BANKS FACE NEW RISKS FROM PERMISSIONLESS BLOCKCHAINS, BIS WARNS

Last updated: October 25, 2025, 22:34 | Written by: Kael Ronin

Banks Face New Risks From Permissionless Blockchains, Bis Warns
Banks Face New Risks From Permissionless Blockchains, Bis Warns

The world of finance is constantly evolving, and with the rise of blockchain technology, banks are exploring new avenues for innovation.However, this exploration comes with its own set of challenges.A recent working paper from the Bank for International Settlements (BIS), specifically the Basel Committee on Banking Supervision (BCBS), throws a spotlight on the emerging risks that banks face when engaging with permissionless blockchains, such as Ethereum. Bybit expresses deep gratitude for industry support amid FebruThese open, decentralized networks offer the promise of efficiency and transparency, but they also introduce complexities in security, compliance, and governance that traditional financial institutions are only beginning to grapple with. To mitigate risks associated with public blockchain networks, the paper proposed appointing an entity with the authority to control and limit access to crypto Enable Notifications Browser Extension Theme: Light Dark AutoThis article delves into the BIS report, exploring the specific risks identified, potential mitigation strategies, and the broader implications for the future of banking in the digital age. Permissionless blockchain networks, such as the Ethereum blockchain, pose several risks that banks have yet to fully address, according to a new paper published on the Bank forPrepare to understand how banks must navigate this new landscape to ensure stability and security in an increasingly decentralized world.The warning emphasizes that banks operating on DLT networks should implement risk management strategies and safeguards.

Understanding Permissionless Blockchains and Their Appeal to Banks

implementation for banks
implementation for banks

Before diving into the risks, it's crucial to understand why banks are even considering permissionless blockchains. Banks that transact on permissionless blockchains face multiple risks, including money laundering and terrorism financing, the Basel Committee on Banking Supervision said - Crypto ExchangeTraditional financial systems are often slow, costly, and opaque. According to the paper, banks that transact on permissionless blockchains or similar distributed ledger technologies (DLT) face many risks related to operations and security, governancePermissionless blockchains, also known as public blockchains, offer potential solutions to these pain points:

  • Increased Efficiency: Transactions can be processed faster and cheaper compared to traditional banking systems.
  • Transparency: All transactions are recorded on a public ledger, enhancing transparency and accountability.
  • Innovation: Permissionless blockchains enable the development of new financial products and services.
  • Accessibility: They can potentially reach underserved populations who lack access to traditional banking.

However, this potential comes at a price.The very features that make permissionless blockchains attractive – their open and decentralized nature – also create significant risks for banks.

Key Risks Identified by the BIS Report

concept for report
concept for report

The BIS report meticulously outlines the various risks that banks face when interacting with permissionless blockchains. Banks face new risks from permissionless blockchains, BIS warns PANews | To mitigate risks associated with public blockchain networks, the paper proposed appointing an entity with the authority to control and limit access to cryptocurrency assets.These risks span several categories:

Operational and Security Risks

Permissionless blockchains are inherently complex and rely on cryptographic security.This complexity introduces several operational and security risks:

  • Smart Contract Vulnerabilities: Smart contracts, the self-executing agreements that power many blockchain applications, can contain bugs or vulnerabilities that can be exploited by malicious actors.Imagine a flaw in a smart contract governing a decentralized lending platform, allowing hackers to drain funds.
  • Cybersecurity Threats: Blockchain networks are susceptible to various cyberattacks, including 51% attacks (where a single entity gains control of the majority of the network's hashing power), denial-of-service attacks, and phishing scams targeting users' private keys.
  • Scalability Issues: Many permissionless blockchains struggle to handle high transaction volumes, leading to congestion and delays.This can disrupt banking operations and impact customer service.
  • Key Management Risks: The security of blockchain assets relies on the secure management of private keys. The paper, published on August 28 on the BIS website, emphasizes that banks transacting on permissionless blockchains or similar distributed ledger technologies (DLT) face numerous risks related to operations, security, governance, legal compliance, and more.Loss or theft of these keys can result in irreversible loss of funds.
  • Technological Dependence: Banks become reliant on the underlying blockchain infrastructure and the developers maintaining it.Changes or failures in the blockchain can disrupt their operations.

Governance Risks

The decentralized nature of permissionless blockchains presents unique governance challenges:

  • Lack of Central Control: Unlike traditional financial institutions, permissionless blockchains lack a central authority to oversee operations and resolve disputes.
  • Forking: The blockchain can be subject to forking, which creates two or more separate versions of the blockchain.This can lead to uncertainty and confusion about which chain is the legitimate one.
  • Protocol Changes: Changes to the underlying blockchain protocol can impact the functionality and security of applications built on top of it.
  • Decision-Making Uncertainty: Reaching consensus on important decisions within a decentralized community can be slow and difficult.

Legal and Compliance Risks

Navigating the legal and regulatory landscape surrounding permissionless blockchains is a significant challenge for banks:

  • Regulatory Uncertainty: The legal and regulatory status of cryptocurrencies and blockchain technology varies widely across jurisdictions, creating uncertainty for banks operating in multiple countries.
  • Data Privacy: Complying with data privacy regulations, such as GDPR, can be challenging on public blockchains where transactions are publicly visible.
  • Enforcement Challenges: Enforcing contracts and resolving disputes on permissionless blockchains can be difficult due to the lack of central authority.
  • Smart Contract Legality: The legal enforceability of smart contracts is still uncertain in many jurisdictions.

Money Laundering and Terrorism Financing (ML/TF) Risks

The anonymity and decentralization of permissionless blockchains make them attractive to criminals seeking to launder money or finance terrorism:

  • Anonymity: Transactions on permissionless blockchains can be pseudonymous, making it difficult to trace the flow of funds.
  • Decentralization: The lack of central control makes it harder to monitor and prevent illicit activities.
  • Mixers and Tumblers: These services obfuscate the origin of funds, making it even harder to track illicit transactions.
  • Decentralized Exchanges (DEXs): DEXs allow users to trade cryptocurrencies without the need for a central intermediary, making it harder to enforce KYC/AML regulations.

Settlement Finality Risks

The concept of settlement finality, the point at which a transaction is irreversible, is different on permissionless blockchains compared to traditional financial systems:

  • Reversibility Concerns: While blockchain transactions are generally considered irreversible, there are certain scenarios, such as 51% attacks, where transactions can be reversed.
  • Confirmation Times: The time it takes for a transaction to be confirmed on a blockchain can vary depending on network congestion.
  • Contingent Finality: Finality can be probabilistic, depending on the number of confirmations a transaction receives.

Mitigation Strategies: Addressing the Risks

While the risks associated with permissionless blockchains are significant, they are not insurmountable. BIS Banks face new risks from permissionless blockchains, warns 2025. BIS Banks face new risks from permissionless blockchains, warns 2025. by A-dmin; August 30The BIS report suggests several mitigation strategies that banks can implement to manage these risks:

Enhanced Due Diligence and KYC/AML Procedures

Banks need to implement robust Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures to identify and prevent illicit activities on permissionless blockchains.This includes:

  • Enhanced Transaction Monitoring: Implementing sophisticated transaction monitoring systems to detect suspicious activity.
  • Chainalysis and Blockchain Analytics: Using blockchain analytics tools to trace the flow of funds and identify high-risk transactions.
  • Risk-Based Approach: Adopting a risk-based approach to KYC/AML, focusing on transactions and customers that pose the highest risk.
  • Collaboration with Law Enforcement: Cooperating with law enforcement agencies to investigate and prosecute illicit activities.

Strengthening Operational and Security Controls

Banks need to implement strong operational and security controls to protect their blockchain assets and infrastructure. The Bank of International Settlement has released a report warning banks to desist from using permissionless blockchains. BIS said that the use of unknown or third-party participants in financial networks introduces significant challenges for banks when it comes to due diligence and oversight. Since these participants are not directly controlled or thoroughly vetted by the [ ]This includes:

  • Secure Key Management: Implementing robust key management practices, such as using hardware security modules (HSMs) and multi-signature wallets.
  • Smart Contract Audits: Conducting thorough audits of smart contracts to identify and fix vulnerabilities.
  • Cybersecurity Measures: Implementing strong cybersecurity measures to protect against cyberattacks.
  • Business Continuity Planning: Developing business continuity plans to ensure that operations can continue in the event of a disruption.
  • Employee Training: Providing employees with comprehensive training on blockchain technology and security best practices.

Establishing Clear Governance Frameworks

Banks need to establish clear governance frameworks to manage the risks associated with permissionless blockchains. In a recent working paper, the Basel Committee on Banking Supervision (BCBS), part of the Bank for International Settlements (BIS), has issued a stark warningThis includes:

  • Defining Roles and Responsibilities: Clearly defining the roles and responsibilities of different individuals and departments involved in blockchain operations.
  • Establishing Risk Management Policies: Developing and implementing comprehensive risk management policies.
  • Monitoring and Oversight: Establishing mechanisms for monitoring and oversight of blockchain activities.
  • Dispute Resolution Mechanisms: Developing mechanisms for resolving disputes that may arise on the blockchain.

Appointing a Controlling Entity

The BIS report suggests the potential appointment of an entity with the authority to control and limit access to cryptocurrency assets.This entity could:

  • Control Access to Crypto Assets: Manage and control access to the bank's cryptocurrency holdings.
  • Enforce Policies and Procedures: Ensure compliance with internal policies and procedures.
  • Monitor Transactions: Monitor transactions for suspicious activity.
  • Respond to Security Incidents: Respond to security incidents and take corrective action.

Utilizing Off-Chain Records

To mitigate some of the challenges associated with data privacy and regulatory compliance, banks can utilize off-chain records to store sensitive information.This allows them to:

  • Protect Sensitive Data: Store sensitive customer data off-chain to comply with data privacy regulations.
  • Maintain Audit Trails: Maintain detailed audit trails of all transactions.
  • Facilitate Regulatory Reporting: Facilitate regulatory reporting by providing access to relevant information.

The Future of Banking and Permissionless Blockchains

privacy blockchains approach represents key aspects of this topic.

The BIS report serves as a crucial reminder that banks need to approach permissionless blockchains with caution and a thorough understanding of the associated risks.While these technologies offer the potential for innovation and efficiency, they also introduce complexities that require careful management.

Several factors will shape the future of banking and permissionless blockchains:

  • Regulatory Developments: The evolution of regulations surrounding cryptocurrencies and blockchain technology will play a significant role in determining the extent to which banks can engage with these technologies.
  • Technological Advancements: Ongoing technological advancements, such as layer-2 scaling solutions and privacy-enhancing technologies, may help to mitigate some of the risks associated with permissionless blockchains.
  • Industry Collaboration: Collaboration between banks, technology providers, and regulators will be essential for developing best practices and standards for managing blockchain risks.

Banks that can effectively manage the risks associated with permissionless blockchains will be well-positioned to leverage the benefits of these technologies and remain competitive in the evolving financial landscape.Those that fail to do so risk facing significant financial and reputational damage. Trusted News Discovery Since 2025. Global Edition. Friday, AugThey should develop new risk management strategies and safeguards to protect against loss.

Addressing Common Questions

What exactly is a permissionless blockchain?

A permissionless blockchain, also known as a public blockchain, is a decentralized network where anyone can participate in validating transactions and maintaining the ledger.Unlike permissioned blockchains, which require authorization to join, permissionless blockchains are open to all. BIS Banks face new risks from permissionless blockchains, warns 2025. Banking NewsExamples include Bitcoin and Ethereum.

Why are banks interested in using permissionless blockchains?

Banks are attracted to permissionless blockchains because of their potential to increase efficiency, transparency, and innovation.They can offer faster and cheaper transactions, greater transparency, and the ability to develop new financial products and services. In a working paper posted yesterday, the Bank for International Settlements (BIS) posted a treatise on Novel risks, mitigants and uncertainties with permissionless distributed ledger technologiesThey are using DLTs to explore the benefits of these technologies.

What are the biggest challenges banks face when using permissionless blockchains?

The biggest challenges include security risks, regulatory uncertainty, compliance issues, and governance challenges.The anonymity and decentralization of these networks also raise concerns about money laundering and terrorism financing.

How can banks mitigate the risks associated with permissionless blockchains?

Banks can mitigate the risks by implementing robust KYC/AML procedures, strengthening operational and security controls, establishing clear governance frameworks, appointing a controlling entity, and utilizing off-chain records.

Will permissionless blockchains eventually replace traditional banking systems?

It's unlikely that permissionless blockchains will completely replace traditional banking systems in the near future.However, they are likely to play an increasingly important role in the financial landscape, particularly as regulations become clearer and technology advances. ETHUSD Ethereum Banks face new risks from permissionless blockchains, BIS warns To mitigate risks associated with public blockchain networks, the paper proposed appointing an entity with the authority to 'control and limit access' to cryptocurrency assets.Banks may integrate these technologies into existing systems to improve efficiency and offer new services.

Conclusion: Navigating the Blockchain Frontier

The BIS warning highlights a critical juncture for banks considering integration with permissionless blockchains. The United States Federal Reserve has issued a cease and desist order to the crypto-friendly United Texas Bank, citing significant deficiencies in the bank s risk management systems andWhile the allure of innovation and efficiency is strong, the inherent risks cannot be ignored. BIS highlights risks in banks using public blockchains like Ethereum. Permissionless blockchains pose challenges in security, compliance, and governance. Suggested solutions include appointing a controlling entity and using off-chain records.From operational vulnerabilities and cybersecurity threats to regulatory uncertainty and the potential for illicit activities, the challenges are multifaceted.The key takeaways are clear: a proactive approach to risk management, robust security protocols, and adherence to stringent compliance measures are paramount. Permissionless blockchain networks, such as the Ethereum blockchain, pose several risks that banks have yet to fully address, according to a new paper publiBanks must prioritize the implementation of enhanced due diligence, secure key management practices, and transparent governance frameworks.As regulatory landscapes evolve and technology matures, a collaborative approach between banks, regulators, and technology providers will be crucial. Permissionless blockchain networks, such as the Ethereum blockchain, pose several risks that banks have yet to fully address, according to a new paper published on the Bank for International Settlements (BIS) website.By acknowledging and addressing these risks head-on, banks can navigate the blockchain frontier responsibly, ensuring stability and security while harnessing the transformative potential of this technology.

Kael Ronin can be reached at [email protected].

Comments