Melanie Brown (firstname.lastname@example.org) is a Regulatory Compliance Attorney and President and Consultant for Black Dog Risk Solutions LLC in Rio Rancho, New Mexico, USA.
Innovating processes, procedures, and performance can make a significant impact on compliance initiatives. By incorporating technology in a compliance program, a business can increase efficiency, applicability, reliability, and, overall, corporate responsibility. This article will explain the concept of “blockchain” and consider the implications of recent privacy law developments such as the European Union (EU) General Data Protection Regulation (GDPR) on the use of blockchain technology.
What is blockchain?
One technological advancement that can positively affect an internal compliance program is the use of blockchain technology. For non-techies, blockchain is distributed ledger technology that digitally stores or moves data between parties to a business transaction. Putting it simply, blockchain securely records each new transaction or data to a ledger. As new transactions occur, they are stored in a “block.” The sequencing of the transactions grows as each additional transaction occurs, creating an irreversible and immutable “chain,” ergo, blockchain.
Blockchain is an immutable and irreversible distributed ledger because all data or transactions recorded to the ledger cannot be changed, amended, or edited. Therefore, when parties make modifications to data or transactions, they will be appended to the chain. Certain known or identified parties to the transaction are invited to private blockchains to access transaction information, or in some cases, the transactions are public blockchains, where transactions are decentralized and parties have little to no knowledge of each other. Blockchain uses public and private encryption keys to protect the integrity of the transaction data, manage party access, and provide transparency.
Blockchain is being used in several industries. From the retail to the music industry, companies are implementing blockchain. It reduces time and money by eliminating the use of third-party middlemen and increases security with the use of encryption. The transactions are distributed smoothly among parties.
How is blockchain associated with an internal compliance program, and what complications does it create? Well, consider this:
In a global company that imports and exports, international trade law and US federal law require a series of steps to comply with regulations. To ensure these steps are appropriately taken, the transaction can be added to the blockchain. For example, the import/export industry is still heavily paper driven. Shipments, certifications, and clearance processes that require a paper trail can be digitally driven in blockchain.
In a financial audit, due to federal regulations like the Sarbanes-Oxley Act (SOX), the audit process could be maintained in blockchain as an electronic paper trail. The blockchain would securely record each document, errors, and conclusions as part of the audit. It can also provide transparency in real time. Because blockchains are highly secured, they could potentially meet the security standards of auditing requirements. Blockchains could also facilitate SOX sections 302 (Corporate responsibility for financial reports), 404 (Management assessment of internal controls), and 409 (Real time issue disclosures).
During contract negotiations, compliance personnel want to ensure that certain terms and conditions are included in the final contract. The various versions of the contract can be included in blockchain. Each new revision is a new transaction to the chain. The blockchain tracks which party accesses the contract and what changes were made when the edited version is placed on-chain. Final execution of the contract is memorialized by the signatures stored to the blockchain.
Blockchain can be used in other areas that require compliance, such as supply chain, recordkeeping, and even the onboarding of new employees.