Is Bitcoin the future of compliance and audits?

Share on Twitter
Share on LinkedIn
Send via Email

The concept of time is central to blockchain technology. Satoshi’s white paper devotes a whole chapter to explaining how each block of transactions is chronologically ordered and why that matters for provability. In this third article in our Bitcoin Building Blocks series, we look at Bitcoin’s block structure, the ‘newspaper’ analogy, and how businesses can benefit from compliance and auditing features inherent to the system’s design. 

Bitcoin’s timestamp server 

The word ‘immutable’ is often used with reference to Bitcoin, and for good reason. But how does the technology ensure data can’t be changed without a trace?  

First, it starts with digital timestamping—adding a time reference to digital files, events, or data. Roughly every 10 minutes on the Bitcoin network a new block is created, currently containing in it several thousand transactions on average. Blocks are stamped with the time they were mined, and any new information that follows is added into a new block. That digital timestamp is captured, indefinitely, and publicly visible on the ledger. Data on the blockchain is therefore inherently linked to time. That could be transaction data, but as we’ve seen in our first article, it could be other types of data too: digital documents, identities, events and more can all be hashed and ‘logged’ on the blockchain. 

“The timestamp proves that the data must have existed at the time, obviously, in order to get into the hash.” Satoshi Nakamoto, 2008 

Each block contains within it information about the previous block of transactions (including the timestamp), providing a connected, chronological trail going all the way back to the creation of the first block. That only adds to the security of the network, since changing a value in the past would alter every block after it, making the error clear. A block of transactions is only considered completely final when 100 further blocks are built on top; a time frame within which block rewards, paid to network node operators, cannot be spent. 

Digital timestamping is not a new concept but previously it’s always required a single company to handle the data and verify the time, like DocuSign, which uses a server-based clock. Even if data is encrypted the centralised nature of this infrastructure raises concerns over privacy and security. 

Transparent and traceable 

The second reason why Bitcoin can provide an immutable audit trail is because once a block is mined and timestamped, and publicly announced, the entire network hears about it and adds the valid block to their record. Most businesses store data either in private servers or, more recently, using cloud services like Amazon AWS or Microsoft Azure. These offer closed networks, meaning tight access control is required to prevent data being edited or deleted. 

Because the blockchain is transparent yet pseudonymous, every participant can view the public history of transactions, just as if it was announced in a newspaper. This makes it infeasible to change data since consensus about the state of the ledger presents a shared and competitive effort. Changing the order of transactions alone would require huge amounts of computational power, disincentivising dishonest behaviour. Blockchain technology is an ideal partner to traditional storage solutions that have no foolproof way of proving information was changed or deleted; even in the case of write-once-read-many systems. 

“A timestamp server works by taking a hash of a block of items to be timestamped and widely publishing the hash, such as in a newspaper or Usenet post.” Satoshi Nakamoto, 2008 

That’s why private distributed ledgers just don’t work in the long run. They don’t allow us to trust in the information stored on them because whoever controls the private server is able to control the data. Transparency and traceability reduce the risk of data manipulation or information loss, without relying on a central operator or trusted third parties. 

It’s understandable why people may be confused in thinking blockchain is open in the sense that messages or documents could be read by anybody. But as we’ll see in our future article on privacy, none of that information must be publicly linked to an individual’s identity, and data can be hashed, meaning there is no need to store files or sensitive information directly on-chain. 

A new era for auditing? 

Regulation including things like record-keeping requirements and GDPR compliance is changing fast as the world becomes digital-first. Blockchain technology can undoubtedly play a key part in securing that transition. Bitcoin can be used to verify financial transactions which are published almost in real time. And while audits, for example, would still likely require a certified public accountant to check that files or financial statements notarised to chain are valid, a system like Bitcoin can ensure they have not changed since being submitted and approved. This can save time and resource costs for companies. 

Recent legislation in the UK stipulates that tax evidence, such as receipts or invoices, must be saved in a way that is “robust to abuse”1, providing a challenge to current storage solutions. A recent Forrester study found 30% of analysts spend on average 40% of their time—two days per week—vetting and validating data before it can be used in analysis or decision-making, not to mention the data being auditable by tax authorities or external acountants. 

Combined with digital signatures, as we saw in our previous article, timestamping files would provide a definite log of activity: a kind of digital notary service. Anyone can simply check that the data, such as a sensitive contract, produces the same hash to verify its integrity. 

One interesting further use is that computer programs can be stored on a blockchain to run automatically. They’re often simple and light packages of code, sometimes called a ‘smart contract’, that execute when certain conditions are met. An application for auditing and compliance would be that personal customer data is programmed to be ‘pruned’ after a set period of time, to be compliant with GDPR’s right to erasure (aka ‘right to be forgotten’) legislation. 

Blockchain technology is an ideal way to secure large volumes of data at scale. If you want  more information about our auditing and compliance solutions, covering industries like financial services and iGaming, have a read of our blog post here. 

Scroll to Top