Project Sela to test a cyber-secure retail CBDC architecture that reduces the financial exposure of intermediaries

The BIS Innovation Hub Hong Kong Centre, the Hong Kong Monetary Authority and the Bank of Israel are joining forces in Project Sela to explore the cyber security and technical feasibility of a two-tier retail central bank digital currency (CBDC) architecture that allows intermediaries, such as commercial banks, payment service providers and financial technology firms, to provide CBDC services without any related financial exposure – meaning that the CBDC never resides on the intermediary's balance sheet.

If reducing financial exposure for retail CBDC intermediaries proves feasible, this could lead to a more accessible CBDC system. With this wider access, however, comes heightened concerns surrounding preventative cyber security. Project Sela will therefore evaluate how cyber security can be enhanced while providing wider system access.

In today's payment systems, transferring funds between the customers of different commercial banks creates a financial exposure on the balance sheets of the banks involved and imposes risks and costs affecting both the intermediaries and the end users. Since there are multiple steps in the process, liquidity, counterparty and credit risks arise at each leg of the transaction. Additionally, financial intermediaries are required to maintain certain levels of liquidity and to post collateral for transactions, increasing costs and adding complexity to their operations.

Project Sela will explore technological solutions towards a two-tier retail CBDC model (where the claims are direct central bank liabilities while real-time payments are handled by intermediaries) in which intermediaries provide wider access to the CBDC system but are not financially exposed, meaning that at no point in the process does the CBDC reside on their balance sheets. Similar to using cash, this allows users to benefit from the safety and liquidity of central bank money without being exposed to financial counterparty risk. Furthermore, the exposure-less nature of intermediaries could spare them from the capital and liquidity requirements imposed on intermediaries whose balance sheets are "exposed". This could enable wider participation and competition in the payments market by expanding eligibility of intermediaries to those beyond financial institutions, which in turn could reduce the overall costs and widen access for the end user in a CBDC system.

Wider access, however, may change the cyber security landscape. The project will therefore evaluate two possible cyber security implications. The first being whether cyber threats increase with the number of intermediaries and the proliferation of exposure-less intermediaries amplifies cyber-related risks, resulting in a less secure and resilient system. The second being whether the addition of exposure-less intermediaries could, by design, lead to a more robust, distributed and resilient system as data are obfuscated and distributed among a wider set of providers, providing redundancy and eliminating single points of attack and data honey pots.

The goal is to complete the project and publish the findings by mid-2023.