Blockchain technology has steadily moved from experimentation to real-world adoption across financial services. Global financial institutions, market infrastructures and central banks are increasingly exploring how distributed ledger technology (DLT) can enhance transparency, resilience and efficiency.
Yet as adoption accelerates, a central challenge remains: how to identify, assess and manage the non-financial risks associated with operating on public blockchain infrastructure.
Click here to learn more about how DTCC is Transforming Finance Through Secure Tokenization
To help address this gap, DTCC contributed to the Global Blockchain Business Council’s (GBBC) newly released Proposed Risk Mitigation Framework for Non-Financial Risks of Blockchain Infrastructures (Phase 2). Building on the Phase 1 framework released in July 2025, the paper advances a practical, institutionally relevant approach to managing public blockchain risk.
A Continuation of Phase 1, With a Sharper Operational Lens
Phase 1 established why public blockchains require focused attention and why traditional risk frameworks fall short when applied to decentralized, open and community-governed infrastructure.
Phase 2 moves the discussion forward by:
- Deepening the analysis of blockchain-specific non-financial risks
- Aligning those risks with established operational risk standards
- Outlining how institutions can integrate blockchain considerations into existing governance and control structures
Five Key Takeaways
Blockchain risks require targeted frameworks
Public blockchains introduce risks that do not fit neatly into traditional categories. The framework distinguishes between risks that require new mitigation approaches, those that can be adapted from existing standards and those covered by current controls.
Governance models differ fundamentally from traditional infrastructure
Although each chain is different, public blockchains with decentralized governance and open-source development replace centralized control structures. Greater ecosystem transparency can support oversight, while financial institutions may need to adapt internal governance models to help ensure clear accountability.
Resiliency depends on active participation
Using public blockchains is not the same as consuming a traditional technology service. Depending on their risk posture and operating model, institutions may consider running nodes, engaging third-party operators or contributing to open-source development to strengthen operational resilience.
Layer 2 solutions improve performance but add complexity
Layer 2 architectures may improve scalability and efficiency, but they can also introduce additional dependencies such as sequencers, bridges and data availability mechanisms. Risk management should account for how risk may shift across these layers.
Risk management must be continuous
Effective blockchain adoption requires empirical testing, adversarial validation and ongoing refinement. Public-private collaboration and community-driven standards are critical to keeping risk frameworks relevant as technology evolves.
Moving the Conversation Forward
The Phase 2 Risk Mitigation Framework acknowledges the complexity of public blockchain infrastructure and calls for continued iteration as adoption expands. DTCC’s participation reflects its continued focus on supporting thoughtful, risk-informed exploration and responsible adoption of emerging technologies.