What do boards have to know about blockchain to discharge their fiduciary obligation to oversee their companies? On October 16, the National Association of Corporate Directors (New England) presented a program both explaining blockchain technology and addressing the function of boards.
Everyone knows the standard blockchain mantra: blockchain is a database controlled by no intermediary, visible to all parties, protected by deep encryption, an unchangeable distributed ledger, with multiple copies stored across many servers.
We also have a growing series of “use cases” where the technology is utilized to record changes in stockholdings, process transactions in cryptocurrency, facilitate supply chains, handle proxies, and form a new kind of contract entered into without lawyers which can be automatically performed (computers can tell us when goods are delivered and release payment automatically).
The key for boards is not to ask only technical questions but, also, questions concerning “governance” over the blockchain itself. Who controls the algorithms and rules of that particular blockchain? Since no central source controls the blockchain, but rather all the users are in a way owners of it, who can make changes in the blockchain that could imperil a company? The panel recommends you ask the questions that directors asked when it was first proposed to place company data in the cloud. What are the security parameters, what are the protections from people accessing the data, is the data backed up, who are the parties that set up the particular blockchain, what is the governance over that system? To create trust without a middle man to provide that protective function (for example, when banks transfer money between each other, they trust the Fed system as the middle man), and since most rules changes will be controlled by a majority of users, questions should be asked with respect to the nature of the blockchain itself.
An IBM representative noted there is an IBM founders’ handbook discussing governance of blockchains, setting forth options in order to reach a consensus as to rules changes.
The key to hacking blockchain is your private encryption key, and boards also should determine who has access to that key, and whether multiple people are needed in order to access the blockchain.
Some companies are setting up their own “centers of blockchain excellence,” and boards were admonished not to place control of the company’s relationship with the blockchain in the hands of one single person. The vulnerability of blockchain technology is not that someone can hack into it, but rather that somebody can steal your private key or access the end proceeds of a transaction once in the hands of the company, and after blockchain has done its work.
The NACD generated materials for attendees of the October 16 session, which suggest a further set of director questions: how is your particular business likely to be impacted (see Jennifer Wolfe’s recent book Blockchain in the Boardroom), examine what competitors are doing, perhaps make minority investments in early and late stage startups in the space, build up internal employee knowledge, ask how blockchain fits into the company’s broad digital strategy, and decide whether you want to add tech-savvy C-level executives (or directors).
Additionally, it seems to me that directors need to assign blockchain responsibility specifically (is it for the audit committee, the risk committee, an ad hoc committee) and empower that group to gather information, command internal attention and have budget for needed technical advice.