At a simplified level, blockchain technology is a giant global spreadsheet of transaction entries, wherein the software only permits the recording of new transactions by entities authorized to actually write to that ledger.
Sounds pretty simple.
But it’s not.
What is Governance, Risk, and Compliance (GRC)?
The first peer-reviewed academic paper on the topic of GRC was published in 2007 by Open Compliance and Ethics Group (OCEG) founder Scott L. Mitchell in the International Journal of Disclosure and Governance. This groundbreaking paper influenced an entire industry of GRC software and services.
GRC is the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity. GRC as an acronym denotes governance, risk, and compliance — but the full story of GRC is so much more than those three words.
The acronym GRC was invented by the OCEG (originally called the “Open Compliance and Ethics Group”) membership as a shorthand reference to the critical capabilities that must work together to achieve Principled Performance — the capabilities that integrate the governance, management and assurance of performance, risk, and compliance activities.
This includes the work done by departments like internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite and the board itself.
GRC is about establishing an approach that ensures the right people get the right information at the right times; that the right objectives are established; and that the right actions and controls are put in place to address uncertainty and act with integrity.
When GRC is done right, the benefits accrue. Organizations that integrate GRC processes and technology across all or many silos have:
- Reduced costs
- Reduced duplication of activities
- Reduced impact on operations
- Achieved greater information quality
- Achieved greater ability to gather information quickly and efficiently
- Achieved greater ability to repeat processes in a consistent manner
With the advent of blockchain, GRC is entering a new era as more organizations recognize the inherent power of the technology to establish and enforce strong, standardized internal controls, and extend those control standards beyond the organization into adjacent upstream and downstream partners. The immutable nature of blockchain data provides a mathematically verifiable assurance of the proof of data and the opportunity to automate the function of trust itself.
Transactions Define Human Interaction
Transactions are actions between entities, who engage in an exchange of some “thing”. That could be data, money, real property, etc… value in some identified form.
All social constructs are the result of transactional behavior. Society itself is a mesh of interconnected transactions. As humans intentionally organize themselves around a defined, intentional purpose, transactions define the internal and external operations of the entity.
Depending upon the parties, the “thing” and the nature of the transaction, different rules are applied. These rules can be based on a contract, a law, a corporate policy, etc… The output artifacts of the transaction are also varied — such as different documents and other information records attached to the thing, the transaction itself, the parties, etc…
How any transaction works within any case example is based upon the understood and agreed upon governance between parties in the ecosystem. This is the root of the concept of “consensus” which is also incidentally the term used in “Blockchain Land.”
Blockchain Consensus Models
In the magical realm of Blockchain Land, consensus is based upon the underlying math and logic contained within the software used to write new ledger transactions. This is where things quickly get complicated.
Bitcoin and derivatives use a consensus model called Proof-of-Work. The complexities of the mathematical calculations are established within the software so that miners run servers to discover and write blocks of transactions. This just requires that someone have a server powerful enough, an download the software to hash. The system is designed to allow anyone to connect to the public network and conform to the rules.
The rules of the road for any chain is based on the consensus between the people operating the server nodes doing the computing work in support of the blockchain infrastructure. Blockchain happens because these individuals agree to use a standardized software application to create and persist the ledger data.
It works as long as it works.
However, when those people disagree on the software and underlying parameters set at the protocol level, even public chains end up being fragmented as what is called a “fork”.
Blockchain Disputes
A fork happens when the version of software and legacy blockchain ledger data splits between factions. The different groups retain the original data, but then each starts writing new records to each their respective chains using different software. They’re no longer working together in sync and users get two accounts on different ledgers.
This can be demonstrated by the splits and forks in Bitcoin itself — most notably Bitcoin Cash.
Intentional agreement on changes to the core ledger have also been used to reverse and remedy major thefts and breaches as a result of the cooperation between node operators.
This was also the case early in the life of Ethereum. Bad code led to a hack and theft of funds from the Ethereum blockchain. The node operators agreed to fork so as to stem the losses of money that became Ethereum Classic chain.
The quandary of public blockchains and cryptocurrencies like Bitcoin and Ethereum is how to strike the balance between the concept of decentralized autonomy and need for a fundamental agreement on how to operate — which is by nature a form of centralization itself.
The governance problem enters when attempting to build out extended applications and ecosystems without securing that agreement at the foundation between all actors in advance.
These networks were created with a certain model with specific rules in mind. The public cryptocurrency systems are designed to be (relatively) anonymous and usable by any actor or entity for their own purpose. This requires a heightened security and difficulty, which impacts things like the technical attributes and performance of the software.
To agree, or not to agree, that is the question. And any enterprise system built upon a public blockchain is at significant risk of disagreement within the core platform itself. This risk is too high and broad for any rational leadership to accept.
So what are the alternatives? Intentionally-designed ecosystems vs. haphazard, experimental public frameworks.
Organizations Require Governance
Organizations of any kind must operate according to some rule set. Organizational governance defines these rules. There’s a collision of mindset once any organization (which requires an operating protocol) attempts to integrate some management framework outside of the organizational influence or control. There’s no “services agreement” between Bitcoin and users of Bitcoin. You simply accept the risks and put your plausible deniability shades onto your face, hoping for the best.
Now that we’ve been through the evolution of cryptocurrencies into experimentation into enterprise use of blockchain, the rationale for these intentional governance models are the next level of discussion. Particularly around the ability to design and manage intentional economies using ledger ecosystems based on intentionality vs. amorphous chaos.
Blockchain technology helps to define a potential ecosystem for disparate actors to engage in a cooperative fashion. Even if that’s just how we agree on the manner in which transactions are recorded onto a ledger at a very granular level.
But it quickly moves from the context of blockchain algorithms into other use case specific applications — and that’s where the method of consensus and management of the data layer itself starts to radically affect other things.
Beyond just the blockchain, consent extends into how the actors participate between each other at higher levels of engagement — as well as the kinds of a software and information systems used. This might be represented by a vendor supply chain network, an enterprise resource planning system, an accounting payables system, and so on.
When it comes down to putting real, tangible value onto a blockchain ledger format, people get pretty protective of how things are managed — especially when there are billions and trillions of dollars at stake.
Cryptocurrencies and their underlying public network protocols do not easily provide any mechanisms to extend ledger management consensus into higher order governance when connecting these actors together around a distributed model.
Enterprise Blockchain Governance, Risk, and Compliance
For blockchain technology to be embraced by enterprise organizations, those organizations must have a direct say in how the data is managed — as well as a say in the ecosystem itself. This simply doesn’t exist without an intentional design of the cooperative between actors. Blockchain governance requires a more advanced, readily accessible form of democracy than the node operators deciding to run new software.
Without participatory governance at both the ledger layer, as well as other higher layers, the particular blockchain technology itself will eventually be untenable for the actors involved. The ecosystem will fail, shrinking value for the stakeholders.
Maybe not at first, but eventually there will be a disagreement somewhere in the ecosystem. How those disagreements are resolved are paramount to the life expectancy of the data and ledger, as well as the affect on interconnected relationships between users.
But when any organization is intentionally designed for participatory decision-making, the “hive mind” can provide many paths to resolution.
I used to say:
“Blockchain will do for transactions what the internet did for information.”
Now I also say:
“Blockchain will do for governance what the internet did for communication.”
Well-designed organizations have strong governance mechanisms to facilitate two key principles guiding collective action:
- Where there is a poorly defined problem the organization has a structured process to collectively define the problem itself.
- Where the problem is succinctly defined, there are processes to manage the workflow to execute with intentional action.
Blockchains serve the need to record transactional events, provide proofs of verifiable facts, and enforce standards. Blockchains are (and should be) hard to change, which forces users to conform to the protocol much like a charter or constitution. Blockchains provide the efficient vehicle to decentralize decision-making as a formalized process.
This cuts to the very core of governance, risk, and compliance.
When any organization is faced with 1) reaching an agreement on values, and 2) deciding collective action, a blockchain framework establishes the boundaries for a widely distributed set of stakeholders and participants.
A well-designed blockchain governance system should facilitate the determination of group preferences and building of consensus. This is where public blockchain protocols fail… badly.
Value Chain Ecosystem Governance
Extend this discussion beyond a single organizational entity into an entire value chain ecosystem, and one can see how the legacy methods of organizing associations or consortia become inefficient and ineffective.
By establishing a blockchain-based approach to designing associations or consortia around entire industry or value chain ecosystems, massive efficiencies can be gained throughout.
To achieve this, I refer back to the work by Jay Galbraith when he defined the Star Model in his book, “Designing Organizations.”
While his original work was written in the early 1990s, long before blockchain, it’s interesting to find the parallels between intentional governance design of organization & extended value chain ecosystems.
It is also an extremely useful roadmap to help navigate through the complexities of designing a blockchain-based governance structure for organizations and value chain ecosystems.
Conclusion
Before there’s a massive embrace of blockchain technology by enterprise, the issues of fundamental governance, risk, and compliance must be addressed at the individual organizational and extended value chain ecosystem levels. The complexity of intentional governance design can be simplified with the right blockchain consensus framework.
10XTS recognized the gaps between the implementation of the technology and the business unit as nascent financial projects have proliferated around the world.
Without a systematic approach to the application of GRC principles, blockchain technology by itself continues to fall short as a viable enterprise solution.
XDEX was created as a GRC network to provide that metadata-based link between traditional data and blockchain networks.
10XTS implements GRC frameworks for blockchain solutions with intentional governance, risk, and compliance designed at the core. Contact us to learn how we can help your organization or industry association establish a solid consortium-based approach to implementing a successful blockchain framework.
For more information or to schedule a chat, contact the 10XTS team today!