Blockchain and risk

Technology risk insights

Brian Consolvo

Brian Consolvo

Advisory Managing Director, Technology Risk Management, KPMG LLP

+1 757-646-6378

Bryan McGowan

Bryan McGowan

Principal, Advisory, Technology Risk Management, KPMG US

+1 816-802-5856

Ahmed Saleh

Ahmed Saleh

Director, Technology Risk Management, KPMG US

+1 402-637-5014

What is blockchain?

Blockchain is a system in which a record of transactions is maintained across multiple computers (nodes) that are linked in a peer-to-peer network. It removes the need for intermediaries such as banks or brokers to serve as a third party.


Business leaders believe their companies should have invested more in blockchain over the past five years1.


Global spending on blockchain solutions has been forecasted by 20242.

How does blockchain work?


A blockchain is a chain of blocks that contain transaction information:

  • Each block of data contains a unique hash key, which is like a fingerprint, used to identify a block and its contents. 
  • Each block contains transactions, a hash, and a copy of the hash of the previous block (with the exception of the genesis block, which has no previous block hash). This concept makes the blockchain immutable. If data from a previous block changes, then its hash changes, disconnecting it from the proceeding chain of blocks.

Distributed ledger

Instead of relying on a central authority to manage the ledger, blockchains use a distributed peer-to-peer network:

  • When someone joins the network, they download a full copy of the blockchain. Each new user, or computer, to the network is called a node. 
  • Distributed peer-to-peer architecture provides benefits of higher availability than traditional client-server based networks, as there is no single point of failure.


New transactions are sent to all nodes, which then get validated and grouped into blocks:

  • Consensus ensures that peers on the network agree upon a consistent state of records.
  • Once consensus is reached, the new block is posted on every node’s blockchain. 
  • Nodes will reject blocks whose data violates the protocol’s rules or appears to have been tampered with. 
  • Common consensus mechanisms include Proof of Work (PoW) and Proof of Stake (PoS).

Smart contracts

The main difference between a traditional contract and a smart contract is that smart contracts are automated:

  • A contract is created between parties. 
  • Parties can choose to remain anonymous. 
  • Predefined triggers are initiated. 
  • The contract self executes as defined by the source code.
  • A participant can analyze all activities and make informed decisions. 
  • The data captured can be used for analytics and reporting.
  • Data is fed into blockchains and used for smart contract execution from external sources, specifically data feeds and APIs; a blockchain cannot directly “fetch” data. These real time feeds are called ‘oracles’ which operate very much like middleware between the data and the smart contracts. 

Key blockchain risks

Adoption of blockchain technology exemplifies a firm’s investment in innovation, but with innovation comes new risks in the following areas:

  • Governance
  • Infrastructure
  • Data
  • Key management
  • Smart contracts
  • Development

To unlock the full potential of distributed ledger technologies, organizations should proactively identify and mitigate all risks posed by the adoption of the technology.

Learn more by reading our new article.

Download PDF

How KPMG can help

KPMG provides an experienced lens to understanding, developing, and maintaining the security and compliance of distributed ledger technologies.

Our services encompass the full lifecycle of both blockchain solutions and cryptocurrency businesses. These services include strategic realization, regulatory guidance, risk assessment, control design and assessment, IT audit and attestation support, and information and cyber security. Additionally, we work closely with the KPMG Audit, Tax, and broader Advisory service lines to help deliver a full offering of services for our clients.


  1. AP News, “CFOs Are Ready for Digital Transformation in 2021, New Survey Shows,” February 2021
  2. Yahoo! Finance, “Global Spending on Blockchain Solutions Forecast to be Nearly $19 Billion in 2024, According to New IDC Spending Guide,” April 2021