A central bank digital currency (CBDC) is a form of electronic money, usually an analogue of a fiat currency, endorsed by a government and issued by its central bank.
Driven by advances in financial technology, digital currencies, including cryptocurrencies such as Bitcoin and Ethereum, have transformed the global financial landscape. In March 2020, the Bank of England published a CBDC discussion paper to explore the opportunities and risks of introducing a UK CBDC. While the regulator has not yet determined whether a CBDC will be introduced in the UK, the paper represents the first steps of an exploratory process.
With regulators around the world exploring the possibilities of CBDCs, it is important that financial institutions develop an understanding of the digital currency landscape and how their compliance responsibilities might change.
How do digital currencies work?
CBDCs share many similarities with cryptocurrencies: units of a CBDC are represented virtually by digital tokens: stores of value that may be transmitted instantly to recipients around the world via high-speed internet connections, and that may be exchanged for goods and services where they are accepted by vendors. Those tokens are cryptographically secured on software infrastructure known as a blockchain: every time tokens are exchanged between users on the blockchain, a network of computers tracks and verifies those changes with distributed ledger technology (DLT) and adds that information to the chain as a new ‘block’ of data. The tracking and verification processes used by certain cryptocurrency blockchains can be slow and inefficient since they require the agreement of multiple user nodes. In theory, CBDC verification will be faster since currency exchanges will be processed by a central bank without any need to facilitate decentralized consensus mechanisms.
Since they are electronically integrated into a software network, digital tokens have a much broader utility than a simple payment medium – and may be used by a spectrum of apps and fintech instruments to expand financial possibilities and service access for their user community.
How do CBDCs differ from cryptocurrencies?
Unlike cryptocurrencies, which are generally built around decentralized blockchain technology and governed by the consensus of their user communities, CBDCs are issued and controlled by a centralized authority – a central bank – and much more closely regulated.
In developing their own CBDCs, governments are seeking to retain the speed, innovation, flexibility, and security of blockchain technology without the high-risk, decentralized anonymity of cryptocurrencies. CBDCs may not use the same distribution methods as blockchain-based cryptocurrencies, and will not necessarily implement the same cryptographic tracking, verification, and security technology to facilitate exchanges. Instead, CBDCs will be fully electronic currencies, with governments retaining full centralized control over their financial features and transmission.
In practice, this means that governments will control the governance, oversight, and supply of CBDC digital tokens, and use them to perform important economic functions and regulatory tasks. The digital tokens issued to represent a CBDC will, like a fiat currency, be backed by a country’s asset reserves.
CBDC risks and opportunities
The Bank of England’s CBDC discussion paper explored the opportunities and risks associated with the introduction of a CBDC. After collating participant responses, the regulator set out the following emergent core principles for the implementation of a CBDC in the UK:
- The CBDC should promote financial inclusion, and be accessible for users regardless of their age, social demographic, technical knowledge, or disability.
- The CBDC should be deployed in a competitive ecosystem to promote innovation and to save users time and money.
- In exploring the potential of a CBDC, the central bank should not overlook the value and impact of other innovations on the payments services landscape.
- The CBDC must comply with the UK’s anti-money laundering and counter-financing of terrorism regulations and should protect its users’ privacy insofar as that does not compromise AML/CFT compliance.
- The CBDC should not compromise the central bank’s ability and responsibility to ensure monetary and financial stability.
While digital currencies offer new financial possibilities, they also offer financial criminals new opportunities to operate outside traditional financial systems. In particular, the accessibility and anonymity of CBDCs may increase the risk of international sanctions violations, letting users conceal their identities and evade conventional AML/CFT controls by moving illegal funds quickly between different jurisdictions.
CBDC screening considerations
In order to avoid sanctions violations and other compliance risks, CBDCs should be introduced with robust identity verification requirements, deployed as part of an organization’s Know Your Customer (KYC) process. This means that organizations should establish and verify the identities of their customers by collecting data (such as names, addresses, dates of birth) and then use that data to inform customer risk profiles and to screen against international sanctions lists. While identity verification is a foundation of effective AML, digital currencies present a range of compliance challenges that conventional currencies and transactions do not:
- Customer identities: Since it may be more difficult to establish customer identities in CBDC-related services, organizations should seek to integrate digital identification measures, including enhanced customer due diligence, and biometric controls such as fingerprint, voiceprint, and facial scan technology.
- Suspicious transactions: Organizations should reconsider their transaction monitoring process for CBDC services, taking into account the elevated risks associated with digital funds. Typically, high risk digital currency transactions include those in which customers have provided inadequate identification, or transactions involving senders and recipients in high-risk jurisdictions.
Sanctions screening: Organizations should ensure their sanctions screening solution is updated with the latest data and can handle the unique challenges of CBDC screening (anonymity, speed, etc.).
The AML/CFT challenges associated with CBDCs mean that organizations must implement suitable automated technology solutions in order to ensure regulatory compliance and to manage the vast amounts of digital customer and transaction data they are required to collect. In addition to offering significant speed and accuracy benefits over manual risk screening, smart technology promises a range of specific advantages for compliance with CBDC-focused regulations:
- Machine learning: Automated compliance systems often incorporate machine learning technology which enables organizations to categorize and prioritize CBDC data efficiently, and make better decisions based on previously collected data. Machine learning tools may, for example, help organizations spot unforeseen risks quickly – such as when a customer’s financial behavior diverges from established expectations, or when new patterns and trends emerge across the often-volatile digital currency markets.
- Security: Since digital identity verification requires customers to submit a range of personal data, smart technology may be employed to put robust protections in place, such as biometric verification, two-factor authentication, and end-to-end encryption. Beyond protecting customer data and assets, smart technology can prevent criminals from misusing CBDC financial services to launder money and fund terrorist activities.
Versatility: The digital currency landscape is evolving at a pace. Smart software solutions allow firms to adapt to changes in data collection requirements scaling up and down as business and regulatory needs change. Similarly, smart software enables firms to react quickly to changes in criminal methodologies, deploying more effective AML responses based on emerging trends and threats.