银行区块链金融的风险有哪些,银行区块链金融的风险管理

请查看相关英文文档

⑴ How financial institutions identify and respond to potential risks brought by financial technology

Potential risks brought by the development and application of financial technology to financial institutions

Internet Technology The high degree of integration with finance has allowed FinTech, a network model that is light on assets and focuses on services, to slowly penetrate into financial models and business types, gradually creating a catfish effect and demonstration effect on traditional financial businesses, and promoting changes in financial institutions. However, information asymmetry in the network virtual environment, low transparency of transaction processes, and the inability to guarantee information security make traditional financial institutions prone to moral hazard, technical risk, credit risk, legal risk, and other macro-risks such as reputational risk and systemic risk. Micro risks such as risks, operational risks, market risks, and liquidity risks.

Financial technology is the product of the combination of Internet technology and traditional finance. Financial institutions face many problems when developing financial technology and cooperating with Internet companies. To summarize the motivations of financial technology risks for financial institutions, they mainly include the following: Aspects: First, vague financial technology policies, lack of laws, and lagging supervision can easily lead to legal risks and market risks; such as the frequent occurrence of risks such as Ezubao and Dada Group; second, information in the virtual environment of the Internet Asymmetry, opaque transactions, and uncertain identities can easily lead to moral hazard; third, financial technology’s dependence on information systems, tamperability, and vulnerability to attacks can easily lead to technical risks; fourth, the differences between financial technology and traditional financial businesses Intersectionality, comprehensiveness, and substitution can easily lead to systemic risks.

Financial Institutions’ Fintech Risk Classification and Risk Identification

In its essence, Fintech is still finance, and its activities do not deviate from the scope of financial financing, credit creation, and risk management, and do not violate The objective law of risk-return matching has not changed the characteristics of financial risks such as concealment, suddenness, contagion and negative externalities. Not only that, the multi-dimensional openness and multi-directional interactivity of modern cyberspace make the impact, diffusion speed, spillover effects and other impacts of financial technology risks far beyond traditional finance. The main risk categories for financial institutions conducting financial technology business include the following aspects.

(1) Financial institutions deploy financial technology P2P business, which can easily lead to credit risks. On the one hand, traditional financial institutions have deployed financial technology businesses. Due to my country's imperfect credit environment and incomplete credit entry data, credit risks are easily caused; on the other hand, traditional financial institutions provide fund custody services for P2P platforms and develop projects based on the platforms themselves. In terms of review and fund management, once credit problems arise on the platform, it will be difficult to protect the legitimate rights and interests of investors, which will easily lead to accountability for the fund custody of traditional financial institutions, leading to the outbreak of credit risks.

(2) Cooperation between financial institutions and third-party payment, crowdfunding and Internet financial management can easily lead to legal risks. Traditional financial institutions use third-party payment channels to invest in online money market funds, and gradually expand to regular financial management, insurance financial management, index funds, etc. Payment institutions will use fund depository accounts to formIt forms a fund pool, which leads to a sharp increase in the amount of reserve funds. Illegal operations by payment institutions misappropriate reserve funds, causing difficulties for customers to pay, thus causing legal risks; illegal fund-raising, fund-raising fraud, money laundering and other illegal problems caused by cooperation with illegal operating enterprises. May easily lead to legal risks.

(3) Financial institutions build financial technology comprehensive operating platforms, which can easily lead to operational risks. Traditional financial institutions have deployed financial technology comprehensive service platforms one after another, integrating financial investments, financing services, securities transactions, fund purchases and other financial services into online platforms. By opening up the boundaries of banking, political and insurance businesses, they have improved the level of comprehensive operations and enhanced customer stickiness. The convenience of the financial technology platform prompts the platform to update information and facilitate user operations. However, on the one hand, it is easy to lack sufficient investor education when opening an account online, which can easily lead to improper investor operations. On the other hand, due to business overlap, it is easy to cause internal control and operation. Improper design of the program may result in loss of investors' funds or leakage of identity information, which may lead to operational risks.

(4) Cooperation between financial institutions and P2P, Internet financial management, and Internet banks can easily lead to liquidity risks. On the one hand, P2P and Internet financial management violate regulations and adopt the form of split bidding to promise investors guaranteed principal and interest, centralized redemption, etc., which can easily lead to liquidity risks. On the other hand, third-party payment accounts are highly active and are involved in the field of financial technology. There is a risk factor of fund maturity mismatch. Once there is a big fluctuation in the currency market, there will be a large-scale fund run, which will trigger liquidity risk.

(5) The development and popularization of mobile communication technology can easily lead to information technology risks. The security of mobile communication technology largely depends on the IT technology of the network platform, risk identification technology, and technology to resist hacker and virus attacks. In recent years, incidents of fake base stations, forged bank service information, and information “draining” and “credential stuffing” have occurred frequently. If precautions are not taken properly, information technology risks can easily occur.

(6) Financial institutions involved in baby money fund business have regulatory arbitrage risks. On the one hand, it leads to cross-border product functions. On the other hand, there may be arbitrage from different regulatory standards. For example, investment in Internet “baby” products and bank agreement deposit funds are not general deposits and do not require the payment of deposit reserves, and are considered by some to be a form of regulatory arbitrage.

Fintech risk response mechanism for financial institutions

At present, regulatory authorities have begun to formulate cross-border Internet financial management and cross-border financial business regulations in the fintech industry. Traditional financial risk response mechanisms are no longer able to Financial innovation adapted to the Internet. On the one hand, the Internet business prevents risks through innovative technological supervision in establishing negative lists, behavioral supervision and investor suitability principles; on the other hand, it is imperative to strengthen the classified protection of assets, funds, and investors and strengthen risk control capabilities. OK. In addition, according to the "Guidelines for the Consolidated Management and Supervision of Commercial Banks", whether it is the collaboration of cross-products and cooperative businesses between subsidiaries of the banking group, between subsidiaries and other financial institutions, or the collaboration of their affiliated institutions,Corporate governance, capital and finance, etc., must be comprehensively and continuously controlled under the existing system. Therefore, when traditional financial institutions deploy financial technology or cooperate with related enterprises, in order to prevent cross-industry risk contagion, they must also integrate the risk categories of financial technology into the current risk management system and build an integrated and comprehensive risk management system to effectively identify and measure , monitor and control the overall risk status after consolidation.

(1) To reasonably control financial technology internal control risks, first of all, financial institutions should establish a complete internal control mechanism to prevent financial technology risks, improve financial institutions’ internal control, operational management and ability to resist external risks, and effectively prevent operational risks; secondly, strengthen the awareness of financial institutions operating risks in compliance with laws and regulations, strengthen employees' moral education and behavioral control, improve employees' professional quality, and effectively prevent moral risks; thirdly, strengthen the monitoring of accounts and fund flows, and strictly enforce identity identification, Transaction review, large-amount reconciliation, etc.; fourth, establish differentiated business strategies for risk taking and risk transfer of financial institution subsidiaries to effectively prevent and resolve reputational risks; finally, establish risk early warning and emergency measures to deal with suspected illegal fund-raising and fund-raising fraud. We must ensure early warning, early handling, and early reporting of illegal activities such as money laundering and money laundering. Once discovered, collection measures will be taken and judicial protection procedures will be quickly initiated to effectively prevent legal risks.

(2) Strengthen financial technology and information technology risk prevention. First, improve the core technical level of financial technology and operate a security prevention system, such as maintaining operating system security, firewall technology, virtual private network technology, intrusion detection technology, Financial information and data security prevention technologies, etc., to prevent technical risks such as system failures, hacker attacks, and virus implantation; secondly, build a self-built credit information collection and application system, cooperate with regulatory agencies to achieve information sharing, and use information technology to achieve on-site and off-site Inspect, effectively prevent illegal fund-raising, fund-raising fraud, money laundering and other criminal activities through Internet technology, and effectively prevent systemic risks; finally, use advanced big data mining, blockchain and other technologies to establish a credit assessment system and risk warning model , effectively prevent and prevent legal risks arising from information leakage.

(3) Construct a financial technology risk quantitative monitoring indicator system. First, use quantitative indicators to analyze the operation of financial technology, strengthen financial technology risk management and macro decision-making. Financial institutions can separately list financial technology on the asset quality side. The sector regularly provides financial technology product liquidity risk, credit risk, operational risk capital and other quantitative indicator risk monitoring. Secondly, we can rely on the current risk control indicator model to select indicators, such as the Liquidity Coverage Ratio (LCR) and the Net Stable Funding Ratio (NSFR) used across banks, securities and insurance to prevent redemption liquidity risks, and use the five-level asset portfolio Prevent credit risks through classified monitoring, or prevent operational risks by allocating capital for key risk exposures. Finally, a basic framework for risk data collection is constructed from a comprehensive statistical perspective, and an indicator system is constructed by gathering relevant information on financial technology sub-platforms to form a monitoring framework that is integrated and unified with the current risk management system., as a supplement to the traditional financial risk management system.

(4) To avoid financial technology risk contagion, first of all, as financial technology becomes increasingly complex with the mutual migration and crossover of a large number of customers, it should formulate a single user profile? Individual transaction objects or the groups to which affiliated enterprises belong? Limits on risk concentration types such as specific commodity risk positions and specific information service providers to resist the risk of cross-contagion caused by excessive concentration of transactions. Secondly, for different online lending sub-platforms owned by financial institutions, information systems for the same person, the same related person or the same related enterprise can be established, and a dynamic risk adjustment mechanism of borrowing amount thresholds between platforms can be used to effectively prevent possible risks arising from cross-platform lending activities. Risk of breach of contract or malicious fraud. Finally, establish a notification mechanism for major credit emergencies in the financial technology sector to prevent cross-infection risks when crises occur.

⑵ Does blockchain have compliance risks?

Blockchain technology itself does not violate any laws and regulations, so there are no compliance risks. However, in the actual application process, enterprises or individuals using blockchain technology need to comply with relevant legal and regulatory requirements.
For example, in China, the use of blockchain technology to conduct financial transactions or raise funds needs to comply with relevant laws and regulatory policies. In addition, if users' sensitive personal information is retained on the blockchain, it must also comply with relevant laws and regulations such as data protection.
Therefore, enterprises and individuals who adopt blockchain technology in field applications not only need to understand and comply with existing legal operations and regulations, but also need to pay close attention to the development trends of technology and regulations and make timely decisions. Adjustments and changes accordingly. Only by operating and conducting business in compliance with regulations can enterprises develop better and gain lasting competitive advantages.

⑶ Does blockchain have compliance risks?

Yes, the application of blockchain technology may involve compliance risks.
First of all, in some countries and regions, governments or regulatory authorities may take different stances on digital currencies and other assets based on blockchain technology, and there will be a certain degree of legal, compliance and policy risks. . For example, some countries restrict or prohibit the use of digital currencies and other Bitcoin or blockchain derivatives. Therefore, when choosing the scope of application of blockchain technology, the local legal and regulatory environment needs to be considered.
Secondly, there are trust issues between participants in private chains or alliance chains, and there are also compliance risks in the construction of trust mechanisms. For example, in the financial field, banks or other financial institutions need to consider which trust model to use when using blockchain technology to comply with social ethics and potential legal requirements. For money-related transactions, legal requirements such as anti-money laundering and counter-terrorism must also be met.
In addition, due to the immutable and public nature of blockchain technology, it may inadvertently leak personal privacy, business secrets and other confidential information, causing privacy data leaks and security risks.
Enterprises and technology companies should therefore carefully assess potential compliance risks and develop appropriate compliance security measures,Such as complying with legal and regulatory requirements, establishing a sound privacy protection mechanism, strengthening privacy data protection in multiple dimensions, etc., to ensure the compliance and data security of blockchain technology applications.

⑷ What challenges does my country's blockchain development face?

At present, the current development status of my country's blockchain technology is that there are many patents, few papers and few codes, no independent secure and controllable underlying platform, and no software and hardware. The integrated platform will directly lead to the technical risk of the core technology of the blockchain being controlled by others, the financial risk of foreign open source platforms seizing the financial market, and the economic risk of foreign open source platforms penetrating our country's real and virtual economy. Therefore, it is very important to implement blockchain applications as soon as possible. Now various places have implemented applications with policy support. Changsha High-tech Zone has officially implemented a blockchain project, called SMIC Blockchain Service Platform, which is a The government-enterprise service platform, in cooperation with Changsha Bank, Dean Judicial Services, etc., is now in the stage of recruiting companies to join the chain.

⑸ The manifestation of my country’s Internet financial risks in the field of digital currency

In the process of rapid development in the new era, the issuance of digital currencies has shown the development characteristics of a wide variety and serious market differentiation. Current status: The current issuance of digital currency has brought great impact and challenges to the development of my country's financial industry. First, the adverse impact and challenges on my country’s financial industry. In the process of issuing digital currency, the traditional business methods of China's banking industry have changed, which has impacted the traditional business methods to a certain extent. Since the issuance of digital currency has the characteristics of convenient transactions and the principle of "decentralization", during its issuance process, free and convenient transactions can be conducted based on Internet-related algorithms. As a result, the functions of traditional commercial banks are gradually weakened and the credit creation functions of commercial banks are continuously reduced, which will have an impact on the development of the financial and banking industries to a certain extent. With the continuous issuance of digital currencies, the payment role of my country's commercial banks has gradually been weakened. For example, in the process of economic and social development, the popularization of Internet technology has brought great changes to people's lives and transactions. More people choose to conduct settlement, transfer, payment and other services through the Internet, and in the process of completing related businesses, All are completed in the form of digital currency. In this case, it reduces the payment function of commercial banks and impacts the profitability of the banking industry. Second, the positive impact on my country’s financial industry. In the process of issuing digital currencies, blockchain technology is widely used in the issuance and circulation of digital currencies, which has a positive impact on the development of my country's financial industry. It is not only conducive to improving the regulatory efficiency of the financial industry, but also indirectly Promote financial penetration. In the context of the Internet, relevant transaction records can be digitally established to establish credit. Through the Internet, you can understand the collection and information of relevant finance, indirectly enhance the transparency and credibility of the development of the financial industry, and continuously transfer every fund and financial changes, clearly reflected to maximize the efficiency and quality of financial supervision in the financial industry. At the same time, the combination of modern technologies such as the Internet and mobile terminals has effectively shortened the distance between financial services and ordinary people, making manyMany people in rural and relatively poor areas use digital currency or Internet technology to participate in the financial industry, improve the financial participation of people in relatively weak areas, realize the effective flow of funds on the Internet, and promote the effective development of micro and small finance in our country. In addition, the issuance of digital currency can promote the improvement of the efficiency of fund use. For example, under Internet finance, fund transactions no longer require a trusted third party to play a role in financial transactions, but through corresponding platforms. Digital currency transactions can be realized, and relevant users and transaction objects no longer need to pay handling fees or intermediary fees, thereby continuously promoting the effective development of the financial industry and improving the efficiency of fund use.

⑹ Risk control under the blockchain paradigm: reducing strategic risks and foreseeable risks

Marco Iansiti Karim Lakhani, "Harvard Business Review" Chinese version, January 2017, article "The Truth about Blockchain"

Research experience in the field of technological innovation tells us that only by eliminating obstacles in technology, government control, organization and society, can the blockchain revolution truly occur. If you don’t know how blockchain will occupy the high ground, it would be a mistake to rush into blockchain innovation.

Systemic risk. Speaking of systemic risks, we have to mention dramatic global economic downturns such as the credit crunch that followed the financial crisis of 2008-2009. For most companies, that is an external event that cannot be predicted or controlled. Global regulators are reshaping the financial world to avoid similar crises, and an important step in their strategy is to enhance the role of central counterparties (CCPs). A CCP is an entity that is inserted between the two parties in a financial transaction. After both parties agree to a transaction, CCP becomes a seller to any buyer and a buyer to any seller. In this process, CCP reduces counterparty credit and liquidity risk exposure through networking, reducing the risk of direct contact between the two parties when one party defaults, but the risk of doing so is still concentrated. The main roles of CCP are: 1. Manage settlement operation tasks and reduce settlement risks; 2. Monitor individual credit risks through membership approval and implementation of margins (initial and changed) to provide transparent risk management; 3. Deal with defaulting parties ;4. Supervise systemic risks in the market.

In financial markets managed based on blockchain, many CCP principles may be eliminated. It is conceivable that functions 1 and 2 of CCP will be replaced by smart contracts. DAOs are designed to create a relationship between two parties. Once certain terms embedded in the smart contract are touched, the receivables can be automatically transferred from one party to the other. Functions 3 and 4 of CCP can also be implemented by blockchain technologyThe technology is improving, but it is unlikely to be fully automated because it requires a high degree of directionality and large-scale scene analysis capabilities. Relevant blockchain startups such as Digital Asset Holding and D-Pactum are working with CCP to redesign their technology in the direction of distributed ledgers and smart contracts without changing the role given to CCP by recent laws and regulations. This could develop into fundamental measures to increase the resilience of the financial system. On the distributed ledger, transparent and standardized transaction processes can be designed, and the relationship between capital and margin can occur automatically, thus reducing the risk burden of intermediary managers. By encoding smart contracts signed by each participant, the rules for managing crisis events can be as certain as possible.

Cyber ​​risks. This is the last external risk we will analyze, but not the least. Indeed, a lack of understanding or attention to the risks associated with cyber risks or critical infrastructure failures such as control systems, energy, transportation, telecommunications and financial infrastructure has the potential to have far-reaching consequences for national economies, multiple economic sectors and global businesses . The responsibility for conducting risk assessments and setting up risk management systems now falls on each business, but their internal practices and processes vary widely, and small businesses with immature risk management systems are more vulnerable to cyberattacks in this context.

Is blockchain a viable solution? no doubt. The development of digital currencies extends the secure use of cryptography and creates a business model with new types of resilience against cyberattacks. A complete system on a distributed ledger could provide a higher level of cybersecurity than a company's standard firewall technology. Because the distributed ledger is automated, and because of the principles of information sharing and the robustness of the consensus protocol, the ledger history is omnipresent and unchangeable. Therefore, in this system, high-tech cyber attacks can be prevented before they occur.

However, at the end of the analysis of external risks, it is worth noting that the emergence of digital currency has created for the first time a circulating currency that is not related to national, multinational government decisions or any real economy. In reality, the value of digital currency fluctuates greatly, but its direction and time are different from the market, thus maintaining non-correlation with a certain country's currency or stock market. As a result, Bitcoin has been called “digital gold,” and like gold, digital currencies have been used as safe-haven assets to limit the impact of macroeconomic risks.

In conclusion, before we delve into the amazing utility of blockchain in risk management, it is important to understand that blockchain is not a panacea. It should be viewed as one of many technologies building the next generation of risk management infrastructure.

⑺ Tell me, do many blockchains now have risks?

Yes, blockchains are now high-risk projects.

⑻ Is there any risk in buying FSV?

There is a risk in buying FSV.
Blockchain itemsFrom the current point of view, it is still risky and cannot be blind. If you are interested in making investments in this area, you must first have a good understanding of blockchain. In addition, you can learn more investment knowledge, especially blockchain is different from traditional investments. . The FSV project recommends that novices not do it, but should learn more about it before doing so.
First of all, we have to judge whether blockchain and virtual currency are the same. Can we draw an equal sign? Normally, a lot of people die on the first question. If you can't solve this problem, you can draw the conclusion: all "blockchain projects" are unreliable. Because, many people think in their hearts that blockchain is virtual currency. Virtual currencies are unreliable, and naturally all blockchains they think are unreliable.
Secondly, are blockchain projects and blockchain technology the same? Can they be equal? To answer this question, you have to figure out what blockchain is. If you check network distributed accounting, you are bound to not be able to answer this question.
Blockchain is a financial solution. For example, when running a company, you can choose to go public or use blockchain solutions. Do you know what this means? With the above explanation, let’s answer again, what is a blockchain project? Blockchain has three uses: currency, technology and finance. The central bank's DC/EP is a currency that uses blockchain technology. The blockchain currency function is traceable and cannot be tampered with. It can effectively prevent counterfeiting, theft and robbery, and can be circulated in a large area more conveniently. China Construction Bank, China Merchants Bank, etc. have used blockchain technology in bank transfers and data storage, which is just technology. From this perspective, they are not blockchain projects. Internet Planet, NetEase Planet, etc. are actually just points, similar to Q coins. Of course, it can also be regarded as virtual currency. However, it is not an application of blockchain financial technology.
Blockchain projects are projects that use blockchain financial solutions. What are the characteristics of blockchain financial solutions? It can double the wealth of a company like going public! ! ! The characteristic of blockchain financial solutions is that they must rely on entities to function. Just like going public, you must have a corporate entity and a project management entity, otherwise how can you go public? From this perspective, virtual currency cannot be a blockchain project. Because they have no operating entity at all. If a project cannot achieve the same multiplication as listing, it is not a blockchain project.
So, if you want to ask whether domestic blockchain projects are reliable, I can only tell you that no matter domestic or foreign, there is currently no real blockchain project in the public domain.

⑼ NFT risks need to be vigilant and preventive, and actively guide the healthy development of the market

NFT risks need to be vigilant and guarded, and actively guide the healthy development of the market

NFT risks need to be vigilant and guarded against, Actively guide the healthy development of the market. Various NFT business platforms in the market should be based on the business purpose of "enriching digital economic models and promoting the development of cultural and creative industries". NFT risks need to be vigilant and guarded against, and actively attractGuide the healthy development of the market.

NFT risks need to be vigilant and preventive, and actively guide the healthy development of the market 1

Recently, the China Internet Finance Association, China Banking Association, and China Securities Association issued an initiative to prevent NFT-related financial risks, clearly expressing their determination Curb the tendency of financialization and securitization of NFT (Non-Fungible Token, non-fungible token), and strictly guard against the risks of illegal financial activities.

This initiative not only affirms the positive role of NFT, that is, "NFT, as an innovative application of blockchain technology, has shown certain potential in enriching digital economic models and promoting the development of cultural and creative industries." "Value", and also warned about the financial risks related to NFT, and proposed to be wary of the risks and hazards of NFT such as speculation, money laundering, and illegal financial activities. This is timely and necessary for the "popular" NFT.

NFT is a digital certificate based on blockchain technology that is unique, indivisible and traceable and can be used to mark the ownership of specific assets. Theoretically, any item in the real world, including a song, a painting, a piece of text, a game prop, etc., can be made into an NFT, and its application scope depends on people's imagination.

Because the development space is full of imagination, an NFT trend has spread around the world in the past two years. Domestic Internet companies have also launched NFT platforms one after another, and many products have been sold out as soon as they were released. At the same time, some illegal financial activities also flourished. For example, many institutions carry out illegal virtual currency and token financing transactions in disguise under the banner of NFT; some NFT underlying commodities hide financial assets such as securities, insurance, credit, precious metals, etc., and issue and trade financial products in disguise;

< p> There are also some NFT platforms that integrate with overseas public chains, and transfer NFT to digital wallets and then sell them on overseas platforms to achieve the purpose of money laundering. In the long run, it is likely to cause capital flight, the foreign exchange management system is bypassed and other problems, which will affect the financial order and Economic and social stability.

The core value of NFT is to provide an up-chain channel for the real world and act as a bridge between the physical world and the digital world. The current trend of financialization and securitization of some NFTs has undoubtedly deviated from the right track and destroyed the industry ecology. If allowed to develop, it will inevitably cause "bad money to drive out good money", which is detrimental to the health and long-term development of the industry.

Don’t recite the good sutra incorrectly. NFT is not a sign of deception or a gimmick for speculation, and the NFT industry cannot fall into the misguided path of eager for quick success and "getting a handful and leaving." Relevant departments should also speed up the improvement of relevant laws and regulations, fill regulatory gaps in a timely manner, and "clear mines" for the healthy development of NFT.

It is necessary to clarify the essential attributes of NFT-related activities with laws and regulations, qualitatively de-financialize NFT, formulate entry thresholds and industry standards, and regulate NFT issuance and trading. , save and other processes. At the same time actively exploreEffective supervision methods will severely crack down on the use of NFT for money laundering and illegal fund-raising to avoid possible financial or legal risks.

Any innovation should be based on legality and compliance. For enterprises and platforms, they should practice the concept of science and technology for good, strengthen basic research, rationally select application scenarios, standardize the application of blockchain technology, and give full play to NFT plays a positive role in promoting industrial digitization and digital industrialization, and ensures that the value of NFT products is fully supported to prevent inflated prices from deviating from the basic law of value.

NFT, which represents a new direction in the application of blockchain technology and is endowed with the beautiful vision of "everything can be digitized," requires not only continued exploration and efforts in the market, but also the tolerance, prudence, and normative guidance of regulatory authorities. . Consumers should also adhere to correct consumption concepts, enhance their awareness of self-protection, stay away from NFT-related illegal financial activities, and beware of being deceived.

NFT risks need to be vigilant and guarded against, and actively guide the healthy development of the market 2

The hidden financial risks of NFT (Non-Fungible Token, non-fungible token) are receiving much attention.

Recently, the China Internet Finance Association, the China Banking Association, and the Securities Association of China jointly issued the "Initiative on Preventing NFT-related Financial Risks" (hereinafter referred to as the "Initiative"). The reporter noticed that some platforms have previously been cracking down on related risk speculation. For example, WeChat has banned or removed a number of public accounts from digital collection platforms; Ant Whale Explorer (a digital collection platform owned by Ant Group) also issued an announcement on penalties for users who violated regulations and removed over 180 illegal accounts.

Prohibiting "trading" is the key word

Specifically, the proposal mentions "stick to the bottom line of behavior and prevent financial risks." It clearly states that we will resolutely curb the tendency of NFT financialization and securitization, including not including financial assets such as securities, insurance, credit, precious metals, etc. in NFT underlying commodities, and issuance of trading financial products in disguise. In addition, the proposal emphasizes that centralized trading (centralized bidding, electronic matching, anonymous trading, market makers, etc.), continuous listing trading, standardized contract trading and other services will not be provided for NFT transactions, and trading venues will be set up in disguised violations.

Xiao Sa, a partner at Beijing Dacheng Law Firm, told Securities Daily that NFT will promote the cultural and creative industry, and the digitization of artworks and artistic creation is the general trend. However, during the sales process of NFT, there is a trend of financialization, especially the opening of the secondary market, which further stimulates consumers' speculation psychology. This initiative was initiated by a financial self-regulatory organization rather than a cultural organization, which shows that the issue of financialization of digital collections has been highlighted and has been paid attention to by regulatory authorities.

In addition, in response to the initiative of the three associations, lawyer Yu Leimin, a partner of King & Wood Mallesons (Shanghai), interpreted that the proposal issued by the three associations this time stated that "not to provide centralized trading and continuous trading for NFT transactions" Listed trading, standardized contract tradingand other services",

The above-mentioned transaction methods all have typical financial transaction characteristics, and are intended to remind various NFT business platforms in the current market that they should be based on the business purpose of "enriching digital economic models and promoting the development of cultural and creative industries" , avoid carrying out exchange business, and cut off the "signs" of financial securitization presented by illegal NFT businesses.

The industry generally believes that domestic digital collections currently exhibit several characteristics: First First, it reduces the financial attributes of NFT; second, it draws a clear line with virtual currencies.

Pan Helin, co-director of the Digital Economy and Financial Innovation Research Center of the International Joint Business School of Zhejiang University, told Securities Daily He said that the risks of NFT are not technical. NFT has decentralized characteristics in the process of confirming the ownership of artworks and trading, which provides the ground for money laundering and fraud. Some people take advantage of people's misunderstandings about NFT to speculate.

He believes that many financial institutions currently lack an objective and comprehensive understanding of NFT, and it is necessary to prevent risks. For the current domestic digital collection platforms, the key word is still prohibiting "trading".

Many platforms are increasing penalties for violations

As early as February this year, the China Banking and Insurance Regulatory Commission issued the "Risk Warning on Preventing Illegal Fund-raising in the Name of "Yuanverse". This time, the initiative The book has undoubtedly put a "curse" on the excessive speculation in the NFT market.

In fact, private trading and speculation of digital collections is not uncommon. On April 14, a reporter from the Securities Daily reported on a second-hand trading platform Trying to search for "digital collections", you can find many private transaction sellers, and individual digital collections are even priced at thousands of yuan. The reporter tried to contact a seller and found that in the end it was necessary to change the platform to adopt private transactions, but private transactions often exist There is a greater risk of fraud.

In addition, the reporter noticed that Ant Whale Detective and WeChat had previously increased penalties for violations related to the digital collection platform.

On March 21, Ant Chain’s Whale Detective issued a penalty announcement for illegal users, which showed that the illegal accounts will be punished in a step-by-step manner based on the severity of the violation, including permanent restrictions on the transfer of collections, account bans, etc. According to Securities Daily According to incomplete statistics by reporters, Ant Chain Whale Detective has dealt with more than 180 illegal accounts (permanent bans on acquisition and transfer functions).

Whale Detective told the Securities Daily: At the beginning of its business, We clearly oppose the financial productization of digital collections and strengthen technical means such as real-name authentication and risk control verification to ensure the normal needs of users to transfer collections to friends while resisting all forms of potential hype risks, including continuing to manage irregular users who seriously violate regulations and cheat. , and provide anti-fraud tips.

According to the transfer instructions of Whale Explorer, the official does not support any form of resale of digital collections. Users who have purchased digital collections for 180 days can initiate transfers to other real-name users.In order to prevent speculation, the recipient can initiate a transfer again after receiving the digital collection for 2 years.

At the end of March, WeChat banned a number of public accounts of digital collection platforms on a large scale. More than ten platforms were involved, all of which were small and medium-sized digital collection platforms. WeChat told a reporter from Securities Daily that it currently only provides public accounts for digital collection display and first-level transactions. It requires proof of cooperation with a blockchain company that has been registered and approved by the Cyberspace Administration of China as proof of qualifications. It does not support the provision of second-level accounts. level transactions.

In addition, the mini program currently only supports digital collection display and first-level gifting. Digital collection transactions and multi-level circulation are not open to the public. If any countermeasures such as bypass are discovered, Capabilities will be banned or removed based on the degree of violation.

WeChat emphasized that it will pay close attention to industry trends and relevant regulations in the future, and further improve and adjust the rules.

Sun Yulin, a senior researcher at the Ouke Cloud Chain Research Institute, told Securities Daily, “Combined with the previous ban of a large number of public accounts and mini-programs involving digital collections and illegal accounts, plus the current ban initiated by the three associations Released, it is predicted that supervision in this field will gradually tighten in the future, and the compliance requirements for digital collection platforms will become increasingly strict."

NFT risks need to be vigilantly guarded and actively guide the healthy development of the market 3

China The Internet Finance Association, China Banking Association, and China Securities Association jointly call on member units to jointly launch an initiative on preventing financial risks related to NFT (non-fungible tokens), resolutely curb the tendency of NFT financialization and securitization, and strictly prevent illegal Risks from financial activities.

In recent years, my country's NFT market has continued to heat up. As an innovative application of blockchain technology, NFT has shown certain potential value in enriching digital economic models and promoting the development of cultural and creative industries. However, it also has hidden risks such as speculation, money laundering, and illegal financial activities.

In this regard, the three associations advocated adhering to the bottom line of behavior and preventing financial risks. The first is not to include financial assets such as securities, insurance, credit, precious metals, etc. in the underlying commodities of NFT, and to issue and trade financial products in disguise; the second is not to weaken the non-homogeneous characteristics of NFT by dividing ownership or batch creation, and to carry out token issuance and financing in disguise (ICO); The third is not to provide centralized trading, continuous listing trading, standardized contract trading and other services for NFT transactions, and to set up trading venues in disguised violations;

The fourth is not to use Bitcoin, Ethereum, Tether, etc. Virtual currency serves as a pricing and settlement tool for NFT issuance transactions; fifth, real-name authentication of issuance, sales, and purchase entities, properly preserving customer identity information and issuance transaction records, and actively cooperating with anti-laundering work; sixth, not investing directly or indirectly in NFT , does not provide financing support for investing in NFT.

At the same time, the three associations also advocated the rational selection of application scenarios, standardized application of blockchain technology, and the use of NFT to promote industrial digitalization.It plays a positive role in globalization and digital industrialization; ensures that the value of NFT products is fully supported, guides consumers to consume rationally, and prevents prices from being inflated and deviating from the basic law of value; protects the intellectual property rights of underlying commodities and supports genuine digital cultural works; authenticity , Accurately and completely disclose NFT product information to protect consumers’ rights to know, choose, and fair trade.

Dong Ximiao, chief researcher of China Merchants Union Financial, suggested that investors should fully understand the value and risks of NFT and not participate in illegal NFT speculation and transactions. It is difficult for ordinary investors to fully understand virtual currencies, ICOs, NFTs, etc. It is recommended not to invest blindly, but to consciously resist all kinds of temptations and protect the safety of their own property.

⑽ How to detect the risk level of blockchain smart contracts

With the acceleration of the digital transformation of Shanghai city, blockchain technology has been widely used in government affairs, finance, logistics, justice, etc. fields have been deeply applied. During the application process, not only new business forms and business models have been born, but also many security issues have arisen, so security supervision is particularly important. As one of the important means of supervision, security evaluation has become a focus of many blockchain R&D manufacturers and application companies. This article talks about some of our exploration and practice on the blockchain compliance security assessment that everyone is concerned about.
1. Blockchain technology evaluation
Blockchain technology evaluation is generally divided into functional testing, performance testing and security evaluation.
1. Functional testing
Functional testing is a test of the basic functions supported by the underlying blockchain system, with the purpose of measuring the capabilities of the underlying blockchain system.
Blockchain functional testing is mainly based on GB/T 25000.10-2016 "System and Software Quality Requirements and Evaluation (SQuaRE) Part 10: System and Software Quality Model", GB/T 25000.51-2016 "System and Software Quality" Requirements and Evaluation (SQuaRE) Part 51: Quality Requirements and Testing Details for Ready to Use Software Products (RUSP)" and other standards to verify whether the software under test meets the requirements of relevant test standards.
Blockchain function testing specifically includes networking methods and communication, data storage and transmission, encryption module availability, consensus function and fault tolerance, smart contract function, system management stability, chain stability, privacy protection, and interoperability , account and transaction types, private key management solutions, audit management and other modules.
2. Performance testing
Performance testing is a type of test implemented and executed to describe the performance-related characteristics of the test object and evaluate it. Most of them are used in project acceptance evaluation to verify the established Whether the technical indicators are completed.
Blockchain performance testing specifically includes high-concurrency stress test scenarios, peak impact test scenarios, long-term stable operation test scenarios, query test scenarios and other modules.
3. Security Assessment
Blockchain security assessment mainly conducts security testing on account data, cryptography mechanisms, consensus mechanisms, smart contracts, etc.Test and evaluate.
The main basis for blockchain security evaluation is "DB31/T 1331-2021 General Requirements for Blockchain Technology Security". You can also refer to standards such as "JR/T 0193-2020 Blockchain Technology Financial Application Assessment Rules" and "JR/T 0184-2020 Financial Distributed Ledger Technology Security Specifications" based on actual testing needs.
Blockchain security assessment specifically includes storage, network, computing, consensus mechanism, cryptography mechanism, timing mechanism, personal information protection, networking mechanism, smart contracts, services and access, etc.
2. Blockchain Compliance Security Assessment
Blockchain compliance security assessment generally includes “Blockchain Information Service Security Assessment”, “Network Security Level Protection Assessment” and “Special Funding Projects” "Acceptance Evaluation" three categories.
1. Blockchain information service security assessment
Blockchain information service security assessment is mainly based on the "Blockchain Information Service Management Regulations" issued by the Cyberspace Administration of China on January 10, 2019 (hereinafter referred to as "Regulations") and refer to the national blockchain standard "Blockchain Information Service Security Specification (Draft for Comments)".
The "Regulations" aim to clarify the information security management responsibilities of blockchain information service providers, standardize and promote the healthy development of blockchain technology and related services, avoid blockchain information service security risks, and provide blockchain Provide effective legal basis for the provision, use and management of information services. Article 9 of the "Regulations" states: Blockchain information service providers that develop and launch new products, new applications, and new functions must report to the national and provincial, autonomous region, and municipality Internet Information Offices for security assessment in accordance with relevant regulations.
The "Blockchain Information Service Security Specification" is a construction and preparation project led by the Institute of Information Engineering of the Chinese Academy of Sciences and jointly participated by Zhejiang University, China Electronics Technology Standardization Institute, Shanghai Information Security Evaluation and Certification Center and other units. National standards for evaluating the security capabilities of blockchain information services. The "Blockchain Information Service Security Specification" stipulates the security requirements that blockchain information service providers of alliance chains and private chains should meet, including security technical requirements and security assurance requirements as well as corresponding test and evaluation methods, and is suitable for guiding blockchain Chain information service security assessment and blockchain information service security construction. The security technical requirements and guarantee requirements framework proposed by the standard are as follows:
Figure 1 Blockchain information service security requirements model
2. Network security level protection evaluation
The main basis for network security level protection evaluation includes "GB/T 22239-2019 Basic Requirements for Network Security Level Protection" and "GB/T 28448-2019 Network Security Level Protection Evaluation Requirements".
As an emerging information technology, the application system built by blockchain is also an object of level protection and needs to be evaluated for level protection in accordance with regulations. General requirements for level protection security evaluation apply to evaluating the infrastructure part of the blockchain, but currently do notPropose blockchain-specific security requirements. Therefore, the expansion requirements for blockchain security evaluation still need to be further explored and studied.
3. Special fund project acceptance evaluation
According to the relevant regulations of the Municipal Economic and Information Technology Commission, information technology special fund projects are required to issue a safety evaluation report during project acceptance. The acceptance evaluation of blockchain application projects will be carried out in accordance with Shanghai’s latest blockchain local standard "DB31/T 1331-2021 General Requirements for Blockchain Technology Security".
3. Exploration and practice of blockchain security assessment
1. Standard preparation
Shanghai Assessment Center actively participates in the preparation of blockchain standards. Led by the Shanghai Evaluation Center, Suzhou Tongji Blockchain Research Institute Co., Ltd., Shanghai Qiyin Information Technology Co., Ltd., Shanghai Moheng Network Technology Co., Ltd., the First Research Institute of Telecommunications Science and Technology and other units participated in the preparation of the blockchain local standard " DB31/T 1331-2021 "General Requirements for Blockchain Technology Security" was officially released in December 2021 and will be officially implemented on March 1 this year. The blockchain national standard "Blockchain Information Service Security Specification", which the Shanghai Assessment Center participated in the preparation of, is in the stage of soliciting opinions.
At the same time, the assessment center also participated in the compilation of primary and intermediate textbooks for blockchain engineering technicians organized by the Ministry of Human Resources and Social Security and led by Tongji University, and was responsible for compiling the chapter "Testing the Blockchain System".
2. Project Practice
In recent years, the Shanghai Assessment Center has conducted a large number of blockchain security assessment practices based on relevant technical standards, including grade protection assessment, information service security assessment, project security assessment, etc. In the evaluation practice, the main security issues discovered are as follows:
Table 1 Blockchain is mainly a security issue
Serial number
Evaluation items
Problem description
1
Consensus Algorithm
The consensus algorithm uses Kafka or Raft consensus and does not support Byzantine fault tolerance or tolerate malicious node behavior.
2
On-chain data
On-chain sensitive information is not encrypted, and all data on the chain can be accessed through the query interface or blockchain browser.
3
Cryptographic Algorithm
The random numbers used in the cryptographic algorithm do not meet the randomness requirements of GB/T 32915-2016.
4
Node Protection
For the alliance chain, security protection measures failed to be configured for the area where the node server is located.
5
Communication transmission
When communicating between nodes, the blockchain and upper-layer applications, no secure information transmission channel has been established.
6
Consensus Algorithm
The number of nodes deployed in the system is small, and sometimes the number of fault-tolerant nodes required by the consensus algorithm is not even reached.
7
Smart Contract
The operation of the smart contract is not monitored and cannot be discovered in time., Handle problems that arise during the operation of smart contracts.
8
Services and Access
Upper-layer applications have access control flaws such as unauthorized and unauthorized access, leading to business confusion and data leakage.
9
Smart Contract
Smart contract coding is not standardized. When an error occurs in the smart contract, the smart contract freezing function is not provided.
10
Smart Contract
The running environment of smart contracts is not isolated from the outside, and there is a risk of external attacks.
3. Tool Application
When the evaluation center organized and compiled the "DB31/T 1331-2021 General Requirements for Blockchain Technology Security", it has considered the connection needs with the graded protection evaluation. The "infrastructure layer" security in DB31/T 1331 is consistent with the relevant requirements of the secure physical environment, secure communication network, security area boundary, secure computing environment, security management center, etc. of level protection, "protocol layer security", "extension layer" "Security" more reflects the unique security protection requirements of the blockchain.
Based on the relevant security requirements of DB31/T 1331, the assessment center is organizing and compiling extended blockchain assessment requirements. The relevant results will be applied to the network security level protection assessment tool - Assessment Expert. By then, evaluation institutions using the "Evaluation Expert" software will be able to conduct blockchain security evaluations accurately, standardly and efficiently, discover blockchain security risks, and put forward corresponding rectification suggestions