency strategies.
To ensure resilience, financial institutions should pair public blockchain adoption with complementary support services (e.g., third-party node operators, failover systems). They must also shift from passive consumption to active engagement, participating in operations (e.g., running nodes) and contributing to open-source development. This involvement enhances the robustness and reliability of public blockchain ecosystems.
-
Security tokens present compelling benefits but require new risk management approaches and an adapted market structure.
Security tokens offer transparency, liquidity and efficiency, but face challenges in terms of interoperability and custody. Regulators must set standards for streamlined market structures, while participants implement blockchain-specific risk frameworks to manage these risks effectively.
-
A structured approach to risk analysis of blockchains.
Institutional blockchain adoption should include rigorous and comprehensive assessment and testing—such as adversarial and load tests—to ensure operational resilience. Active public-private collaboration and contributions to open-source frameworks are essential. Financial institutions must support and engage in these efforts to keep risk standards relevant and effective.