There are several challenges associated with implementing a CBDC. Digital currencies remain in an early phase, and more research and experimentation are required to provide the necessary understanding of their possible economic and social impact. Nonetheless, our analysis finds the case for central bank-issued digital currencies to be compelling, especially given the many flaws with current legacy payment systems.
Many of the challenges outlined below are risks associated with implementing a poorly designed, insecure CBDC. The cost of inaction and rising systemic risk from stablecoins must also be considered. Some of the most important risks to mitigate against will likely be:
- Transition risks
- Loss of privacy
- Theft, loss, and cyber attacks
CBDCs are an innovative concept, allowing citizens to make digital payments using central bank money for the first time. Because of this, they will require the migrating of both data and value to new infrastructure and systems. This is no small task, and presents risks including system downtime, data loss, and insecurities. Transitioning to digital currencies also poses a risk in terms of technology lock-in effects. These can have a substantial negative economic impact if not properly mitigated against and planned for. Moreover, citizens – who will be the largest user group of a CBDC – may be confused about the technology or even the purpose of a new digital currency.
Thorough testing at all levels, clear strategies and migration assessments, robust training, and a public campaign are essential requirements of a CBDC program.
Better payments promote stability
CBDCs support a central bank’s ongoing role in issuing currency and maintaining economic stability. They can improve the competitiveness of a local currency as a means of payment in dollarised economies such as Venezuela or Lebanon. Central banks should consider CBDCs as a more direct and efficient means of executing policy.
Banking services still required
A retail CBDC will be like cash is today, non-interest bearing and credit-free, therefore commercial banks will still have a vital role in providing banking services, including lending and credit, to citizens. The introduction of retail CBDC does not remove the need for deposit money or forms of private money, such as stablecoins, so commercial banks will continue to be a key part of the payment landscape.
Furthermore, depending on the design of the CBDC itself, commercial banks could provide the interfaces into a retail CBDC. Additional strategies to mitigate any risks of disintermediation, that require further research, exploration and testing could include:
• Modifying capital requirements
• Modifying CBDC designs and incentives
• Providing and paying bank guarantees and deposit insurance in CBDC
• Restricting on-demand conversion of digital cash to deposit money
Loss of privacy
Physical cash presents fewer privacy risks for citizens than current digital payment systems where data and sensitive information is shared with private banks, payment providers, and even large tech companies – and can be unknowingly monitored. CBDCs raise a question over state surveillance and government access to personal data.
While CBDCs can shift privacy back to the individual, giving access to the central bank and various providers only on a ‘per need’ or ‘as negotiated’ basis, designs can easily fail to replicate the privacy benefits of physical cash. A one-system solution like a CBDC, while less fragmented, does mean data is stored only in a single place: the core ledger.
This could present a privacy concern for citizens who may be unwilling to share account or transaction data, with the risk of creating a ‘pay-with-privacy’ model that incentivises the disclosing of information.
Building privacy into the design
A public, immutable ledger can expose users to new risks that do not exist with fragmented legacy systems. Privacy protections are a core principle of any CBDC and must be built into the design.
Anonymous: A person’s identity is unknown, and their actions are not trackable.
Pseudonymous: It is possible to assign actions to the same person, but their identity is unknown.
CBDCs can undermine integrity and accountability because they introduce a conflict of interest between ledger management and monetary governance. This is particularly the case in centralised, private systems, where power is concentrated in one entity that has both operational control and executional responsibility. This raises the risk that bad actors could abuse their power in a way that undermines honest governance, and ultimately, citizen’s rights. The power to write transactions must be separate from managing and processing transactions.
CBDCs extend the benefits of physical cash to modern digital payments. They do so by offering an inclusive and scalable gateway for the unbanked and underbanked to access electronic payments as well as a wide variety of products and services.
Cash is more financially inclusive than a digital bank account, which not everyone has the financial literacy, means, nor the accepted proofs of identity and address, to open.
Commercial bank branches may be far away, and services can have limited working hours, whereas retail CBDCs offer 24/7 payments anytime, anywhere, including via mobile devices, smart cards, and apps. This is especially transformative in emerging economies for remote, marginalised communities.
In many countries the costs exceed the value of a small transaction and digital cash can facilitate casual micropayments which can benefit poorer citizens. Instant transactions and check depositing can also be a benefit for those who cannot afford delays when being paid.
Tiered access to reduce risk
Law enforcement, government agencies and a central bank should have tiered access to a CBDC to ensure regulatory compliance, especially with AML or anti-crime initiatives. Because any actions are recorded on an immutable ledger, this process can be more robust than legacy systems.
These can be addressed with security and governance controls, but these can be costly. A programmable CBDC running on a public distributed blockchain ledger can improve governmental integrity and system stability by allowing the law and rules to be programmed into the currency itself. Central banks can retain more or less total control over all aspects of their CBDC, while it would allow for the ability to correct mistakes through appended transactions. Bad actors, however, are unable to tamper with the ledger and alter history.
Theft, loss, and cyber attacks
Risks of attacks
The technology underpinning most digital currency designs, although not new, is less established than current payment systems. This can introduce the risk of myriad types of cyber-attack by bad actors wishing to gain control of the system or assets stored on transacted with the ledger.
CBDCs are also less fragmented than current payment systems, but this centralisation can also present a single point of failure for attacks with the added potential to destabilise the economy.
Use of private keys
In a token-based (retail) CBDC merchants and citizens may use credentials in the form of a private key to make a transaction. This creates a risk that keys could be lost or stolen, through phishing or other attacks, and assets and data compromised. Threshold signature or multi-sig technology, in a public blockchain, could mitigate some of this risk.
Transactions can be secured by allowing only authorised users to spend their CBDC tokens and a key if one is lost, such as if a user’s mobile phone that contains their digital wallet is stolen. Tools also now exist to freeze or recover digital assets in such cases. Nonetheless, the more advanced systems become, the more barriers to adoption there may be. Technology must not sacrifice usability.
At nChain, we are working with central banks to research and design a truly more resilient, trusted and inclusive modern economy, securing the livelihoods and prosperity of citizens for generations to come.
Interested to learn more about CBDCs? Download the Playbook or sign up to be the first to know about our CBDC Masterclass below.