HMRC's successful blockchain proof-of-concept: the technology's the easy part

Initial trials 'very successful' says platform architect Richard Mander, but mind the policy gap

The HMRC's system for authorising international trading is hugely complex, siloed, bureaucratic and ripe for optimisation, argues Richard Mander, head of platform architecture at HMRC, the UK government's tax collection department and primary licensor of cross-border trade.

A company that wants to import or export goods commercially must first register for an Economic Operator Registration and Identification (EORI) number to the HMRC which will grant this authorisation provided the applicant passes series of checks. The trader may then wish to apply for further authorisations, a common one being Authorised Economic Operator (AEO) status.

As the two processes are nearly identical it would be logical to allow the trader to revisit his or her EORI application, but that's not how it works.

The team managing EORI is based in Swansea, while AEO is managed by a separate HMRC office located in Nottingham. So the applicant seeking AEO status must go through the whole lengthy process again. And should authorisation from other government departments (such as DIT, BIS or DEFRA) be required, the whole process must be repeated once again. Each department and each team is its own silo and there is very little information sharing between them.

This is hugely inefficient, not to mention frustrating and time-consuming for applicants. If data could be securely shared between teams the potential for optimisation is enormous, said Mander at the Blockchain Live event on Wednesday.

"If we could record the outcomes of those checks and securely share them between the various teams, then just within HMRC there'd be a huge benefit in terms of efficiencies," Mander explained. "Extend that across government to all the other regulatory authorities involved and you'd quickly see a very significant potential."

The PoC has absolutely proved the potential benefit of distributed ledger technology within government - Richard Mander, HMRC

HMRC has built a private, permissioned blockchain as a proof-of-concept (PoC) for tacking this issue. It currently resides on a single node (more will be added as the PoC progresses) hosted by a UK-based public cloud provider. This ledger contains all the relevant details from EORI and AEO applications with their outcomes and the dates of the checks. A user interface and personas for the caseworkers have been created, and access controls implemented. Results so far have been "very successful", Mander said. "It has absolutely proved the potential benefit of distributed ledger technology within government."

The next phase of the PoC will see learnings from the initial trials shared with licensing authorities within DIT, BIS and DEFRA, with the aim of introducing a second node within one of these departments so that block replication and other issues can be tested. If this proves successful, the HMRC will investigate the use of smart contracts to streamline the import-export licensing process.

"If we understand the status of all those checks we could then begin to use smart contracts to write those updates into our systems that process customs declarations, so we've got an automated link from the record of the approvals being completed within the distributed ledger, and then we copy that data into one of our transactional systems," Mander explained.

The policy lag

So far so good, but optimising business processes is about far more than technology, and already the PoC has raised "several very interesting policy issues", said Mander.

For a start shared, distributed ledgers are not compatible with existing government practices around data guardianship, in which each system or service has a data guardian responsible for safeguarding personal data processed or stored by that system.

Likewise, combining forces with commercial blockchain-based systems being rolled out by the likes of Maersk and Barclays would be in violation of current offshoring policies, where HMRC data cannot be stored on overseas nodes. And even if it could, there are issues around control where those nodes are shared with partner organisations. For example, HMRC could not delete a record if other players were still accessing that data.

Then there are the strict rules around the traceability of financial transactions which would be very hard to apply to a shared ledger, and security policies predicated on protecting data within a defined boundary, something that's not readily applicable to a distributed system. The HMRC is a prime target for hackers, and so has extensive systems for authenticating users and identifying suspect behaviour. "If we're accepting updates that have been generated on a completely different node, all of those security policies are a significant challenge," Mander explained.

These security complexities extend into the cloud, where HMRC performs multiple checks including deep packet inspection on all data moving in and out of the secure domains. "But once a block is accepted onto a distributed ledger the prospect of HMRC opening that block when everyone else is accepting it and saying 'we don't like the contents and we want to reject it' no longer applies."

The "policy lag" with respect to decentralised and distributed technologies means that close cooperation with the private sector in this area "is probably a little way off", said Lander, leaving HMRC to ponder the scope of any such initiative. Should the department try to "own" the architecture by creating a large, all-encompassing central system that pulls in data from approved importers, exporters and shippers and carriers, or should it focus instead on ways of allowing interactions with other ledgers?

We're really keen to engage with IBM and Maersk and others who are running commercial systems

"We're really keen to engage with IBM and Maersk and others who are running commercial systems to understand how we can interface with those systems," Mander said. "Potentially there's a model where all the players in the supply chain build up the dataset that's required for customer declaration and then submit it into HMRC from one of those external ledgers."

In terms of timelines, Mander estimated this type of system is "probably five or six years away", but said that internal government ledgers could be in place within two years.

Computing IT Leaders' Forum - Wednesday 7 November 2018

There's a new wave of automation hitting big business and the public sector, and organisations that fail to prepare or implement properly will, literally, be left for dead. Hear from end users and other organisations about how you can effectively automate the enterprise. To reserve your FREE place for the event on Wednesday 7 November, check out the dedicated IT Leaders' Forum website