Tokenization of the market, from stocks to bonds to real estate is coming, says BlackRock CEO Larry Fink, if we can solve one problem

If the vision of Larry Fink — CEO of BlackRock, the world's biggest money manager — becomes reality, all assets from stocks to bonds to real estate and more would be tradable online, on a blockchain.

"Every asset — can be tokenized," Fink wrote in his recent annual letter to investors.

Unlike traditional paper certificates signifying financial ownership, tokens live securely on a blockchain, enabling instant buying, selling, and transfers without paperwork or waiting — "much like a digital deed," he wrote.

Fink says it would be nothing short of a "revolution" for investing. Think 24-hour markets and a trading settlement process that can be compacted down into seconds from a process that today can still take days, with billions of dollars reinvested immediately back into the economy.

But there's one big problem, one technology challenge that stands in the way: the lack of a coordinated digital identity verification system.

While technology experts say Fink's idea isn't improbable, they agree that there are cybersecurity challenges ahead in making it work.

Verifying asset owners in world of AI deep fakes

Today, it's not easy to verify online that the person you are interacting with is that person because of the prevalence of AI deepfakes and sophisticated cybercriminals, according to Christina Hulka, executive director of the Secure Technology Alliance, an organization focused on identity, access and payments. As a result, having a unified verification system would be useful because there would be cryptographic validation that people are who they say they are.

"The [financial services] industry is focused on how to build a zero-trust framework for identification. You don't trust anything until it's verified," Hulka said. "The challenge is getting everyone together about which technology to use that makes it as simple and as seamless for the consumer as possible," she added. 

It's hard to say precisely how a broad-based digital verification system would work but to support a fully tokenized financial structure, a system would, at a minimum, need to meet stringent security requirements, particularly those tied to financial regulations like the Know Your Customer rule and anti-money laundering rules, according to Zulfikar Ramzan, chief technology officer at Point Wild, a cybersecurity company.

At the same time, the system would need to be low friction and quick. There's no shortage of technical tools today, especially from the field of cryptography, that can effectively bind a digital identity to a transaction, Ramzan said. "Fifteen to 20 years ago, this conversation would have been a non-starter," he added.

There have been some successes with programs like this across the globe, according to Ramzan. India's Aadhaar system is an example of a digital identity framework at a national scale. It enables most of the population to authenticate transactions via mobile devices, and it's integrated across both public and private services. Estonia has an e-ID system that allows citizens to do everything from banking to voting online. Singapore and the UAE have also implemented strong national identity programs tied to mobile infrastructure and digital services. "While these systems differ in how they handle issues like privacy, they all share a key trait: centralized government leadership that drove standardization and adoption," Ramzan said.

Centralized personal data is a big target for cybercriminals

While a centralized system solves one challenge, the storage of personally identifiable information and biometrics data is a security risk, said David Mattei, a strategic advisor in the fraud and AML practice at Datos Insights, which works with financial services, insurance and retail technology companies. 

Notably, there have been reports of data stolen from India's Aadhaar system. And last year, El Salvador's government had the personal data of 80% of its citizens stolen from a centralized, government-managed citizen identity system. "A lot of security experts do not advocate having a centralized security system because it's kind of like the pot at the end of the rainbow that every fraudster is trying to get his hands on," Mattei said.

In the U.S., there's a long-standing preference for decentralized systems for identity. On mobile devices, Face ID and Fingerprint ID are done not by centralizing all of that data in one spot at Apple or Google, but by storing the data in a secure module on each mobile device. "This makes it much harder, if not impossible, for fraudsters to steal that data en masse," Mattei said.

Digital driver's licenses offer a cautionary tale

It would take a significant coordinated effort to come up with a national identity system used for identity verification.

Identity systems in the U.S. today are fragmented, Ramzan said, giving the example of state departments of motor vehicles. "To move forward, we will either need a cohesive national strategy or a way to better coordinate identity across the state and federal levels," he said.

That's not an easy task. Take, for example, the effort many states are making to adopt digital driver's licenses. About a quarter of states today, including Utah, Maryland, Virginia and New York, issue mobile driver's licenses, according to mDLConnection, an online resource from the Secure Technology Alliance. Other states have pilot programs in effect, have enacted legislation or are studying the issue. But this undertaking is quite ambitious and has been underway for several years.

To implement a national identity verification system would be a "massive undertaking and would require just about every company that does business online to adopt a government standard for identity verification and authentication," Mattei said.

Competitive forces are another issue to contend with. "There is an ecosystem of vendors who offer identity verification and authentication solutions that would not want a centralized system for fear of going out of business," Mattei said. 

There are also significant data privacy hurdles to overcome. States and the federal government would need to coordinate to resolve governance issues, and this might prompt "big brother" concerns about the extent to which the federal government could monitor the activities of its citizens.

Many people have "a bit of an allergic reaction" when anything resembling a national ID comes up, Ramzan said.

Fink has been pushing the SEC to look at issue

The idea is not a brand new one for Fink. At Davos earlier this year, he told CNBC that he wanted the SEC "to rapidly expand the tokenization of stocks and bonds."

There's BlackRock self-interest at work, and potential cost savings for the firm and many others, which Fink has spoken about. In recent years, BlackRock has been dragged into political battles, and lawsuits, over its voting of a massive amount of shares held in its funds on ESG issues. "We'd never have to vote on a proxy vote anymore," Fink told CNBC at Davos, referring to "the tax on BlackRock."

"Every owner would be notified of a vote," he said, adding that it would bring down the cost of ownership of stocks and bonds.

It is clear from Fink's decision to give this issue prominent placement in his annual letter — even if it came in third in the order of issues he covered behind both the politics of protectionism and the growing role of private markets — that he isn't letting up. And what's needed to make this a reality, he contends, is a new digital identity verification system. The letter is short on details, and BlackRock declined to elaborate, but, at least on the surface, the solution for Fink is clear. "If we're serious about building an efficient and accessible financial system, championing tokenization alone won't suffice. We must solve digital verification, too," he wrote.

Blockchain continues to evolve and people are learning to understand it better. Accordingly, there are initiatives underway to think about how the U.S. can achieve a broad-based identity verification system, Hulka said. There are technical ways to do it, but finding the right way that works for the country is more of a challenge since it has to be interoperable. "The goal is to get to a point where there is one way to verify identity across multiple services," she said.

Eventually, there will be a tipping point for the financial services industry where it becomes a business imperative, Hulka said. "The question is when, of course."