BANKS FACE NEW RISKS FROM PERMISSIONLESS BLOCKCHAINS, BIS WARNS

Last updated: October 25, 2025, 10:12 | Written by: Naomi Esher

Banks Face New Risks From Permissionless Blockchains, Bis Warns
Banks Face New Risks From Permissionless Blockchains, Bis Warns

The world of finance is constantly evolving, and with the rise of blockchain technology, banks are exploring new avenues for innovation. Trusted News Discovery Since 2025. Global Edition. Friday, AugHowever, this exploration comes with its own set of challenges. BIS Banks face new risks from permissionless blockchains, warns 2025. Banking NewsA recent working paper from the Bank for International Settlements (BIS), specifically the Basel Committee on Banking Supervision (BCBS), throws a spotlight on the emerging risks that banks face when engaging with permissionless blockchains, such as Ethereum.These open, decentralized networks offer the promise of efficiency and transparency, but they also introduce complexities in security, compliance, and governance that traditional financial institutions are only beginning to grapple with.This article delves into the BIS report, exploring the specific risks identified, potential mitigation strategies, and the broader implications for the future of banking in the digital age.Prepare to understand how banks must navigate this new landscape to ensure stability and security in an increasingly decentralized world. Banks face new risks from permissionless blockchains, BIS warns PANews | To mitigate risks associated with public blockchain networks, the paper proposed appointing an entity with the authority to control and limit access to cryptocurrency assets.The warning emphasizes that banks operating on DLT networks should implement risk management strategies and safeguards.

Understanding Permissionless Blockchains and Their Appeal to Banks

Before diving into the risks, it's crucial to understand why banks are even considering permissionless blockchains. Permissionless blockchain networks, such as Ethereum, introduce several risks that banks are still grappling with, according to a recent paper published byTraditional financial systems are often slow, costly, and opaque.Permissionless blockchains, also known as public blockchains, offer potential solutions to these pain points:

  • Increased Efficiency: Transactions can be processed faster and cheaper compared to traditional banking systems.
  • Transparency: All transactions are recorded on a public ledger, enhancing transparency and accountability.
  • Innovation: Permissionless blockchains enable the development of new financial products and services.
  • Accessibility: They can potentially reach underserved populations who lack access to traditional banking.

However, this potential comes at a price. Banks that engage in digital asset transactions face risks that may require new approaches to risk management, according to a new working paper by the Basel Committee on Banking Supervision. The paper explored risks associated with transactions involving permissionless blockchains and similar distributed ledger technologies.The very features that make permissionless blockchains attractive – their open and decentralized nature – also create significant risks for banks.

Key Risks Identified by the BIS Report

The BIS report meticulously outlines the various risks that banks face when interacting with permissionless blockchains.These risks span several categories:

Operational and Security Risks

Permissionless blockchains are inherently complex and rely on cryptographic security.This complexity introduces several operational and security risks:

  • Smart Contract Vulnerabilities: Smart contracts, the self-executing agreements that power many blockchain applications, can contain bugs or vulnerabilities that can be exploited by malicious actors.Imagine a flaw in a smart contract governing a decentralized lending platform, allowing hackers to drain funds.
  • Cybersecurity Threats: Blockchain networks are susceptible to various cyberattacks, including 51% attacks (where a single entity gains control of the majority of the network's hashing power), denial-of-service attacks, and phishing scams targeting users' private keys.
  • Scalability Issues: Many permissionless blockchains struggle to handle high transaction volumes, leading to congestion and delays. BIS highlights risks in banks using public blockchains like Ethereum. Permissionless blockchains pose challenges in security, compliance, and governance. Suggested solutions include appointing a controlling entity and using off-chain records.This can disrupt banking operations and impact customer service.
  • Key Management Risks: The security of blockchain assets relies on the secure management of private keys. Permissionless blockchain networks, such as the Ethereum blockchain, pose several risks that banks have yet to fully address, according to a new paper published on the Bank forLoss or theft of these keys can result in irreversible loss of funds.
  • Technological Dependence: Banks become reliant on the underlying blockchain infrastructure and the developers maintaining it.Changes or failures in the blockchain can disrupt their operations.

Governance Risks

The decentralized nature of permissionless blockchains presents unique governance challenges:

  • Lack of Central Control: Unlike traditional financial institutions, permissionless blockchains lack a central authority to oversee operations and resolve disputes.
  • Forking: The blockchain can be subject to forking, which creates two or more separate versions of the blockchain. Bybit expresses deep gratitude for industry support amid FebruThis can lead to uncertainty and confusion about which chain is the legitimate one.
  • Protocol Changes: Changes to the underlying blockchain protocol can impact the functionality and security of applications built on top of it.
  • Decision-Making Uncertainty: Reaching consensus on important decisions within a decentralized community can be slow and difficult.

Legal and Compliance Risks

Navigating the legal and regulatory landscape surrounding permissionless blockchains is a significant challenge for banks:

  • Regulatory Uncertainty: The legal and regulatory status of cryptocurrencies and blockchain technology varies widely across jurisdictions, creating uncertainty for banks operating in multiple countries.
  • Data Privacy: Complying with data privacy regulations, such as GDPR, can be challenging on public blockchains where transactions are publicly visible.
  • Enforcement Challenges: Enforcing contracts and resolving disputes on permissionless blockchains can be difficult due to the lack of central authority.
  • Smart Contract Legality: The legal enforceability of smart contracts is still uncertain in many jurisdictions.

Money Laundering and Terrorism Financing (ML/TF) Risks

The anonymity and decentralization of permissionless blockchains make them attractive to criminals seeking to launder money or finance terrorism:

  • Anonymity: Transactions on permissionless blockchains can be pseudonymous, making it difficult to trace the flow of funds.
  • Decentralization: The lack of central control makes it harder to monitor and prevent illicit activities.
  • Mixers and Tumblers: These services obfuscate the origin of funds, making it even harder to track illicit transactions.
  • Decentralized Exchanges (DEXs): DEXs allow users to trade cryptocurrencies without the need for a central intermediary, making it harder to enforce KYC/AML regulations.

Settlement Finality Risks

The concept of settlement finality, the point at which a transaction is irreversible, is different on permissionless blockchains compared to traditional financial systems:

  • Reversibility Concerns: While blockchain transactions are generally considered irreversible, there are certain scenarios, such as 51% attacks, where transactions can be reversed.
  • Confirmation Times: The time it takes for a transaction to be confirmed on a blockchain can vary depending on network congestion.
  • Contingent Finality: Finality can be probabilistic, depending on the number of confirmations a transaction receives.

Mitigation Strategies: Addressing the Risks

  • best risks framework
  • Related implementation details

While the risks associated with permissionless blockchains are significant, they are not insurmountable.The BIS report suggests several mitigation strategies that banks can implement to manage these risks:

Enhanced Due Diligence and KYC/AML Procedures

Banks need to implement robust Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures to identify and prevent illicit activities on permissionless blockchains.This includes:

  • Enhanced Transaction Monitoring: Implementing sophisticated transaction monitoring systems to detect suspicious activity.
  • Chainalysis and Blockchain Analytics: Using blockchain analytics tools to trace the flow of funds and identify high-risk transactions.
  • Risk-Based Approach: Adopting a risk-based approach to KYC/AML, focusing on transactions and customers that pose the highest risk.
  • Collaboration with Law Enforcement: Cooperating with law enforcement agencies to investigate and prosecute illicit activities.

Strengthening Operational and Security Controls

Banks need to implement strong operational and security controls to protect their blockchain assets and infrastructure. To mitigate risks associated with public blockchain networks, the paper proposed appointing an entity with the authority to control and limit access to cryptocurrency assets.This includes:

  • Secure Key Management: Implementing robust key management practices, such as using hardware security modules (HSMs) and multi-signature wallets.
  • Smart Contract Audits: Conducting thorough audits of smart contracts to identify and fix vulnerabilities.
  • Cybersecurity Measures: Implementing strong cybersecurity measures to protect against cyberattacks.
  • Business Continuity Planning: Developing business continuity plans to ensure that operations can continue in the event of a disruption.
  • Employee Training: Providing employees with comprehensive training on blockchain technology and security best practices.

Establishing Clear Governance Frameworks

Banks need to establish clear governance frameworks to manage the risks associated with permissionless blockchains. ETHUSD Ethereum Banks face new risks from permissionless blockchains, BIS warns To mitigate risks associated with public blockchain networks, the paper proposed appointing an entity with the authority to 'control and limit access' to cryptocurrency assets.This includes:

  • Defining Roles and Responsibilities: Clearly defining the roles and responsibilities of different individuals and departments involved in blockchain operations.
  • Establishing Risk Management Policies: Developing and implementing comprehensive risk management policies.
  • Monitoring and Oversight: Establishing mechanisms for monitoring and oversight of blockchain activities.
  • Dispute Resolution Mechanisms: Developing mechanisms for resolving disputes that may arise on the blockchain.

Appointing a Controlling Entity

The BIS report suggests the potential appointment of an entity with the authority to control and limit access to cryptocurrency assets.This entity could:

  • Control Access to Crypto Assets: Manage and control access to the bank's cryptocurrency holdings.
  • Enforce Policies and Procedures: Ensure compliance with internal policies and procedures.
  • Monitor Transactions: Monitor transactions for suspicious activity.
  • Respond to Security Incidents: Respond to security incidents and take corrective action.

Utilizing Off-Chain Records

To mitigate some of the challenges associated with data privacy and regulatory compliance, banks can utilize off-chain records to store sensitive information.This allows them to:

  • Protect Sensitive Data: Store sensitive customer data off-chain to comply with data privacy regulations.
  • Maintain Audit Trails: Maintain detailed audit trails of all transactions.
  • Facilitate Regulatory Reporting: Facilitate regulatory reporting by providing access to relevant information.

The Future of Banking and Permissionless Blockchains

The BIS report serves as a crucial reminder that banks need to approach permissionless blockchains with caution and a thorough understanding of the associated risks. Banks that transact on permissionless blockchains face multiple risks, including money laundering and terrorism financing, the Basel Committee on Banking Supervision said - Crypto ExchangeWhile these technologies offer the potential for innovation and efficiency, they also introduce complexities that require careful management.

Several factors will shape the future of banking and permissionless blockchains:

  • Regulatory Developments: The evolution of regulations surrounding cryptocurrencies and blockchain technology will play a significant role in determining the extent to which banks can engage with these technologies.
  • Technological Advancements: Ongoing technological advancements, such as layer-2 scaling solutions and privacy-enhancing technologies, may help to mitigate some of the risks associated with permissionless blockchains.
  • Industry Collaboration: Collaboration between banks, technology providers, and regulators will be essential for developing best practices and standards for managing blockchain risks.

Banks that can effectively manage the risks associated with permissionless blockchains will be well-positioned to leverage the benefits of these technologies and remain competitive in the evolving financial landscape. The United States Federal Reserve has issued a cease and desist order to the crypto-friendly United Texas Bank, citing significant deficiencies in the bank s risk management systems andThose that fail to do so risk facing significant financial and reputational damage.They should develop new risk management strategies and safeguards to protect against loss.

Addressing Common Questions

What exactly is a permissionless blockchain?

A permissionless blockchain, also known as a public blockchain, is a decentralized network where anyone can participate in validating transactions and maintaining the ledger. Banks that transact on permissionless blockchains or similar distributed ledger technologies may face various risks. This paper considers these risks as well as the development of new risk management strategies and safeguards. While technology -based mitigants are not yet mature and have not been testedUnlike permissioned blockchains, which require authorization to join, permissionless blockchains are open to all. According to the paper, banks that transact on permissionless blockchains or similar distributed ledger technologies (DLT) face many risks related to operations and security, governanceExamples include Bitcoin and Ethereum.

Why are banks interested in using permissionless blockchains?

Banks are attracted to permissionless blockchains because of their potential to increase efficiency, transparency, and innovation. In a recent working paper, the Basel Committee on Banking Supervision (BCBS), part of the Bank for International Settlements (BIS), has issued a stark warningThey can offer faster and cheaper transactions, greater transparency, and the ability to develop new financial products and services. The recent paper from the Basel Committee highlights the intricate risks faced by banks engaging with permissionless blockchains. Among these risks are operational vulnerabilities, compliance issues, and the significant threat of illicit financial activities. The necessity for enhanced riskThey are using DLTs to explore the benefits of these technologies.

What are the biggest challenges banks face when using permissionless blockchains?

The biggest challenges include security risks, regulatory uncertainty, compliance issues, and governance challenges.The anonymity and decentralization of these networks also raise concerns about money laundering and terrorism financing.

How can banks mitigate the risks associated with permissionless blockchains?

Banks can mitigate the risks by implementing robust KYC/AML procedures, strengthening operational and security controls, establishing clear governance frameworks, appointing a controlling entity, and utilizing off-chain records.

Will permissionless blockchains eventually replace traditional banking systems?

It's unlikely that permissionless blockchains will completely replace traditional banking systems in the near future. The Bank of International Settlement has released a report warning banks to desist from using permissionless blockchains. BIS said that the use of unknown or third-party participants in financial networks introduces significant challenges for banks when it comes to due diligence and oversight. Since these participants are not directly controlled or thoroughly vetted by the [ ]However, they are likely to play an increasingly important role in the financial landscape, particularly as regulations become clearer and technology advances. The Bank for International Settlements (BIS) has raised concerns about the risks associated with banks using permissionless blockchains for transactions. According to the BIS, while these technologies offer innovative solutions, they also pose several risks that banks need to consider carefully.Banks may integrate these technologies into existing systems to improve efficiency and offer new services.

Conclusion: Navigating the Blockchain Frontier

The BIS warning highlights a critical juncture for banks considering integration with permissionless blockchains. Permissionless blockchain networks, such as the Ethereum blockchain, pose several risks that banks have yet to fully address, according to a new paper publiWhile the allure of innovation and efficiency is strong, the inherent risks cannot be ignored.From operational vulnerabilities and cybersecurity threats to regulatory uncertainty and the potential for illicit activities, the challenges are multifaceted. In a working paper posted yesterday, the Bank for International Settlements (BIS) posted a treatise on Novel risks, mitigants and uncertainties with permissionless distributed ledger technologiesThe key takeaways are clear: a proactive approach to risk management, robust security protocols, and adherence to stringent compliance measures are paramount.Banks must prioritize the implementation of enhanced due diligence, secure key management practices, and transparent governance frameworks. Permissionless blockchain networks, such as the Ethereum blockchain, pose several risks that banks have yet to fully address, according to a new paper published on the Banks face new risks from permissionless blockchains, BIS warnsAs regulatory landscapes evolve and technology matures, a collaborative approach between banks, regulators, and technology providers will be crucial. ETHUSD Ethereum Banks face new risks from permissionless blockchains, BIS warns. To mitigate risks associated with public blockchain networks, the paper proposed appointing an entity with theBy acknowledging and addressing these risks head-on, banks can navigate the blockchain frontier responsibly, ensuring stability and security while harnessing the transformative potential of this technology.

Naomi Esher can be reached at [email protected].

Comments