JP Morgan cuts operating risk by moving JPMD to public blockchain

JP Morgan shifted JPMD to Base, reframing the risk question

JP Morgan moved its JPMD stablecoin to Coinbase's Base blockchain in 2025. In an interview at Payments Forum 2026, Umer Farooq, global co-head of JP Morgan Payments, clarified that the move does not introduce new credit or liquidity risk. Instead, it changes the operating risk profile because the ledger is now public and owned by neither the bank nor a private custodian.

Farooq likened the shift to moving deposit systems from on-premise mainframes to cloud providers like Amazon or Microsoft: the account remains a deposit account, but the operating environment fundamentally changes. "When the ledger does not belong to you, the core ledger, it's actually public," Farooq said, "that's what we've spent a ton of time" solving.

The bank's Connexus unit built the infrastructure to manage cyber risk, operational resilience, and integration with JP Morgan's core systems. Farooq emphasized that "the hard work is actually making sure we understand how the operating risk be managed, how the cyber risk would be managed."

Operating risk is the invisible cost of public blockchain adoption

Most coverage of JP Morgan's blockchain moves fixates on the token—the novelty, the regulatory clearance, the Coinbase partnership. Farooq's framing exposes a different reality: the regulatory and technical burden lies in operational control, not asset type. A stablecoin is still a stablecoin, whether it lives on a private or public ledger. What changes is who owns the failure modes.

This matters because it sets the template for how large banks will evaluate other blockchain infrastructure decisions. Operating risk—cyber threats, system downtime, audit trails, incident response—will dominate cost and engineering decisions, not the theoretical benefits of decentralization. Regulators will focus here too. A bank that moves settlement to a public chain but fails to architect its cyber defenses accordingly faces operational losses and compliance action, not a new asset class problem.

The second-order point: this reveals why smart contract use cases at JP Morgan have been narrow so far. Clients are using programmability to split mortgage payments into tax and escrow buckets, or to trigger cross-currency settlement based on account balances. Farooq noted that the main constraint is not technical but legal: "if you build the wrong rule as a client, you are also liable for the wrong rule." Clients are hesitant because liability follows the code, not the infrastructure.

Operationalize your blockchain ledger risk before launch

If your organization is piloting a blockchain settlement layer, your operating risk framework must precede your infrastructure rollout. This means: map cyber attack surfaces specific to public ledgers (validator compromise, API vulnerability, network eclipse attacks), establish custody and key management procedures for accounts on external chains, define failover and recovery procedures if the public chain experiences downtime, and audit third-party dependencies (Coinbase, in JP Morgan's case) for operational resilience.

For payments and settlement teams, smart contracts will unlock workflow automation, but only once legal and compliance establish who bears liability for contract defects. JP Morgan's clients are discovering use cases within an hour of discussing the tech with revenue teams, but adoption will stall until liability frameworks clarify. Push your legal team to define boundaries: can the client write its own rules, or does the bank retain control of contract logic?

Finally, do not assume that a bank or custodian handling your blockchain integration has solved operational risk. Ask directly: what happens if Coinbase goes offline? What happens if there is a consensus failure on Base? What is your recovery time objective? These are the questions that will determine whether blockchain infrastructure becomes a hidden operational liability.